COUNTERINTELLIGENCE

Keshav Mazumdar

Antiterrorism Officer & Sr VP ATAB

Anti Terrorism Accreditation Board

Force Protection

The Purpose of Intelligence

The purpose of Intelligence is two fold. It acts as an early warning system by attempting to provide accurate and timely information about the adversary’s intention, and the surrounding environment. It also provides a counterintelligence tool to deny the adversary valuable information and also to combat terrorism, subversion and espionage. Thus intelligence is protective , exploitative and positive in that it supplies us with positive intelligence about the adversary and protects our own infrastructure. Intelligence thus renders our actions either offensive or defensive.

CI Must be Flexible to Adapt

The CI effort focuses on the overall hostile intelligence collection, sabotage, terrorist, and subversive threat.
The CI effort is also sufficiently flexible to adapt to the geographical environment, attitudes of the indigenous population, mission of the supported command, and changing emphasis by hostile intelligence, sabotage, terrorist, and subversive organizations.

What are We Protecting

In protecting an installation and its information systems, operations and general security from enemy multidisciplinary intelligence threat we must identify the vulnerable and critical areas to be given more weightage during security review.
Not all assets and activities warrant the same level of protection. To this end a careful and thorough vulnerability analysis needs to be conducted resorting to red teaming methodology.

The Enemy Uses Intel and CI also

It should be noted at this juncture that it is always the attempts of the enemy intelligence service to subvert our knowledgeable personnel.

Classification and Access

In a military production unit , say ordnance factory , the senior engineers and quality control scientists have access to sensitive designs and information related to weaponry systems.
Similarly classified and top secret documents/information are in the hands of cleared senior personnel. These people are often the target of aggressive enemy counterintelligence agents.

The 5 Basic Categories

People
Activities / Operations
Information
Facilities
Equipment / Materials

Basic CI Categories Include

People

Military personnel

Activities/Operations

Intelligence collection/analysis
Sensitive movement of operations/personnel
Conduct of sensitive training
Communications/networking
RDT&E and sensitive technology
Production of sensitive technology
Protection of nuclear/chemical/biological materials
Protection of weapons, explosives, and equipment

Information

Information

Classified
Sensitive Compartmented Information
Top Secret
Secret
Confidential
Unclassified
System designs
System capabilities/vulnerabilities
Sensitive methods

Facilities

Facilities

Headquarters
Field offices/administrative buildings
Training facilities
Storage facilities
Production facilities
R&D laboratories
Power plants
Parking facilities
Aircraft hangars
Residences

Equipment/Materials

Transportation equipment/vehicles
Maintenance equipment
Operational equipment
Communications equipment
Security equipment
Weapons
Automated information systems equipment

CI Agent Needs to Know Critical Needs

Now that the CI agent is knowledgeable about these assets and activities that need protection, he can execute a vulnerability and criticality analysis and recommend suitable protective measures as well as countermeasures to the Commander.
He can recommend which critical units need protection first and what resources to allocate and how and where to implement general security and countermeasures.

Insurgency and Force Protection

Why does counterintelligence factor so much in COIN missions? Firstly insurgents place a very high emphasis on the usage of informants, double agents, reconnaissance, surveillance, open source collection of media and imagery.
Thus it could well be that we have sources who have switched loyalties or who may be working for both the parties with little or no loyalty to the government.
We must locate these individuals who are a threat to operational security.

Insurgents & Counter Surveillance

Secondly insurgents resort to counter surveillance. They hide among the local populace , use couriers to transfer money, intelligence and orders to run their ops.
Finally and very important is the need for counterintelligence for Force protection.

Need a Clear Doctrine

Another definition is CI both ‘information gathered’ and ‘activities conducted’ in order to ‘protect against espionage, other intelligence activities, sabotage or assassination conducted on behalf of foreign powers, organisations or persons, or international insurgent activities but not including personnel, physical documents or communications security’.

CI Conducts Operation to Determine Enemy Capabilities

In order to neutralize hostile intent CI conducts various activities such as acquiring information about plans, operations and capabilities of those organizations whose intent is subversion. CI informs policy.

CI is Important to the Intel Cycle

CI aids military commanders and allied agency heads to take effective decisions.
We don’t have a clear doctrine on CI. It is the most misunderstood , most sensitive arcane intelligence discipline.
But it performs the very important function of protecting the intelligence cycle.

CI is an Activity and Work Product

Counterintelligence is both an activity and its product.
The product is reliable timely information about enemy/foreign intelligence organizational structure, the personnel profile, the operations of the enemy/foreign intelligence service and how they recruit personnel both from outside and insiders.

CI Intelligence Collection

To this end ‘’counterintelligence intelligence collection’’ activities are conducted.
It is an organization also as it consists of personnel with specialized skills to whom are allocated various functions.
After proper execution an information database is created which provides knowledge to decision makers.

CI in Summary

Summing up CI is in a way different from all other intelligence disciplines.Intelligence seeks to aquire information through collection methods wherein the result is not the objective but in CI collection activities enemy intent is always in the horizon..and activities..both offensive and defensive are conducted to neutralize this intent or to exploit the enemy itself to our advantage.

CI is Multidisciplinary

Counterintelligence interacts with other intelligence disciplines such as SIGINT and IMINT to locate hostile entities and also to acquire knowledge about the capabilities and targeting of hostile SIGINT/IMINT. CI is multidisciplinary. It is different from security in that like security it does not only seek to implement defensive measures but also to aggressively target hostile intent. One of these offensive CI operations is Deception. Deception ops are designed at senior echeleon levels such as Command.

Deception Operations

The CI body/unit executes the deception operation. Just as tactical military intelligence supports combat ops , similarly CI must support deception ops. CI is not policing.
Once a crime is commited the law enforcement authorities resort to arrest of the perpetrator so as to prosecute him as per law.
But a CI agent has no arrest authorities. All these doctrinal differences make it more difficult to promulgate a clear CI doctrine.

Clandestine Operations

The CI functions include collection of all information about the activities and the organization itself of the enemy intelligence service.
To this end source operations and clandestine methods are resorted to.

Accurate Analysis

The analytical component of CI holds significant importance because accurate analysis predicates CI operations designed to defeat hostile intent and also conduct exploitation ops to our advantage.
Infiltration/penetration and deception operations , to name a few are the offensive operations resorted to by the CI body.

Defending Installations and Personnel

A specialized function is the evaluation of defectors and debriefing of returned defectors.
There are also defensive operations designed to protect installations/personnel information and formal security programmes.

CI and Information Protection

Protecting secrets High up on its priority list CI has information protection. CI attempts to ensure that classified information doesn’t fall into the hands of unauthorized users such as foreign agents /foreign intelligence service (physical security part of CI) and also making certain that all those people who do have access to sensitive information, say due to ‘’need to know’’ authority or by virtue of portfolio in the intelligence dept.—these people are protecting that information from being accessed.
Here we used the term “CI attempts to ensure’’ as no amount of security controls can ever guarantee that the employee will observe the rules.

Lapses Do Happen

Lapses will and do happen. Lapses which may be involuntary or voluntary with multiple intent scenarios ..ranging from yearning for self sufficiency in terms of wealth etc to disgruntled officials. If an official has the authorization to access sensitive information we must accept the fact that the information can also be compromised.

Profiling

To prevent this from happening and thus protect the intelligence information (or in a larger context the intelligence cycle itself) the intelligence organization resorts to psychological, behavioural, evaluation, monitoring and profiling those personnel who have a propensity for betrayal.

Inaccurate Profiling

But the former evaluation techniques are below 100% accuracy thus leading to the recruitment of personnel who have intent to do harm.
As for the latter profiling method those personnel who are adept in evading detection remain out of scrutiny and more resources are wastefully allocated in profiling the wrong person.

Nothing is 100% Secure

Hence earlier stated that no amount of security control or vetting can ensure 100% information protection.
We have to live with this risk and CI primary function is to resort to all available means so as to minimize this risk.

Naxalite Barracks Attack

Attacks against military and related facilities are a very real threat, as demonstrated by the Naxalite attack against CRPF personnel in Chattisgarh's Dantewada district and many others. On April 6, Naxalites had killed 75 CRPF personnel and a police officer also succumbed in the massacre.
We must have a doctrine for protecting our facilities and conserving the potential of our forces.

Attacks to Destroy Morale

Insurgents deliberately attack the forces ..for example in the rear to destroy camps, housing, support units and ammunition dumps with the intent to undermine the fighting potential and morale of the troops and loot and destroy its ordnance and weapons simultaneously.
This is a grave threat and needs to be addressed.

Counter Intel and Standard Intel

Counterintelligence, like it protects the intelligence services it also provides the necessary intelligence to combatant commanders for force protection.
Standard intelligence disciplines all provide relevant intelligence but very less or no HUMINT relevant to counterintelligence.

Security Alone is not Sufficient

We incorporate standard physical security measures but that is not sufficient for force protection.
It is never a substitute for protection gained through intelligence.
Moreover physical security can never override the value of counterintelligence.
It is only HUMINT collected by intelligence and counterintelligence agencies that function as the indications and warning provider with respect to insurgent and other force protection threats.