Counterintelligence and escalation from hybrid to total war in the Russo-Ukrainian conflict 2014–2024

ABSTRACT

This article examines certain counterintelligence (CI) aspects of the on-going conflict between Russia and Ukraine since 2014 in terms of key problems in current western CI concepts, doctrine and processes. It examines not only the CI threat to Ukraine during the Donbas ‘frozen war’ and 2022 invasion from the traditional CI triad of espionage, sabotage and subversion but also from Russian intelligence, surveillance and reconnaissance (ISR) capabilities and activities supporting both irregular and regular combatants. The article concludes that a UK and allied approach to CI shaped by a two-decade security focus on counterterrorism and counterinsurgency may not be fit for purpose in a contemporary strategic environment characterized by a persistent and escalating threat from strategic peers engaged in state-supported hybrid conflict.

KEYWORDS:

• Russia
• Ukraine
• counterintelligence
• SBU
• FSB
• FRU
• Russo-Ukraine war

Disclosure statement

No potential conflict of interest was reported by the author(s).

Correction Statement

This article has been corrected with minor changes. These changes do not impact the academic content of the article.

Notes

1. War Office Manual of Military Intelligence 1946 Pamphlet No.3 Counter-Intelligence – Military Security WO279/372 The National Archive (TNA) 1.

2. Roy Godson ed. Intelligence Requirements for the 1980s: Elements of Intelligence passim

3. See, e.g., Johnson National Security Intelligence 116–154; Jensen et al Introduction to Intelligence Studies esp.211–213 and Johnson Thwarting Enemies at Home and Abroad, passim.

4. Gentry (2016) ‘Toward a Theory of Non-State Actors’

5. Davies ‘British Democracy in a New Age of Subversion’ 5. This is also the inadequately discussed background to the ISC’s complaint that the UK’s Security and Intelligence Agencies (SIA) ‘they not view themselves as holding primary responsibility for the active defence of the UK’s democratic processes from hostile foreign interference’. See the ISC Russia report 10.

6. NATO Standards Organization (NSO) Allied Joint Doctrine for Intelligence, Counterintelligence and Security 7-1 – 7-2, 8–1.

7. This is most often associated with the CI provision of Ronald Reagan’s Executive Order (EO) 123323 of 1981 Section 3.4, but also featured in its predecessor EO 12,036 in 1978, Section 4–202 and appears in an official lexicon issued by an Intelligence Community Staff ‘Intelligence Definitions Working Group’ issued in 1977 CIA-RDP91M00696R000300020005-7, CIA Research Tool (CREST).

8. War Office Manual of Military Intelligence Pamphlet No.1 Intelligence Staff Duties 51, WO 279/374, TNA.

9. See, e.g., Godson ‘Discussion’ 156 Miler ‘Counterintelligence’ 49.

10. Joint Development and Doctrine Centre (JDCC) Joint Warfare Publication 2–00: Joint Operational Intelligence 1A–5.

11. NSO Allied Joint Doctrine for Force Protection A-14; NSO Allied Joint Doctrine for Intelligence, Counterintelligence and Security 8–1.

12. This, and much of the following doctrinal discussion, is abstracted from Davies ‘The Trouble with TESSOC’.

13. Discussed at some length in Johnson Thwarting Enemies at Home and Abroad pp.13–19.

14. Zuehlke ‘What is Counterintelligence’ 16–17.

15. Henderson Field Intelligence 46

16. There is a slight potential confusion in discussing CI as ‘multidisciplinary’. The conduct of CI operations has long been multidisciplinary in the sense that both human and technical collection methods may be deployed against the enemy intelligence organization per the CI SIGINT and cyber examples discussed above. In this case, Zuehlke is referring to countering the adversary’s use of technical as well as human collection.

17. See, variously, Kalaris and McCoy ‘Counterintelligence’ 129–130 (who, significantly, are pitching the notion as early as 1989), United States Army Field Manual 34–60 Counterintelligence passim, United States Marine Corps (USMC) MCWP 2–14 Counterintelligence C-1 – C-23 and, from the ‘counterespionage is counter-HUMINT’ camp Shulsky and Schmitt Silent Warfare pp.114–116.

18. JDCC Joint Warfare Publication 2–00: Joint Operational Intelligence 1A–5

19. See Davies ‘ISR Versus ISTAR’ 78–80

20. One can see that tug of war at work over the last decade and a half between, for example, the third edition of the UK joint intelligence doctrine and the FP influenced 2016 NATO intelligence doctrine on the one hand, and what might be called a more maneouvreist CI approach in the latest, fourth edition of the UK intelligence doctrine. For the FP dominated approach see Development, Doctrine and Concepts Centre (DCDC) Understanding and Intelligence Support to Operations 2-15 – 2-16, NSO Allied Joint Doctrine for Intelligence, Counterintelligence and Security 7-1 – 8-8, NSO Allied Joint Doctrine for Force Protection 4–3, 4–11 n.37, A-13 – A-14. On the manoeuvreist approach, see DCDC Intelligence, Counterintelligence and Security Support to Joint Operations 85–92.

21. NSO Allied Joint Doctrine for Operations Security and Deception 3–4, 11.

22. Masterman The Double Cross System 8.

23. DCDC Intelligence, Counterintelligence and Security Support to Joint Operations 88.

24. DCDC Intelligence, Counterintelligence and Security Support to Joint Operations 90–91; Godson Dirty Tricks or Trump Cards? 187–188.

25. Both Godson and Prunckun have nominally substantial sections on ‘analysis’ but in both cases these are largely concerned with the analytic aspects of CI operational activity and ‘positive’ intelligence exploitation of CI information but with only a handful of paragraphs on CI analysis as CI knowledge; Prunckun Counterintelligence Theory and Practice 23; Godson Dirty Tricks or Trump Cards 191–192.

26. Confined by the length of an article, Zuehlke offers one of the most detailed discussions of CI analysis and CI knowledge pp.33–35, Kevin Riehle has, however, offered the most thorough discussion of counterintelligence analysis as a class of finished intelligence in his ‘A Counterintelligence Analysis Typology’ and ‘Assessing Foreign Intelligence Threats’.

27. United States Army Field Manual 34–60 Counterintelligence 1–7

28. In this discussion, HW/FSC used only to refer to conflicts that combine symmetrical and asymmetrical engagement with state support of any non-state asymmetrical belligerents. For a range of characterizations of HW/FSC see, e.g., Johnson ‘Hybrid Warfare and Its Countermeasures’

29. For a concise and lucid overview, see e.g., Johnson ‘Hybrid Warfare and Its Countermeasures’; DCDC Future Character of Conflict (2010 edition) 13 and passim; Johnson Military Capabilities for Hybrid War; with specific reference to the Ukraine conflict, Giles Russia’s ‘New’ Tools for Confronting the West and the essays compiled by Polese et al in their special issue of Small Wars and Insurgency.

30. Watling et al Preliminary Lessons from Russia’s Unconventional Operations During the Russo-Ukraine War and The Threat from Russia’s Unconventional Warfare Beyond Ukraine, 2022–24, both passim.

31. See, e.g., Richterova ‘The Anxious Host’.

32. With regards to Ukraine specifically, see N.A. ‘Ukraine: KGB to Security Service of Ukraine (SBU) 406–407

33. On Ukraine’s referendum on secession, see e.g., Plokhy The Russo-Ukrainian War 2–4, 26–28.

34. N.A. ‘Ukraine: KGB to Security Service of Ukraine (SBU) p.406. There is some apparent confusion in this account about Marchuk role as ‘first’ SBU head because a table of SBU chairmen on p.412 gives Mykola Holushko holding the role in 1991 prior to Marchuk taking office that same year. It may that Holushko held a ‘caretaker’ role during the transition from Soviet Ukrainian KGB to SBU.

35. N.A. ‘From KGB to Security Service of Ukraine (SBU)’ p.413.

36. Richard Sawka has argued that the west-facing Ukrainian nationalists can be divided into two camps of their own, those who view Ukraine as a distinct ethnic and linguistic as well as geographical entity whom he refers to as ‘monists’, and those who view Ukraine as a civil society that is a confederal amalgam of diverse ethnic and language groups. Such an internal division has, of course, paled somewhat in significance in the face of Russian aggression. See Sawka Frontline Ukraine, passim.

37. Plokhii The Russo-Ukraine War 42–48.

38. Sawka Frontline Ukraine 51.

39. N.A. ‘Ukraine: KGB to Security Service of Ukraine (SBU)’ 409.

40. N.A. ‘Ukraine: KGB to Security Service of Ukraine (SBU)’ 413–414.

41. See, e.g., Henderson Future of Eastern Bloc Intelligence Personnel, Maxmenkov and Namiesnowski Organized Crime in Post-Communist Russia

42. N.A. ‘Ukraine: KGB to Security Service of Ukraine (SBU)’ 408.

43. Plokhy The Russo-Ukranian War 207

44. See, variously, Dylan et al ‘The Autocrat’s Intelligence Paradox’ 388, Watling ‘The Kaleidoscopic Campaigning of Russia’s Special Services’; Dossier Center Lubyanka Federation 16.

45. See Watling et al ‘Ukraine Through Russia’s Eyes’,

46. The cyber community often draws a distinction between cyber activities for espionage, referred to as cyber exploitation and those amounting to sabotage termed cyber attack. See, e.g., Clark and Landau Untangling Attribution.

47. Soldatov and Borogin The New Nobility 249, Riehle Russian Intelligence p.238, 242–2. The rise and fall of FAPSI remains probably one of the most important and yet largely unexamined stories of post-Soviet Russian intelligence. The cyber side of FAPSI’s role was largely transferred to the Federal Protection Service, Federal’naya Sluzhba Okhraniye, or FSO.

48. For a somewhat histrionic and dated version of the GRU’s role, see Viktor Suvorov (Vladimir Rezun) Soviet Military Intelligence passim, more recently and sedately Riehle Russian Intelligence passim and Watling ‘The Kaleidoscopic Campaigning of Russia’s Special Services’.

49. See, e.g., Riehle Russian Intelligence 239, 247–256

50. On Russotrudnechestvo and the wider Russkiy Mir network of front and cover organizations see, variously, Lutsevych Agents of the Russian World and ‘The Long Arm of Russian “Soft” Power’, Meister Isolation and Propaganda and Galeotti ‘Controlling Chaos’. For detailed accounts of ‘compatriot’ policy operations in the Baltic states an especially detailed discussion in Latvian Security Police Annual Report 2013 7–12 and Annual Report 2017 7–19; on the Service A-ID/CPSU dynamic, see Schultz and Godson Dezinformatsia passim.

51. N.A. ‘Ukraine: KGB to Security Service of Ukraine (SBU)’ 413.

52. N.A. ‘Ukraine: KGB to Security Service of Ukraine (SBU)’415.

53. Haslam Near and Distant Neighbours 278–279; Cormac and Aldrich ‘Grey is the New Black’ passim.

54. Fish ‘Russia Steps Up Electronic War in Ukraine’.

55. Fish ‘Russia Steps Up Electronic War in Ukraine’.

56. Plokhy The Russo-Ukranian War 206–207.

57. Watling et al. Preliminary Lessons from Russia’s Unconventional Operations 6–8, on Leonid Derkach, see N/.A ‘Ukraine: KGB to Security Service of Ukraine (SBU) 409., 412, 415.

58. Watling et al. Preliminary Lessons from Russia’s Unconventional Operations 8–9.

59. For an overview of Russian penetration of Ukraine, see Watling et al. Preliminary Lessons from Russia’s Unconventional Operations 4–19.

60. Anderson ‘The HUMINT Offensive from Putin’s Chekist State’.

61. Gordon Brook-Shephard The Storm Birds 198, 225–6. Brook-Shepherd specifically references NATO’s 1985 BRAVE DEFENDER exercise, although he acknowledges that Rezun’s reporting was probably only one of a number of factors in BRAVE DEFENDER’s intensified force protection focus. Rezun subsequently became a popular author of somewhat overwrought but influential accounts of the GRU and Spetznats, writing under the name Viktor Suvorov.

62. Interfax-Ukraine, ‘State overthrow being prepared by FSB officer, three defectors from Interior Ministry – media’.

63. Sabbagh ‘Russia’s FSB agency tasked with engineering coups in Ukrainian cities, UK believes’.

64. See, e.g., Lily Hyde ‘Saboteurs Spark Suspicion and Solidarity in Kyiv’.

65. Plokhy The Russo-Ukrainian War 165.

66. See e.g., Gabidolina and Morcos ‘Curtailing Russia: Diplomatic Expulsions and the War in Ukraine’; see also Watling et al The Threat from Russia’s Unconventional Warfare Beyond Ukraine 8.

67. Dylan et al ‘The Autocrat’s Intelligence Paradox’ passim; Plokhy The Russo-Ukrainian War 163, 166.

68. There still appears to be considerable uncertainty about what did or did not transpire vis vis the underperformance of the Fifth Service in the opening phases of the war, with some confusion about the status of Fifth Service head Sergei Baseda, and for the balance of power/responsibility between the FSB and the GRU. See, variously, Dylan et al ‘The Autocrat’s Intelligence Paradox’ 390; Soldatov and Borogin ‘Putin Places Spies Under House Arrest’, ‘The Shadow War’; Plokhy 166.

69. Alexander Mladenov ‘Russia’s Spies in the Sky’ 33–34.

70. Mladenov ‘Russia’s Spies in the Sky’ 34, 35.

71. See variously, Mladenov Russia’s Spies in the Sky’ 35,37 and Riehle Russian Intelligence 249–251.

72. Riehle Russian Intelligence 250.

73. For a more general description of the SIGINT contribution to ORBAT analysis Graham Communications, Radar and Electronic Warfare 4–14.

74. Defence Intelligence Intelligence Update 17 January 2024 and 27 February 2024.

75. Axe ‘Ukrainian Crews Set A Complex Missile Trap For Russia’s Best Radar Plane’.

76. Defence Intelligence Intelligence Update 2 March 2024; see also Axe ‘”Blinded”’.

77. See Cooke 'Russian Advanced A-50 Spy Plane Hit in Strike on Aircraft Factory', Axe 'First, Ukraine Shoots Down Two of Russia’s A-50 Radar Planes. Then Russia Prepares A Replacement A-50. So Ukraine Targets Its Factory'

78. N.A. ‘Ukraine: KGB to Security Service of Ukraine (SBU)’ 407.

79. For the annual reports of the three Baltic security services, see: Latvia: https://vdd.gov.lv/en/useful/annual-reports; Lithuania https://www.vsd.lt/en/activities/activity-reports/; Estonia: https://kapo.ee/en/content/annual-reviews/.

80. Watling et al, The Threat from Russia’s Unconventional Warfare Beyond Ukraine 13, 33.

Additional information

Notes on contributors

Philip H.J. Davies

Philip H.J. Davies is Professor of Intelligence Studies at Brunel University, London where he is also Director of the Brunel Centre for Intelligence and Security Studies (BCISS). Professor Davies specializes in social science, policy and comparative approaches to national and defence intelligence institutions. He is the author, inter alia, of MI6 and the Machinery of Spying (2004), Intelligence and Government in Britain and the United States (2012) and co-editor of Intelligence Elsewhere: Spies and Espionage Outside the Anglosphere (2013). Besides writing extensively on the UK and US intelligence communities he has also published on the intelligence systems of Canada, Malaysia, India and Russia. In 2010-11 he was one of the authors of the third edition of the UK joint military intelligence doctrine and the first edition of the keystone doctrine on ‘Understanding’ for operational commanders. Most recently, he was on the drafting team of the fourth edition of the UK joint intelligence doctrine (issued in 2024) and has been conducting research on defence and military counterintelligence.