[iwar] [fc:The.Ten.Commandments.of.Counterintelligence]

From: Fred Cohen (fc@all.net)
Date: 2002-06-07 07:06:28


Return-Path: <sentto-279987-4779-1023458604-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 07 Jun 2002 07:08:09 -0700 (PDT)
Received: (qmail 29497 invoked by uid 510); 7 Jun 2002 14:03:46 -0000
Received: from n35.grp.scd.yahoo.com (66.218.66.103) by all.net with SMTP; 7 Jun 2002 14:03:46 -0000
X-eGroups-Return: sentto-279987-4779-1023458604-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.193] by n35.grp.scd.yahoo.com with NNFMP; 07 Jun 2002 14:03:24 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_3_2); 7 Jun 2002 14:03:24 -0000
Received: (qmail 10088 invoked from network); 7 Jun 2002 14:03:24 -0000
Received: from unknown (66.218.66.218) by m11.grp.scd.yahoo.com with QMQP; 7 Jun 2002 14:03:24 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 7 Jun 2002 14:03:23 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g57E6Se08353 for iwar@onelist.com; Fri, 7 Jun 2002 07:06:28 -0700
Message-Id: <200206071406.g57E6Se08353@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 7 Jun 2002 07:06:28 -0700 (PDT)
Subject: [iwar] [fc:The.Ten.Commandments.of.Counterintelligence]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: 

A Never-Ending Necessity
The Ten Commandments of Counterintelligence
James M. Olson

³O that thou hadst hearkened to my commandments! Then had thy peace been as
a river, and thy righteousness as the waves of the sea.²

‹Isaiah 48:18

The need for counterintelligence (CI) has not gone away, nor is it likely
to.  The end of the Cold War has not even meant an end to the CI threat from
the former Soviet Union.  The foreign intelligence service of the new
democratic Russia, the Sluzhba Vneshney Razvedki Rossii (SVRR), has remained
active against us.  It was the SVRR that took over the handling of Aldrich
Ames from its predecessor, the KGB, in 1991.  It was the SVRR that ran CIA
officer Harold James Nicholson against us from 1994 to 1996.  It was the
SVRR that was handling FBI special agent Earl Pitts when he was arrested for
espionage in 1996.  It was the SVRR that planted a listening device in a
conference room of the State Department in Washington in the summer of 1999.
And it was the SVRR that was handling FBI special agent Robert Hanssen when
he was arrested on charges of espionage in February 2001.

The Russians are not alone.  There have been serious, well-publicized
concerns about Chinese espionage in the United States.  The Department of
Energy significantly increased security at its national laboratories last
year in response to allegations that China had stolen US nuclear weapons
secrets.

Paul Redmond, the former Associate Deputy Director of Operations for
Counterintelligence at the CIA, told the House Permanent Select Committee on
Intelligence in early 2000 that a total of at least 41 countries are trying
to spy on the United States.  Besides mentioning Russia, China, and Cuba, he
also cited several ³friends,² including France, Greece, Indonesia, Israel,
the Philippines, South Korea, and Taiwan.  He warned of a pervasive CI
threat to the United States.

The United States, as the world¹s only remaining superpower, will be the
constant target of jealousies, resentments, rivalries, and challenges to its
economic well-being, security, and leadership in the world.  This inevitably
means that the United States will be the target of large-scale foreign
espionage.

A Choice Assignment

When I joined the CIA, one of my first interim assignments was with the old
CI Staff.  I found it fascinating.  I was assigned to write a history of the
Rote Kapelle, the Soviet espionage network in Nazi-occupied Western Europe
during World War II.

With its expanded computer power, NSA was breaking out the actual messages
sent between the NKVD center in Moscow and the clandestine radios of the
various cells in Western Europe.  Incredibly, these messages came to me.

There I was, a brand new junior officer, literally the first person in the
CIA to see the day-to-day traffic from these life-and-death operations.  I
was deeply affected by the fear, heroism, and drama in these messages.
Above all, I felt privileged to have been given such an opportunity.

Building on an earlier study of the Rote Kapelle by the CI Staff, I
completed a draft several months later that incorporated the new material.
To my great surprise, this study was well received by my immediate
superiors, and I was told that I was to be rewarded with a personal
interview and congratulations from James Jesus Angleton, the legendary head
of the CI Staff from 1954 to 1974.

Angleton¹s office was on the second floor of the Original Headquarters
Building.  I was first ushered into an outer office, where Angleton¹s aides
briefed me on how to conduct myself.  Then I went alone into the inner
sanctum.

The room was dark, the curtains were drawn, and there was just one small
lamp on Angleton¹s desk.  I later heard that Angleton had eye trouble and
that the light hurt his eyes, but I was convinced the real reason for the
semidarkness was to add to his mystique.  It certainly worked on me!

I nervously briefed Angleton on my study, and he listened without
interrupting, just nodding from time to time.  When I finished, he
methodically attacked every one of my conclusions.  Didn¹t I know the
traffic was a deception?  Hadn¹t it occurred to me that Leopold Trepper, the
leader of the Rote Kapelle, was a German double?  He went on and on, getting
further and further out.

Even I, as a brand new officer, could tell that this great mind, this CI
genius, had lost it.  I thought he was around the bend.  It was one of the
most bizarre experiences of my career.

When the meeting was over, I was glad to get out of there, and I vowed to
myself that I would never go anywhere near CI again.  I did not keep that
vow.  In my overseas assignments with the Agency, I found myself drawn
toward Soviet CI operations.  Nothing seemed to quicken my pulse more, and I
was delighted when I was called back to Headquarters in 1989 to join the new
Counterintelligence Center (CIC) as Ted Price¹s deputy.  When Ted moved
upstairs in early 1991 to become the Associate Deputy Director for
Operations, I was named chief of the Center.

Today, many years after that initial disagreeable encounter with CI, I find
it hard to believe that it is actually my picture on the wall of the CIC
conference room at CIA Headquarters, where the photos of all former CIA
counterintelligence chiefs are displayed.  There I am, number seven in a row
that begins with Angleton.

So, after a career that ended up being far more CI-oriented than I could
ever have imagined, I would like to offer some personal observations in the
form of ³The Ten Commandments of Counterintelligence.²  I have chosen the
form of commandments because I believe the basic rules of CI are immutable
and should be scrupulously followed.  In my view, it makes little difference
whether the adversary is the Russians, the Cubans, the East Germans, the
Chinese, or someone else.  It likewise makes little difference whether we
are talking about good CI practices in 1985 or in 2005.  Unfortunately, as I
watch US CI today, I am increasingly concerned that the principles I
consider fundamental to effective CI are not being followed as carefully and
consistently as they should be.

These commandments were not handed down to me from a mountaintop, and I make
no claim that they are inspired or even definitive.  They are simply the
culmination, for what they are worth, of my experience.  They are intended
primarily for my fellow practitioners in CI today, but also for any younger
officers in the Intelligence Community (IC) who might someday want to join
us.

The First Commandment:  Be Offensive

CI that is passive and defensive will fail.  We cannot hunker down in a
defensive mode and wait for things to happen.  I believe we are spending far
too much money on fences, safes, alarms, and other purely defensive measures
to protect our secrets.  That is not how we have been hurt in recent years.
Spies have hurt us.  Our CI mindset should be relentlessly offensive.  We
need to go after our CI adversaries.

Aggressive double agent (DA) operations are essential to any CI program, but
not the predictable, hackneyed kind we have so often pursued.  We need to
push our bright and imaginative people to produce clever new scenarios for
controlled operations, and we need more of them.  The opposition services
should be kept constantly off guard so that they never suspect that we have
actually controlled the operations they believe they initiated from the
beginning.  When the requirements, modus operandi, and personality
objectives of the DA operation have been achieved, we should in a greater
number of cases pitch the opposition case officer.  If only one out of 10 or
20 of these recruitments takes, it is worth it.  And CI professionals, of
course, should not rely exclusively on their own efforts.  They should
constantly prod their HUMINT colleagues to identify, target, and recruit
officers from the opposition intelligence services.  The key to CI success
is penetration.  For every American spy, there are several members of the
opposition service who know who he or she is.  No matter what it takes, we
have to have penetrations.

We should operate aggressively against the nontraditional as well as the
traditional adversaries.  How many examples do we need of operations against
Americans by so-called friendly countries to convince us that the old
intelligence adage is correct:  there are friendly nations, but no friendly
intelligence services. If we suspect for whatever reason that the operatives
of a foreign intelligence service, friend or foe, are operating against us,
we should test them.  We should dress up an enticing morsel, made to order
for that specific target, and send it by them.  If they take it, we have
learned something we needed to know, and we have an operation.  If they
reject it, as true friends should, we have learned something, too.  In
either event, because we are testing a ³friend,² plausible deniability has
to be strictly preserved.  Every foreign service is a potential
nontraditional adversary; no service should get a lifetime pass from US
offensive CI operations.

The Second Commandment:  Honor Your Professionals

It has been true for years‹to varying degrees throughout the IC‹that CI
professionals have not been favored, to the extent they deserved, with
promotions, assignments, awards, praise, esteem, or other recognition.  The
truth is that CI officers are not popular.  They are not always welcome when
they walk in.  They usually bring bad news.  They are easy marks to
criticize when things go wrong.  Their successes are their failures.  If
they catch a spy, they are roasted for having taken so long.  If they are
not catching anyone, why not?  What have they done with all that money they
spent on CI?  It is no-win.

For much of my career, many of our best people avoided becoming CI
specialists.  CI was not prestigious.  It had a bad reputation.  It was not
fast track.  It did not lead to promotions or good assignments.  Angleton
left a distasteful legacy that for years discredited the CI profession.  Ted
Price did more than anyone else in the Agency to reverse that trend and to
rehabilitate CI as a respected professional discipline.

Nevertheless, that battle is still not completely won.  We have to do more
to get our CI people promoted, recognized, and respected so that our best
young officers will be attracted to follow us into what we know is a noble
profession and where the need is so great.

The Third Commandment:  Own the Street

This is so fundamental to CI, but it is probably the least followed of the
commandments.  Any CI program worthy of the name has to be able to engage
the opposition on the street, the field of play for espionage.  And when we
do go to the street, we have to be the best service there.  If we are beaten
on the street, it is worse than not having been there at all.

For years, we virtually conceded the streets of the world¹s capitals,
including the major espionage centers, to the KGB, the GRU, and the East
European services because we either did not know how to do it or we were not
willing to pay the price for a thoroughly professional, reliable, full-time,
local surveillance capability.

Opposition intelligence officers have to be watched, known meeting areas
have to be observed, and, when an operation goes down‹often on short
notice‹undetectable surveillance has to cover it, identify the participants,
and obtain evidence.

This capability is expensive‹selection, training, vehicles, photo gear,
video, radios, safe apartments, observation posts, and on and on‹but, if we
do not have it, we will be a second-rate CI service and will not break the
major cases.

The Fourth Commandment:  Know Your History

I am very discouraged when I talk to young CI officers today to find how
little they know about the history of American CI.  CI is a difficult and
dangerous discipline.  Many good, well-meaning CI people have gone wrong and
made horrendous mistakes.  Their failures in most cases are well documented,
but the lessons are lost if our officers do not read the CI literature.

I find it inconceivable that any CI practitioner today could ply his or her
trade without an in-depth knowledge of the Angleton era.  Have our officers
read Mangold?  Have they read Legend and Wilderness of Mirrors?  Do they
know the Loginov case, HONETOL, MHCHAOS, Nosenko, Pollard, and Shadrin?  Are
they familiar with Aspillaga and the Cuban DA debacle?  Have they examined
our mistakes in the Ames and Howard cases?  Are they staying current with
recent releases like The Mitrokhin Archive and The Haunted Wood?

I believe it is an indispensable part of the formation of any American CI
officer‹and certainly a professional obligation‹to study the CI failures of
the past, to reflect on them, and to make sure they are not repeated.

The many CI courses being offered now are a positive step, but there will
never be a substitute for a personal commitment on the part of our CI
professionals to read their history, usually on their own time at home.

The Fifth Commandment:  Do Not Ignore Analysis

Analysis has too often been the stepchild of CI.  Throughout the CI
community, we have fairly consistently understaffed it.  We have sometimes
tried to make it up as we go along.  We have tried to do it on the cheap.

Generally speaking, operators make bad analysts.  We are different kinds of
people.  Operators are actors, doers, movers and shakers; we are quick,
maybe a little impulsive, maybe a little ³cowboy.²  Our best times are away
from our desks.  We love the street.  Research and analysis is really not
our thing‹and when we have tried to do it, we have not been good at it.

True analysts are different.  They love it.  They are more cerebral,
patient, and sedentary.  They find things we could not.  They write better.

A lot of CI programs in the past have tried to make operators double as
their own analysts.  As a result, in the United States, CI analysis
historically has been the weakest part of the business.  Professional CI
analysts have been undervalued and underappreciated.

A good CI program will recruit and train true analysts in sizable numbers.
I do not think it would be excessive as a rule of thumb in a top notch CI
service to be evenly divided between operators and analysts.  Very few of
our US CI agencies come anywhere close to that ratio.

Wonderful things happen when good analysts in sufficient numbers pore over
our DA reports, presence lists, SIGINT, audio and teltap transcripts, maps,
travel data, and surveillance reports.  They find the clues, make the
connections, and focus our efforts in the areas that will be most
productive.

Many parts of the US CI community have gotten the message and have
incorporated trained analysts into their operations, but others have not.
Across the board, we still have serious shortfalls in good, solid CI
analysis.

The Sixth Commandment:  Do Not Be Parochial

More harm probably has been done to US CI over the years by interagency
sniping and obstruction than by our enemies.  I remember when the CIA and
the FBI did not even talk to each other‹and both had disdain for the
military services.  It is no wonder that CI was a shambles and that some
incredibly damaging spies went uncovered for so long.

Occasionally in my career, I encountered instances of sarcasm or outright
bad mouthing of other US Government agencies by my officers.  That kind of
attitude and cynicism infected our junior officers and got in the way of
cooperation.  These comments often were intended to flaunt our supposed
³superiority² by demeaning the capabilities of the other organizations.  I
dealt with these situations by telling the officers to ³knock it off,² and I
would encourage other CI supervisors around the community to do the same.

CI is so difficult, even in the best of circumstances, that the only way to
do it is together.  We should not let personalities, or jealousies, or turf
battles get in the way of our common mission.  Our colleagues in our sister
services are as dedicated, professional, hardworking, and patriotic as we
are, and they deserve our respect and cooperation.  The best people I have
known in my career have been CI people, regardless of their organizational
affiliation.  So let us be collegial.

The Seventh Commandment:  Train Your People

CI is a distinct discipline and an acquired skill.  It is not automatically
infused in us when we get our wings as case officers.  It is not just a
matter of applying logic and common sense to operations, but is instead a
highly specialized way of seeing things and analyzing them.  CI has to be
learned.

I do not know how many times in my career I have heard, ³No, we do not
really need a separate CI section.  We are all CI officers; we¹ll do our own
CI.²  That is a recipe for compromise and failure.

There are no substitutes for professional CI officers, and only extensive,
regular, and specialized CI training can produce them.  Such training is
expensive, so whenever possible we should do it on a Community basis to
avoid duplication and to ensure quality.

CI is a conglomerate of several disciplines and skills.  A typical
operation, for example, might include analysts, surveillance specialists,
case officers, technical experts, and DA specialists.  Each area requires
its own specialized training curriculum.  It takes a long time to develop CI
specialists, and that means a sustained investment in CI training.  We are
getting better, but we are not there yet.

The Eighth Commandment:  Do Not Be Shoved Aside

There are people in the intelligence business and other groups in the US
Government who do not particularly like CI officers.  CI officers have a
mixed reputation.  We see problems everywhere.  We can be overzealous.  We
get in the way of operations.  We cause headaches.  We are the original
³black hatters.²

Case officers want their operations to be bona fide.  Senior operations
managers do not want to believe that their operations are controlled or
penetrated by the opposition.  There is a natural human tendency on the part
of both case officers and senior operations managers to resist outside CI
scrutiny.  They believe that they are practicing good CI themselves and do
not welcome being second-guessed or told how to run their operations by
so-called CI specialists who are not directly involved in the operations.  I
have seen far more examples of this in my CI career than I care to remember.

By the same token, defense and intelligence contractors and bureaucrats
running sensitive US Government programs have too often tended to minimize
CI threats and to resist professional CI intervention.  CI officers, in
their view, stir up problems and overreact to them.  Their ³successes² in
preventing CI problems are invisible and impossible to measure, but their
whistle blowing when problems are uncovered generate tremendous heat.  It is
not surprising that they are often viewed as a net nuisance.

When necessary, a CI service has to impose itself on the organizations and
groups it is assigned to protect.  A CI professional who is locked out or
invited in only when it is convenient to the host cannot do his job.

My advice to my CI colleagues has always been this:  ³If you are blocked by
some senior, obtuse, anti-CI officer, go around him or through him by going
to higher management.  And document all instances of denied access, lack of
cooperation, or other obstruction to carrying out your CI mission.  If not,
when something goes wrong, as it likely will in that kind of situation, you
in CI will take the blame.²

The Ninth Commandment:  Do Not Stay Too Long

CI is a hazardous profession.  There should be warning signs on the walls:
³A steady diet of CI can be dangerous to your health.²

I do not believe anyone should make an entire, uninterrupted career of CI.
We all who work in CI have seen it:  the old CI hand who has gotten a bit
spooky.  It is hard to immerse oneself daily in the arcane and twisted world
of CI without falling prey eventually to creeping paranoia, distortion,
warping, and overzealousness in one¹s thinking.  It is precisely these
traits that led to some of the worst CI disasters in our history.  Angleton
and his coterie sadly succumbed, with devastating results.  Others in the
CIA and elsewhere have as well.  The danger is always there.

My wife, who was working at the CIA when I met her, was well acquainted with
this reputation of CI and the stories about its practitioners.  When I was
serving overseas and received the cable offering me the position as Ted
Price¹s deputy in the new Counterintelligence Center, I discussed it with
her that evening at home.  Her response, I thought, was right on the mark:
³Okay, but do not stay too long.²

Sensible and productive CI needs lots of ventilation and fresh thinking.
There should be constant flowthrough.  Non-CI officers should be brought in
regularly on rotational tours.  I also believe it is imperative that a good
CI service build in rotational assignments outside CI for its CI
specialists.  They should go spend two or three years with the operators or
with the other groups they are charged to protect.  They will come back
refreshed, smarter, and less likely to fall into the nether world of
professional CI:  the school of doublethink, the us-against-them mindset,
the nothing-is-what-it-seems syndrome, or the wilderness of mirrors.

The Tenth Commandment:  Never Give Up

The tenth and last commandment is the most important.  What if the Ames mole
hunters had quit after eight years instead of going into the ninth?  What
if, in my own experience, we had discontinued a certain surveillance
operation after five months instead of continuing into the sixth?  CI
history is full of such examples.

The FBI is making cases against Americans today that involved espionage
committed in the 1960s and 1970s.  The Army¹s Foreign Counterintelligence
Activity is doing the same.  The name of the game in CI is persistence.  CI
officers who are not patient need not apply.  There is no statute of
limitations for espionage, and we should not create one by our own inaction.
Traitors should know that they will never be safe and will never have a
peaceful night¹s sleep.  I applauded my CI colleagues in the FBI when I read
not long ago of their arrest in Florida of a former US Army Reserve colonel
for alleged espionage against the United States many years earlier.  They
obviously never gave up.

If we keep a CI investigation alive and stay on it, the next defector, the
next penetration, the next tip, the next surveillance, or the next clue will
break it for us.

If there were ever to be a mascot for US counterintelligence, it should be
the pit bull.

In Conclusion

These are my ten commandments of CI.  Other CI professionals will have their
own priorities and exhortations and will disagree with mine.  That is as it
should be, because as a country and as an Intelligence Community we need a
vigorous debate on the future direction of US CI.  Not everyone will agree
with the specifics, or even the priorities.  What we should agree on,
however, is that strong CI has to be a national priority.  Recent news
reports from Los Alamos, Washington, and elsewhere have again underscored
the continuing need for CI vigilance.

James M. Olson served in the Directorate of Operations and is now on the
faculty of the George Bush School of Government and Public Service at Texas
A&amp;M University.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tied to your PC? Cut Loose and
Stay connected with Yahoo! Mobile
http://us.click.yahoo.com/QBCcSD/o1CEAA/Zr0HAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT