Make Counterintelligence a Main Effort

By First Lieutenant Christian H. Heller, U.S. Marine Corps

Given the damage one successful foreign intelligence penetration can cause, this is a serious mistake. Playing defense with CI is just as critical as having a potent offense. Beyond robust research and development, which faces serious competition from other warfighting priorities, the Navy and Marine Corps should endeavor to reform their CI structures.  

Intelligence disciplines within the military are stovepiped and capability-based. A soldier, sailor, Marine, or airman is assigned a rating or military occupational specialty, attends training courses for that specialty, and fills a single-discipline billet, such as imagery interpretation. CI professionals in DoD are no exception, and yet this stovepiped model no longer gives CI the capabilities, experience, and knowledge it needs to defend against increasingly sophisticated foreign intelligence and terrorist threats. The Navy and Marine Corps must restructure CI into task-organized multidisciplinary teams to better deter and defeat the myriad threats facing operations abroad and at home. In addition, the Navy would benefit from adding uniformed CI professionals to its intelligence community to better serve the needs of ships, task forces, and squadrons.

The Counterintelligence Challenge

CI cannot be treated as one of many intelligence disciplines. When considering the tools available for a combat mission, a commander never counts defense as an asset alongside artillery, armor, or infantry. Defense is a multidimensional, multidisciplinary mission, just like offense. Though often included side-by-side with human intelligence (HumInt) in Navy and Marine Corps intelligence (N2 or S2) staff structures, CI needs to be its own comprehensive team with a full complement of organic skills led by a seasoned CI officer. Foreign intelligence technological advances in the past two decades have outpaced the U.S. ability to defend against them. Just as the United States employs the full spectrum of offensive intelligence measures against its adversaries, so do opponents exploit the limited Navy and Marine Corps CI manpower, experience, and capabilities.

Presenting the 2018 “Worldwide Threat Assessment of the U.S. Intelligence Community” to Congress, Director of National Intelligence Dan Coats made clear the complexity of the current and future CI operating environment. Coats testified that the intelligence threat from Russia and China, in addition to smaller regional adversaries, is global and growing. Penetration of U.S. leadership remains the primary objective, but threats to security, business, energy, technology, and finance also show no sign of slowing. Terrorist and transnational criminal groups also are learning and employing advanced intelligence capabilities in the physical, technical, and cyber realms. The insider threat—the oldest form of spying—is as prevalent in 2018 as ever. While some of these challenges can be defended only by national agencies, Navy and Marine Corps CI professionals must play a front-line role in protecting dozens of targets in diverse locations. 

Director of National Intelligence Dan Coats Testifying on Worldwide Threats in February

Each foreign intelligence organization has a distinct character, history, and purpose, thus requiring U.S. CI practitioners with different skillsets and knowledge. 2 In its 2018–22 Strategic Plan, the National Counterintelligence and Security Center highlights Russia (a “full-scope cyber actor”), China (“targeting the U.S. government, its allies, and U.S. companies”), Iran (“cyber espionage, propaganda, and attacks”), and North Korea (“cyber-attacks against U.S. commercial entities”) as the four main threats. Ten times that many countries may already be conducting intelligence operations against the United States and its military. 3 The Navy and Marine Corps—and all of DoD--—are vulnerable because the United States maintains a presence in more than 70 nations. 4

Countering these potential adversaries requires a diverse and developed DoD CI apparatus. As one intelligence official notes, CI is not a simple discipline of stopping espionage, but rather “the study of the organization and behavior of the intelligence services of foreign states and entities, and the application of the resulting knowledge.” 5 A single specialist, limited to basic tactical training and experience alongside his or her HumInt counterparts, is insufficient to conduct both offensive and defensive CI in this environment.

Adding to the complexity of 21st-century CI is the ever-asymmetric character of war, ongoing since the end of the Cold War. Russian intelligence agencies plot coups in Montenegro, insurgent campaigns in Crimea, and collection efforts in NATO countries, while in contrast the Taliban intelligence network conducts intimidation campaigns in Kabul and targets opposition leaders for assassination. 6 CI operators can find themselves working against each type of threat in subsequent tours. 

A modern CI team must be prepared to prevent encroachment from nonstate actors, state actors, and a mix of both. Combatting the intelligence efforts of nonstate actors, terrorist groups, or insurgents is different from working against a traditional state (with which classic CI is quite comfortable). Previous wars demonstrated that victory over insurgent intelligence networks requires the U.S. military either to forcibly separate the population from the fighters (often unethical and inhumane) or enact a large-scale policing and CI mission. The CI effort must be large and experienced enough to be capable of “detecting and identifying the people that supply information to guerrillas . . . and then taking either the defensive steps of apprehending, interrogating, and imprisoning these people or the offensive one of turning them around for double agent operations.”

Guerrilla-force intelligence requirements in Asia conflicted with those of conventional forces. Guerrilla-force intelligence services sought out insert and evacuation locations, ambush points, safe houses, and foot-mobile routes, while conventional forces’ intelligence requirements were “for defensive purposes: they [sought] information on movements of major enemy forces to be forewarned of encirclements or sweeps of their base or bivouac areas.” 8 If Marine Corps and Navy CI professionals are trained only in conventional warfare, they will be unprepared to serve in an unconventional environment and vice-versa.

Modern counterinsurgency missions depend on effective CI strategies. The United States had to relearn this lesson in the past two decades of war. Regardless of the type of conflict, the primary goal of the CI officer is and always will be to acquire useful sources. 9 Twenty-first-century sources do not need to be human contacts. The modern CI team must understand and employ all available sources. The Navy and Marine Corps must recruit more cyber and network specialists to CI enterprises and provide more technical training to their CI agents. Defensive cyber techniques are adequate for network security but do not take advantage of the opportunity offered by foreign intelligence intrusion. Offensive cyber CI offers an alternative option, but it requires coordination with and between different specialists, in various organizations, at several levels of the strategic-operational-tactical hierarchy. 10

Placing such a capability within the CI apparatus makes institutional sense. As RAND researchers Christopher Paul and Rand Waltzman note: 

Counterintelligence is a traditional military activity that predates the existence of cyberspace and seeks to protect U.S. military forces from the espionage, sabotage, or other intelligence activities of foreign powers. Counterintelligence personnel have the authority to observe and thwart the activities and communications of foreign spies and saboteurs. Such authorities should clearly extend to foreign activities in and through cyberspace without counterintelligence becoming a cyber activity or requiring special cyber authorities. 11

The combination of traditional CI, HumInt, and cyber professionals, along with antiterrorism subject matter experts, all-source analysts, open source analysts, and signals intelligence collectors, provides the right solution for today’s CI challenges. Uniformed professionals in a tactical environment must have these capabilities readily available. Rethinking CI as a mission to be carried out by a team of specialists from different disciplines better meets the CI needs of the commander, the military service, and the nation.

Task Organized and Multidisciplined

DoD currently limits its CI effectiveness with wordplay and organizational structure. Too often specialists in various fields compete over responsibility and authority. Current Navy and Marine Corps structure fulfills the mission solely with CI specialists. For example, Marine Corps doctrine calls for a CI/HumInt detachment to consist of five CI/HumInt specialists led by a CI/HumInt warrant officer. CI needs to realign its manpower, missions, and structure as task-organized units with full-scope, multidiscipline specializations. The combatant command CI staffs provide one model for a more effective CI structure at the operational and tactical levels. Combatant command counterintelligence teams (CITs) consist of various occupational specialties to accomplish the mission. 

Today’s tactical and operational environment requires that CI efforts against espionage, cyberattacks, and terrorism be focused under a single officer. Analytical, cybersecurity, antiterror/force protection, physical security, and subject matter specialists all have a role in counterintelligence. They could serve as members of the CIT under the guidance of a lead CI officer in cooperation with credentialed Naval Criminal Investigative Service CI agents. The commander’s counterintelligence coordinating authority still would supervise operations and provide guidance to ensure compliance with service, command, and national policy. 

A second less bureaucratically intrusive reform option is to fund additional training and recruit new specialties into the CI enterprise. Expanding personnel, presence, and training will help cover intelligence gaps. Many locations frequented by Navy and Marine Corps personnel, such as international airfields, lack permanent CI coverage. 12 Service CI units support exercises around the world, but on a temporary basis that prevents any real depth of knowledge or substantial liaison connection with friendly foreign CI organizations, especially in remote tactical environments. 13 Introductory-level CI education is insufficient for cyber intrusions, drone incursions, developmental technology theft, and modern insider threats that often involve challenging legal issues. Additional advanced training must be established and given funding and time to support skills required in missions such as support to information security and C2 protect, support to embarkation security, support to civil security, support to the strategic and operational levels of war, and counter imagery intelligence. There is no substitute for training and experience in the CI world.  

Task-organized CI units with multidiscipline experience help overcome many of the CI challenges in today’s hybrid warfare. Joint Publication 2-01, the guiding joint policy for determining how military intelligence supports operations, stipulates that “an effective CI program uses a multidisciplined approach that relies on the timely fusion of information from law enforcement, CI, and other intelligence sources.” Joint collection matrices include CI as an intelligence-collection platform, likely to the surprise of most collection managers.    

Counterintelligence beyond the Uniform

Today’s DoD CI enterprise must play a more active role with private industry. U.S. technological development no longer is primarily driven by government-funded labs and safeguarded by soldiers and government policy. In areas such as Silicon Valley, businesses find themselves in “the crosshairs of not only foreign competitors, but also of foreign intelligence services.” 14 Protecting critical infrastructure networks such as finance and energy is the purview of other national agencies, such as the Federal Bureau of Investigation. The defense sector, however, remains critically vulnerable to insider threats. In 2017, three high-profile events in April, May, and July saw foreign intelligence services access “export-restricted high-grade carbon fiber, which is primarily used in aerospace and military applications,” a “high-performance, naval-grade product,” and “the business systems of U.S. nuclear power and other energy companies.” 15 Foreign espionage is the cheapest option for most nations to acquire the same or near-peer combat capabilities. Billions of U.S. taxpayer dollars fund advanced research to defend national interests, and a robust CI enterprise is the best way to ensure such efforts are not wasted. 16

The Defense Security Service (DSS) and other agencies implemented initiatives such as the Partnership with Industry Program to exchange security personnel and the Counterintelligence Partnership with Cleared Industry Program to allow private companies to work side-by-side with the DSS CI office. 17 Lockheed Martin retains a robust CI capability and publishes CI awareness training that includes how to identify insider threats, elicitation, and recruitment tactics, and how to report them. 18 

Such efforts are promising but insufficient. A piece of advanced technology or equipment has many caretakers over its lifetime, from the initial design and prototype, to engineering and production, to testing and fielding, to operations and maintenance, and finally to disposal or sale. If each of these phases takes place in different offices under various security agencies in diverse locations, gaps in information protection emerge that make the most prized U.S. assets unnecessarily vulnerable. Cooperation and information sharing are a possible solution, but a more complete option is to expand uniformed DoD CI capabilities and personnel to track projects through their lifetimes. High-profile CI cases such as that of Aldrich Ames—and its nine years of investigation—highlight the necessity of long-term and consistent CI involvement to reach a successful outcome. 

Counterintelligence as an academic discipline also requires further attention. Before 2014, only two academic articles examined the theory of counterintelligence. 19 Just one book on the 2018 Defense Intelligence Agency director’s reading list mentions counterintelligence. The research benefits are apparent in a single Ph.D. dissertation that presents evidence about the differences in CI structure, vulnerabilities, and capabilities between tightly structured and loosely structured terrorist groups. 20 Henry Prunckun does well in Counterintelligence Theory and Practice (Rowman & Littlefield, 2013), but more research is necessary to advance the discipline and provide both quantitative and qualitative insight for field agents. 

21st Century Counterintelligence 

The Navy and Marine Corps are too vulnerable to foreign intelligence services. The U.S. national security structure—uniformed services, civil servants, the defense industry, and private business—is an interdependent and interlocked network that CI must protect. More training opportunities can help the existing CI force adapt. Changes to recruitment and introductory training can reshape the CI force going forward. Allocations for more CI offices and uniformed Navy CI personnel to support commanders, facilities, and equipment will better protect the Department of the Navy’s investments and missions. But most important, the Navy and Marine Corps need to enforce a cultural shift in mindset so CI is treated as a multidisciplined enterprise on par with any other traditional warfighting community. 

1. The Operational Environment and the Changing Character of Future Warfare , Training and Doctrine Command, U.S. Army.

2. John Ehrman, “Toward a Theory of CI: What Are We Talking about When We Talk about Counterintelligence?”  Studies in Intelligence , 53, no. 2 (24 August 2009).

3. James M. Olson, “The Ten Commandments of Counterintelligence: A Never-Ending Necessity,” Studies in Intelligence, 45, no. 5 (2001): 81–87.

4. David Vine, “ Where in the World Is the U.S. Military? ” Politico, July/August 2015.

5. Ehrman, “Toward a Theory of CI.”

6. Christopher S. Chivvis, “ Understanding Russian ‘Hybrid Warfare’ and What Can Be Done ABout It ,” Testimony before the House Armed Services Committee, 22 March 2017. Antonio Giustozzi, “ Afghanistan: Taliban’s Intelligence and the Intimidation Campaign ,” Land Info Country of Origin Information Centre, 23 August 2017.

7. M. H. Schiattareggia, “Counterintelligence in Counterguerilla Operations,”  Studies in Intelligence  6, no 3 (summer 1962): 43–44.

8. Schiattareggia, “Counterintelligence in Counterguerilla Operations,” 41–42.

9. Carlos Revilla Arango, “ Counterintelligence vs. Insurgency ,” Center for the Study of Intelligence, Central Intelligence Agency, 2 July 1996.

10. Johan Sigholm and Martin Bang, “Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats,” 2013 European Intelligence and Security Informatics Conference, Uppsala, Sweden, 12–14 August 2013, 171.

11. Christopher Paul and Rand Waltzman, “ How the Pentagon Should Deter Cyber Attacks ,” Strategy Bridge, 10 January 2018.

12. Michael T. Imbus, “Identifying Threats: Improving Intelligence and Counterintelligence Support to Force Protection,” research report, Maxwell Air Force Base, Alabama, April 2002, 18.

13. Imbus, “Identifying Threats,” 19.

14. Darren E Tromblay, “ Protecting Partners or Preserving Fiefdoms? How to Reform Counterintelligence Outreach to Industry ,” Information Technology and Innovation Foundation, October 2017.

15. Trombley, “Protecting Partners.”

16. Michelle Van Cleave, remarks for Conference on Counterintelligence for the 21st Century , Bush School of Intelligence, Texas A&M University, 5 March 2005.

17. Tromblay, “Protecting Partners.”

18. “ Counterintelligence Awareness: Capability without Compromise ,” Lockheed Martin, 2015.

19. Henry Prunckun, “ Extending the Theoretical Structure of Intelligence to Counterintelligence ,”  Salus Journal , 2, no. 2, 2014.

20. Blake William Mobley, “ Terrorist Group Counterintelligence ,” Ph.D dissertation, Georgetown University, 20 October 2018.




First Lieutenant Heller is an active-duty intelligence officer in the U.S. Marine Corps. He is an honors graduate of the U.S. Naval Academy and Oxford University and was a Rhodes Scholar. He currently serves in Okinawa with 3d Intelligence Battalion, III Marine Expeditionary Force.


Listen to a  Proceedings Podcast  interview with this author below:



Conferences and Events

View All

From the Press

23 February - Seminar

Sat, 2019-02-23

David F. Winkler

3 March - Lecture

Sun, 2019-03-03

Stephen A. Bourque

Why Become a Member of the U.S. Naval Institute?

As an independent forum for over 140 years, the Naval Institute has been nurturing creative thinkers who responsibly raise their voices on matters relating to national defense.

Become a Member Renew Membership