If you have read Edward Snowden's book: PERMANENT RECORD or Luke Bencie's book: AMONG ENEMIES, you will know how hard things are out in the world. From self-operating, AI-driven, search arrays that can hunt down every bribe by every tech oligarch via every stock market account to AI-powered tax evasion screening grids and more...

What does modern IC involve? To get the answer, let's look at it from a historical perspective: Modern tactics of espionage and dedicated government intelligence agencies developed over the course of the late-19th century. A key background to this development was The Great Game - the strategic rivalry and conflict between the British Empire and the Russian Empire throughout Central Asia between 1830 and 1895. To counter Russian ambitions in the region and the potential threat it posed to the British position in India, the Indian Civil Service built up a system of surveillance, intelligence and counterintelligence. The existence of this shadowy conflict was popularized in Rudyard Kipling's famous spy book, Kim (1901), where he portrayed the Great Game (a phrase Kipling popularized) as an espionage and intelligence conflict that "never ceases, day or night".[3]

The establishment of dedicated intelligence and counterintelligence organizations had much to do with the colonial rivalries between the major European powers and to the accelerating development of military technology. As espionage became more widely used, it became imperative to expand the role of existing police and internal security forces into a role of detecting and countering foreign spies. The Evidenzbureau (founded in the Austrian Empire in 1850) had the role from the late-19th century of countering the actions of the Pan-Slavist movement operating out of Serbia.

After the fallout from the Dreyfus Affair of 1894-1906 in France, responsibility for French military counter-espionage passed in 1899 to the Sûreté générale—an agency originally responsible for order enforcement and public safety—and overseen by the Ministry of the Interior.[4]

The Okhrana[5] initially formed in 1880 to combat political terrorism and left-wing revolutionary activity throughout the Russian Empire, was also tasked with countering enemy espionage.[6] Its main concern was the activities of revolutionaries, who often worked and plotted subversive actions from abroad. It set up a branch in Paris, run by Pyotr Rachkovsky, to monitor their activities. The agency used many methods to achieve its goals, including covert operations, undercover agents, and "perlustration"—the interception and reading of private correspondence. The Okhrana became notorious for its use of agents provocateurs, who often succeeded in penetrating the activities of revolutionary groups - including the Bolsheviks.[7]

Integrated counterintelligence agencies run directly by governments were also established. The British government founded the Secret Service Bureau in 1909 as the first independent and interdepartmental agency fully in control over all government counterintelligence activities.

Due to intense lobbying from William Melville and after he obtained German mobilization plans and proof of their financial support to the Boers, the British government authorized the formation of a new intelligence section in the War Office, MO3 (subsequently redesignated M05) headed by Melville, in 1903. Working under-cover from a flat in London, Melville ran both counterintelligence and foreign intelligence operations, capitalizing on the knowledge and foreign contacts he had accumulated during his years running Special Branch.

Due to its success, the Government Committee on Intelligence, with support from Richard Haldane and Winston Churchill, established the Secret Service Bureau in 1909 as a joint initiative of the Admiralty, the War Office and the Foreign Office to control secret intelligence operations in the UK and overseas, particularly concentrating on the activities of the Imperial German government. Its first director was Captain Sir George Mansfield Smith-Cumming alias "C".[8] The Secret Service Bureau was split into a foreign and counter-intelligence domestic service in 1910. The latter, headed by Sir Vernon Kell, originally aimed at calming public fears of large-scale German espionage.[9] As the Service was not authorized with police powers, Kell liaised extensively with the Special Branch of Scotland Yard (headed by Basil Thomson), and succeeded in disrupting the work of Indian revolutionaries collaborating with the Germans during the war. Instead of a system whereby rival departments and military services would work on their own priorities with little to no consultation or cooperation with each other, the newly established Secret Intelligence Service was interdepartmental, and submitted its intelligence reports to all relevant government departments.[10]

For the first time, governments had access to peacetime, centralized independent intelligence and counterintelligence bureaucracy with indexed registries and defined procedures, as opposed to the more ad hoc methods used previously.


Collective counterintelligence is gaining information about an opponent's intelligence collection capabilities whose aim is at an entity.

Defensive counterintelligence is thwarting efforts by hostile intelligence services to penetrate the service.

Offensive counterintelligence is having identified an opponent's efforts against the system, trying to manipulate these attacks by either "turning" the opponent's agents into double agents or feeding them false information to report.[11]

Counterintelligence, counterterror, and government

Many governments organize counterintelligence agencies separately and distinct from their intelligence collection services. In most countries the counterintelligence mission is spread over multiple organizations, though one usually predominates. There is usually a domestic counterintelligence service, usually part of a larger law enforcement organization such as the Federal Bureau of Investigation in the United States.[citation needed]

The United Kingdom has the separate Security Service, also known as MI5, which does not have direct police powers but works closely with law enforcement especially Special Branch that can carry out arrests, do searches with a warrant, etc.

The Russian Federation's major domestic security organization is the FSB, which principally came from the Second Chief Directorate and Third Chief Directorate of the USSR's KGB.

Canada separates the functions of general defensive counterintelligence (contre-ingérence), security intelligence (the intelligence preparation necessary to conduct offensive counterintelligence), law enforcement intelligence, and offensive counterintelligence.

Military organizations have their own counterintelligence forces, capable of conducting protective operations both at home and when deployed abroad.[12] Depending on the country, there can be various mixtures of civilian and military in foreign operations. For example, while offensive counterintelligence is a mission of the US CIA's National Clandestine Service, defensive counterintelligence is a mission of the U.S. Diplomatic Security Service (DSS), Department of State, who work on protective security for personnel and information processed abroad at US Embassies and Consulates.[13]

The term counter-espionage is really specific to countering HUMINT, but, since virtually all offensive counterintelligence involves exploiting human sources, the term "offensive counterintelligence" is used here to avoid some ambiguous phrasing.

Other countries also deal with the proper organization of defenses against Foreign Intelligence Services (FIS), often with separate services with no common authority below the head of government.

France, for example, builds its domestic counterterror in a law enforcement framework. In France, a senior anti-terror magistrate is in charge of defense against terrorism. French magistrates have multiple functions that overlap US and UK functions of investigators, prosecutors, and judges. An anti-terror magistrate may call upon France's domestic intelligence service Direction de la surveillance du territoire (DST), which may work with the Direction générale de la sécurité extérieure (DGSE), foreign intelligence service.

Spain gives its Interior Ministry, with military support, the leadership in domestic counterterrorism. For international threats, the National Intelligence Center (CNI) has responsibility. CNI, which reports directly to the Prime Minister, is staffed principally by which is subordinated directly to the Prime Minister's office. After the March 11, 2004 Madrid train bombings, the national investigation found problems between the Interior Ministry and CNI, and, as a result, the National Anti-Terrorism Coordination Center was created. Spain's 3/11 Commission called for this Center to do operational coordination as well as information collection and dissemination.[14] The military has organic counterintelligence to meet specific military needs.

Counterintelligence missions

Frank Wisner, a well-known CIA operations executive said of the autobiography of Director of Central Intelligence Allen W. Dulles,[15] that Dulles "disposes of the popular misconception that counterintelligence is essentially a negative and responsive activity, that it moves only or chiefly in reaction to situations thrust upon it and in counter to initiatives mounted by the opposition" Rather, he sees that can be most effective, both in information gathering and protecting friendly intelligence services, when it creatively but vigorously attacks the "structure and personnel of hostile intelligence services."[16] Today's counterintelligence missions have broadened from the time when the threat was restricted to the foreign intelligence services (FIS) under the control of nation-states. Threats have broadened to include threats from non-national or trans-national groups, including internal insurgents, organized crime, and transnational based groups (often called "terrorists", but that is limiting). Still, the FIS term remains the usual way of referring to the threat against which counterintelligence protects.

In modern practice, several missions are associated with counterintelligence from the national to the field level.

  • Defensive analysis is the practice of looking for vulnerabilities in one's own organization, and, with due regard for risk versus benefit, closing the discovered holes.
  • Offensive Counterespionage is the set of techniques that, at a minimum, neutralizes discovered FIS personnel and arrests them or, in the case of diplomats, expels them by declaring them persona non grata. Beyond that minimum, it exploits FIS personnel to gain intelligence for one's own side, or actively manipulates the FIS personnel to damage the hostile FIS organization.
  • Counterintelligence Force Protection Source Operations (CFSO) are human source operations, conducted abroad that are intended to fill the existing gap in national level coverage in protecting a field station or force from terrorism and espionage.

Counterintelligence is part of intelligence cycle security, which, in turn, is part of intelligence cycle management. A variety of security disciplines also fall under intelligence security management and complement counterintelligence, including:

The disciplines involved in "positive security", or measures by which one's own society collects information on its actual or potential security, complement security. For example, when communications intelligence identifies a particular radio transmitter as one used only by a particular country, detecting that transmitter inside one's own country suggests the presence of a spy that counterintelligence should target. In particular, counterintelligence has a significant relationship with the collection discipline of HUMINT and at least some relationship with the others. Counterintelligence can both produce information and protect it.

All U.S. departments and agencies with intelligence functions are responsible for their own security abroad, except those that fall under Chief of Mission authority.[17]

Governments try to protect three things:

  • Their personnel
  • Their installations
  • Their operations

In many governments, the responsibility for protecting these things is split. Historically, CIA assigned responsibility for protecting its personnel and operations to its Office of Security, while it assigned the security of operations to multiple groups within the Directorate of Operations: the counterintelligence staff and the area (or functional) unit, such as Soviet Russia Division. At one point, the counterintelligence unit operated quite autonomously, under the direction of James Jesus Angleton. Later, operational divisions had subordinate counterintelligence branches, as well as a smaller central counterintelligence staff. Aldrich Ames was in the Counterintelligence Branch of Europe Division, where he was responsible for directing the analysis of Soviet intelligence operations. US military services have had a similar and even more complex split.

This kind of division clearly requires close coordination, and this in fact occurs on a daily basis. The interdependence of the US counterintelligence community is also manifest in our relationships with liaison services. We cannot cut off these relationships because of concern about security, but experience has certainly shown that we must calculate the risks involved.[17]

On the other side of the CI coin, counterespionage has one purpose which transcends all others in importance: penetration. The emphasis which the KGB places on penetration is evident in the cases already discussed from the defensive, or security viewpoint. The best security system in the world cannot provide an adequate defense against it because the technique involves people. The only way to be sure that an enemy has been contained is to know his plans in advance and in detail.

Moreover, only a high-level penetration of the opposition can tell you whether your own service is penetrated. A high-level defector can also do this, but the adversary knows that he defected and within limits can take remedial action. Conducting CE without the aid of penetrations is like fighting in the dark. Conducting CE with penetrations can be like shooting fish in a barrel.[17]

In the British service, the cases of the Cambridge Five, and the later suspicions about MI5 chief Sir Roger Hollis caused great internal dissension. Clearly, the British were penetrated by Philby, but it has never been determined, in any public forum, if there were other serious penetrations. In the US service, there was also significant disruption over the contradictory accusations about moles from defectors Anatoliy Golitsyn and Yuri Nosenko, and their respective supporters in CIA and the British Security Service (MI5). Golitsyn was generally believed by Angleton. George Kisevalter, the CIA operations officer that was the CIA side of the joint US-UK handling of Oleg Penkovsky, did not believe Angleton's theory that Nosenko was a KGB plant. Nosenko had exposed John Vassall, a KGB asset principally in the British Admiralty, but there were arguments Vassall was a KGB sacrifice to protect other operations, including Nosenko and a possibly more valuable source on the Royal Navy.

Defensive counterintelligence

Defensive counterintelligence starts by looking for places in one's own organization that could easily be exploited by foreign intelligence services (FIS). FIS is an established term of art in the counterintelligence community, and, in today's world, "foreign" is shorthand for "opposing". Opposition might indeed be a country, but it could be a transnational group or an internal insurgent group. Operations against a FIS might be against one's own nation, or another friendly nation. The range of actions that might be done to support a friendly government can include a wide range of functions, certainly including military or counterintelligence activities, but also humanitarian aid and aid to development (i.e., "nation building").[18]

Terminology here is still emerging, and "transnational group" could include not only terrorist groups but also transnational criminal organization. Transnational criminal organizations include the drug trade, money laundering, extortion targeted against computer or communications systems, smuggling, etc.

"Insurgent" could be a group opposing a recognized government by criminal or military means, as well as conducting clandestine intelligence and covert operations against the government in question, which could be one's own or a friendly one.

Counterintelligence and counterterrorism analyses provide strategic assessments of foreign intelligence and terrorist groups and prepare tactical options for ongoing operations and investigations. Counterespionage may involve proactive acts against foreign intelligence services, such as double agents, deception, or recruiting foreign intelligence officers. While clandestine HUMINT sources can give the greatest insight into the adversary's thinking, they may also be most vulnerable to the adversary's attacks on one's own organization. Before trusting an enemy agent, remember that such people started out as being trusted by their own countries. They may still be loyal to that country.

Offensive counterintelligence operations

Wisner emphasized his own, and Dulles', views that the best defense against foreign attacks on, or infiltration of, intelligence services is active measures against those hostile services.[16] This is often called counterespionage: measures taken to detect enemy espionage or physical attacks against friendly intelligence services, prevent damage and information loss, and, where possible, to turn the attempt back against its originator. Counterespionage goes beyond being reactive, and actively tries to subvert hostile intelligence services, by recruiting agents in the foreign service, by discrediting personnel actually loyal to their own service, and taking away resources that would be useful to the hostile service. All of these actions apply to non-national threats as well as to national organizations.

If the hostile action is in one's own country, or in a friendly one with cooperating police, the hostile agents may be arrested, or, if diplomats, declared persona non grata. From the perspective of one's own intelligence service, exploiting the situation to the advantage of one's side is usually preferable to arrest or actions that might result in the death of the threat. The intelligence priority sometimes comes into conflict with the instincts of one's own law enforcement organizations, especially when the foreign threat combines foreign personnel with citizens of one's country.

In some circumstances, arrest may be a first step, in which the prisoner is given the choice of cooperating, or facing severe consequence up to and including a death sentence for espionage. Cooperation may consist of telling all one knows about the other service, but, preferably, actively assisting in deceptive actions against the hostile service.

Counterintelligence protection of intelligence services

Defensive counterintelligence specifically for intelligence services involves risk assessment of their culture, sources, methods and resources. Risk management must constantly reflect those assessments, since effective intelligence operations are often risk-taking. Even while taking calculated risks, the services need to mitigate risk with appropriate countermeasures.

FIS are especially able to explore open societies, and, in that environment, have been able to subvert insiders in the intelligence community. Offensive counterespionage is the most powerful tool for finding penetrators and neutralizing them, but it is not the only tool. Understanding what leads individuals to turn on their own side is the focus of Project Slammer. Without undue violations of personal privacy, systems can be developed to spot anomalous behavior, especially in the use of information systems.

Decision makers require intelligence free from hostile control or manipulation. Since every intelligence discipline is subject to manipulation by our adversaries, validating the reliability of intelligence from all collection platforms is essential. Accordingly, each counterintelligence organization will validate the reliability of sources and methods that relate to the counterintelligence mission in accordance with common standards. For other mission areas, we will examine collection, analysis, dissemination practices, and other intelligence activities and will recommend improvements, best practices, and common standards.[19]

Intelligence is vulnerable not only to external but also to internal threats. Subversion, treason, and leaks expose our vulnerabilities, our governmental and commercial secrets, and our intelligence sources and methods. This insider threat has been a source of extraordinary damage to US national security, as with Aldrich Ames, Robert Hanssen, and Edward Lee Howard, all of whom had access to major clandestine activities. Had an electronic system to detect anomalies in browsing through counterintellence files been in place, Robert Hanssen's searches for suspicion of activities of his Soviet (and later Russian) paymasters might have surfaced early. Anomalies might simply show that an especially creative analyst has a trained intuition possible connections, and is trying to research them.

Adding these new tools and techniques to [national arsenals], the counterintelligence community will seek to manipulate foreign spies, conduct aggressive investigations, make arrests and, where foreign officials are involved, expel them for engaging in practices inconsistent with their diplomatic status or exploit them as an unwitting channel for deception, or turn them into witting double agents.[19] "Witting" is a term of intelligence art that indicates that one is not only aware of a fact or piece of information but also aware of its connection to intelligence activities.

Victor Suvorov, the pseudonym of a former Soviet military intelligence (i.e., GRU) officer, makes the point that a defecting HUMINT officer is a special threat to walk-in or other volunteer assets of the country that he is leaving. Volunteers who are "warmly welcomed" do not take into consideration the fact that they are despised by hostile intelligence agents.

The Soviet operational officer, having seen a great deal of the ugly face of communism, very frequently feels the utmost repulsion to those who sell themselves to it willingly. And when a GRU or KGB officer decides to break with his criminal organization, something which fortunately happens quite often, the first thing he will do is try to expose the hated volunteer.[20]