Counterintelligence for National Security


22 SEPT 93



In 1949 Sherman Kent introduced a triplicate framework within which to consider the subject of intelligence-i.e., as knowledge, as activity, and as organization.1 This article will proceed within that framework to discuss counterintelligence, a field of intelligence.

Inevitably it sounds a bit illogical to call counterintelligence a type of intelligence, for we aboriginally think of intelligence as knowledge, and counterintelligence as an activity or organization acting against forces seeking such knowledge. Yet members of the intelligence community will agree that we must produce counterintelligence information (knowledge) as well as take counterintelligence measures (activity) and devote personnel to these duties (organization). This threefold parallel view of counterintelligence gives it a unity which obviates the use of a number of makeshift terms invented in the past for some of its aspects.


Counterintelligence as Knowledge

Counterintelligence is the knowledge needed for "the protection and preservation of the military, economic, and productive strength of the United States, including the security of the Government in domestic and foreign affairs, against or from espionage, sabotage, subversion and all other [similar] illegal acts designed to weaken or destroy the United States." 2

Since the "military, economic, and productive strength of the United States" is linked with the security of many farflung installations and may be affected by activities originating almost anywhere in the world, the amount of counterintelligence information needed is vast, and it must be produced both within the United States and in all the foreign areas to which U.S. interests extend. Kent dichotomized counterintelligence by location, as security intelligence - domestic and security intelligence - foreign;3 but since essentially the same type of counterintelligence information may be required from Little Rock as from Okinawa, Iceland, Spain, or West Germany, and since it is produced domestically and abroad in the same way, a division by geographical source does not seem useful for conceptual purposes.


Counterintelligence as Activity

The activity of counterintelligence is the production of knowledge, and as with all intelligence, this knowledge is not produced for the counterintelligence organization itself (except as parts of it are instrumental in the further production of knowledge4) but ultimately for others - the prosecutors, legislators, commanders, and executives who are responsible for administering security measures. We should clearly distinguish between counterintelligence activities and security measures, for there is a tendency to treat them with unjustified synonymity. Security measures are defensive devices applied by the executive as protection against the things which counterintelligence seeks knowledge of.5 They relate directly to the item to be secured, denying or inhibiting access to particular information, material or areas. A representative grouping of types of security measures follows:


Information Control Physical Security Area Control
Security clearances        Fences                       Restricted areas  
Locking containers Lighting     Curfews
Security education Guard systems Checkpoints
Document accountability   Alarms Border and frontier control
Censorship          Badges and passes      



Security measures may be taken on the basis of counterintelligence knowledge, but the function of the counterintelligence activity proper is simply the production of knowledge - knowledge concerning the plans, operations, and capabilities of organizations intent upon subversive activities. "Subversive activities" is used here for convenience in a broad sense, to include espionage, sabotage, and related actions.

These activities are defined in our federal statutes. Chapter 115, Title 18, U.S. Code, "Treason, Sedition, and Subversive Activities," describes certain crimes, such as seditious conspiracy, which constitute subversive activity in the sense that they aim at the overthrow of the government. Other statutes particularize espionage as a number of activities including even gross negligence in the handling of national defense information. However, the essence of espionage as a practical threat to our national security is revealed by major U.S. court cases to lie in the clandestine and illegal collection of secret information on behalf of another country. The counterintelligence organization has little or no control over the vast amount of information available to foreign countries through legitimate overt sources.

Sabotage is described in our statutes as the willful destruction or defective production of war or national-defense materiel.6 It can embrace the work of cranks or vandals disassociated from any foreign or revolutionary power, but as a practical threat to national security, sabotage is a clandestine and illegal activity on behalf of a foreign country which, unlike espionage, is likely to be limited to periods of actual or threatened armed hostilities.

Certain kinds of activity, however, which are not made criminal by law are nevertheless objectives of counterintelligence. Subversive elements may and do operate under a blanket of constitutionality in their effort to weaken the fundamental loyalties that are the real support of a government of law. To what extent this legal subversion, designed to disaffect the citizenry from its government, must be tolerated for the sake of preserving individual freedoms is the province of the legislative and judicial experts in constitutional law. But the counterintelligence organization counters this legal subversion as well as criminally subversive activity in that it seeks to produce knowledge of the details of both.

Counterintelligence knowledge may fail to support action before the courts for any of a number of reasons - the provisions of the Statute of Limitations, technical defects in the statutes, the inadvisability of exposing confidential informants or techniques, or because the subversive activity has not progressed sufficiently toward its intended end to constitute a crime. If it is not judicially competent, this knowledge may still be used profitably by counterintelligence as a lead to further investigation, by the executive as the basis for new security measures, or by the legislature in blocking loopholes in the law.

Our description of counterintelligence activity has included the traditional elements of counterespionage, countersabotage, and countersubversion.7  The list of particulars might be extended by adding countersedition and countertreason, for example, as other subdivisions of counterintelligence activity. But these divisions are rather artificial ones, for the processes by which knowledge of espionage, sabotage, sedition, treason, subversion, etc. is secured are all the same.

The identification of subversive activities, that is the production of counterintelligence knowledge, is carried out in three overlapping phases - detection, or the recognition of some actual or apparent evidence of subversive activity; investigation, or finding out more about this evidence; and research and analysis, which puts the information into such order that some use may be made of it. The techniques of investigation and research have been written of at great length, but three groups of detection techniques are worth noting here.

The first of these may be characterized as surveillance, understood in a broad sense to include the screening of refugees, the monitoring of communications, personnel investigations, and the scrutiny of the press or other news media (for detection, not for censorship). It also includes observation of known subversive outlets and the use of informants wherever they may be productive.

Another technique of detection is, surprisingly, publicity. Through publicity the loyal citizenry is made aware of the danger of subversive activities, is taught ways to recognize them, and learns the identity of counterintelligence agencies to which it may turn. Defection programs make use of the publicity device, and immunity statutes assist its effectiveness. Prudence is of course required in the exercise of this technique.

A third method in detection is liaison, through which counterintelligence agencies are afforded each other's cooperation and that of other public and private agencies in order to maximize their range of observation for evidence of subversive activity or legal subversion.

The use of these techniques and the whole process of identifying subversive activity must be guided by an analysis of previous efforts. Detection, investigation, and research and analysis are mutually supporting processes. If they are to be effective, they must also be continuing processes, and carried out by skilled personnel.


Counterintelligence as Organization

As organization, counterintelligence consists of the personnel, along with their organized skills and methods and their organized files of data, engaged in these processes that produce counterintelligence knowledge. Since counterintelligence measures must be continuing in order to be effective, there must be a permanency of being for the counterintelligence organization and a background of continuity in its files and in the experience of its field and headquarters personnel.

Ideally, the field personnel should all be skilled in all counterintelligence techniques and fluent in half a dozen languages as well. What is not always fully appreciated is that the counterintelligence expertise is more critical than the language facility. A language weakness can be compensated for, but professional counterintelligence ability is indispensable.

In practice, individual field personnel are likely to be expert in only one or a few of the techniques required, for instance liaison. Others may be expert in research and analysis, the ability to clarify, organize, and make significant the reports of the investigators. Investigators may be specialists in interrogation, shadowing, or the use of technical equipment. These experts, like highly skilled persons anywhere, are likely to be sensitive and at times temperamental; and supervisory counterintelligence personnel must have the developed professional skill to direct and nurture the talents of their subordinates.

Security and counterintelligence measures are never popular, not even during a hot war. "Whither so much counterintelligence?" and "What price national security?" will be continuing questions. Such questions can be answered by the counterintelligence organizations, in the last analysis, only by the clarity and dispassionate professionalism with which they compile the knowledge necessary for "the protection and preservation of the military, economic, and productive strength of the United States." A high quality in this product will encourage public recognition and the cooperation of loyal citizens, provide incentives for legislation and grounds for judicial action, and guide the executive in the establishment of security measures.

1 Strategic Intelligence (Princeton, 1949), page ix.

2 From the definition of "national security" proposed in the Report of the Commission on Government Security (Washington, D. C. 1957), pp. 48--49.

3 Op. cit., pp. 210-211.

4 These parts are indicated in such statements as, "The FBI conducts two types of security investigations - one to uncover admissible evidence to be used in the prosecution of an individual or group in federal court, the other for intelligence purposes only." (Whitehead, The FBI Story, New York, 1956, p. 339.)

5  Security measures-measures taken by a command to protect itself from espionage, observation, sabotage, annoyance, or surprise"-Dictionary of U.S. Military Terms for Joint Usage.

6 See Title 18, U.S.C., Chapter 105.

7 Farago uses exceptional nomenclature in an attempt to distinguish between security and counterintelligence measures. He groups security intelligence, counterintelligence, and counterespionage as activities under the general heading of negative intelligence. (Ladislas Farago, War of Wits, New York, 1954, p. 271.)


Top of page


Historical Document
Posted: May 08, 2007 07:15 AM
Last Updated: Jun 27, 2008 03:37 PM