I
FRAMING THE
PROBLEM 1
Twenty-first-Century Counterintelligence
The Theoretical Basis for Reform
Jennifer E. Sims
SIGNIFICANT STRATEGIC victories often turn on intelligence coups, and with almost every intelligence success, counterintelligence rides shotgun. During the American Civil Warâs battle at Chancellorsville, Union general Joseph Hooker used a spyâs report of a gap in Confederate lines to drive his troops fifty-five miles to the enemyâs rear; he was able to do so undetected, thanks to a deception effort that âlured Southern cavalry out of position for observing the march.â1 The general had a good plan, but it was a plan that reflected good counterintelligence capabilities tied directly to strategy. Similarly, in the run-up to Germanyâs naval victory over the British at Coronel in 1914, the German commander Maximilian Graf von Spee used wireless communications from only one ship, the Leipzig, to deceive his counterpart into believing the rest of his squadron floated elsewhere.2 Von Speeâs adversary, Admiral Sir Christopher Craddock, and the imperial flagship he commanded went down in the ensuing battle.3
When intelligence delivers a winning opportunity, it almost always marries positive intelligence with counterintelligence. During WWII, the British secret services effectively countered the activities of German intelligence by cracking German codes and using the insights for both defensive and offensive purposes. â[W]ith Sigint and the activities of the double agents reinforcing each other as sources of information, the (British) counter-intelligence authorities built up so full a knowledge of the order of battle and the operations of the Abwehr throughout Europe ⌠that it presented little threat to British security for the rest of the war.â4
In contrast, the case of 9/11 reveals what can happen when intelligence and counterintelligence divorce: loss to a weaker enemy.5 Such losses are not, as it turns out, historical oddities. Generals and admirals well endowed with substantial intelligence capabilities have so often suffered defeat in battle that some distinguished analysts have suggested that intelligence is unimportant to outcomes and that battles are largely decided by superior force of arms.6 This assertion, though capturing a grain of truth, is nonetheless utterly wrong in its implications. Bad intelligence on both sides of battle will likely throw the victory to the stronger military power. The question is whether superior intelligence, used in the context of a particular battle, can overcome relative weakness in arms. If the answer is yes, then a great power, such as the United States was in September 2001, can be defeated in battle by a weaker power if its intelligence weakness is found and exploited.7 Indeed, 9/11 demonstrated that victory can be achieved by the weaker warrior so long as he fights with superior knowledge at the critical momentâan advantage that can be gained by capitalizing on the opponentâs counterintelligence mistakes or by exercising superior capacities for selective stealth and delusion.
Reflexively opposing the adversaryâs intelligence operations is not, therefore, always the key to success. So what, then, offers that key? This chapter is designed to answer this question. Specifically, I argue that to achieve consistent competitive advantage from intelligence, the United States must apply mission-based counterintelligence planningâan approach that is intuitively understood by most counterintelligence professionals but practiced only episodically. It involves mapping the intelligence practices of the opponent against a theoretical ideal and then exploiting the shortfalls. The purpose is not just to manipulate or frustrate the opponentâs intelligence operations, but to capitalize on what he is not doing well or is not doing at all. Because it targets operations before they take place and weaknesses before they are fixed, mission-based counterintelligence requires deep understanding of competitorsâ intelligence capabilities and strategies as they are linked to the overall contest. Rather than reactiveâsimply blocking or obstructing hostile operationsâmission-based counterintelligence emphasizes the offensive as it exploits gaps in the opponentâs intelligence system in order to set up its own side for winning moves.
This approach is, however, counterintuitive to most nonspecialists because it may involve degrading the capabilities of foreign intelligence services by âassistingâ the targeted service in selective waysâperhaps causing internal imbalances or reinforcing useful perceptionsâa technique described in Robert Jervisâs chapter and presented in greater detail below. This idea lies at the heart of the approach. Beyond classic denial and deception, both of which imply actively withholding a highly valued âtruth,â this approach to counterintelligence may not; it might simply identify idiosyncrasies in a foreign intelligence service and exploit them. The purpose might be to convey information useful to oneâs own side, to highlight useful facts, or to encourage overreach, such as aggressive collection that might aggravate latent distrust between the service and its overseers.
In this way counterintelligence can help to undermine or influence what an opposing service does in order to achieve favorable results. Because it is done with self-serving objectives and little or no reference to the oppositionâs âbestâ strategic choices given the overall strategic context, it is not a benign form of intelligence sharing. The instigator, even when sharing good information, angles for moves that might be inimical to the recipientâs broader interestsâperhaps feeding a belief that may or may not be valid. For this reason, foreign intelligence liaison can be dangerous as well as useful.8
Mission-based counterintelligence operations are not necessarily as grand in scope as they are in impact. Tactical use of them has a long history. Admiral von Spee hid his boatsâbut he did so at just the right time and only to gain an edge in a battle he foresaw and timed to perfection. In von Speeâs hands counter-intelligence was not just a way to avoid risk in the face of the British imperial fleet, but an integral part of an edgy and gutsy strategy. His success turned on an often forgotten truth: predictable secrecy simply inspires an opponent to ramp up intelligence operations; selective secrecy (sudden and unpredictable stealth) confuses or convinces in ways that give the user an edge.
To develop the foregoing arguments, this chapter will begin by discussing traditional counterintelligence operations and their relationship to a mission-based approach. It will then explore the features of a theoretically ideal intelligence capabilityâan essential first step in discerning an adversaryâs strengths and weaknesses and thus plotting operations against him. This exploration includes a discussion of specific ways a competitor can operate against an adversary before intelligence actions are taken against him. It may be controversial because it presumes some degree of consensus on what intelligence is, what makes it work well, and what spoils it. The analysis assumes that intelligence is best defined as the collection, analysis, and dissemination of information on behalf of decision makers engaged in a competitive enterprise and that its performance can be judged according to some relatively simple measures.9
Finally, the paper argues that the concept of mission-based counterintelligence offers an approach that may be less costly and less potentially troubling for democracies to employ than the more traditional, reactive one because it suggests that some hostile operations can and should be ignored and others may possibly even be encouraged.10 What constitutes an âedgeâ that needs protection at any moment depends on the nature of the competition and the strategies each side is pursuing.
Traditional Counterintelligence Operations
The idea of mission-based counterintelligence does not make more traditional operational approaches irrelevantâit simply subsumes them within a larger set of options. Counterintelligence is traditionally understood to include operations designed to block, disrupt, or destroy the intelligence operations of an adversary. These counteroperations are generally discussed in terms of four categories: passive or active defense and passive or active offense.11
Passive defense, which includes security systems, locks, vaults, and classification rules, is designed to keep valuable information from opponents. The overlap between security and counterintelligence is not complete: Whereas security professionals keep walls secure and patch any hole in them immediately, counterintelligence officers ask how the hole developed, what it may say about any potential intruderâs plans, and how long it might be useful to watch it so that his existence can be confirmed and his purposes understood.12 In any case, the information both seek to protect is of two types: information that might reveal oneâs own strategy, decision-making processes, and intelligence capabilities, and information that the opponent needs to execute successfully his own strategy, if that is perceived to be threatening.13 Inferior intelligence systems often confuse the former with the latter or assume the two sets are coincident, leading to wasteful expenditures of resources or excessive controls on information. The more adversaries with whom a state must contend, the more information that state will likely need to protect. Great powers are particularly vulnerable to pressures for expenditures in passive defense, tying up resources in security at the expense of more active measures and positive intelligence collection.
Active defense involves measures designed to tease out the offensive activities of opponents. Active defense includes surveillance, defector debriefings, wiretapping, interrogations, and the use of âdanglesâ who, posing as ripe recruits for the adversaryâs service, aim to learn about the opponentâs need for intelligence and thus their strategic intent. Some dangles intentionally do no more than this. If, however, dangles are recruited by the opponent, they can become double agents who may learn about an adversaryâs intelligence operations before they take place. Similarly, âmolesâ recruited in an adversaryâs service can enable defense by warning both of penetrations in the recruiting service and of an opponentâs next moves.14 Moles are usually agents who remain in place in the adversaryâs intelligence service. Although defectors who leave their countries can provide good counterintelligence information, their usefulness declines as soon as they lose access to their former employers. Moles live in fear of defectors. The 1985 defection of Vitaliy Yurchenko, a senior official in the Soviet KGB, helped lead to the arrest of Ronald Pelton, a former official with the National Security Agency who had divulged critical U.S. secrets relating to technical collection.15
In contrast, offensive counterintelligence aims to manipulate an opponent so that he either chooses not to attack or attacks in harmless ways. Almost inevitably, offensive counterintelligence affects not just the opposing intelligence service, but the decision makers it supports by distorting their perceptions and thus influencing their choices. Offensive CI can be passive, involving the use of camouflage, âdummyâ weapons, or the masking of military assets inside of innocuous-looking buildings. When Southern troops fooled General George McClellan during the U.S. Civil War by painting logs black and propping them up as if they were artillery, they were using passive offensive counterintelligence. Such techniques work best when the adversary has a reasonably good capacity to collect; after all, he must be able to see what the deceiver intends for him to see. Yet, knowing how the adversary collects and designing camouflage techniques appropriate to his methods are crucial to effectively snookering him. If Northern troops had penetrated Southern lines with spies able to run their hands along the cannon barrels, these passive techniques would not have worked. But knowing that McClellan relied on more distant means, including balloons and telescopes, the Confederates believed, correctly, that the log-laying ruse had a good chance of success.
Active offensive counterintelligence involves duping the adversary by directly feeding false information to him and manipulating his interpretation of it, as opposed to designing a disguise and allowing the opponent to interpret its meaning. Trusted by the targeted service, double agents can feed information specifically designed to twist the minds, and therefore the plans, of the opposing decision makers at just the right moment. The difficulty here is in establishing the bona fides of the doubled spies. It takes a long time to build these agentsâ credibilityâa process that often requires feeding much good intelligence to the enemy. The need to lose intelligence advantages in some lesser battles in order to gain strategically decisive advantages in later ones makes the business of offensive counterintelligence full of peril and risk. Deciding when to use oneâs double agents for the final and decisive blow, given that the passing of bad information will likely expose these doubles to the wrath of the defeated party, makes the psychological stakes for this kind of game very high indeed. That said, one of the most sophisticated double-agent operations ever conducted, the Double Cross System used by Britain during the Normandy landings in WWII, managed to save many of its agents even as their deceptions were triggered.16 The Nazis so thoroughly believed in their agentsâ credibility, including those in Europe who were vulnerable to the Nazis, that they failed to eliminate most of the doubles.17
Obviously all types of counterintelligence operations require analytic support. Deciding which assets to defend requires analysis of which targets the adversary is most likely to attack. No counterintelligence enterprise can operate against all contingencies, so analysis of both risk and opportunity is essential. Moreover, if policymakers do not help design counterintelligence operations, the chances are high that these operations will create situations or introduce risks that are counterproductive for policy. For this and other reasons, any separation of counterintelligence operations from foreign and defense policymaking, as has historically been the case in the United States, should be a matter of considerable concern.
Mission-Based Counterintelligence
Counterintelligence analysis has, however, even more important implications for strategic planning than the foregoing description of counterintelligence operations suggests. The research of Ian Walker, a British psychologist at Bath University, makes this point particularly well: Walker, curious about risk proclivities, watched as 2,300 cars overtook him as he pedaled along British roads. When he rode without a helmet, cars gave him a wide berth; when he wore a female wig, they gave him a still wider berth. When he donned a helmet, they zipped close by and at high speeds.18
The counterintelligence lessons from Walkerâs experiment are many, although in-depth analysis would require more data (such as whether the results would be the same in, say, Rome, Italy, or New York City). But these two lessons might be the most useful ones: lowering oneâs own risks depends on knowing how a competitor will react to what you do; and the results of defensive measures may be counterintuitive and idiosyncratic. These ideas lie at the heart of mission-based approaches to counterintelligence. Important as countering the actual operations of an adversarial service may be, if counterintelligence is not simply to be reactive or mechanistic, it must study an opponentâs proclivities, exploit his weaknessesâincluding what he is not doing but should beâand channel his energies in ways that take advantage of the strengths of oneâs own service. Such analysis requires a thorough understanding of what successful intelligence entails, which may be summarized as four critical missions: collecting relevant information; anticipating competitorsâ moves; transmitting useful insights to policymakers (and vice versa); and deceiving competitors or denying information to them.19 Arguably, a sound counterintelligence effort must identify what an opposing service is and is not doing in these four areas and assist policymakers in exploiting these weaknesses through prioritized means for counterattac...