Counterintelligence in the CIA
Counterintelligence: the organized activity of an intelligence service designed to block an enemy's sources of information, to deceive the enemy, to prevent sabotage, and to gather political and military information.
My last post on Counterintelligence (CI) was well received by my small, yet select readers so I thought I would write another. I apologize to my non-intelligence community readers since this might get a little technical, but I will try to be as clear as possible.
The CIA normally views CI as a defensive art, focused on protecting the CIA's intelligence operations. (Note: please remember that in the espionage field nothing is 100 percent. There are always exceptions to every rule and the CIA and its officers are a bunch of opportunists, taking advantage of anything that helps in the collection of intelligence. Take everything that I say with a grain of salt.) The idea is to make sure that the sources, or agents, we recruit are not under the control of another intelligence agency (a Double Agent in the parlance of the CIA), that the CIA’s operations have not been compromised and that we know what the other side (the bad guys) are doing. Without a sound CI posture, the CIA would not be able to accomplish its mission.
That all seems fairly reasonable, but within the CIA, within the Directorate of Operations (DO), CI is not looked upon favorably. If you ask CIA leadership they will explain how seriously everyone takes CI, how important it is, etc. The real facts are that CI is viewed by many rank and file officers and field managers as a pain in the ass. Unless you are a professional CI officer, CI in and of itself will not get you promoted. It is something that is in the background. It is supposed to be part of all operational activity, but what gets case officers promoted is recruiting sources, agents, assets, and producing intelligence. CI gets in the way of this, especially when you point out to a field station that one of their sources might be compromised. Many take it as a negative reflection on themselves, that they have failed or are not doing a good job. That is not the case. Case officers are just in a risky business.
To emphasize the inherent risks of the business and the importance of CI and proper tradecraft, during training, we would tell the students that in a two or three-years overseas tour they would do anywhere from 50 to 300 operational acts of one type or another, be it agent meetings, looking for meeting or signal sites, dead drops, etc. They have to do everything right each time, the opposition has to get lucky only once to catch you. Sometimes you make a mistake, sometimes you have bad luck. The odds are against you. In that context, it is amazing how few times CIA officers get caught, and it is a tribute to their professionalism. Let me give you two examples of what I mean when I say CI is viewed as an obstruction to operations.
In one case, an overseas station was meeting with a recruited asset who worked for the local security service. Assets such as these, what we call penetrations of the local security service, are invaluable as they provide information on what the local security service is doing against the CIA. They tell you who is being watched, whether sources have been compromised, etc. CIA Headquarters (HQS) pointed out to the station that the asset was being met at the same location each and every time. This is bad practice: Meeting in the same location multiple times raises the chance of you being identified. The station fought back, arguing that they knew what they were doing and had a reasonable explanation for the meetings. HQS almost always backs up the Chief of Station (COS) so nothing was done. Within a month the operation was compromised because another member of the security service saw one of the regular meetings. The reason the station had for the meetings did not stand up to scrutiny. The agent was fired and several CIA officers were thrown out of the country.
The second story is very similar. An officer was meeting another penetration of the local security service in a public venue. They were observed, but the station said they had an explanation for the meetings and brushed it off. Shortly thereafter, the source was transferred to a far-off office in the country with little to no access to any information of interest. It was pointed out to the station that this was a likely result of the asset being compromised. The station disagreed and continued to meet the asset, saying that they had not detected any surveillance when they went to the meetings. Mind you, it was important to note that there was only one road that led to the town where the agent now found himself. And once the officer got on that road, the local security service knew where he was going—there was nowhere else to go—and would likely be waiting for him to arrive rather than follow him on the lonely road. The station still argued that the case was viable.
There are nuances there that professional case officers will pick up on. I don't tell these stories to criticize, but rather to point out how CI is viewed as a negative reflection on a station's operations. There are many other examples of ignoring CI, some involving entire countries, not just individual cases. The bottom line is that CI in the CIA needs to be revamped.
Every CIA officer, regardless of their career track, should take a CI course that focuses on all aspects of counterintelligence, not just a defensive briefing that there are people out there who want to recruit you. All case officers should do tours as CI officers throughout their careers, not just when they reach senior management and the CIA needs to find a job for them. Case officers should rotate in these CI positions throughout their careers. This back and forth between operations and CI should be a requirement for promotion.
Too often CI becomes a box-checking exercise, with the field and HQS filling out forms and conducting reviews and tests, and once they are done the source is validated. These forms and reviews should not be the goal, but rather be tools to use in eliciting, confirming, testing, and interrogating assets to ensure they are legitimate. All principal CI officers at HQS and the field should be case officers, not just professional CI officers with one or two overseas tours in a CI position. You need to understand how to recruit and handle sources, how to conduct surveillance detection, you need to understand the details of tradecraft if you are going to do this job right.
There needs to be a closer synergy between the field and HQS on CI issues. In the old days, Soviet operations did it right. There was close cooperation between HQS and the field on establishing the veracity of their sources. There was constant review of sources and how operations were being conducted, and the field welcomed the support of HQS. The entire DO needs this type of cooperation.
I will leave you with this story. While working in the CIA's counterterrorism center, we tried to get the stations and bases in South Asia to focus on CI. Everyone was busy chasing terrorists and there was a frenzy, a fear about the next attack against the U.S. I spoke with individuals in charge of some of the operations in South Asia and tried to convince them to ramp up CI awareness. There was a clear attitude that they were chasing terrorists and had little time for CI. CI got in the way of catching terrorists. This was the case throughout the entire South Asia operations area. Sometime thereafter a double agent detonated a suicide vest, killing over half a dozen people in Afghanistan. There always has to be time for CI.
I welcome comments, debate, and contrary viewpoints.