Counter Intelligence

COUNTER INTELLIGENCE

Counter-intelligence or counterintelligence (see spelling differences) (CI) refers to efforts made by intelligence organizations to prevent hostile or enemy intelligence organizations from successfully gathering and collecting intelligence against them. National intelligence programs, and, by extension, the overall defenses of nations, are vulnerable to attack. It is the role of intelligence cycle security to protect the process embodied in the intelligence cycle, and that which it defends. A number of disciplines go into protecting the intelligence cycle. One of the challenges is there is a wide range of potential threats, so threat assessment, if complete, is a complex task.

Many governments organize counterintelligence agencies separate and distinct from their intelligence collection services for specialized purposes. In most countries the counterintelligence mission is spread over multiple organizations, though one usually predominates. There is usually a domestic counterintelligence service, perhaps part of a larger law enforcement organization such as the FBI in the United States. Great Britain has the separate Security Service, also known as MI5, which does not have direct police powers but works closely with law enforcement called the Special Branch that can carry out arrests, do searches with a warrant, etc. Russia's major domestic security organization is the FSB, which principally came from the Second Chief Directorate of the USSRKGB. Canada separates the functions of general defensive counterintelligence (contre-ingérence), security intelligence (the intelligence preparation necessary to conduct offensive counterintelligence), law enforcement intelligence, and offensive counterintelligence.

Military organizations have their own counterintelligence forces, capable of conducting protective operations both at home and when deployed abroad. Depending on the country, there can be various mixtures of civilian and military in foreign operations. For example, while offensive counterintelligence is a mission of the US CIA's National Clandestine Service, defensive counterintelligence is a mission of the U.S. Diplomatic Security Service (DSS), Department of State, who work on protective security for personnel and information processed abroad at US Embassies and Consulates.[1]

The term counter-espionage is really specific to countering HUMINT, but, since virtually all offensive counterintelligence involves exploiting human sources, the term "offensive counterintelligence" is used here to avoid some ambiguous phrasing.

Among the differences found in American English and British English, some confusion is created by the use of or absence of a hyphen in the word counterintelligence, with the former often omitting the hyphen and the latter incorporating it. Both spellings are correct, and likely to appear in this article and others.

[hide]

1Counterintelligence, counterterror and government
2Counterintelligence missions
2.1Defensive counterintelligence
2.2Offensive counterintelligence operations
2.3Counterintelligence protection of intelligence services
2.4Counterintelligence force protection source operations
3Defensive counterintelligence operations
3.1Counter-HUMINT
3.1.1Motivations for information and operations discloure
3.1.2Motivations of terrorists
3.2Counter-SIGINT
3.3Counter-IMINT
3.4Counter-OSINT
3.5Counter-MASINT
4Theory of offensive counterintelligence
5Types of offensive counterespionage operations
5.1Mole
5.2False-flag penetrator
5.3Defector
5.4Defector in place
5.5Double agent
5.5.1Doubled in place
5.5.2Active provocateur
5.5.3Passive provocateur
5.5.4Multiply turned agent
6Running offensive counterespionage operations
6.1Balancing risk and reward in offensive counterespionage
6.2Running the operation: do's and dont's
6.2.1Monitoring, testing and managing the double agent
6.2.2Managing expectations of the hostile service
6.2.3Protecting your own service
7Further Reading
8See also
9References

Counterintelligence, counterterror and government

There is much value in taking a broad look at CI. A few examples of national CI and CT structure are used examples here; see the separate article on Counterintelligence and Counterterror Organizations. Thoughtful analysts have pointed out that it may well be a source of positive intelligence on the opposition's priorities and thinking, not just a defensive measure.[2] "Charles Burton Marshall wrote that his college studies failed to teach him about espionage, the role of intelligence services, or the role of propaganda. "States’ propensities for leading double lives—having at once forensic and efficient policies, one sort for display, the other to be pursued—were sloughed over." This window into the “double lives” of states of which Marshall wrote is a less familiar dimension of CI work, one that national security decision makers and scholars alike have largely neglected.

From Marshall's remark, Van Cleave inferred that "the positive intelligence that counterintelligence may supply—that is, how and to what ends governments use the precious resources that their intelligence services represent—can help inform the underlying [national] foreign and defense policy debate, but only if our policy leadership is alert enough to appreciate the value of such insights."[2] She emphasizes that CI is directed not at all hostile actions against one's own countries, but those originated by foreign intelligence services (FIS), a term of art that includes transnational and non-national adversaries.

After the Oklahoma City bombing of 19 April 1995, by Timothy McVeigh, an American, the CI definition reasonably extends to included domestically-originated terrorism. It is fair to say, however, that there are many definitions of terrorism, and, therefore, at least as many definitions of counterterrorism. Some countries assume terrorism is purely a method of non-state actors, where others do not restrict their definition, preferring to focus on the action rather than its sponsorship.

There is also the challenge of what organizations, laws, and doctrines are relevant to protection against all sorts of terrorism in one's own country. See Counterintelligence Force Protection Source Operations (CFSO) for a discussion of special considerations of protection of government personnel and facilities, including in foreign deployments.

In the United States, there is a very careful line drawn between intelligence and law enforcement. In the United Kingdom, there is a distinction between the Security Service (MI5) and the Special Branch of the Metropolitan police ("Scotland Yard"). Other countries also deal with the proper organization of defenses against FIS, often with separate services with no common authority below the head of government

France, for example, builds its domestic counterterror in a law enforcement framework. In France, a senior anti-terror magistrate is in charge of defense against terrorism. French magistrates have multiple functions that overlap US and UK functions of investigators, prosecutors, and judges. An anti-terror magistrate may call upon France's domestic intelligence service Direction de la surveillance du territoire (DST), which may work with the Direction générale de la sécurité extérieure (DGSE), foreign intelligence service.

Spain gives its Interior Ministry, with military support, the leadership in domestic counterterrorism. For international threats, the National Intelligence Center (CNI) has responsibility. CNI, which reports directly to the Prime Minister, is staffed principally by which is subordinated directly to the Prime Minister’s office. After the March 11, 2004 Madrid train bombings, the national investigation found problems between the Interior Ministry and CNI, and. as a result, the NationalAnti-TerrorismCoordinationCenter was created. Spain's 3/11 Commission called for this Center to do operational coordination as well as information collection and dissemination.[3] The military has organic counterintelligence to meet specific military needs.

Counterintelligence missions

Frank Wisner, a well-known CIA operations executive said of the autobiography of Director of Central Intelligence Allen W. Dulles,[4] that Dulles "disposes of the popular misconception that counterintelligence is essentially a negative and responsive activity, that it moves only or chiefly in reaction to situations thrust upon it and in counter to initiatives mounted by the opposition" Rather, he sees that can be most effective, both in information gathering and protecting friendly intelligence services, when it creatively but vigorously attacks the "structure and personnel of hostile intelligence services."[5] Today's counterintelligence missions have broadened from the time when the threat was restricted to the foreign intelligence services (FIS) under the control of nation-states. Threats have broadened to include threats from non-national or trans-national groups, including internal insurgents, organized crime, and transnational based groups (often called "terrorists", but that is limiting). Still, the FIS term remains the usual way of referring to the threat against which counterintelligence protects.

In modern practice, several missions are associated with counterintelligence from the national to the field level.

Defensive analysis is the practice of looking for vulnerabilities in one's own organization, and, with due regard for risk versus benefit, closing the discovered holes.
Offensive Counterespionage is the set of techniques that, at a minimum, neutralizes discovered FIS personnel and arrests them or, in the case of diplomats, expels them by declaring them persona non grata. Beyond that minimum, it exploits FIS personnel to gain intelligence for one's own side, or actively manipulates the FIS personnel to damage the hostile FIS organization.
Counterintelligence Force Protection Source Operations (CFSO) are human source operations, conducted abroad that are intended to fill the existing gap in national level coverage in protecting a field station or force from terrorism and espionage.

Counterintelligence is part of intelligence cycle security, which, in turn, is part of intelligence cycle management. A variety of security disciplines also fall under intelligence security management and complement counterintelligence, including:

Physical security
Personnel security
Communications security (COMSEC)
Informations system security (INFOSEC)
Security classification
Operations security (OPSEC)

The disciplines involved in "positive security", or measures by which one's own society collects information on its actual or potential security, complement security. For example, when communications intelligence identifies a particular radio transmitter as one used only by a particular country, detecting that transmitter inside one's own country suggests the presence of a spy that counterintelligence should target. In particular, counterintelligence has a significant relationship with the collection discipline of HUMINT and at least some relationship with the others. Counterintellingence can both produce information and protect it.

All US departments and agencies with intelligence functions are responsible for their own security abroad, except those that fall under Chief of Mission authority.[6]

Governments try to protect three things:

Their personnel
Their installations
Their operations

In many governments, the responsibility for protecting these things is split. Historically, CIA assigned responsibility for protecting its personnel and operations to its Office of Security, while it assigned the security of operations to multiple groups within the Directorate of Operations: the counterintelligence staff and the area (or functional) unit, such as Soviet Russia Division. At one point, the counterintelligence unit operated quite autonomously, under the direction of James Jesus Angleton. Later, operational divisions had subordinate counterintelligence branches, as well as a smaller central counterintelligence staff. Aldrich Ames was in the Counterintelligence Branch of Europe Division, where he was responsible for directing the analysis of Soviet intelligence operations. US military services have had a similar and even more complex split.

This kind of division clearly requires close coordination, and this in fact occurs on a daily basis. The interdependence of the US counterintelligence community is also manifest in our relationships with liaison services. We cannot cut off these relationships because of concern about security, but experience has certainly shown that we must calculate the risks involved[6]

On the other side of the CI coin, counterespionage has one purpose which transcends all others in importance: penetration. The emphasis which the KGB places on penetration is evident in the cases already discussed from the defensive, or security viewpoint. The best security system in the world cannot provide an adequate defense against it because the technique involves people. The only way to be sure that an enemy has been contained is to know his plans in advance and in detail.

"Moreover, only a high-level penetration of the opposition can tell you whether your own service is penetrated. A high-level defector can also do this, but the adversary knows that he defected and within limits can take remedial action. Conducting CE without the aid of penetrations is like fighting in the dark. Conducting CE with penetrations can be like shooting fish in a barrel."[6]

In the British service, the cases of the Cambridge Five, and the later suspicions about MI5 chief Sir Roger Hollis caused great internal dissension. Clearly, the British were penetrated by Philby, but it has never been determined, in any public forum, if there were other serious penetrations. In the US service, there was also significant disruption over the contradictory accusations about moles from defectors Anatoliy Golitsyn and Yuri Nosenko, and their respective supporters in CIA and the British Security Service (MI5). Golitsyn had exposed Philby, and was generally believed by Angleton. George Kisevalter, the CIA operations officer that was the CIA side of the joint US-UK handling of Oleg Penkovsky, did not believe Angleton's theory that Nosenko was a KGB plant. Nosenko had exposed John Vassall, a KGB asset principally in the British Admiralty, but there were arguments Vassall was a KGB sacrifice to protect other operations, including Nosenko and a possibly more valuable source on the Royal Navy.

Defensive counterintelligence

Defensive counterintelligence starts by looking for places in one's own organization that could easily be exploited by foreign intelligence services (FIS). FIS is an established term of art in the counterintelligence community, and, in today's world, "foreign" is shorthand for "opposing". Opposition might indeed be a country, but it could be a transnational group or an internal insurgent group. Operations against a FIS might be against one's own nation, or another friendly nation. The range of actions that might be done to support a friendly government can include a wide range of functions, certainly including military or counterintelligence activities, but also humanitarian aid and aid to development (i.e., "nation building").[7]

Terminology here is still emerging, and "transnational group" could include not only terrorist groups but also transnational criminal organization. Transnational criminal organizations include the drug trade, money laundering, extortion targeted against computer or communications systems, smuggling, etc.

"Insurgent" could be a group opposing a recognized government by criminal or military means, as well as conducting clandestine intelligence and covert operations against the government in question, which could be one's own or a friendly one.

Counterintelligence and counterterrorism analyses provide strategic assessments of foreign intelligence and terrorist groups and prepare tactical options for ongoing operations and investigations. Counterespionage may involve proactive acts against foreign intelligence services, such as double agents, deception, or recruiting foreign intelligence officers. While clandestine HUMINT sources can give the greatest insight into the adversary's thinking, they may also be most vulnerable to the adversary's attacks on one's own organization. Before trusting an enemy agent, remember that such people started out as being trusted by their own countries. They may still be loyal to that country.

Offensive counterintelligence operations

Wisner emphasized his own, and Dulles', views that the best defense against foreign attacks on, or infiltration of, intelligence services is active measures against those hostile services.[5] This is often called counterespionage: measures taken to detect enemy espionage or physical attacks against friendly intelligence services, prevent damage and information loss, and, where possible, to turn the attempt back against its originator. Counterespionage goes beyond being reactive, and actively tries to subvert hostile intelligence services, by recruiting agents in the foreign service, by discrediting personnel actually loyal to their own service, and taking away resources that would be useful to the hostile service. All of these actions apply to non-national threats as well as to national organizations.

If the hostile action is in one's own country, or in a friendly one with cooperating police, the hostile agents may be arrested, or, if diplomats, declared persona non grata. From the perspective of one's own intelligence service, exploiting the situation to the advantage of one's side is usually preferable to arrest or actions that might result in the death of the threat. The intelligence priority sometimes comes into conflict with the instincts of one's own law enforcement organizations, especially when the foreign threat combines foreign personnel with citizens of one's country.

In some circumstances, arrest may be a first step, in which the prisoner is given the choice of cooperating, or facing severe consequence up to and including a death sentence for espionage. Cooperation may consist of telling all one knows about the other service, but, preferably, actively assisting in deceptive actions against the hostile service.

Counterintelligence protection of intelligence services

Defensive counterintelligence specifically for intelligence services involves risk assessment of their culture, sources, methods and resources. Risk management must constantly reflect those assessments, since effective intelligence operations are often risk-taking. Even while taking calculated risks, the services need to mitigate risk with appropriate countermeasures.

FIS are especially able to explore open societies, and, in that environment, have been able to subvert insiders in the intelligence community. Offensive counterespionage is the most powerful tool for finding penetrators and neutralizing them, but it is not the only tool. Understanding what leads individuals to turn on their own side is the focus of Project Slammer. Without undue violations of personal privacy, systems can be developed to spot anomalous behavior, especially in the use of information systems.

"Decision makers require intelligence free from hostile control or manipulation. Since every intelligence discipline is subject to manipulation by our adversaries, validating the reliability of intelligence from all collection platforms is essential. Accordingly, each counterintelligence organization will validate the reliability of sources and methods that relate to the counterintelligence mission in accordance with common standards. For other mission areas, we will examine collection, analysis, dissemination practices, and other intelligence activities and will recommend improvements, best practices, and common standards.[8]