Which of the following organizations provides CI functional services and analysis in support

Formerly the SANS Critical Security Controls [SANS Top 20] these are now officially called the CIS Critical Security Controls [CIS Controls].

CIS Controls Version 8 combines and consolidates the CIS Controls by activities, rather than by who manages the devices. Physical devices, fixed boundaries, and discrete islands of security implementation are less important; this is reflected in v8 through revised terminology and grouping of Safeguards, resulting in a decrease of the number of Controls from 20 to 18.

Click on the individual CIS Control for more information:

CIS Control 1: Inventory and Control of Enterprise Assets

CIS Control 2: Inventory and Control of Software Assets

CIS Control 3: Data Protection

CIS Control 4: Secure Configuration of Enterprise Assets and Software

CIS Control 5: Account Management

CIS Control 6: Access Control Management

CIS Control 7: Continuous Vulnerability Management

CIS Control 8: Audit Log Management

CIS Control 9: Email and Web Browser Protections

CIS Control 10: Malware Defenses

CIS Control 11: Data Recovery

CIS Control 12: Network Infrastructure Management

CIS Control 13: Network Monitoring and Defense

CIS Control 14: Security Awareness and Skills Training

CIS Control 15: Service Provider Management

CIS Control 16: Application Software Security

CIS Control 17: Incident Response Management

CIS Control 18: Penetration Testing

Chapter 11

Counterintelligence

DEFINITION

11-1. CI counters or neutralizes intelligence collection efforts through collection, CI investigations, operations, analysis and production, and functional and technical services. CI includes all actions taken to detect, identify, exploit, and neutralize the multidiscipline intelligence activities of friends, competitors, opponents, adversaries, and enemies. It is the key intelligence community contributor to protect US interests and equities. Figure 11-1 shows the CI overview.

ROLE

11-2. The role of CI is to detect, identify, exploit, and neutralize all adversary intelligence entities targeting US and multinational interests. CI will focus on countering adversary intelligence collection activities targeting information or material concerning US personnel, activities, operations, plans, equipment, facilities, publications, technology, or documents: either classified or unclassified: without official consent of designated US release authorities, for any purpose that could cause damage or otherwise adversely impact the interests of national security of the US ability to fulfill national policy and objectives. Adversary intelligence threats include but are not limited to any [US, multinational, friendly, competitor, opponent, adversary, or recognized enemy] government or NGOs, companies, businesses, corporations, consortiums, groups, agencies, cells or persons, terrorists, insurgents, guerrilla entities, and persons whose demonstrated actions, views, or opinions are inimical to US interests.

11-3. CI elements are instrumental in contributing to situational awareness in the AOI. CI elements may corroborate other intelligence discipline information as well as cue other intelligence assets through the CI core competencies and through CI technical services. The CI core competencies are collection, investigations of national security crimes within the purview of CI, operations, and analysis and production. CI technical services include computer network operations, technical surveillance countermeasures [TSCM], and polygraph. CI focuses on combating adversary intelligence activities targeting Army personnel, plans, operations, activities, tech-nologies, and other critical information and infrastructure.

COUNTERINTELLIGENCE FUNCTIONS

11-4. CI functions are interrelated, mutually supporting, and can be derived from one another. No single function or technical capability can defeat adversary intelligence efforts to target US interests. CI functions are discussed below.

CI INVESTIGATIONS

11-5. Investigative activity is essential to countering the adversary intelligence threat to Army interests. CI places emphasis on investigative activity to support force, infrastructure and technology protection, homeland defense, information assurance, and security programs. CI investigations focus on resolving allegations of known or suspected acts that may constitute National Security Crimes under US law. The primary objective in any CI investigation is the detection, identification, exploitation, and/or neutralization of adversary intelligence threats directed against the US Army. CI investigations are also conducted to identify systemic security problems that may have damaging repercussions to Army operations and national security interests. All CI investigations are conducted within guidelines established in AR 381-10, AR 381-12, AR 381-20, applicable DOD policy and directives, and US laws.

CI OPERATIONS

11-6. CI operations are characterized as those activities that are not solely associated with investigative, collection, analysis, or production functions. CI operations can be either offensive or defensive in nature; they are derived from or transition to a collection or investigative activity depending on the scope, objective, or continued possibility for operational exploitation. CI operations fall into two categories: CI support operations and CI sensitive operations.

• � CI Support Operations. These are defensive operations used to support ARFOR and technology protection, security projects, and programs. They include technical services support, support to acquisition, FP, special access, international security, foreign visitor or contact, treaty verification, information assurance, homeland defense, and other approved projects and programs.
• � CI Sensitive Operations. These operations are generally offensive in nature and involve direct or indirect operations against a known adversary intelligence threat. These operations include counter-espionage [CE] and CI projects and are conducted by designated units.

CI COLLECTION

11-7. Collection Activities. CI elements conduct collection activities focused on adversary intelligence threats that target US and multinational interests. CI collection is conducted through the use of sources, assets, official contacts, and other human or multimedia sources to obtain information that impacts the supported unit. CI will not be used as a substitute for Army HUMINT collection. These activities are designed to collect specific information or develop leads concerning adversary intelligence collection requirements, capabilities, efforts, operations, structure, personalities, and methods of operation targeting US and multinational interests. CI collection can result from ongoing CI investigations or operations or serve to initiate CI investigations and/or operations.

11-8. Liaison. CI elements conduct liaison with US, multinational, and HN military and civilian agencies, to include NGO, for the purpose of obtaining information of CI interest and coordinating or deconflicting CI activities. Liaison activities are designed to ensure a cooperative operating environment for CI elements and to develop CI leads for further exploitation.

11-9. CI Collection Activities and Source Operations [CASO]. CASO is used to collect information on direct threats to US Army installations, organizations, activities, and personnel. The CASO program is not intended to be used as a substitute for tactical HUMINT contact operations. CASO can be used to initiate CI investigations, identify potential leads for offensive operations, or develop additional CASO leads. Only designated units, in accordance with applicable policy, will be authorized to pursue investigative and offensive operational leads from ongoing CASO operations.

11-10. Screening. CI Special Agents work jointly with HUMINT Collectors during screening operations to identify civilians on the battlefield, EPWs, detainees, and other noncombatants who may have information of CI interest or to develop CI leads. CI screening is also conducted during the process of hiring HN citizens for Army and DOD employment. Information obtained during screening operations may be used to initiate CI investigations and operations or to cue other intelligence collection disciplines such as HUMINT, IMINT, SIGINT, and MASINT.

11-11. Debriefing. CI Special Agents conduct debriefings of friendly force, HN, or the local population who may have information of CI interest regarding adversary intelligence collection or targeting efforts focused on US and multinational interests.

11-12. Functional Services. CI elements conduct functional services to assist traditional CI activities of investigations, collection, operations, analysis, and production; they also provide tailored support to US, DOD, and Army protection and security programs for commanders at all echelons. CI elements may use one or several of the functional services simultaneously to provide tailored support to a particular CI mission or supported program. CI functional services consist of:

• � CI threat vulnerability assessments [TVAs].
• � Adversary intelligence simulation [Red Team Evaluation].
• � Covering agent support.

11-13. CI Technical Services. CI technical services are used to assist the CI functions of investigations, collections, and operations or to support functional services conducted by CI elements. For additional information on CI technical services, refer to AR 381-20 [SECRET/NOFORN] and FM 34-5. CI technical services consist of:

• � Surveillance.
• � Intelligence polygraphs.
• � TSCM.
• � Computer Network Operations [CNO].
• � IO.
• � Counter-Signals Intelligence [C-SIGINT].

ANALYSIS

11-14. IPB, all-source, and single-source analysis are used to template adversary intelligence activities. Analysis is also used to make recommendations to the commander on how to counter adversary intelligence efforts and to refine CI activities to potentially neutralize and/or exploit those efforts and to continually focus the efforts of CI teams. CI analysis focuses on the multidiscipline adversary intelligence collection threat targeting infor-mation on US multinational personnel, operations, activities, technology, and intentions. Raw information, open-source material, and finished intelligence products are analyzed in response to local and national requirements. Analysis occurs at all levels from tactical to strategic.

• � At the tactical level, CI teams focus their efforts on supporting mission requirements and contributing to the all-source COP.
• � Operational analysis is used to assess how adversary intelligence views and targets US interests; identify US vulnerabilities that could be exploited or targeted; and to determine adversary intelligence targeting methods of operation [MOs].
• � CI collection priorities; assessing adversary intelligence technical options for countering US weapons and intelligence systems; and assessing the impact of technology transfer activities on the US military's technological overmatch.

PRODUCTION

11-15. CI products consist of, but are not limited to, target nomination, CI input to TVAs, CI estimates, and investigative and intelligence information reports. Finalized intelligence derived from CI activities are incorporated into joint and national intelligence databases, assessments, and analysis products. CI products are also incorporated into the COP to support battlefield situational awareness. CI production takes place at all levels.

� Operational and tactical production includes tactical alerts, spot reports, and current intelligence; CI threat and/or vulnerability assessments tailored to specific activities, units, installations, programs, or geographic areas; CI studies to support contingency planning and major exercises; studies of adversary intelligence organization, MO, personnel, activities, and intentions that pose a current or potential threat to the supported command.

� Strategic products include assessments supporting national and Army programs including SAPs and acquisition programs; worldwide assessments of the organization, location, funding, training, operations capabilities, and intentions of terrorist organizations; global trends in adversary intelligence MO; after-action studies of individual espionage cases; analyses of the intelligence collection capabilities of international narcotics trafficking organizations; and multimedia threat products to support Army CI awareness programs.

TECHNICAL SERVICES

11-16. CI organizations with technically trained CI Special Agents are chartered with providing unique technical capabilities to augment CI investigations, collection, and operations. These technical capabilities are not used as substitutes for CI activities, but support traditional CI techniques employed to counter and neutralize adversary intelligence activities targeting US interests.

11-17. Selected CI Special Agents are trained to identify human deception indicators during the course of investigations, operations, and collection missions. Required training and skills include the use of polygraph and emerging biometric technologies that can recognize indications of deception by human sources, contacts, and subjects of investigations, as well as analysis and reporting of results.

11-18. TSCM CI Special Agents are trained in sophisticated electronic and sensing equipment to identify technical collection activities carried out by adversary intelligence entities. The use of TSCM is critical to ensuring that sensitive and/or restricted areas are clear of any adversary intelligence-placed active or passive electronic sensing, or eavesdropping or collection devices. These areas include SCIF, secure working and planning areas, and C2 facilities.

11-19. CNO consist of computer network attack [CNA], computer network defense [CND], and computer network exploitation [CNE]. CI Special Agents are specially trained in the areas of computer operation, network theory and administration, and forensics, along with IO in order to ensure US information dominance. The reliance on networked systems will result in greater emphasis being placed on information assurance. Specially selected CI agents will be trained in CNO in order to assist in protecting US information and information systems while exploiting and/or attacking adversary information and information systems.

11-20. For more information on technical services, refer AR 381-20 and FM 34-5.

OPERATIONAL EMPLOYMENT

11-21. Army CI supports the full spectrum of military operations. The Army requires a well-trained CI force consisting of AC, RC, civilian government employee, and contractor personnel. CI elements are focused on and dedicated to detecting, identifying, neutralizing, and/or exploiting adversary intelligence elements attempting to collect information on US forces. Effective employment of Army CI elements in all phases of operations and at all levels from tactical to strategic is paramount to countering any adversary intelligence threat to US interests and resources. Moreover, Army CI protects special programs that provide R&D, acquisition, and integration of technologies leading to future technological overmatch. CI elements have the capability and authority to conduct complex, nontraditional operations in this Information Age to CE, to both protect critical technologies and satisfy Army, DOD, and national level CI objectives.

LEVELS OF EMPLOYMENT

Strategic and Departmental

11-22. Strategic and departmental operations will be conducted by CI elements supporting national, DOD, and DA required missions [for example, support to NATO and special operations and missions]. Strategic and departmental CI will conduct compartmented investigations and operations to affect the knowledge of adversary intelligence regarding CONOPS and defense information. Army CI will execute the full range of CI functions and missions at the strategic and departmental level including CI investigations and operations, CE, technology protection, SAP support, treaty verification, and technical CI services [polygraph, TSCM, and computer forensics]. Strategic and departmental CI will also support SOF and special mission units [SMUs] within the scope of applicable national, DOD, and DA security policies and regulations.

Operational

11-23. Operational missions of CI elements will support combatant commanders, generally in geographic AOIR. Operational CI elements will focus on threat identification and countering regional adversary intelligence threats. Operational level CI activities and functions include CI investigations and operations, CE, technology protection, SAP support, treaty verification, and technical CI services [polygraph, TSCM, and computer forensics]. CI elements must be capable of quickly transitioning from a peacetime mission to crisis operations to support combatant commander requirements. Theater CI assets will conduct unilateral to multinational operations in designated theaters. Operational elements may also be deployed to support or reinforce tactical forces in CONOPS.

Tactical

11-24. CI teams will conduct operations throughout the battlespace during CONOPS. CONOPS support activities include conduct of CASO, limited CI investigative capability, personnel security investigations, screenings, and debriefings. CI activities in CONOPS focus on countering the adversary intelligence threat and assisting in conducting TVAs. TVAs will be conducted in conjunction with MPs, Engineers, and Medical Service personnel to provide the commander with a comprehensive FP assessment. During peacetime, organic tactical CI teams conduct activities in accordance with approved regulations and command guidance.

SUPPORT TO CONTINGENCY OPERATIONS

11-25. The initial phase of operations from PME to MTW lays the foundation of future team operations. In general, the priority of effort focuses inward on security of operating bases, areas of troop concentration, and C2 nodes to identify the collection threat to US forces that could be used by adversary elements to plan hostile acts against US activities and locations.

11-26. Once security of the operating bases has been established, the operational focus of CI teams shifts outside the operating base to continue to detect, identify, and neutralize the collection threat to US forces as well as to provide I&W of hostile acts targeting US activities. The CI team uses several collection methods, to include CASO, elicitation, and liaison, to answer the supported commander's requirements. This is referred to as the continuation phase. The CI team conducts CI investigations to identify, neutralize, and exploit reported threat intelligence collection efforts.

11-27. A key element to the CI team's success is the opportunity to spot, assess, and develop relationships with potential sources of information. Operating as independent teams, without being tied to ISR or combat assets, enables the CI team's maximum interaction with the local population, thereby maximizing the pool of potential sources of information. Along with the opportunity to spot, assess, and interact with potential sources of information, a second key element of a CI team's success is its approach-ability to the local population. A soft posture enables a CI team to appear as non-threatening as possible. Experience has shown that the local population in general is apprehensive of fully and openly armed patrols and soldiers moving around population centers.

11-28. During some operations, civilian attire or nontactical vehicles may be used to lower the CI team profile. In some special situations, these measures are taken to make the operation less visible to the casual observer. Also, in some cultures, sharing food and beverages among friends is expected; exceptions to restrictions or general orders should be considered to facilitate successful CI team operations, many of which are geared towards developing relationships with potential sources of information.

SUPPORT TO INSTALLATIONS AND OPERATING BASES

11-29. CI teams, as part of a multi-agency team consisting of MPs, CA, medical, and EOD, support the conduct of TVAs of installations and operating bases to identify the intelligence threat to the operating locations. Detailed TVAs identify weaknesses in operational and physical security procedures and recommend countermeasures to mitigate intelligence collection on friendly forces limiting the ability to plan hostile acts on US activities and locations. CI activities supporting installations and operating bases include:

• � Interviewing walk-in sources and locally employed personnel.
• � Screening local national [LN] hires. Commanders, staff planners, and SIOs should always provide input to personnel assigned to establish and negotiate contracts using local national [LN] hires. This requirement ensures that LN hires can be screened, interviewed, and in some instances used as CI sources or assets in order to provide intelligence information that impacts the security of the base camp.
• � Debriefing friendly force personnel who are in contact with the local population, such as:
  •   � ISR patrols.
  •   � MP patrols.
  •   � Combat patrols.
  •   � Liaison personnel.
  •   � CA and PSYOP teams.
• � Conducting limited local open-source information collection.
• � Providing support to TVAs of the base camp.

TACTICS, TECHNIQUES, AND PROCEDURES

11-30. At the CI team level, team members conduct mission analysis and planning specific to their AO. Backwards planning and source profiling are used extensively to choose CI targets. To verify adequate area coverage, the CI team may periodically develop and use CI target overlays and other CI analytical tools that illustrate the CI situation, identify CI gaps, and help refocus the collection effort.

11-31. The CI team is also in constant contact with the supported S2 and the other ISR assets [Scouts, PSYOP, CA, and MP] in order to coordinate and deconflict operations and to cross-check collected information. The supported unit S2, with the help of the CI team, regularly and systematically debriefs all ISR assets.

11-32. The CI team must be integrated into the supported unit's ISR plan. The CI OMT chief will advise the supported unit on the specific capabilities and requirements of the team to maximize mission success.

OPERATIONAL RISK MITIGATION

11-33. The employment of CI teams includes varying degrees of contact with the local population. As the degree of contact with the population increases, both the quantity and quality of CI collection increases. In many instances, however, there is a risk to the CI team inherent with increased exposure to the local population. The decision at what level to employ a CI team is METT-TC dependent. The risk to the CI assets must be balanced with the need to collect priority information and to protect the force as a whole. ROE, SOFA, direction from higher headquarters, and the overall threat level may also restrict the deployment and use of CI teams. The commander should consider exceptions to the ROE to facilitate CI collection.

11-34. Risks are minimized through the situational awareness of CI team members. They plan and rehearse to readily react to any situation and carry the necessary firepower to disengage from difficult situations. If it becomes necessary to call for assistance, adequate and redundant communications equipment is critical. These scenarios and actions should be trained prior to deployment into a contingency area and rehearsed continuously throughout the deployment.

11-35. A supported unit commander is often tempted to keep the CI team "inside the wire" when the THREATCON level increases. The supported commander must weigh the risk versus potential information gain when establishing operational parameters of supporting CI teams. This is necessary especially during high THREATCON levels when the supported unit commander needs as complete a picture as possible of the threat arrayed against US and multinational forces.

11-36. When it is not expedient to deploy the CI team independently due to threat levels or other restrictions, the team can be integrated into other ongoing operations. The CI team may be employed as part of a combat, ISR, or MP patrol or used to support CA, PSYOP, engineer, or other operations. This method reduces the risk to the team while allowing a limited ability to collect information. It has the advantage of placing the team in contact with the local population and allowing it to spot, assess, and interact with potential sources of information. However, this deployment method restricts collection by subordinating the team's efforts to the requirements, locations, and timetables of the unit or operation into which it is integrated and does not allow for the conduct of sensitive source operations. This method of employment should be considered a last resort.

COUNTERINTELLIGENCE EQUIPMENT

11-37. Basic C2, transportation, and weapons requirements do not differ significantly from most soldier requirements and are available as unit issue items. However, CI teams have unique communications, collection, process-ing, and mission-specific requirements.

COMMUNICATIONS

11-38. Dedicated and Secure Long-Range Communications. These are keys to the success of the CI team mission. CI team operations require a secure, three-tiered communications architecture consisting of inter/intra-team radios, vehicle-based communications, and a CI and HUMINT base station.

11-39. Communications Network. The CI team must have access to existing communications networks such as the tactical LAN. The CI team must also be equipped with its own COMSEC devices. It is imperative that the CI team acquire access to the public communication system of the HN. This can be in the form of either landlines or cellular telephones. Such access enables the CI team to develop leads which can provide early indicators to US forces.

11-40. Interoperability. Communications systems must be equipped with an open-ended architecture to allow for expansion and compatibility with other service elements, government organizations, NGOs, and multinational elements to effectively communicate during CONOPS. All ISR systems must be vertically and horizontally integrated to be compatible across all BOSs and with Legacy and Interim Force elements.

11-41. SOTM. To provide real-time and NRT information reporting, CI elements must have the capability to transmit voice, data, imagery, and video while on the move. CI teams must be able to transmit while geographically separated from their parent unit while operating remotely. This broadband requirement can only be achieved through a SATCOM capability and must be achievable while mobile.

CI COLLECTION AND PROCESSING SYSTEMS

11-42. The CI team must rely on automation to achieve and maintain information dominance in a given operation. With time, effective collection planning and management at all echelons, the CI team can collect a wealth of information. The sorting and analysis of this information in a timely and efficient manner is crucial to operations. Automation helps the CI team to report, database, analyze, and evaluate the collected information quickly and to provide the supported unit with accurate data in the form of timely, relevant, accurate, and predictive intelligence.

11-43. Automation hardware and software must be user friendly as well as interoperable among different echelons and services. They must interface with the communications equipment of the CI team as well as facilitate the interface of audiovisual devices. Technical support for hardware and software must be available and responsive.

11-44. The demand for accurate and timely CI reporting, DOCEX, and open-source information has grown tremendously. Biometric [physiological, neuro-logical, thermal analysis, facial and fingerprint recognition] technologies will allow rapid identification, coding, and tracking of adversaries and human sources; as well as cataloging of information concerning EPWs, detainees, and civilians of CI interest on the battlefield. Biometrics will also provide secure authentication of individuals seeking network or facility access.

11-45. CI teams work with multinational forces and other foreign nationals and require the ability to communicate in their respective languages. Often CI personnel have little or no training in the target language, and lack of skilled interpreters can hinder CI activities. CI teams require textual and voice translation devices, source verification, and deception detection machines [biometrics] to improve collection capability and accuracy.

11-46. CI teams require dynamic MLT tools that provide both non-linguists and those with limited linguist skills a comprehensive, accurate means to conduct initial CI screenings and basic interviews in a variety of situations. CI elements will focus on in-depth interviews and communications with persons of higher priority. MLT tools minimize reliance on contract linguists and allow soldiers to concentrate on mission accomplishment.

MISSION SPECIFIC

11-47. The CI team may conduct night operations and must be equipped with NVDs for its members, and photographic and weapons systems. The CI team also may operate in urban and rural areas, where the threat level can vary from semi-hostile to hostile. The safety of the CI team can be enhanced with equipment that can detect, locate, suppress, illuminate, and designate hostile optical and E-O devices. In addition, high power, gyro-stabilized binoculars, which can be used from a moving vehicle, increases the survivability of the CI team and also gives the team another surveillance and collection device.

11-48. Some of the CI team missions may require the documentation of incidents. The CI teams can use the following equipment in their open-source collection efforts.

• � Small, rugged, battery-operated digital camcorders and cameras which are able to interface with the collection and processing systems as well as communication devices.
• � GPSs that can be mounted and dismounted to move in the AO efficiently.
• � Short-range multichannel RF scanning devices that can also identify frequencies which enhance their security.
• � In some cases CI teams require a stand-off, high resolution optical surveillance and recording capability that can provide target iden-tification at extended ranges to protect the intelligence collector while avoiding detection by the adversary target. An advanced optical cap-ability provides intelligence collectors the ability to locate and track adversary targets [passive and hostile] for identification, collection, and target exploitations.

INTEGRATION OF LINGUISTS

11-49. Integrating linguists into the CI team should take place as soon as possible. Security clearances and contractual agreements will help the team determine the level of integration.

11-50. Along with the basic briefing of what is expected of the civilian linguists as interpreters, CI teams should be informed about the civilians' chain of command and the scope of their duties beyond interpreting. The CI team leader must ensure that linguists are trained and capable of completing all tasks expected of them.

BATTLE HAND-OFF

11-51. CI teams are always engaged. A good battle hand-off is critical to smooth transition and mission success. The battle hand-off can directly contribute to mission success or failure of the outgoing team, but especially of the incoming team. The battle hand-off begins the first day the CI team begins to operate in an AO. Regardless of how long the team believes it will operate within the AO, it must ensure there is a seamless transition to an incoming team, other US unit, or agency. The CI team accomplishes this transition by establishing procedures for source administration, database maintenance, and report files.

11-52. Teams must plan and implement a logical and systematic sequence of tasks that enables an incoming team to assume the operations in the AO. Adequate time must be allotted for an effective battle hand-off. In some environments, a few weeks may be necessary to accomplish an effective battle hand-off. Introductions to sources of information, especially CASO sources, are critical, and teams must prioritize their time. During this time the outgoing CI team must familiarize the new CI team with all aspects of the operation, which include past, present, and planned activities within the AO. Area orientation is critical. These include major routes, population centers, potential hot spots, and other points of interest [such as police stations, political centers, and social centers].

ORGANIZATION

11-53. CI activities require a complex C2 relationship to ensure that the requirements of the supported commander are fulfilled while balancing the need for strict integrity and legality of CI operations. This complex relationship balances the role of the SIO as the requirements manager and the 2X as the mission manager with the MI commander as the asset manager.

COMMAND VERSUS CONTROL

11-54. ARFOR will normally deploy as part of a joint, multinational, and/or combined operation. In all cases, commanders at each echelon will exercise command over the forces assigned to their organization. Command includes the authority and responsibility for effectively using resources, planning for and employment of forces, and ensuring that forces accomplish assigned missions. Leaders and staffs exercise control to facilitate mission accomplishment.

11-55. While the MI commander supervises subordinates and produces reports, the *2X synchronizes activities between intelligence units and provides single-source processing and limited analysis. [*2X " indicates 2X functions at all levels.] While the MI commander takes care of the operators executing missions, the *2X obtains the data and reports from higher echelons required to execute the missions.

Staff Responsibilities and Functions

11-56. The *2X staff is responsible for the integration, correlation, and fusion of all Human Sensor information into the Intelligence BOS within the *2X AOIR. The *2X is also responsible for analyzing adversary intelligence collection, terrorist and sabotage activities, developing countermeasures to defeat threat collection activities, identifying and submitting collection requirements to fill CI collection gaps, and providing input to the all-source picture regarding adversary intelligence activities.

11-57. The *2X Staff Officer provides CI and HUMINT collection expertise. The *2X:

• � Is the single focal point for all matters associated with CI and HUMINT in the AOIR.
• � Is the CI and HUMINT advisor to the G2 and commander.
• � Is an extension of the collection manager and ensures that the best asset or combinations of assets are used to satisfy information requirements.
• � Along with his subordinate elements: CICA, HOC, OSC, CIAC, and HAC: exercises technical control over his assigned Army CI and HUMINT elements in the designated AOIR.
• � Is the principal representative of the G2 and the commander when coordinating and deconflicting CI and HUMINT activities with national or theater agencies operating in the AOIR.
• � Supports specific RM efforts in conjunction with the requirements manager through the planning and coordination of CI and HUMINT operations; the review and validation of CI requirements; the recommendation for assignment of tasks to specific collectors; and the conduct of liaison with non-organic HUMINT collection. This liaison includes national level and multinational force assets for source deconfliction and special activities outside the *2X AOIR.
• � Will provide OMTs with capability to reach back to current database information, technical information and guidance, and source deconfliction necessary to monitor the collection activities of the CI teams.
•   � CICA. The CICA is responsible for coordinating and synchronizing all CI activities in the designated AOIR. The CICA exercises technical control over all CI entities in the designated AOIR and deconflicts CI activities with higher, lower, and adjacent CI elements. The CICA accomplishes all responsibilities through coordination with the operational units and other *2X staff elements.
•   � OSC. The OSC in the *2X staff maintains the source registry for all CI activities in the designated AOIR. The OSC provides manage-ment of intelligence property book operations, source incentive programs, and ICFs.
•   � CIAC. The CIAC analyzes adversary intelligence collection capabilities. The CIAC leverages all intelligence discipline reporting and analysis to counter threat collection capabilities against the deployed force. CIAC analysis provides information and analysis to the COP.

11-58. The ACE and JISE CI analysis team analyzes threat intelligence collection and the intelligence collection efforts of foreign organizations involved in terrorism and sabotage in order to develop countermeasures against them. CI analysis cross-cues IMINT, SIGINT, MASINT, and TECHINT resources in addition to CI-related HUMINT reporting and analysis to counter threat collection capabilities against the deployed force. While the HAC supports the positive collection efforts of the force, the CI analysis team supports the "defend" aspects of the commander's FP program.

11-59. CI analysis is the analysis of the adversary's HUMINT, IMINT, SIGINT, and MASINT capabilities in support of intelligence collection, terrorism, and sabotage in order to develop countermeasures against them. It involves a reverse IPB process in which the analyst looks at US forces and operations from the threat's perspective. CI analytical products are an important tool in the COA development in the MDMP. This analytical tool supports the commander's FP program and facilitates the nomination of CI targets for neutralization or exploitation. [See FM 2-01.2 [FM 34-60] for more information on CI analysis.] Specifically, CI analysis-

• � Produces and disseminates CI products and provides input to INTSUMs.
• � Provides collection requirements input to the CICA.
• � Analyzes source reliability and credibility as reflected in reporting and communicating that analysis to the collector.
• � Nominates CI targets for neutralization or exploitation.
• � Identifies and submits CI-related requirements to fill collection gaps.
• � Assists HAC personnel in focusing the CI aspects of the HUMINT collection program.
• � Presents CI analysis products such as CI estimates, target lists, reports, and graphics that support the commander.

11-60. For intelligence reach operations, CI products are available and disseminated in a variety of forms. It is incumbent on the requestor to ensure the CI product can be transmitted over the available communications systems. This includes verifying the appropriate security level of the communications systems.

CI TEAM STRUCTURE

11-61. OMT. The OMT is a four-person team consisting of a WO, two NCOs, and a junior enlisted soldier. [Civilians may be inserted into this structure as appropriate.] Rank structure and standards of grade for OMTs will vary depending upon the skill sets required and mission focus. CI OMTs will provide operational guidance for 1 to 4 CI teams, depending on mission focus and operational tempo. When two or more CI teams are deployed in a DS role, an OMT is also deployed to provide technical control. The OMT works closely with the supported S2 and ACT to furnish current threat information and to answer the supported commander's PIRs and IRs. OMTs coordinate with the supported 2X and manage subordinate CI teams to:

• � Provide guidance and technical control of operational activity.
• � Provide the collection and operational focus for CI teams.
• � Provide quality control and dissemination of reports for subordinate CI teams.
• � Conduct single-discipline CI analysis and assist in mission analysis for the supported commander.
• � Act as a conduit between subordinate CI teams, the CICA, and supported unit headquarters.
• � Provide administrative support for subordinate CI teams to include reporting mission and equipment status to the CICA and the supported unit headquarters.
• � Educate the supported commander on the capabilities of the CI teams.
• � Integrate the CI teams directly into the maneuver commander's ISR planning.

11-62. CI Team. The CI team is a four-person team consisting of two NCOs and two junior enlisted personnel. Rank structure and standards of grade for CI teams will vary depending upon the skill sets required and mission focus. CI teams are trained to execute the full range of CI functions; however, they may be assigned to mission-focused elements [for example, CE, CI projects]. Assignment to a TSCM, polygraph, or information warfare team requires additional, specialized technical training.

Which of the following organizations provides centralized management of DOD CI?

What are counterintelligence functional services?

Who provides signals intelligence in support of CI activities?

Who manages the execution of national intelligence at the department level?