For America's Top Spy Catcher, A World Of Problems To Fix — And Prevent

Enlarge this image toggle caption Courtesy of the Office of the Director of National Intelligence Courtesy of the Office of the Director of National Intelligence

William Evanina holds two official job titles: national counterintelligence executive and director of the National Counterintelligence and Security Center.

Eyes glazing over? Here's a simpler way to think of him: as the nation's spy catcher in chief.

As the head of U.S. counterintelligence, Evanina is in charge of keeping America's secrets out of enemy hands. 2016 has proved an exceptionally challenging year, between Russian hacks and another massive data breach at the National Security Agency.

But before we get to those, here's a story that yields some insight into the kind of year Evanina has had: On May 4, he was meeting a friend and former colleague at the Silver Diner in McLean, Va. They were tucking into lunch when they heard a crash.

"A lot of people started yelling, 'Gun!' And then there was multiples crashes," Evanina remembers.

A Hummer had slammed into the diner. The man driving it — a cook who had been suspended — backed up and tried again, three or four times.

"And then he set himself on fire, trying to burn the restaurant down," says Evanina, who may now run counterintelligence efforts for the entire U.S. government, but remains — by training and instinct — an FBI agent.

Evanina helped pull the man from the burning Hummer. And then he cuffed him.

"I'm still an FBI agent," he says, "and until that day is over, I will be an FBI agent, and that entails carrying handcuffs."

One customer died from his injuries. The man Evanina cuffed — the suspended cook — was charged with second-degree murder.

"Crazy things happen," says Evanina. "I just happened to be in the right place at the right time. When you look at that individual, that is the epitome of the insider threat."

Insider threats are a phenomenon Evanina has had to confront more often than he might have liked over his 27-year career. In 2013, when NSA contractor Edward Snowden fled the country carrying a laptop stuffed with secrets, Evanina was assigned to the investigation. At the time, he was assistant special agent in charge of the FBI's Washington field office.

This, he says, "makes it difficult for me to opine on Edward Snowden. But in my job now, I handle the damage assessment aspect of Mr. Snowden. On a quarterly basis, we develop a damage assessment, provide that to Congress and the White House."

That means every three months, Evanina briefs official Washington on the ongoing fallout from Snowden. Which raises the question: How much classified material may yet come to light? Evanina says Snowden is estimated to have taken 1.5 million documents.

"If you subtract the give or take 1,000 that have been disclosed, there's a lot more to go," he says. "We have a pretty good fundamental idea, every agency does, as to what documents were stolen by Mr. Snowden. And we've put them into tranches, in terms of significance and in terms of damage that could be caused. And every day, every [U.S. intelligence] agency is watching the world media to see what's being disclosed."

This year, the world learned of yet another possible inside job at the NSA. Harold "Hal" Martin III, another contractor, was arrested in August. Like Snowden, he had worked at the NSA. He was working for the Pentagon at the time of his arrest.

Federal prosecutors have not claimed evidence of links between Martin and a foreign power. But at his house in Maryland, investigators found huge piles of classified documents, which Martin is alleged to have stolen over a two-decade period.

Coming just three years after the Snowden episode, is there any way to view Martin's case as something other than an epic security failure?

Evanina says there is. "Someone who is in an insider threat, who's seeking to do damage, will do the damage," he says. "It's really, really difficult to stop that person once they've made a decision."

Evanina says the answer is not to rely on intrusive security checks. He insists the NSA's internal security is excellent. Instead, he argues that spy agencies need to do a better job of monitoring behavioral indicators: identifying when employees are vulnerable — whether through financial or marital troubles or because they've been passed over for promotion — and then intervening before they act in detrimental ways.

Evanina also says that obsessing over Snowden or Martin will get you only so far. "We spend a lot of time on fixing what's happened, and not enough time on what the future looks like six months from now," he says. "What are the new technologies and capabilities to take [classified materials] away?"

Speaking of the future, Evanina will spend the next several weeks helping to pull together a White House-ordered review of election year cyber-intrusions. The review follows an October statement issued by Evanina's boss, Director of National Intelligence James Clapper, and by the Department of Homeland Security, which concludes that Russia's "senior-most officials" authorized recent hacks.

Evanina's role is to unravel which Russian spy agencies were involved.

"It gets characterized as the 'government of Russia,' " he says. "Well, in our world, it's a little bit more complicated than that."

An investigation by the private cybersecurity firm Crowdstrike has attributed the hacks to Russia's military and domestic security agencies. Evanina is probing that further.

"There's an intense competitiveness within the Russian intelligence services," he notes. "The GRU [main intelligence directorate] and the SVR [foreign intelligence service] and the FSB [federal security service] are competing for resource dollars and for activity here in the U.S."

That presents both challenge and opportunity for American spy agencies. Knowing which specific adversary they're dealing with, Evanina says, helps to inform the response.

Meanwhile, he estimates that more than 100 Russian spies are operating on U.S. soil right now.

"They're here to do their country's bidding," he says. "Acquiring plans and intentions of our country, and stealing our trade secrets and proprietary information. Our job is to identify them and track them down, surveil them and neutralize their efforts."

As to where the Russians operate, Evanina says they're in big cities: "Washington, D.C. New York City. Los Angeles. San Francisco. Our innovation hubs."

That's because Russian intelligence officers are focused on America's energy, telecommunications and financial sectors, he says. So there's plenty to keep Evanina busy until next June, when he wraps up his tour as the country's top spy catcher.