This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
Counterintelligence is an activity aimed at protecting an agency's intelligence program from an opposition's intelligence service. It includes gathering information and conducting activities to prevent espionage, sabotage, assassinations or other intelligence activities conducted for or on behalf of foreign powers, organizations or persons.
Many countries will have multiple organisations focusing on a different aspect of counterintelligence, such as domestic, international, and counter-terrorism. Some states will formalise it as part of the police structure, such as the United States' Federal Bureau of Investigation. Others will establish independent bodies, such as the United Kingdom's MI5.
Modern tactics of espionage and dedicated government intelligence agencies developed over the course of the late-19th century. A key background to this development was The Great Game - the strategic rivalry and conflict between the British Empire and the Russian Empire throughout Central Asia between 1830 and 1895. To counter Russian ambitions in the region and the potential threat it posed to the British position in India, the Indian Civil Service built up a system of surveillance, intelligence and counterintelligence. The existence of this shadowy conflict was popularized in Rudyard Kipling's famous spy book, Kim (1901), where he portrayed the Great Game (a phrase Kipling popularized) as an espionage and intelligence conflict that "never ceases, day or night".
The establishment of dedicated intelligence and counterintelligence organizations had much to do with the colonial rivalries between the major European powers and to the accelerating development of military technology. As espionage became more widely used, it became imperative to expand the role of existing police and internal security forces into a role of detecting and countering foreign spies. The Evidenzbureau (founded in the Austrian Empire in 1850) had the role from the late-19th century of countering the actions of the Pan-Slavist movement operating out of Serbia.
After the fallout from the Dreyfus Affair of 1894–1906 in France, responsibility for French military counter-espionage passed in 1899 to the Sûreté générale—an agency originally responsible for order enforcement and public safety—and overseen by the Ministry of the Interior.
The Okhrana initially formed in 1880 to combat political terrorism and left-wing revolutionary activity throughout the Russian Empire, was also tasked with countering enemy espionage. Its main concern was the activities of revolutionaries, who often worked and plotted subversive actions from abroad. It set up a branch in Paris, run by Pyotr Rachkovsky, to monitor their activities. The agency used many methods to achieve its goals, including covert operations, undercover agents, and "perlustration"—the interception and reading of private correspondence. The Okhrana became notorious for its use of agents provocateurs, who often succeeded in penetrating the activities of revolutionary groups - including the Bolsheviks.
Integrated counterintelligence agencies run directly by governments were also established. The British government founded the Secret Service Bureau in 1909 as the first independent and interdepartmental agency fully in control over all government counterintelligence activities.
Due to intense lobbying from William Melville and after he obtained German mobilization plans and proof of their financial support to the Boers, the British government authorized the formation of a new intelligence section in the War Office, MO3 (subsequently redesignated MO5) headed by Melville, in 1903. Working under-cover from a flat in London, Melville ran both counterintelligence and foreign intelligence operations, capitalizing on the knowledge and foreign contacts he had accumulated during his years running Special Branch.
Due to its success, the Government Committee on Intelligence, with support from Richard Haldane and Winston Churchill, established the Secret Service Bureau in 1909 as a joint initiative of the Admiralty, the War Office and the Foreign Office to control secret intelligence operations in the UK and overseas, particularly concentrating on the activities of the Imperial German government. Its first director was Captain Sir George Mansfield Smith-Cumming alias "C". The Secret Service Bureau was split into a foreign and counter-intelligence domestic service in 1910. The latter, headed by Sir Vernon Kell, originally aimed at calming public fears of large-scale German espionage. As the Service was not authorized with police powers, Kell liaised extensively with the Special Branch of Scotland Yard (headed by Basil Thomson), and succeeded in disrupting the work of Indian revolutionaries collaborating with the Germans during the war. Instead of a system whereby rival departments and military services would work on their own priorities with little to no consultation or cooperation with each other, the newly established Secret Intelligence Service was interdepartmental, and submitted its intelligence reports to all relevant government departments.
For the first time, governments had access to peacetime, centralized independent intelligence and counterintelligence bureaucracy with indexed registries and defined procedures, as opposed to the more ad hoc methods used previously.
Collective counterintelligence is gaining information about an opponent's intelligence collection capabilities whose aim is at an entity.
Defensive counterintelligence is thwarting efforts by hostile intelligence services to penetrate the service.
Offensive counterintelligence is having identified an opponent's efforts against the system, trying to manipulate these attacks by either "turning" the opponent's agents into double agents or feeding them false information to report.
Counterintelligence, counterterror, and government
Many governments organize counterintelligence agencies separately and distinct from their intelligence collection services. In most countries the counterintelligence mission is spread over multiple organizations, though one usually predominates. There is usually a domestic counterintelligence service, usually part of a larger law enforcement organization such as the Federal Bureau of Investigation in the United States.
The United Kingdom has the separate Security Service, also known as MI5, which does not have direct police powers but works closely with law enforcement especially Special Branch that can carry out arrests, do searches with a warrant, etc.
Canada separates the functions of general defensive counterintelligence (contre-ingérence), security intelligence (the intelligence preparation necessary to conduct offensive counterintelligence), law enforcement intelligence, and offensive counterintelligence.
Military organizations have their own counterintelligence forces, capable of conducting protective operations both at home and when deployed abroad. Depending on the country, there can be various mixtures of civilian and military in foreign operations. For example, while offensive counterintelligence is a mission of the US CIA's National Clandestine Service, defensive counterintelligence is a mission of the U.S. Diplomatic Security Service (DSS), Department of State, who work on protective security for personnel and information processed abroad at US Embassies and Consulates.
The term counter-espionage is really specific to countering HUMINT, but, since virtually all offensive counterintelligence involves exploiting human sources, the term "offensive counterintelligence" is used here to avoid some ambiguous phrasing.
Other countries also deal with the proper organization of defenses against Foreign Intelligence Services (FIS), often with separate services with no common authority below the head of government.
France, for example, builds its domestic counterterror in a law enforcement framework. In France, a senior anti-terror magistrate is in charge of defense against terrorism. French magistrates have multiple functions that overlap US and UK functions of investigators, prosecutors, and judges. An anti-terror magistrate may call upon France's domestic intelligence service Direction générale de la sécurité intérieure (DGSI), which may work with the Direction générale de la sécurité extérieure (DGSE), foreign intelligence service.
Spain gives its Interior Ministry, with military support, the leadership in domestic counterterrorism. For international threats, the National Intelligence Center (CNI) has responsibility. CNI, which reports directly to the Prime Minister, is staffed principally by which is subordinated directly to the Prime Minister's office. After the March 11, 2004 Madrid train bombings, the national investigation found problems between the Interior Ministry and CNI, and, as a result, the National Anti-Terrorism Coordination Center was created. Spain's 3/11 Commission called for this Center to do operational coordination as well as information collection and dissemination. The military has organic counterintelligence to meet specific military needs.
Frank Wisner, a well-known CIA operations executive said of the autobiography of Director of Central Intelligence Allen W. Dulles, that Dulles "disposes of the popular misconception that counterintelligence is essentially a negative and responsive activity, that it moves only or chiefly in reaction to situations thrust upon it and in counter to initiatives mounted by the opposition." Rather, he sees that can be most effective, both in information gathering and protecting friendly intelligence services, when it creatively but vigorously attacks the "structure and personnel of hostile intelligence services." Today's counterintelligence missions have broadened from the time when the threat was restricted to the foreign intelligence services (FIS) under the control of nation-states. Threats have broadened to include threats from non-national or trans-national groups, including internal insurgents, organized crime, and transnational based groups (often called "terrorists", but that is limiting). Still, the FIS term remains the usual way of referring to the threat against which counterintelligence protects.
In modern practice, several missions are associated with counterintelligence from the national to the field level.
- Defensive analysis is the practice of looking for vulnerabilities in one's own organization, and, with due regard for risk versus benefit, closing the discovered holes.
- Offensive counterespionage is the set of techniques that at least neutralizes discovered FIS personnel and arrests them or, in the case of diplomats, expels them by declaring them persona non grata. Beyond that minimum, it exploits FIS personnel to gain intelligence for one's own side, or actively manipulates the FIS personnel to damage the hostile FIS organization.
- Counterintelligence force protection source operations (CFSO) are human source operations, conducted abroad that are intended to fill the existing gap in national-level coverage in protecting a field station or force from terrorism and espionage.
Counterintelligence is part of intelligence cycle security, which, in turn, is part of intelligence cycle management. A variety of security disciplines also fall under intelligence security management and complement counterintelligence, including:
- Physical security
- Personnel security
- Communications security (COMSEC)
- Informations system security (INFOSEC)
- security classification
- Operations security (OPSEC)
The disciplines involved in "positive security," measures by which one's own society collects information on its actual or potential security, complement security. For example, when communications intelligence identifies a particular radio transmitter as one used only by a particular country, detecting that transmitter inside one's own country suggests the presence of a spy that counterintelligence should target. In particular, counterintelligence has a significant relationship with the collection discipline of HUMINT and at least some relationship with the others. Counterintelligence can both produce information and protect it.
Governments try to protect three things:
- Their personnel
- Their installations
- Their operations
In many governments, the responsibility for protecting these things is split. Historically, CIA assigned responsibility for protecting its personnel and operations to its Office of Security, while it assigned the security of operations to multiple groups within the Directorate of Operations: the counterintelligence staff and the area (or functional) unit, such as Soviet Russia Division. At one point, the counterintelligence unit operated quite autonomously, under the direction of James Jesus Angleton. Later, operational divisions had subordinate counterintelligence branches, as well as a smaller central counterintelligence staff. Aldrich Ames was in the Counterintelligence Branch of Europe Division, where he was responsible for directing the analysis of Soviet intelligence operations. US military services have had a similar and even more complex split.
This kind of division clearly requires close coordination, and this in fact occurs on a daily basis. The interdependence of the US counterintelligence community is also manifest in our relationships with liaison services. We cannot cut off these relationships because of concern about security, but experience has certainly shown that we must calculate the risks involved.
On the other side of the CI coin, counterespionage has one purpose that transcends all others in importance: penetration. The emphasis which the KGB places on penetration is evident in the cases already discussed from the defensive or security viewpoint. The best security system in the world cannot provide an adequate defense against it because the technique involves people. The only way to be sure that an enemy has been contained is to know his plans in advance and in detail.
Moreover, only a high-level penetration of the opposition can tell you whether your own service is penetrated. A high-level defector can also do this, but the adversary knows that he defected and within limits can take remedial action. Conducting CE without the aid of penetrations is like fighting in the dark. Conducting CE with penetrations can be like shooting fish in a barrel.
In the British service, the cases of the Cambridge Five, and the later suspicions about MI5 chief Sir Roger Hollis caused great internal dissension. Clearly, the British were penetrated by Philby, but it has never been determined, in any public forum, if there were other serious penetrations. In the US service, there was also significant disruption over the contradictory accusations about moles from defectors Anatoliy Golitsyn and Yuri Nosenko, and their respective supporters in CIA and the British Security Service (MI5). Golitsyn was generally believed by Angleton. George Kisevalter, the CIA operations officer that was the CIA side of the joint US-UK handling of Oleg Penkovsky, did not believe Angleton's theory that Nosenko was a KGB plant. Nosenko had exposed John Vassall, a KGB asset principally in the British Admiralty, but there were arguments Vassall was a KGB sacrifice to protect other operations, including Nosenko and a possibly more valuable source on the Royal Navy.
Defensive counterintelligence starts by looking for places in one's own organization that could easily be exploited by foreign intelligence services (FIS). FIS is an established term of art in the counterintelligence community, and, in today's world, "foreign" is shorthand for "opposing." Opposition might indeed be a country, but it could be a transnational group or an internal insurgent group. Operations against a FIS might be against one's own nation, or another friendly nation. The range of actions that might be done to support a friendly government can include a wide range of functions, certainly including military or counterintelligence activities, but also humanitarian aid and aid to development ("nation building").
Terminology here is still emerging, and "transnational group" could include not only terrorist groups but also transnational criminal organization. Transnational criminal organizations include the drug trade, money laundering, extortion targeted against computer or communications systems, smuggling, etc.
"Insurgent" could be a group opposing a recognized government by criminal or military means, as well as conducting clandestine intelligence and covert operations against the government in question, which could be one's own or a friendly one.
Counterintelligence and counterterrorism analyses provide strategic assessments of foreign intelligence and terrorist groups and prepare tactical options for ongoing operations and investigations. Counterespionage may involve proactive acts against foreign intelligence services, such as double agents, deception, or recruiting foreign intelligence officers. While clandestine HUMINT sources can give the greatest insight into the adversary's thinking, they may also be most vulnerable to the adversary's attacks on one's own organization. Before trusting an enemy agent, remember that such people started out as being trusted by their own countries and may still be loyal to that country.
Offensive counterintelligence operations
Wisner emphasized his own, and Dulles', views that the best defense against foreign attacks on, or infiltration of, intelligence services is active measures against those hostile services. This is often called counterespionage: measures taken to detect enemy espionage or physical attacks against friendly intelligence services, prevent damage and information loss, and, where possible, to turn the attempt back against its originator. Counterespionage goes beyond being reactive and actively tries to subvert hostile intelligence service, by recruiting agents in the foreign service, by discrediting personnel actually loyal to their own service, and taking away resources that would be useful to the hostile service. All of these actions apply to non-national threats as well as to national organizations.
If the hostile action is in one's own country or in a friendly one with co-operating police, the hostile agents may be arrested, or, if diplomats, declared persona non grata. From the perspective of one's own intelligence service, exploiting the situation to the advantage of one's side is usually preferable to arrest or actions that might result in the death of the threat. The intelligence priority sometimes comes into conflict with the instincts of one's own law enforcement organizations, especially when the foreign threat combines foreign personnel with citizens of one's country.
In some circumstances, arrest may be a first step in which the prisoner is given the choice of co-operating or facing severe consequence up to and including a death sentence for espionage. Co-operation may consist of telling all one knows about the other service but preferably actively assisting in deceptive actions against the hostile service.
Counterintelligence protection of intelligence services
Defensive counterintelligence specifically for intelligence services involves risk assessment of their culture, sources, methods and resources. Risk management must constantly reflect those assessments, since effective intelligence operations are often risk-taking. Even while taking calculated risks, the services need to mitigate risk with appropriate countermeasures.
FIS are especially able to explore open societies and, in that environment, have been able to subvert insiders in the intelligence community. Offensive counterespionage is the most powerful tool for finding penetrators and neutralizing them, but it is not the only tool. Understanding what leads individuals to turn on their own side is the focus of Project Slammer. Without undue violations of personal privacy, systems can be developed to spot anomalous behavior, especially in the use of information systems.
Decision makers require intelligence free from hostile control or manipulation. Since every intelligence discipline is subject to manipulation by our adversaries, validating the reliability of intelligence from all collection platforms is essential. Accordingly, each counterintelligence organization will validate the reliability of sources and methods that relate to the counterintelligence mission in accordance with common standards. For other mission areas, we will examine collection, analysis, dissemination practices, and other intelligence activities and will recommend improvements, best practices, and common standards.
Intelligence is vulnerable not only to external but also to internal threats. Subversion, treason, and leaks expose vulnerabilities, governmental and commercial secrets, and intelligence sources and methods. The insider threat has been a source of extraordinary damage to US national security, as with Aldrich Ames, Robert Hanssen, and Edward Lee Howard, all of whom had access to major clandestine activities. Had an electronic system to detect anomalies in browsing through counterintelligence files been in place, Robert Hanssen's searches for suspicion of activities of his Soviet (and later Russian) paymasters might have surfaced early. Anomalies might simply show that an especially-creative analyst has a trained intuition possible connections and is trying to research them.
Adding the new tools and techniques to [national arsenals], the counterintelligence community will seek to manipulate foreign spies, conduct aggressive investigations, make arrests and, where foreign officials are involved, expel them for engaging in practices inconsistent with their diplomatic status or exploit them as an unwitting channel for deception, or turn them into witting double agents. "Witting" is a term of intelligence art that indicates that one is not only aware of a fact or piece of information but also aware of its connection to intelligence activities.
Victor Suvorov, the pseudonym of a former Soviet military intelligence (GRU) officer, makes the point that a defecting HUMINT officer is a special threat to walk-in or other volunteer assets of the country that he is leaving. Volunteers who are "warmly welcomed" do not take into consideration the fact that they are despised by hostile intelligence agents.
The Soviet operational officer, having seen a great deal of the ugly face of communism, very frequently feels the utmost repulsion to those who sell themselves to it willingly. And when a GRU or KGB officer decides to break with his criminal organization, something which fortunately happens quite often, the first thing he will do is try to expose the hated volunteer.
Counterintelligence force protection source operations
Attacks against military, diplomatic, and related facilities are a very real threat, as demonstrated by the 1983 attacks against French and US peacekeepers in Beirut, the 1996 attack on the Khobar Towers in Saudi Arabia, 1998 attacks on Colombian bases and on U.S. embassies (and local buildings) in Kenya and Tanzania the 2000 attack on the USS Cole, and many others. The U.S. military force protection measures are the set of actions taken against military personnel and family members, resources, facilities and critical information, and most countries have a similar doctrine for protecting those facilities and conserving the potential of the forces. Force protection is defined to be a defense against deliberate attack, not accidents or natural disasters.
Counterintelligence Force Protection Source Operations (CFSO) are human source operations, normally clandestine in nature, conducted abroad that are intended to fill the existing gap in national level coverage, as well as satisfying the combatant commander's intelligence requirements. Military police and other patrols that mingle with local people may indeed be valuable HUMINT sources for counterintelligence awareness, but are not themselves likely to be CFSOs. Gleghorn distinguishes between the protection of national intelligence services, and the intelligence needed to provide combatant commands with the information they need for force protection. There are other HUMINT sources, such as military reconnaissance patrols that avoid mixing with foreign personnel, that indeed may provide HUMINT, but not HUMINT especially relevant to counterintelligence. Active countermeasures, whether for force protection, protection of intelligence services, or protection of national security interests, are apt to involve HUMINT disciplines, for the purpose of detecting FIS agents, involving screening and debriefing of non-tasked human sources, also called casual or incidental sources. such as:
- walk-ins and write-ins (individuals who volunteer information)
- unwitting sources (any individual providing useful information to counterintelligence, who in the process of divulging such information may not know they are aiding an investigation)
- defectors and enemy prisoners of war (EPW)
- refugee populations and expatriates
- interviewees (individuals contacted in the course of an investigation)
- official liaison sources.
Physical security is important, but it does not override the role of force protection intelligence... Although all intelligence disciplines can be used to gather force protection intelligence, HUMINT collected by intelligence and CI agencies plays a key role in providing indications and warning of terrorist and other force protection threats.
Force protection, for forces deployed in host countries, occupation duty, and even at home, may not be supported sufficiently by a national-level counterterrorism organization alone. In a country, colocating FPCI personnel, of all services, with military assistance and advisory units, allows agents to build relationships with host nation law enforcement and intelligence agencies, get to know the local environments, and improve their language skills. FPCI needs a legal domestic capability to deal with domestic terrorism threats.
As an example of terrorist planning cycles, the Khobar Towers attack shows the need for long-term FPCI. "The Hizballah operatives believed to have conducted this attack began intelligence collection and planning activities in 1993. They recognized American military personnel were billeted at Khobar Towers in the fall of 1994 and began surveillance of the facility, and continued to plan, in June 1995. In March 1996, Saudi Arabian border guards arrested a Hizballah member attempting plastic explosive into the country, leading to the arrest of two more Hizballah members. Hizballah leaders recruited replacements for those arrested, and continued planning for the attack."
Defensive counterintelligence operations
In U.S. doctrine, although not necessarily that of other countries, CI is now seen as primarily a counter to FIS HUMINT. In the 1995 US Army counterintelligence manual, CI had a broader scope against the various intelligence collection disciplines. Some of the overarching CI tasks are described as
- Developing, maintaining, and disseminating multidiscipline threat data and intelligence files on organizations, locations, and individuals of CI interest. This includes insurgent and terrorist infrastructure and individuals who can assist in the CI mission.
- Educating personnel in all fields of security. A component of this is the multidiscipline threat briefing. Briefings can and should be tailored, both in scope and classification level. Briefings could then be used to familiarize supported commands with the nature of the multidiscipline threat posed against the command or activity.
More recent US joint intelligence doctrine restricts its primary scope to counter-HUMINT, which usually includes counter-terror. It is not always clear, under this doctrine, who is responsible for all intelligence collection threats against a military or other resource. The full scope of US military counterintelligence doctrine has been moved to a classified publication, Joint Publication (JP) 2-01.2, Counterintelligence and Human Intelligence Support to Joint Operations.
More specific countermeasures against intelligence collection disciplines are listed below
|Discipline||Offensive CI||Defensive CI|
|HUMINT||Counterreconnaissance, offensive counterespionage||Deception in operations security|
|SIGINT||Recommendations for kinetic and electronic attack||Radio OPSEC, use of secure telephones, SIGSEC, deception|
|IMINT||Recommendations for kinetic and electronic attack||Deception, OPSEC countermeasures, deception (decoys, camouflage)
If accessible, use SATRAN reports of satellites overhead to hide or stop activities while being viewed
Counter-HUMINT deals with both the detection of hostile HUMINT sources within an organization, or the detection of individuals likely to become hostile HUMINT sources, as a mole or double agent. There is an additional category relevant to the broad spectrum of counterintelligence: why one becomes a terrorist.
The acronym MICE:
- Compromise (or coercion)
describes the most common reasons people break trust and disclose classified materials, reveal operations to hostile services, or join terrorist groups. It makes sense, therefore, to monitor trusted personnel for risks in these areas, such as financial stress, extreme political views, potential vulnerabilities for blackmail, and excessive need for approval or intolerance of criticism. With luck, problems in an employee can be caught early, assistance can be provided to correct them, and not only is espionage avoided, but a useful employee retained.
Sometimes, the preventive and neutralization tasks overlap, as in the case of Earl Edwin Pitts. Pitts had been an FBI agent who had sold secret information to the Soviets, and, after the fall of the USSR, to the Russians. He was caught by an FBI false flag sting, in which FBI agents, posing as Russian FSB agents, came to Pitts with an offer to "reactivate" him. His activities seemed motivated by both money and ego over perceived bad treatment when he was an FBI agent. His sentence required him to tell the FBI all he knew of foreign agents. Ironically, he told them of suspicious actions by Robert Hanssen, which were not taken seriously at the time.
Motivations for information and operations disclosure
To go beyond slogans, Project Slammer was an effort of the Intelligence Community Staff, under the Director of Central Intelligence, to come up with characteristics of an individual likely to commit espionage against the United States. It "examines espionage by interviewing and psychologically assessing actual espionage subjects. Additionally, persons knowledgeable of subjects are contacted to better understand the subjects' private lives and how they are perceived by others while conducting espionage."
|Basic belief structure||– Special, even unique.
– The individual's situation is not satisfactory.
– No other (easier) option (than to engage in espionage).
– Doing only what others frequently do.
– Not a bad person.
– Performance in a government job (if presently employed) is separate from espionage; espionage does not (really) discount contribution in the workplace.
– Security procedures do not (really) apply to the individual.
– Security programs (e.g., briefings) have no meaning for the individual unless they connect with something with which they can personally identify.
|Feels isolated from the consequences of his actions:||– The individual sees their situation in a context in which they face continually narrowing options until espionage seems reasonable. The process that evolves into espionage reduces barriers, making it essentially "Okay" to initiate the crime.
– They see espionage as a "Victimless" crime.
– Once they consider espionage, they figure out how it might be done. These are mutually reinforcing, often simultaneous events.
– Subject finds that it is easy to go around security safeguards (or is able to solve that problem). They belittle the security system, feeling that if the information was really important espionage would be hard to do (the information would really be better protected). This "Ease of accomplishment" further reinforces resolve.
|Attempts to cope with espionage activity||– Anxious on initial hostile intelligence service contact (some also feel thrill and excitement).
– After a relationship with espionage activity and HOIS develops, the process becomes much more bearable, espionage continues (even flourishes).
– In the course of long-term activity, subjects may reconsider their involvement.
– Some consider breaking their role to become an operative for the government. This occurs when access to classified information is lost or there is a perceived need to prove themselves or both.
– Others find that espionage activity becomes stressful, they no longer want it. Glamour (if present earlier) subsides. They are reluctant to continue. They may even break contact.
– Sometimes they consider telling authorities what they have done. Those wanting to reverse their role aren't confessing, they're negotiating. Those who are "Stressed out" want to confess. Neither wants punishment. Both attempt to minimize or avoid punishment.
According to a press report about Project Slammer and Congressional oversight of counterespionage, one fairly basic function is observing one's own personnel for behavior that either suggests that they could be targets for foreign HUMINT, or may already have been subverted. News reports indicate that in hindsight, red flags were flying but not noticed. In several major penetrations of US services, such as Aldrich Ames, the Walker ring or Robert Hanssen, the individual showed patterns of spending inconsistent with their salary. Some people with changed spending may have a perfectly good reason, such as an inheritance or even winning the lottery, but such patterns should not be ignored.
Personnel in sensitive positions, who have difficulty getting along with peers, may become risks for being compromised with an approach based on ego. William Kampiles, a low-level worker in the CIA Watch Center, sold, for a small sum, the critical operations manual on the KH-11 reconnaissance satellite. To an interviewer, Kampiles suggested that if someone had noted his "problem"—constant conflicts with supervisors and co-workers—and brought in outside counseling, he might not have stolen the KH-11 manual.
By 1997, the Project Slammer work was being presented at public meetings of the Security Policy Advisory Board. While a funding cut caused the loss of impetus in the mid-nineties, there are research data used throughout the security community. They emphasize the
essential and multi-faceted motivational patterns underlying espionage. Future Slammer analyses will focus on newly developing issues in espionage such as the role of money, the new dimensions of loyalty and what seems to be a developing trend toward economic espionage.
Counter-SIGINT (Signals Intelligence)
Military and security organizations will provide secure communications, and may monitor less secure systems, such as commercial telephones or general Internet connections, to detect inappropriate information being passed through them. Education on the need to use secure communications, and instruction on using them properly so that they do not become vulnerable to specialized technical interception.
Counter-IMINT (Imagery Intelligence)
The basic methods of countering IMINT are to know when the opponent will use imaging against one's own side, and interfering with the taking of images. In some situations, especially in free societies, it must be accepted that public buildings may always be subject to photography or other techniques.
Countermeasures include putting visual shielding over sensitive targets or camouflaging them. When countering such threats as imaging satellites, awareness of the orbits can guide security personnel to stop an activity, or perhaps cover the sensitive parts, when the satellite is overhead. This also applies to imaging on aircraft and UAVs, although the more direct expedient of shooting them down, or attacking their launch and support area, is an option in wartime.
Counter-OSINT (Open-Source Intelligence)
While the concept well precedes the recognition of a discipline of OSINT, the idea of censorship of material directly relevant to national security is a basic OSINT defense. In democratic societies, even in wartime, censorship must be watched carefully lest it violate reasonable freedom of the press, but the balance is set differently in different countries and at different times.
The United Kingdom is generally considered to have a very free press, but there is the DA-Notice, formerly D-notice system. Many British journalists find that the system is used fairly, but there will always be arguments. In the specific context of counterintelligence, note that Peter Wright, a former senior member of the Security Service who left their service without his pension, moved to Australia before publishing his book Spycatcher. While much of the book was reasonable commentary, it revealed some specific and sensitive techniques, such as Operation RAFTER, a means of detecting the existence and setting of radio receivers.
Counter-MASINT (Measurement and Signature Intelligence)
MASINT is mentioned here for completeness, but the discipline contains so varied a range of technologies that a type-by-type strategy is beyond the current scope. One example, however, can draw on the Operation RAFTER technique revealed in Wright's book. With the knowledge that Radiofrequency MASINT was being used to pick up an internal frequency in radio receivers, it would be possible to design a shielded receiver that would not radiate the signal that RAFTER monitored.
Theory of offensive counterintelligence
Offensive techniques in current counterintelligence doctrine are principally directed against human sources, so counterespionage can be considered a synonym for offensive counterintelligence. At the heart of exploitation operations is the objective to degrade the effectiveness of an adversary's intelligence service or a terrorist organization. Offensive counterespionage (and counterterrorism) is done one of two ways, either by manipulating the adversary (FIS or terrorist) in some manner or by disrupting the adversary's normal operations.
Defensive counterintelligence operations that succeed in breaking up a clandestine network by arresting the persons involved or by exposing their actions demonstrate that disruption is quite measurable and effective against FIS if the right actions are taken. If defensive counterintelligence stops terrorist attacks, it has succeeded.
Offensive counterintelligence seeks to damage the long-term capability of the adversary. If it can lead a national adversary into putting large resources into protecting from a nonexistent threat, or if it can lead terrorists to assume that all of their "sleeper" agents in a country have become unreliable and must be replaced (and possibly killed as security risks), there is a greater level of success than can be seen from defensive operations alone, To carry out offensive counterintelligence, however, the service must do more than detect; it must manipulate persons associated with the adversary.
The Canadian Department of National Defence makes some useful logical distinctions in its Directive on its National Counter-Intelligence Unit. The terminology is not the same as used by other services, but the distinctions are useful:
- "Counter-intelligence (contre-ingérence) means activities concerned with identifying and counteracting threats to the security of DND employees, CF members, and DND and CF property and information, that are posed by hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This corresponds to defensive counterintelligence in other services.
- "Security intelligence (renseignement de sécurité) means intelligence on the identity, capabilities and intentions of hostile intelligence services, organizations or individuals, who are or may be engaged in espionage, sabotage, subversion, terrorist activities, organized crime or other criminal activities." This does not (emphasis added) correspond directly to offensive counterintelligence, but is the intelligence preparation necessary to conduct offensive counterintelligence.
- The duties of the Canadian Forces National Counter-Intelligence Unit include "identifying, investigating and countering threats to the security of the DND and the CF from espionage, sabotage, subversion, terrorist activities, and other criminal activity; identifying, investigating and countering the actual or possible compromise of highly classified or special DND or CF material; conducting CI security investigations, operations and security briefings and debriefings to counter threats to, or to preserve, the security of DND and CF interests." This mandate is a good statement of a mandate to conduct offensive counterintelligence.
DND further makes the useful clarification, "The security intelligence process should not be confused with the liaison conducted by members of the Canadian Forces National Investigation Service (CFNIS) for the purpose of obtaining criminal intelligence, as the collection of this type of information is within their mandate."
Manipulating an intelligence professional, himself trained in counterintelligence, is no easy task, unless he is already predisposed toward the opposing side. Any effort that does not start with a sympathetic person will take a long-term commitment, and creative thinking to overcome the defenses of someone who knows he is a counterintelligence target and also knows counterintelligence techniques.
Terrorists on the other hand, although they engage in deception as a function of security appear to be more prone to manipulation or deception by a well-placed adversary than are foreign intelligence services. This is in part due to the fact that many terrorist groups, whose members "often mistrust and fight among each other, disagree, and vary in conviction.", are not as internally cohesive as foreign intelligence services, potentially leaving them more vulnerable to both deception and manipulation.
- Johnson, William R. Thwarting Enemies at Home and Abroad: How to Be a Counterintelligence Officer (2009)
- Ginkel, B. van (2012). "Towards the intelligent use of intelligence: Quis Custodiet ipsos Custodes?". 3 (10). The Hague: The International Centre for Counter-Terrorism. Cite journal requires
- Lee, Newton (2015). Counterterrorism and Cybersecurity: Total Information Awareness (Second Edition). Springer International Publishing Switzerland.
- Toward a Theory of CI
- Irregular warfare
- List of counterintelligence organizations
- The Institute of World Politics
- X-2 Counter Espionage Branch
- Johnson, William (2009). Thwarting Enemies at Home and Abroad: How to be a Counterintelligence Officer. Washington DC: Georgetown University Press. p. 2.
- Philip H.J. Davies (2012). Intelligence and Government in Britain and the United States: A Comparative Perspective. ABC-CLIO.
- Anciens des Services Spéciaux de la Défense Nationale Archived 2016-03-15 at the Wayback Machine ( France )
- "Okhrana" literally means "the guard"
- Okhrana Britannica Online
- Ian D. Thatcher, Late Imperial Russia: problems and prospects, page 50.
- "SIS Or MI6. What's in a Name?". SIS website. Archived from the original on 26 September 2008. Retrieved 11 July 2008.
- Christopher Andrew, The Defence of the Realm: The Authorized History of Mi5 (London, 2009), p.21.
- Calder Walton (2013). Empire of Secrets: British Intelligence, the Cold War, and the Twilight of Empire. Overlook. pp. 5–6.
- Lowenthal, M. (2003). Intelligence: From secrets to policy. Washington, DC: CQ Press.
- Clark, R.M. and Mitchell, W.L., 2018. Deception: Counterdeception and Counterintelligence. CQ Press.
- "Counterintelligence Investigations". Retrieved 2008-05-08.
- Archick, Kristen (2006-07-24). "European Approaches to Homeland Security and Counterterrorism" (PDF). Congressional Research Service. Retrieved 2007-11-05.
- Dulles, Allen W. (1977). The Craft of Intelligence. Greenwood. ISBN 0-8371-9452-0. Dulles-1977.
- Wisner, Frank G. (1993-09-22). "On "The Craft of Intelligence"". CIA-Wisner-1993. Archived from the original on 2007-11-15. Retrieved 2007-11-03.
- Matschulat, Austin B. (1996-07-02). "Coordination and Cooperation in Counerintelligence". Archived from the original on 2007-10-10. Retrieved 2007-11-03.
- "Joint Publication 3-07.1: Joint Tactics, Techniques, and Procedures for Foreign Internal Defense (FID)" (PDF). 2004-04-30. Retrieved 2007-11-03.
- "National Counterintelligence Executive (NCIX)" (PDF). 2007.
- Suvorov, Victor (1984). "Chapter 4, Agent Recruiting". Inside Soviet Military Intelligence. MacMillan Publishing Company.
- US Department of the Army (1995-10-03). "Field Manual 34-60: Counterintelligence". Retrieved 2007-11-04.
- Gleghorn, Todd E. (September 2003). "Exposing the Seams: the Impetus for Reforming US Counterintelligence" (PDF). Retrieved 2007-11-02.
- US Department of Defense (2007-07-12). "Joint Publication 1-02 Department of Defense Dictionary of Military and Associated Terms" (PDF). Archived from the original (PDF) on 2008-11-23. Retrieved 2007-10-01.
- Imbus, Michael T (April 2002). "Identifying Threats: Improving Intelligence and Counterintelligence Support to Force Protection" (PDF). USAFCSC-Imbus-2002. Retrieved 2007-11-03.
- Joint Chiefs of Staff (2007-06-22). "Joint Publication 2-0: Intelligence" (PDF). US JP 2-0. Retrieved 2007-11-05.
- Intelligence Community Staff (12 April 1990). "Project Slammer Interim Progress Report". Retrieved 2007-11-04.
- Stein, Jeff (July 5, 1994). "The Mole's Manual". New York Times. Retrieved 2007-11-04.
- Security Policy Advisory Board (12 December 1997). "Security Policy Advisory Board Meeting Minutes". Retrieved 2007-11-04.
- "Canadian Forces National Counter-Intelligence Unit". 2003-03-28. Canada-DND-DAOD 8002-2. Archived from the original on 2007-11-21. Retrieved 2007-11-19.
- "Security Intelligence Liaison Program". 2003-03-28. Canada-DND-DAOD 8002-3. Archived from the original on 2007-11-30. Retrieved 2007-11-19.
|Wikimedia Commons has media related to Counterintelligence.|