Small Wars Journal

Countering the Russian Threat in Eastern Europe Through Counterintelligence

Tue, 10/31/2017 - 11:00am

Countering the Russian Threat in Eastern Europe Through Counterintelligence

Sajid Farid Shapoo

Russia is carrying forward the compulsive Soviet over-reliance on clandestine means for conducting its foreign policy and for maintaining security and political control at home. The annexation of Crimea and the crisis in Ukraine were the results of aggressive clandestine operations. The success of Russian hybrid war is predicated on its espionage, technical intelligence collection, influence operations, and intelligence activities.[i] The recent menace of manipulation of electoral outcomes in the US , Eastern Europe, and France calls for a robust and effective counterintelligence setup. Russian intelligence activities form the backbone of its hybrid warfare doctrine.[ii] Russian hybrid warfare revolves around the use of Russians and Russian speaking populations in a region. The significant Russian population in Latvia, Estonia, and Kazakhstan has the potential to be a large and effective intelligence resource for Russia.

Counterintelligence is a critical building block for national security architecture. It helps prevent penetrations into governments and at the same time degrades foreign intelligence capabilities. Counterintelligence encompasses information gathered and activities conducted to identify, assess, neutralize, and exploit the intelligence activities of foreign powers.[iii] It is meant to safeguard Western interests at home and abroad.

Current Measures

Counterintelligence policy of the Western countries, in general, and East European states, in particular, aims to neutralize Russian aggressive clandestine operations in the West or against Western allies. The present NATO/ Baltic countermeasures are aimed at identifying, assessing, neutralizing, and exploiting intelligence assets within their borders. These individual efforts by states have resulted in arrest of number of Russian spies, but an effective defense against hybrid warfare requires enhanced cooperation and intelligence sharing between NATO members.[iv] A good example of a successful and coordinated counterintelligence operation was the arrest of Portuguese intelligence officer Ferderico Carvalho in Rome on May 21, 2016.[v] Carvalho was passing information to the Russian SVR and he invariably met his Russian handler in a foreign country, which made it difficult for Portuguese intelligence agencies to detect his activities. The arrest of Carvalho and his Russian handler was made possible by a joint operation of Portuguese and Italian law enforcement authorities.[vi] Within the realm of counterintelligence, the arrest of Carvalho and his Russian handler is seen as perfect example of how counterintelligence operations can defeat and disrupt Russian hybrid efforts in its earliest stages.

The individual Baltic States are trying to employ the twin capabilities of offensive and defensive counterintelligence, but with limited success. The offense-defense capabilities of counterintelligence have the potential to act as a shield for Eastern European countries by guarding against penetrations of their governments and security agencies. As an offensive tool, counterintelligence operations can not only shape foreign perceptions but also degrade Russian intelligence capabilities. The covert influence operations along with foreign denial and deception form the core of Russian hybrid warfare.


European national borders are open, which allows easy ingress and egress for enemy intelligence agents. Any spy could be a legal resident in one state and then travel to other countries under a false identity to conduct clandestine activity, making his detection and surveillance difficult.

Additionally, modern technology has compounded the avenues for deception. The Russian cyber-attack on Estonia in 2014 was a bid to create the aura of deception by using non-state and private actors for covert disruption operations.[vii] The counterintelligence efforts have to surmount these barriers by evolving equally effective countermeasures.

Lack of a robust anti-espionage legal framework can prove to be a handicap for the efficacy of CI measures. U.S espionage law has posed significant challenges for the intelligence community. The 18 U.S Code 794 borrows heavily from the 1917 Espionage Act. There are stringent conditions to be met if a spy is to be convicted. The accused person must (1) knowingly communicate or deliver to (2) a foreign entity (3) material related to national security (4) intent to injure the United States, for the advantage of the foreign entity, or for personal gain.[viii] To develop and prove all parts can be daunting task for CI agencies, especially in a constantly changing operational environment. That is why, for example, the trove of leads about spies provided by the Mitrokhin papers could not be taken to logical conclusion.[ix] There is a general consensus among the practitioners for need to have a revised law that can support the CI measures.

Baltic countries suffer from bigger handicaps when it comes to an anti-espionage legal framework. Though Estonia took comprehensive steps to reinvent its national security strategy post 2007 cyber-attacks, no significant changes to the CI legal framework resulted. A comprehensive reform in the laws related to espionage in the Baltics would deny the unfair competitive advantage to Russian agencies and its agents.

Proposed Countermeasures

Countering Russian intelligence threats to East European countries is a compelling mission for United States and its allies. The Russian threat, conventional and hybrid, can be best addressed by a multi-pronged strategy, of which counterintelligence is one of the most critical aspects. The following countermeasures would support robust counterintelligence efforts.[x]

Counterintelligence Capacity Building. Though counterintelligence and security are primarily the responsibilities of target states, NATO and the US can support and augment their efforts to maintain an overall understanding of the threat environment through support operations and mutual sharing activities.[xi] The capacity building would include training of Case Officers in the tradecraft, bolstering operational capabilities and enhancing intelligence sharing mechanisms. With regard to the Russian threat, the United States and NATO have a double responsibility: to bolster its own counterintelligence capabilities but also support the counterintelligence architecture of allies in Eastern Europe. The capacity building of the Baltics and Kazakhstan in the field of counterintelligence could be single most effective counter measure against the Russian hybrid warfare.[xii] The US counterintelligence community would have to play an active role in Baltics and Eastern Europe as many NATO countries are neither prepared nor equipped to counter the increased Russian operations throughout the region.[xiii] Moreover, such operations are not expected to be temporary phenomenon. It is imperative that the US and its European allies guide and support the overall national security architecture of the Baltic States.

Strengthening Counterintelligence Capabilities of Target States. Counterintelligence cannot run on ad hoc mechanisms. East European allies need to have an established and proactive national counterintelligence strategy. . A perspective strategy would provide an implantable narrative of how counterintelligence efforts should support the national security strategy. The agencies responsible to execute this strategy have to design and equip new tactical elements and come up with plans and processes to counter the Russian hybrid threat.

The Way Forward

Countries should create a single agency at the national level with both responsibilities and authorities to coordinate the varied counterintelligence efforts. The agency should be empowered to share information with its counterparts on a real time basis. An apex counterintelligence agency would help in quick and speedy sharing of intelligence. The speed of counterintelligence operations is critical in neutralizing the Russian hybrid efforts like sudden appearance of “little green men”. The Crimean episode underlined the need for a quick response in future.

Countries should create a single agency at the national level with both responsibilities and authorities to coordinate the varied counterintelligence efforts. The response would have to be calibrated based on the level of threat. The grid could also act as a facilitator for joint counterintelligence operations across different countries. The NATO member and the US may provide funding and budgeting of such a transnational program.

Each target state should have a national counterintelligence strategic operations center to integrate and orchestrate divergent operational activities across counterintelligence communities.  The operations center should have a representative from every agency involved in counterintelligence operations and analysis.

A NATO Counterintelligence Center on the lines of NATO Intel Fusion Center would provide rapid access to accurate and timely counterintelligence inputs to the allied states and NATO commanders in the Baltics. This center can evolve methods and templates, which would enable the client states to receive timely, clear and actionable CI inputs. This would make recent and historic reports much easier to interpret and would provide instant access to useful situational counterintelligence; thereby fast tracking appropriate tactical and strategic decisions.

Offensive counterintelligence measures, like using ethnic Russians as counterintelligence assets, would amount to blunting the deception efforts by exploiting the psychological implications of Russian intelligence awareness of practice; where a Russian is supposed to always work for Russia. Cold War experience has shown that the most successful operations were executed by ingenious use of assets and often by upending the common theories of counterintelligence.


  • Integrate counterintelligence perspectives into national security planning and apply counterintelligence collection and operations as tools to advance national security objectives
  • Improve or create a single national level agency along with a regional level CI grid to enable a strategic and coordinated response
  • Create a NATO CI Center on the lines of NATO Intel Fusion Center to provide rapid access to accurate and timely counterintelligence inputs
  • Develop national counterintelligence strategic operations centers to integrate divergent operational activities across counterintelligence communities

End notes

[i] Galeotti, Mark. "Hybrid War’and ‘Little Green Men’—How it Works and How it Doesn’t." Ukraine andRussia: People, Politics, Propaganda and Perspectives 156 (2015).

[ii] Ibid

[iii] CIA. "Strategic Counterintelligence." Central Intelligence Agency. Central Intelligence Agency, 26 June 2008. Web. 01 May 2017.

[iv] Kerlins, COL Georgs. "What capabilities might the Baltic states need to develop to deter against a ‘hybrid’,‘non-linear’,‘limited’or ‘ambiguous’ attack?." Ad Securitatem: 158.

[v] Schindler, John R. "NATO's Big New Russian Spy Scandal." Observer. N.p., 25 May 2016. Web. 01 May 2017.

[vi] Ibid

[vii] O'Neill, Patrick Howell. "Web War I: The Cyberattack That Changed the World." The Daily Dot. N.p., 24 Feb. 2017.    Web. 01 May 2017.

[viii] 1, 1996 110. "TITLE 18—Crimes and Criminal procedure." § 794 (n.d.): n. pag.  GPO.GOV, 2011. Web. 01 May 2017.

[ix] Wettering, Frederick L. "Counterintelligence: The broken triad." International Journal of Intelligence and Counterintelligence 13.3 (2000): 265-300.

[x] Cederberg, Aapo, and Pasi Eronen. "How can Societies be Defended against Hybrid Threats?" Strategic security analysis. Geneva Centre for Security 9 (2015).

[xi] Kofman, Michael, and Matthew Rojansky. "A closer look at Russia’s “Hybrid War”. “Kennan Cable 1, no. 7 (2015).

[xii] Cederberg, Aapo, and Pasi Eronen. "How can Societies be Defended against Hybrid Threats." Strategic security analysis. Geneva Centre for Security 9 (2015).

[xiii] Lucas, Edward. "The coming storm. Baltic Sea security report." Centre for European Policy Analysis (2015): 9.


About the Author(s)

Sajid Farid Shapoo is a highly decorated Indian Police Service officer at the rank of Inspector General (Two Star General) with 18 years of progressively senior experience in sensitive and high profile assignments across India. He has in-depth experience in law enforcement and counterterrorism, having supervised many important terror related investigations to include conspiracy in the Mumbai terror attacks, the Patna serial blasts, the Bodh Gaya serial blast, and many more.

He is among the rare officers who have been twice conferred with the Gallantry Medal, the highest bravery award, by the President of India. He is also a recipient of the Police Medal for Meritorious Services. Sajid Shapoo is also a recognized national resource person on Al Qaeda and Lashka-e-Tayeba.

He is currently pursuing his Masters in International Affairs at Columbia University , New York.


1. I am not sure why Soviet clandestine operations were “compulsive” or why the Soviet Union was “over-reliant” on them for conducting foreign policy. On the contrary, Soviet “successes” during the Cold War – countries that became allies or clients – were mostly due to conventional and overt Soviet action, whereas the US was more dependent upon covert means due to its relative conventional military weakness.

2. IG Shapoo seems to conflate Russian intelligence operations against NATO and EU members, with the non-linear warfare practised in Ukraine. The former is a continuation of Soviet foreign policy and the latter involves tactics that Russia first practised in Chechnya in 1999 followed by Georgia in 2008, and which are predicated on developing local auxiliaries in the theater of conflict, usually due to ethno-cultural or linguistic ties.

3. Russian intelligence is active in every NATO and EU member. However, no portion of Italy is in danger of seceding and establishing itself as a Russian exclave. For the Baltic republics, the best strategy would be to integrate their ethnic Russian/Russian-speaking populations (i.e. full citizenship), even though such initiatives would anger those ethnic nationalists who regard Baltic Russians as colonists. Of course, the Baltic Russians are a double-edged sword and their contacts in Russia could be used to counter Russian government propaganda and promote Western values (which Shapoo notes).

4. The “little green men” or “polite people” were fully-armed Russian soldiers without insignia, who outnumbered Ukrainian forces in Crimea and who were backed by tens of thousands of Russian soldiers. This is not a CI matter. This is a military matter. If such armed men appeared in Narva or in the Suwalki area, Article V could be triggered, unless of course they surrendered to local authorities.

5. A NATO-CIC sounds good in theory, but it would be vulnerable to Russian intelligence penetration, whereby CI lapses by one NATO participant may compromise the entire CIC.

6. Putin has had ample exposure to unarmed mass protests bringing down states (1989-1991) and to guerrilla warfare defeating powerful conventional militaries (1980-1985, 1994-1996). The fact that he has sought to sidestep these challenges in Chechnya, Georgia, Ukraine and Syria, by being adaptive and opportunistic, does not suggest that there is a specific template to follow. Moreover, there is no indication that Putin wants a direct confrontation with NATO: why then attack Georgia and Ukraine when they were still prospective members?