Counter-intelligence is an important capability and conceptual dimension of intelligence yet is often absent in academic writings or poorly understood. It is normal in intelligence tradecraft to the deep mistrust of all messages, indicators and signals. Don’t be fooled, expect the worst from everyone and don’t trust anything. Counter-intelligence has traditionally been focussed on countering espionage, sabotage, subversion and terrorism. Given that intelligence services enjoy misdirecting, confusing, and paralysing decision-systems in the pursuit of espionage, subversion and sabotage, the counter-intelligence effort is often one of identifying subterfuge while maximising protections for high value assets, information and people.
A simple way of understanding counter-intelligence is to use the constructed meanings of intelligence as a starting base. There are five ways that intelligence is conceived:
As a process… “Intelligence is the process of converting information on threats and harms into product supporting decisions”.
As a product…. “Intelligence is the product derived from the process of analysing threats and harms”.
As a means of activity or collection… “Intelligence is an exploitative activity undertaken with human, technical or communications sources in order to collect and produce product on threats and harms”. This approach relates to defining HUMINT, SIGINT, IMINT, MASINT, etc.
As a capability… “Intelligence is the capability an organisation has to collect, analyse and support decisions related to countering harms and threats.
As a level of decision-support… “Strategic intelligence services strategic level decisions, operational intelligence services operational/campaigning/program decisions, and tactical intelligence services tactical/project/case level decisions”.
How people view intelligence often depends on how they are discussing it, and it will vary from conversation to conversation.
“Can we share intelligence?” Is a question with the context of intelligence as a product.
“Can you collect some intelligence for me on…?” Is a question with intelligence as an activity as the central construct.
“To develop this assessment product, we will need to have the following steps in place.” Is a statement with intelligence as a process at the centre.
“Have you seen the intel team?” Is a question with the concept of intelligence related to the capability to deliver intel.
“Hey – we need some strategic intel on….” Is a statement related to the level of intelligence support to be provided.
Counter-intelligence can be contextualised across the same spectrum of positions.
As a process… “Counter-Intelligence is the process of converting information on security threats and harms into security intelligence product supporting decisions”
As a product…. “Security Intelligence is the product derived from intelligence effort in countering espionage, sabotage, subversion and terrorism.” Under this approach counter-intelligence supports decisions on operational security and the design of protections for high value targets.
As a means of activity or collection… “Counter-Intelligence are those activities taken to deny the exploitative activity of other intelligence capabilities in pursuit of espionage, subversion, sabotage or politically motivated violence
As a capability… “Counter-Intelligence is the capability an organisation has to deploy to deny or degrade a threat’s intelligence systems – especially in the protection against espionage, sabotage, subversion and terrorism.
As a level of decision-support… “Strategic counter-intelligence intelligence involves the denial of access to sensitive sources and assets against foreign intelligence services over time, operational counter-intelligence assists the protection of information assets and people vital to operations, and tactical counter-intelligence is targeted effort to reduce specific oppositional intelligence capability/operations by an opposing threat.”
Counter-intelligence is bound intrinsically with the concept of security; and hence is dependent on the decision-system’s perspectives of what is to be kept ‘secure’. Therefore, the product derived from counter-intelligence analysis is often referred to as security intelligence (indicative of intended decision-support).
The weight and focus of counter-intelligence effort can be subject to shifts in political priority. Domestic counter-terrorism priorities can shift resources from the targeting of foreign intelligence service counter-espionage and counter-subversion for example. This is a necessary outcome of intelligence’s primary purpose to support decision-making. Counter-intelligence capability usually sand-bags against political interference by:
Ensuring the rhetoric of fear does not supplant ongoing risks.
Continuing counter-intelligence coverage of known and possible espionage, sabotage, subversion and terrorism risks, while balancing focussed coverage on the priority counter-intelligence requirements.
The rhetoric of fear is an interesting conundrum in the counter-intelligence domain due to its secrecy and the general paranoia of covert and clandestine operations. The real and ever-present risks cannot easily be explained, pointed to or identified. Intelligence systems have been known to ‘over-cook’ risks and their own importance in order to attract more funding or power. The public value measures for counter-intelligence remain unclear. The recently disclosed Chinese intelligence efforts to subvert Australian politicians (ABC News, 2022) is a positive example of counter-intelligence success. On the negative, a Review in 2015 of Australia’s counter-intelligence effort targeting terror threats assessed that the threat is worsening and Australia’s CT response is not “winning on any front”. This was a clear attempt to align funding demands with concocted risk (DPMC, 2015). In another case, ex-intelligence officials assisted left-leaning media efforts to bury key facts about the US democrat candidate in the 2020 election under the pretence of the facts being part of a Russian intelligence operation [see Betrand (2020) and New York Post (2022)]. In each of these two cases, the public’s inherent paranoia of foreign intelligence services is weaponised for political interest and gain; ultimately damaging the intelligence profession.
Interestingly, the language of counter-intelligence has died away as the concept of threats morphed from traditional real-politic state actors to criminal groups, the environment, tech assaults, fake news, health diseases, and so on. ‘Subversion’ is a word hardly ever used in public discourse anymore, yet remains central to the intent of extremist and radical interest groups. ‘Radicalisation’, ‘misinformation’ and ‘indoctrination’ are in favour but often reflect the methods used to achieve subversion as an overarching aim.
While the means of espionage, sabotage and subversive attack have shifted, the counter-intelligence problem remains the same; it’s just grown more complex. The information age means the counter-intelligence concept is important for a broader array of organisations growing their intelligence systems. Commercial intelligence (on market competitors and threats) has its reflective counter-intelligence premise to deny opponents’ commercial intelligence. Sophisticated criminal enterprises have developed intelligence capability in cyber and human source domains; and hence law enforcement would be wise to consider their counter-intelligence tradecraft and posture.
Regulators are focussed on preventing harm but sometimes struggle to understand threat (the ‘who’ posing the ‘harm’). Hence, they may not consider the ramifications of themselves being targeted; beyond corporate data risk controls. Few regulators are subject to the internal investigative, professional standards and vetting regimes of the security and policing services. Virtually all regulators are subject to open disclosure laws making much of what they do visible. So, with this in mind, it is understandable that the concept of counter-intelligence may be foreign to those in regulation. Yet all regulators have detection and response thresholds whether they have it formalised them or not. One manifestation of poor behaviour is for regulated entities to attempt to discern ‘what they can get away with’. Hence, regulators need to understand their detection thresholds and continually develop and evolve their intelligence systems faster than such poor behaviours can manifest.
ABC News, 2022, China behind failed attempt to bankroll Labor candidates in federal election https://www.abc.net.au/news/2022-02-11/china-accused-attempt-bankroll-labor-candidates-federal-election/100822512, Andrew Greene, Posted Fri 11 Feb 2022, downloaded 25/03/2022
Department of the Prime Minister and Cabinet, Review of Australia’s Counter-Terrorism Machinery, January 2015, p.iv.
Natasha Bertrand (2020), Hunter Biden story is Russian disinfo, dozens of former intel officials say, https://www.politico.com/news/2020/10/19/hunter-biden-story-russian-disinfo-430276, By NATASHA BERTRAND 10/19/2020 10:30 PM EDT, downloaded 25/03/2020
New York Post (2022), Spies who lie: 51 ‘intelligence’ experts refuse to apologize for discrediting true Hunter Biden story, https://nypost.com/2022/03/18/intelligence-experts-refuse-to-apologize-for-smearing-hunter-biden-story, Post Editorial Board March 18, 2022 8:35pm, downloaded 25/03/2020.