From Citizendium
Jump to navigation Jump to search
This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.

This article is developing and not approved.
Main Article
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
This editable Main Article is under development and subject to a disclaimer.

Counterintelligence (CI) refers to countermeasures to foreign Intelligence (information gathering)|intelligence organizations collecting intelligence against one's own side. Many governments organize counterintelligence agencies separate and distinct from their intelligence collection services for specialized purposes. This article deals with the foundation of the art, and measures to protect one's service. See Offensive counterintelligence for active measures against foreign intelligence service, done for reasons from simply interfering with hostile operations, to deceiving their national governments.

In most countries, the counterintelligence mission is spread over multiple organizations. There is usually a domestic counterintelligence service, perhaps part of a larger law enforcement organization such as the FBI in the United States. The United Kingdom has the separate Security Service, also known as MI-5, which does not have direct police powers but works closely with law enforcement called the Special Branch that can carry out arrests, do searches with a warrant, etc. Russia's major domestic security organization is the FSB, which principally came from the Second Chief Directorate of the fUSSR KGB. Canada separates the functions of general defensive counterintelligence (contre-ingérence), security intelligence (the intelligence preparation necessary to conduct offensive counterintelligence}, law enforcement intelligence, and offensive counterintelligence.

Military organizations have their own counterintelligence forces, capable of conducting protective operations both at home and when deployed abroad. Depending on the country, there can be various mixtures of civilian and military in foreign operations. For example, while #Offensive counterintelligence| offensive counterintelligence is a mission of the US CIA's National Clandestine Service (formerly the Directorate of Operations), many US embassies have overt legal attaches who work for the FBI, as well as State Department Regional Security Officers. Legal attaches often work on transnational law enforcement, but may well have a liaison responsibility for #Defensive counterintelligence| defensive counterintelligence.

The term counter-espionage is really specific to countering HUMINT, but, since virtually all offensive counterintelligence involves exploiting human sources, the term "offensive counterintelligence" is used here to avoid some ambiguous phrasing.

Among the differences found in American English and British English, some confusion is created by the use of or absence of a hyphen in the word counterintelligence, with the former often omitting the hyphen and the latter incorporating it. Both spellings are correct, and likely to appear in this article and others.

Counterintelligence, Counterterror and Government

There is much value in taking a broad look at CI. A few examples of national CI and CT structure are used as examples here; the article is not specific to any one country. Thoughtful analysts have pointed out that it may well be a source of positive intelligence on the opposition's priorities and thinking, not just a defensive measure [1]. "Charles Burton Marshall wrote that his college studies failed to teach him about espionage, the role of intelligence services, or the role of propaganda. "States’ propensities for leading double lives—having at once forensic and efficient policies, one sort for display, the other to be pursued—were sloughed over." This window into the “double lives” of states of which Marshall wrote is a less familiar dimension of CI work, one that national security decision makers and scholars alike have largely neglected.

From Marshall's remark, Van Cleave inferred "the positive intelligence that counterintelligence may supply—that is, how and to what ends governments use the precious resources that their intelligence services represent—can help inform the underlying [national] foreign and defense policy debate, but only if our policy leadership is alert enough to appreciate the value of such insights."[1] She emphasizes that CI is directed not at all hostile actions against one's own countries, but those originated by foreign intelligence services (FIS), a term of art that includes transnational and non-national adversaries.

After the Oklahoma City bombing of 1995 by an American citizen, the CI definition reasonably extends to include domestically-originated terrorism. It is fair to say, however, that there are many definitions of terrorism, and, therefore, at least as many definitions of counterterrorism. Some countries assume terrorism is purely a method of non-state actors, where others do not restrict their definition, preferring to focus on the action rather than its sponsorship.

There is also the challenge of what organizations, laws, and doctrines are relevant to protection against all sorts of terrorism in one's own country. See #Counterintelligence Force Protection Source Operations| Counterintelligence Force Protection Source Operations for a discussion of special considerations of protection of government personnel and facilities, including in foreign deployments.

In the United States of America, there is a very careful line drawn between intelligence and law enforcement. In the United Kingdom, there is a distinction between the Security Service (MI5) and the Special Branch of the Metropolitan police ("Scotland Yard"). Other countries also deal with the proper organization of defenses against FIS, often with separate services with no common authority below the head of government

France, for example, builds its domestic counterterror in a law enforcement framework. In France, a senior anti-terror magistrate is in charge of defense against terrorism. French magistrates have multiple functions that overlap US and UK functions of investigators, prosecutors, and judges. An anti-terror magistrate may call upon France's domestic intelligence service Direction de la surveillance du territoire (DST), which may work with the Direction générale de la sécurité extérieure (DGSE), foreign intelligence service.

Spain gives its Interior Ministry, with military support, the leadership in domestic counterterrorism. For international threats, the National Intelligence Center (CNI) has responsibility. CNI, which reports directly to the Prime Minister, is staffed principally by which is subordinated directly to the Prime Minister’s office. After the March 11, 2004 Madrid train bombings, the national investigation found problems between the Interior Ministry and CNI, and. as a result, the National Anti-Terrorism Coordination Center was created. Spain's 3/11 Commission called for this Center to do operational coordination as well as information collection and dissemination. [2]. The military has organic counterintelligence to meet specific military needs.

Counterintelligence Missions

Frank Wisner, a well-known CIA operations executive said of the autobiography of Director of Central Intelligence Allen W. Dulles [3], that Dulles "disposes of the popular misconception that counterintelligence is essentially a negative and responsive activity, that it moves only or chiefly in reaction to situations thrust upon it and in counter to initiatives mounted by the opposition" Rather, he sees that can be most effective, both in information gathering and protecting friendly intelligence services, when it creatively but vigorously attacks the "structure and personnel of hostile intelligence services[4]." Today's counterintelligence missions have broadened from the time when the threat was restricted to the foreign intelligence services (FIS) under the control of nation-states. Threats have broadened to include threats from non-national or trans-national groups, including internal insurgents, organized crime, and transnational based groups (often called "terrorists", but that is limiting). Still, the FIS term remains the usual way of referring to the threat against which counterintelligence protects.

In modern practice, several missions are associated with counterintelligence from the national to the field level.

  1. Defensive analysis is the practice of looking for vulnerabilities in one's own organization, and, with due regard for risk versus benefit, closing the discovered holes.
  2. Offensive Counterespionage is the set of techniques that, at a minimum, neutralizes discovered FIS personnel and arrests them or, in the case of diplomats, expels them by declaring them persona non grata. Beyond that minimum, it exploits FIS personnel to gain intelligence for one's own side, or actively manipulates the FIS personnel to damage the hostile FIS organization.
  3. Counterintelligence Force Protection Source Operations (CFSO) are human source operations, conducted abroad that are intended to fill the existing gap in national level coverage in protecting a field station or force from terrorism and espionage.

Counterintelligence is part of intelligence cycle security, which, in turn, is part of intelligence cycle management. A variety of security disciplines also fall under intelligence security management and complement counterintelligence, including:

  1. Physical security
  2. Intelligence cycle security#Personnel security| Personnel security
  3. Communications security (COMSEC)
  4. Information security (INFOSEC)
  5. Classified information|Security classification
  6. Operations security (OPSEC)

The disciplines involved in "positive security", or measures by which one's own society collects information on its actual or potential security, complement security. For example, when communications intelligence identifies a particular radio transmitter as one used only by a particular country, detecting that transmitter inside one's own country suggests the presence of a spy that counterintelligence should target. In particular, counterintelligence has a significant relationship with the collection discipline of HUMINT and at least some relationship with the others. Counterintelligence can both produce information and protect it.

All US departments and agencies with intelligence functions are responsible for their own security abroad. [5]

Governments try to protect three things:

  1. Their personnel
  2. Their installations
  3. Their operations

In many governments, the responsibility for protecting these things is split. Historically, CIA assigned responsibility for protecting its personnel and operations to its Office of Security, while it assigned the security of operations to multiple groups within the Directorate of Operation: the counterintelligence staff and the area (or functional) unit, such as Soviet Russia Division. At one point, the counterintelligence unit operated quite autonomously, under the direction of James Jesus Angleton. Later, operational divisions had subordinate counterintelligence branches, as well as a smaller central counterintelligence staff. Aldrich Ames was in the Counterintelligence Branch of Europe Division, where he was responsible for directing the analysis of Soviet intelligence operations. US military services have had a similar and even more complex split.

This kind of division clearly requires close coordination, and this in fact occurs on a daily basis. The interdependence of the US counterintelligence community is also manifest in our relationships with liaison services. We cannot cut off these relationships because of concern about security, but experience has certainly shown that we must calculate the risks involved[5]

The other side of the CI coin-counterespionage-has one purpose which transcends all others in importance: penetration. The emphasis which the KGB places on penetration is evident in the cases already discussed from the defensive, or security viewpoint. The best security system in the world cannot provide an adequate defense against it because the technique involves people. The only way to be sure that an enemy has been contained is to know his plans in advance and in detail.

"Moreover, only a high-level penetration of the opposition can tell you whether your own service is penetrated. A high-level defector can also do this, but the adversary knows that he defected and within limits can take remedial action. Conducting CE without the aid of penetrations is like fighting in the dark. Conducting CE with penetrations can be like shooting fish in a barrel."[5]

In the British service, the cases of the Cambridge Five, and the later suspicions about MI5 chief Sir Roger Hollis caused great internal dissension. Clearly, the British were penetrated by Philby, but it has never been determined, in any public forum, if there were other serious penetrations. In the US service, there was also significant disruption over the contradictory accusations about moles from defectors Anatoliy Golitsyn and Yuri Nosenko, and their James Jesus Angleton#Golitsyn and Nosenko| respective supporters in CIA and the British Secret Service (MI5). Golitsyn had exposed Philby, and was generally believed by Angleton. George Kisevalter, the CIA operations officer that was the CIA side of the joint US-UK handling of Oleg Penkovsky, did not believe Angleton's theory that Nosenko was a KGB plant. Nosenko had exposed John Vassall, a KGB asset principally in the British Admiralty, but there were arguments Vassall was a KGB sacrifice to protect other operations, including Nosenko and a possibly more valuable source on the Royal Navy.

Defensive Counterintelligence

Defensive counterintelligence starts by looking for places in one's own organization that could easily be exploited by foreign intelligence services (FIS). FIS is an established term of art in the counterintelligence community, and, in today's world, "foreign" is shorthand for "opposing". Opposition might indeed be a country, but it could be a transnational group or an internal insurgent group. Operations against a FIS might be against one's own nation, or another friendly nation. The range of actions that might be done to support a friendly government can include a wide range of functions, certainly including military or counterintelligence activities, but also humanitarian aid and aid to development (i.e., "nation building"). [6]

It should be noted that terminology here is still emerging, and "transnational group" could include not only terrorist groups, but transnational criminal organization. Transnational criminal organizations include the drug trade, money laundering, extortion targeted against computer or communications systems, smuggling, etc.

"Insurgent" could be a group opposing a recognized government by criminal or military means, as well as conducting clandestine intelligence and covert operations against the government in question, which could be one's own or a friendly one.

Counterintelligence and counterterrorism analyses provide strategic assessments of foreign intelligence and terrorist groups and prepare tactical options for ongoing operations and investigations. Counterespionage may involve proactive acts against foreign intelligence services, such as double agents, deception, or recruiting foreign intelligence officers. While clandestine HUMINT sources can give the greatest insight into the adversary's thinking, they may also be most vulnerable to the adversary's attacks on one's own organization. Before trusting an enemy agent, remember that such people started out as being trusted by their own countries. They may still be loyal to that country.

Offensive Counterintelligence Operations

Wisner emphasized his own, and Dulles', views that the best defense against foreign attacks on, or infiltration of, intelligence services is active measures against those hostile services.[4] This is often called counterespionage: measures taken to detect enemy espionage or physical attacks against friendly intelligence services, prevent damage and information loss, and, where possible, to turn the attempt back against its originator. Counterespionage goes beyond being reactive, and actively tries to subvert hostile intelligence services, by recruiting agents in the foreign service, by discrediting personnel actually loyal to their own service, and taking away resources that would be useful to the hostile service. All of these actions apply to non-national threats as well as to national organizations.

If the hostile action is in one's own country, or in a friendly one with cooperating police, the hostile agents may be arrested, or, if diplomats, declared persona non grata. From the perspective of one's own intelligence service, exploiting the situation to the advantage of one's side is usually preferable to arrest or actions that might result in the death of the threat. The intelligence priority sometimes comes into conflict with the instincts of one's own law enforcement organizations, especially when the foreign threat combines foreign personnel with citizens of one's country.

In some circumstances, arrest may be a first step, in which the prisoner is given the choice of cooperating, or facing severe consequence up to and including a death sentence for espionage. Cooperation may consist of telling all one knows about the other service, but, preferably, actively assisting in deceptive actions against the hostile service.

Counterintelligence Protection of Intelligence Services

Defensive counterintelligence specifically for intelligence services involves risk assessment of their culture, sources, methods and resources. Risk management must constantly reflect those assessments, since effective intelligence operations are often risk-taking. Even while taking calculated risks, the services need to mitigate risk with appropriate countermeasures.

FIS are especially able to explore open societies, and, in that environment, have been able to subvert insiders in the intelligence community. Offensive counterespionage is the most powerful tool for finding penetrators and neutralizing them, but it is not the only tool. Understanding what leads individuals to turn on their own side is the focus of Project Slammer. Without undue violations of personal privacy, systems can be developed to spot anomalous behavior, especially in the use of information systems.

"Decision makers require intelligence free from hostile control or manipulation. Since every intelligence discipline is subject to manipulation by our adversaries, validating the reliability of intelligence from all collection platforms is essential. Accordingly, each counterintelligence organization will validate the reliability of sources and methods that relate to the counterintelligence mission in accordance with common standards. For other mission areas, we will examine collection, analysis, dissemination practices, and other intelligence activities and will recommend improvements, best practices, and common standards. [7]

Intelligence is vulnerable not only to external but also internal threats. Subversion, treason, and leaks expose our vulnerabilities, our governmental and commercial secrets, and our intelligence sources and methods. This insider threat has been a source of extraordinary damage to US national security, as with Counterintelligence failures#Aldrich Ames| Aldrich Ames, Counterintelligence failures#Robert Hanssen| Robert Hanssen, and Counterintelligence failures##Edward Lee Howard| Edward Lee Howard, all of whom had access to major clandestine activities. Had an electronic system to detect anomalies in browsing through counterintelligence files been in place, Counterintelligence failures#Robert Hanssen| Robert Hanssen's searches for suspicion of activities of his Soviet (and layer Russian) paymasters might have surfaced early. Anomalies might simply show that an especially creative analyst has a Intelligence analysis#trained intuition| trained intuition possible connections, and is trying to research them.

Adding these new tools and techniques to [national arsenals], the counterintelligence community will seek to manipulate foreign spies, conduct aggressive investigations, make arrests and, where foreign officials are involved, expel them for engaging in practices inconsistent with their diplomatic status or exploit them as an unwitting channel for deception, or turn them into witting double agents.[7] "Witting" is a term of intelligence art that indicates that one is not only aware of a fact or piece of information, but also aware of its connection to intelligence activities.

Victor Suvorov, the pseudonym of a former Soviet military intelligence (i.e., GRU) officer, makes the point that a defecting HUMINT officer is a special threat to walk-in or other volunteer assets of the country that he is leaving. Volunteers who are “warmly welcomed” do not take into consideration the fact that they are despised by hostile intelligence agents.

The Soviet operational officer, having seen a great deal of the ugly face of communism, very frequently feels the utmost repulsion to those who sell themselves to it willingly. And when a GRU or KGB officer decides to break with his criminal organization, something which fortunately happens quite often, the first thing he will do is try to expose the hated volunteer."[8]

Counterintelligence Force Protection Source Operations

Terrorist attacks against military, diplomatic and related facilities are a very real threat, as demonstrated by the 1983 Beirut barracks bombings, the 1996 attack on the 1996 Khobar Towers attack|Khobar Towers in Saudi Arabia, 1998 attacks on Colombian bases, the 1998 attack on U.S. embassies in Kenya and Tanzania, the 2000 attack on the USS Cole, and many others. The US military force protection measures are the set of actions taken against military personnel and family members, resources, facilities and critical information, and most countries have a similar doctrine for protecting those facilities and conserving the potential of the forces. Force protection is defined to be a defense against deliberate attack, not accidents or natural disasters.

Force protection intelligence draws on all sources. After the 1983 bombing, an after-action review showed that communications intelligence could have given Signals intelligence from 1980 to 1989#1980s US Tactical SIGINT policy and doctrine|warning.

Counterintelligence Force Protection Source Operations (CFSO) are human source operations, normally clandestine in nature, conducted abroad that are intended to fill the existing gap in national level coverage, as well as satisfying the combatant commander’s intelligence requirements[9]. Military police and other patrols that mingle with local people may indeed be valuable HUMINT sources for counterintelligence awareness, but are not themselves likely to be CFSOs. Gleghorn distinguishes between the protection of national intelligence services, and the intelligence needed to provide combatant commands with the information they need for force protection. There are other HUMINT sources, such as military reconnaissance patrols that avoid mixing with foreign personnel, that indeed may provide HUMINT, but not HUMINT especially relevant to counterintelligence[10]. Active countermeasures, whether for force protection, protection of intelligence services, or protection of national security interests, are apt to involve HUMINT#Basic HUMINT operations| HUMINT disciplines, for the purpose of detecting FIS agents, involving screening and debriefing of non-tasked human sources, also called casual or incidental sources. such as:

  1. walk-in’s and write-in's(individuals who volunteer information)
  2. unwitting sources (any individual providing useful information to counterintelligence, who in the process of divulging such information may not know they are aiding an investigation)
  3. defectors and enemy prisoners of war (EPW)
  4. refugee populations and expatriates
  5. interviewees (individuals contacted in the course of an investigation)
  6. official liaison sources.

"Physical security is important, but it does not override the role of force protection intelligence...Although all intelligence disciplines can be used to gather force protection intelligence, HUMINT collected by intelligence and CI agencies plays a key role in providing indications and warning of terrorist and other force protection threats.[11]

Force protection, for forces deployed in host countries, occupation duty, and even at home, may not be supported sufficiently by a national-level counterterrorism organization alone. In a country, colocating FPCI personnel, of all services, with military assistance and advisory units, allows agents to build relationships with host nation law enforcement and intelligence agencies, get to know the local environments, and improve their language skills. FPCI needs a legal domestic capability to deal with domestic terrorism threats.

As an example of terrorist planning cycles, the 1996 Khobar Towers bombing attack shows the need for long-term FPCI. "The Hezbollah operatives believed to have conducted this attack began intelligence collection and planning activities in 1993. They recognized American military personnel were billeted at Khobar Towers in the fall of 1994, and began surveillance of the facility, and continued to plan, in June 1995. In March 1996, Saudi Arabian border guards arrested a Hezbollah member attempting plastic explosive into the country, leading to the arrest of two more Hezbollah members. Hezbollah leaders recruited replacements for those arrested, and continued planning for the attack."[12]

Defensive Counterintelligence Operations

In US doctrine, although not necessarily that of other countries, CI is now seen as primarily a counter to FIS HUMINT. In the 1995 US Army counterintelligence manual, CI had a broader scope against the various intelligence collection disciplines. Some of the overarching CI tasks are described as

  1. Developing, maintaining, and disseminating multidiscipline threat data and intelligence files on organizations, locations, and individuals of CI interest. This includes insurgent and terrorist infrastructure and individuals who can assist in the CI mission.
  2. Educating personnel in all fields of security. A component of this is the multidiscipline threat briefing. Briefings can and should be tailored, both in scope and classification level. Briefings could then be used to familiarize supported commands with the nature of the multidiscipline threat posed against the command or activity.

More recent US joint intelligence doctrine[13] restricts its primary scope to counter-HUMINT, which usually includes counter-terror. It is not always clear, under this doctrine, who is responsible for all intelligence collection threats against a military or other resource. The full scope of US military counterintelligence doctrine has been moved to a classified publication, Joint Publication (JP) 2-01.2, Counterintelligence and Human Intelligence Support to Joint Operations.

More specific countermeasures against intelligence collection disciplines are listed below

CI roles against Intelligence Collection Disciplines, 1995 doctrine [9]
Discipline Offensive CI Defensive CI
HUMINT Counterreconnaissance, offensive counterespionage Deception in operations security
SIGINT Recommendations for kinetic and electronic attack Radio OPSEC, use of secure telephones, SIGSEC, deception
IMINT Recommendations for kinetic and electronic attack Deception, OPSEC countermeasures, deception (decoys, camouflage)

If accessible, use SATRAN reports of satellites overhead to hide or stop activities while being viewed


Counter-HUMINT deals with both the detection of hostile HUMINT sources within an organization and the detection of individuals likely to become hostile HUMINT sources, as a mole or double agent. There is an additional category relevant to the broad spectrum of counterintelligence: why one becomes a terrorist.

The acronym MICE:

  • Money
  • Ideology
  • Compromise (or coercion)
  • Ego

describes the most common reasons people break trust and disclose classified materials, reveal operations to hostile services, or join terrorist groups. It makes sense, therefore, to monitor trusted personnel for risks in these areas, such as financial stress, extreme political views, potential vulnerabilities for blackmail, and excessive need for approval or intolerance of criticism. With luck, problems in an employee can be caught early, assistance can be provided to correct them, and not only is espionage avoided, but a useful employee retained. See Motives for spying for specific examples.

Sometimes, the preventive and neutralization tasks overlap, as in the case of Earl Edwin Pitts. Pitts had been an FBI agent who had sold secret information to the Soviets, and, after the fall of the USSR, to the Russians. He was caught by an FBI false flag sting, in which FBI agents, posing as Russian FSB agents, came to Pitts with an offer to "reactivate" him. His activities seemed motivated by both Money and Ego over perceived bad treatment when he was an FBI agent. His sentence required him to tell the FBI all he knew of foreign agents. Ironically, he told them of suspicious actions by Robert Hanssen, which were not taken seriously at the time.

Motivations for Information and Operations Disclosure

To go beyond slogans, Project Slammer was an effort of the Intelligence Community Staff, under the Director of Central Intelligence, to come up with characteristics of Project Slammer, an Intelligence Community sponsored study of espionage. It "examines espionage by interviewing and psychologically assessing actual espionage subjects. Additionally, persons knowledgeable of subjects are contacted to better understand the subjects' private lives and how they are perceived by others while conducting espionage". [14]

How an espionage subject sees himself (at the time of espionage)
Attitude Manifestations
His basic belief structure Special, even unique.


His situation is not satisfactory.

No other (easier) option (than to engage in espionage).

Only doing what others frequently do.

Not a bad person.

His performance in his government job (if presently employed) is separate from espionage; espionage does not (really) discount his contribution in the workplace.

Security procedures do not (really) apply to him.

Security programs (e.g., briefings) have no meaning for him, unless they connect with something with which he can personally identify.

He feels isolated from the consequences of his actions: He sees his situation in a context in which he faces continually narrowing options, until espionage seems reasonable. The process that evolves into espionage reduces barriers, making it essentially "Okay" to initiate the crime.

He sees espionage as a "Victimless" crime.

Once he considers espionage, he figures out how he might do it. These are mutually reinforcing, often simultaneous events.

He finds that it is easy to go around security safeguards (he is able to solve that problem). He belittles the security system, feeling that if the information was really important espionage would be hard to do (the information would really be better protected). This "Ease of accomplishment" further reinforces his resolve.

Attempts to cope with espionage activity He is anxious on initial hostile intelligence service contact (some also feel thrill and excitement).

After a relationship with espionage activity and HOIS develops, the process becomes much more bearable, espionage continues (even flourishes).

In the course of long term activity subjects may reconsider their involvement. -- Some consider breaking their role to become an operative for the government. This occurs when access to classified information is lost or there is a perceived need to prove themselves, or both.

-- Others find that espionage activity becomes stressful, they no longer want it. Glamour (if present earlier) subsides. They are reluctant to continue. They may even break contact.

-- Sometimes they consider telling authorities what they have done. Those wanting to reverse their role aren't confessing, they're negotiating. Those who are "Stressed out" want to confess. Neither wants punishment. Both attempt to minimize or avoid punishment.

According to a press report about Project Slammer and Congressional oversight of counterespionage, one fairly basic function is observing one's own personnel for behavior that either suggests that they could be targets for foreign HUMINT, or may already have been subverted. News reports indicate that in hindsight, red flags were flying but not noticed. [15] In several major penetrations of US services, such as Aldrich Ames, the Walker ring or Robert Hanssen, the individual showed patterns of spending inconsistent with their salary. Some people with changed spending may have a perfectly good reason, such as an inheritance or even winning the lottery, but such patterns should not be ignored.

Personnel in sensitive positions, who have difficulty getting along with peers, may become risks for being compromised with an approach based on ego. William Kampiles, a low-level worker in the CIA Watch Center, sold, for a small sum, the critical operations manual on the KH-11 reconnaissance satellite. To an interviewer,. Kampiles suggested that if someone had noted his "problem" -- constant conflicts with supervisors and co-workers -- and brought in outside counseling, he might not have stolen the KH-11 manual.[15]

By 1997, the Project Slammer work was being presented at public meetings of the Security Policy Advisory Board[16]. While a funding cut caused the loss of impetus in the mid-nineties, there are research data used throughout the security community. They emphasize the

"essential and multi-faceted motivational patterns underlying espionage. Future Slammer analyses will focus on newly developing issues in espionage such as the role of money, the new dimensions of loyalty and what seems to be a developing trend toward economic espionage."

Motivations of Terrorists

Where Project Slammer focused on motivations for people violating the trust they had been given with access to sensitive information, another study, by Decision Support Systems, contrasts a differing set of psychological factors that produces terrorists[17]:

A New Set of Deadly Motivational Factors
Espionage motivational factor Terrorist motivational factor
Easily despairing over their situation (“I should have better than this”) Patterned behavior. Obsessive, compulsive. Monomania, attention to detail
Short attention span (“I’m bored”) Addictive tendencies. Ability to addict to physiological response to ‘peak’ experience
Polarized relationships/responses (“If you’re not with me, you’re against me”) Ego, identity issues. ‘Act out,’ demonstrate against authority
Poor relationships (“I’m alone/lonely”) Isolation/intentional community. Insular language, mindset, social contacts
Lack of maturity, poor impulse control (“I want it now”) Role playing. Blend in, social engineering. Play and shift roles. Blurs role and life
Sociopathic tendencies (“Who cares about you?”) Sentinel event. Trigger event causes ‘explosion’—blame others, not self
Conceited, self-absorbed (“Me, me, me”)


Military and security organizations will provide secure communications, and may SIGINT#Monitoring Friendly Communications| monitor less secure systems, such as commercial telephones or general Internet connections, to detect inappropriate information being passed through them. Education on the need to use secure communications, and instruction on using them properly so that they do not become vulnerable to SIGINT#Defensive SIGINT| specialized technical interception.


The basic methods of countering IMINT are to know when the opponent will use imaging against one's own side, and interfering with the taking of images. In some situations, especially in free societies, it must be accepted that public buildings may always be subject to photography or other techniques.

Countermeasures include putting visual shielding over sensitive targets or camouflaging them. When countering such threats as imaging satellites, awareness of the orbits can guide security personnel to stop an activity, or perhaps cover the sensitive parts, when the satellite is overhead. This also applies to imaging on aircraft and UAVs, although the more direct expedient of shooting them down, or attacking their launch and support area, is an option in wartime.


While the concept well precedes the recognition of a discipline of OSINT, the idea of Censorship#Censorship of state secrets and prevention of attention| censorship of material directly relevant to national security is a basic OSINT defense. In democratic societies, even in wartime, censorship must be watched carefully lest it violate reasonable freedom of the press, but the balance is set differently in different countries and at different times.

The United Kingdom is generally considered to have a very free press, but the UK does have the DA-Notice| DA-Notice, formerly D-notice system. Many British journalists find that this system is used fairly, although there always be arguments. In the specific context of counterintelligence, note that Peter Wright, a former senior member of the Security Service who left their service without his pension, moved to Australia before publishing his book Spycatcher. While much of the book was reasonable commentary, it did reveal some specific and sensitive techniques, such as Operation RAFTER, a means of detecting the existence and setting of radio receivers.


MASINT is mentioned here for completeness, but the discipline contains so varied a range of technologies that a type-by-type strategy is beyond the current scope. One example, however, can draw on the Operation RAFTER technique revealed in Wright's book. With the knowledge that Radiofrequency MASINT was being used to pick up an internal frequency in radio receivers, it would be possible to design a shielded receiver that would not radiate the signal that RAFTER monitored.


  1. 1.0 1.1 Van Cleave, Michelle K. (April 2007). Counterintelligence and National Strategy. School for National Security Executive Education, National Defense University (NDU).
  2. Archick, Kristen (July 24, 2006). European Approaches to Homeland Security and Counterterrorism. Congressional Research Service.
  3. Dulles, Allen W. (1977). The Craft of Intelligence. Greenwood. Dulles-1977. 
  4. 4.0 4.1 Wisner, Frank G. (22 Sep 1993). On "The Craft of Intelligence".
  5. 5.0 5.1 5.2 Matschulat, Austin B. (2 July 1996). Coordination and Cooperation in Counterintelligence.
  6. Joint Publication 3-07.1: Joint Tactics, Techniques,and Procedures for Foreign Internal Defense (FID) (30 April 2004).
  7. 7.0 7.1 National Counterintelligence Executive (NCIX), 2007
  8. Suvorov, Victor (1984), Chapter 4, Agent Recruiting, Inside Soviet Military Intelligence, MacMillan Publishing Company
  9. 9.0 9.1 US Department of the Army (3 October 1995). Field Manual 34-60: Counterintelligence. Cite error: Invalid <ref> tag; name "FM34-60" defined multiple times with different content
  10. Gleghorn, Todd E. (September 2003). Exposing the Seams: the Impetus for Reforming US Counterintelligence.
  11. US Department of Defense (12 July 2007). Joint Publication 1-02 Department of Defense Dictionary of Military and Associated Terms.
  12. Imbus, Michael T (April 2002), Identifying Threats: Improving Intelligence and Counterintelligence Support to Force Protection, USAFCSC-Imbus-2002
  13. Joint Chiefs of Staff (22 June 2007). Joint Publication 2-0: Intelligence.
  14. Intelligence Community Staff (12 April 1990), Project Slammer Interim Progress Report
  15. 15.0 15.1 Stein, Jeff (July 5, 1994), "The Mole's Manual", New York Times Cite error: Invalid <ref> tag; name "Stein" defined multiple times with different content
  16. Security Policy Advisory Board (12 December 1997), Security Policy Advisory Board Meeting Minutes
  17. Decision Support Systems, Inc. (31 December 2001), Hunting the Sleepers: Tracking al-Qaida's Covert Operatives