We normally learn a lot from other people’s wars. One war being studied carefully is that of Russia’s invasion of Ukraine. If we are responsible for security or counterintelligence for our facilities, we should learn from this war too. Just as American troops in Vicenza, Italy, are learning about drones from Ukrainians at Grafenwoehr, Germany, so we need to learn from our colleagues about the ‘near war’ tactics of the Russians.

Russian Spies Pervade Europe

Russian spies are rampant. We’ve read that espionage is being practiced all across the Ukrainian front. We also need to concentrate on Russian targeting of the rest of Europe. Russia sees that continent as the vast supply line from the United States and NATO into Ukraine. Russia has gambled that supplies from European companies and ports must be anticipated, the better to destroy them. Indeed, they have been accused of scrambling GPS systems using antennae in their territory in Kaliningrad. For that matter, they might just blow up the supplies destined for Ukraine on the ground. Consider the explosion that rocked Chechia’s gigantic supply depot, which is now traced to Russian activity.

Germany, the economic powerhouse of Europe, questions whether it is ready for a multipronged sabotage attack. They cite mysterious attacks across their entire economic infrastructure. Notably, their rail system found itself shut down in numerous areas. Likewise, as in other European cities, Berlin Airport was shut down by a cyberattack. Most insidious, Russian tankers flagged under foreign flags are known to carry illicit gasoline products. For our purposes of awareness, however, something else is believed to be on board these ships. It is suspected they also carry drones that can be launched surreptitiously onto European targets. The French have confiscated one of these vessels at sea off their coast.

Of course, this is only the visible part of sabotage actions. Many of these are caused by Russia to give a warning: “We know you are helping our enemy, Ukraine, and we are going to make you pay.” The question that remains, of course, is what NATO will do. It seems that endless drone incidents have befallen the European nations, recently in Romania. What to do?

One study has shown that cameras fitted to drones have been a potentially major weak link for Ukraine. The rare earth metals used to make them originate in China or are only available through Chinese companies. Not just some of them, but some 89-98 percent of all such cameras’ components.

FSO on Monitoring cleared employees

Faced with such a wall of difficulty, what are we, facility security officers, to do? When the world appears new, go back to basics. See what is no longer needed, what is still good, and determine how to adjust to new threats.

Strengthen your host nation liaison. Estonia found that a young soldier in its army was a recruited spy for Russia. His value to Moscow, despite being very young and new, was his location. He was home-based just over the border from Russia. Likewise, the U.S.’s own Air Force was hit by a spy. This young airman took classified information from the computer he was assigned and posted it on the dark web. His goal was to impress others on the site.

So we must ask ourselves repeatedly: Are your employees properly vetted? By whom? How often? Did you know you can have your employees attend ‘Insider Threat’ training?  Check with your security colleagues. There are symposia, conferences, even whole courses your employees can attend. These will alert them to their responsibilities. Here they’ll learn to be aware of, prevent, report, and counter insider threats. Also, such courses can often be done either in person or virtually, depending on your requirements. Such courses can be very specific. For instance, the Center for Development of Security Excellence offers a course on Insider Threat Analysis. This is designed not for your average employee, but for someone you want on your team to evaluate indicators that might suggest an insider threat.

How are you configured to respond to identified threats? Some organizations have ‘threat hubs’ of security officials or employees trained to evaluate potential threats. These people gather regularly to respond to any reported incident. Other organizations are fortunate to have professional counterintelligence agents available to respond to reported incidents. Please make sure your entire company or organization knows how to report issues properly, and then please keep the report confidential. The FBI has such joint ventures across the US.

Let’s say the threat you encounter is apparent recurring drones sited over your facility. What does the local law say about such drones? Can they be banned? Once reported, the people in the hub can evaluate whether this is potential espionage or a preparatory sabotage incident. They would then report it to your supporting intelligence agency for proper action. The best course would be to have a trained, assigned counterintelligence agent who is aware of known and potential threats ahead of time and updates information to your company directly. Of course, once identified, analysis can advise your leadership what might be expected. If drones, then analysis can advise whether these are harassment, surveillance, or possibly armed weapons overhead.

How your site was identified is a question for later evaluation. Perhaps you were identified by an insider, or perhaps by a spy monitoring what he hears when your employees head to the local bars after hours. Maybe your entire computer system was compromised because no one properly trained your people not to respond to phishing expeditions. That’s up to you to discern.

Related News

John William Davis was commissioned an artillery officer and served as a counterintelligence officer and linguist. Thereafter he was counterintelligence officer for Space and Missile Defense Command, instructing the threat portion of the Department of the Army's Operations Security Course. Upon retirement, he wrote of his experiences in Rainy Street Stories.