Offensive vs Defensive Intelligence


There are two main disciplines in the field of intelligence:  offensive and defensive.  At a national level, countries may chose a defensive or an offensive intelligence posture. For example, the Canadian Security and Intelligence Services (CSIS) is considered predominantly defensive while the Central Intelligence Agency (CIA) is regarded as more on the offensive side of things. While both strive to protect their respective nations from threats, the CIA seeks to bring the battle to the enemy while the CSIS seeks to prevent the adversary from bringing the battle into Canada.

Corporations may likewise choose between an offensive or defensive intelligence stance. Restricted by legal considerations and by resources, corporations often choose defensive over offensive measures to protect against threats. Corporate intelligence analysts and security managers typically restrict their scope of work to defensive plays. They analyze the threats against the organization and implement countermeasures against them. 

Sometimes, there are cultural elements that influence security decision makers against taking an offensive stance such as not wanting to come off as too aggressive.  Only once a threat has been realized does the security apparatus feel it has the political license or justification to act.   Until then, its security operations must ‘play nice’ which can be an unfortunate position.  For those times working the offensive is the path to proactive security, inaction can result in disaster.

So, to what extent can non-governmental organizations leverage offensive intelligence moves and what does that entail?

Consider the following example that describes the different approaches between these two disciplines: You are hired as an intelligence officer for a security outfit charged with protecting a very high-net-worth individual or even a head of state. You happen to get credible intelligence that a Mr. John Smith is interested in attacking your protectee.

With a defensive intelligence posture, you would focus on figuring out how (the modus operandi) and when Mr. John Smith will attack your protectee. Your analysis of Smith’s MOs will inform your recommended security measures against the potential threat (e.g build a higher fence, change operational routines, increase security coverage and more).

To implement an offensive intelligence approach you must know the motive, not just the MO, of the would-be attacker. John Smith’s motives to attack your protectee can range from financial gain (hired assassin), to political or ideological motives, revenge or, just simple insanity. Figuring out the adversary's motive and the factors that influence his decision making process will help you execute your offensive intelligence plan.

Ultimately, an offensive intelligence plan must get you close enough to your potential adversaries to enable you to develop a relationship with them or their close circles. Only then, would you be able to influence them and their motives for attacking. Rigorous offensive tactics could also include disinformation, turning threat agents to your side, or planting penetration agents.

At Chameleon, we are often asked to help organizations or individuals to secure against various kinds of threats and we use offensive intelligence to do so.

On one occasion, we took a case where a son of a very wealthy family was estranged from them.  He was an easily influenced young man in a toxic relationship with a woman who demanded he disassociate from his family.  His father came to Chameleon after a number of private investigators had conducted surveillance on the son but had not gotten to the heart of the matter.  Nothing was solved.  So we planted an agent of the same age to take a job where he was working, to befriend him.  A relationship was established, the real  and full story was exposed and the son came to see that his girlfriend was sabotaging him.  He reestablished a relationship with his family.  It would not have made sense to use defensive methods in the case of a non-traditional threat.

In another case, a well known celebrity was being stalked online and his threats were menacing.  Chameleon agents conducted research that revealed the stalker had a huge fascination with swords and frequented a particular internet cafe.  Our agent sat himself near the stalker, placing a large book about swords on the table as ‘bait.’  Indeed, the stalker opened up the conversation and the agent was able to get enough information about him to determine that he was not a real threat.  The offensive measure worked whereas a defensive measure would have involved posting bodyguards on the celebrity 24/7 and would have been a waste of money and time.

One of our clients in the medical services industry caught a woman outside one of their facilities armed with a gun and threatening.  They took appropriate defensive measures but stopped there.  We did minimal digging to figure out who she was and why they were a target.   Was she a disgrunted ex employee? Did she have a beef with management?  Was she politically motivated?  We wanted to know what her story was, her motive.  It turned out she lived a quarter of a mile away and likely passed the location daily.  Other facts uncovered helped design security protocols that made sense.

The point is, while an offensive approach is not always the way to go or not always possible, it should definitely be part of the security toolkit.  An offensive approach pushes the adversary to defend, retreat or change targets.  It is proactive.

Winning players whether they be at work on a soccer field or on a chess board, know that they need to play both defense and offense.  They need to get in the mind of their opponent and strategize accordingly. Similarly, intelligence professionals need to know how to play both sides - defense and yes, even offense.

Leave a Comment