The Paradoxes of Counterintelligence

Guerrilla groups have to make major tradeoffs in their counterintelligence strategy. Examining three of them in detail can help ensure these dilemmas are approached consciously.

I've been researching irregular counterintelligence recently, and some consistent themes seem to exist throughout. Specifically, guerrilla groups seem to face three major tradeoffs or dilemmas in their counterinsurgency strategy:

  • detect vs. distinguish
  • prevention vs. resilience
  • secrecy vs. publicity

In each case, the guerrillas would ideally have both, but are forced into a balancing act within each, trying to find a compromise that's the "least bad" option. Let's take a look at each of these in turn.

Detect vs Distinguish

One of the key points from "Out of the Mountains" is the concept of detect vs distinguish. In the past, guerrilla groups largely relied on being undetected, basing themselves out of rough terrain - mountains, swamps, jungles - where security forces were unable to find them. When security forces did attempt to detect the guerrillas, it was largely through clumsy search-and-destroy operations that involved sending soldiers to physically walk through the suspected area, giving guerrillas plenty of time to move or mount a defense.

In recent years, this paradigm has shifted. Satellite imagery, aerial surveillance (including drones), and a plethora of other reconnaissance tools has made it nearly impossible to remain undetected. Instead, guerrilla groups must rely on the difficulty of distinguishing guerrillas from the general population.

Whereas a guerrilla base in the jungle a few decades ago was hard to detect, it was easy to distinguish from other things - once you found it, it was pretty clearly the guerrillas, and you could attack it with confidence. In contrast, guerrilla bases and personnel that are mixed among civilians may be easy to detect, but hard to distinguish from the other civilian activity around them. Security forces may drive right past a guerrilla safe house every day, "detecting" it with no difficulty but unable to distinguish that it houses guerrilla activity.

Almost by definition, being difficult to detect requires groups to go where nobody else is - remote areas, imposing terrain, underground - which makes them easy to distinguish since, frankly, nobody else goes there! Conversely, being difficult to distinguish usually requires operating in populated areas, "in the open" where remaining fully undetected is nearly impossible.

There are tradeoffs that make both approaches to remaining hidden valuable. Hiding amongst the population may be difficult or impossible for guerrilla movements made up primarily of a particular visibly ethnic group in areas where a different group predominates. Particular activities - training with firearms, for example - may be nearly impossible to do while blending into the civilian population in some areas. Explicitly framing the tradeoff as making the group difficult to detect vs difficult to distinguish can help ensure this decision is made consciously and with a full understanding of the strengths and weaknesses of each approach.

Prevention vs Resilience

When designing an organization and its counterintelligence approach, there are a million and one directions, concerns, and tasks to consider. In all cases, though, any steps to resist attack can be categorized in one of two ways - either as a preventative measure, or a measure to increase the group's resilience. Prevention seeks to ensure that bad events do not happen, while resilience seeks to reduce the impact when they do.

For example, the classic "cell" structure of many clandestine groups is a resilience measure - if a cell is discovered, other cells remain intact because they are cut off from each other, limiting the damage. This is also true for training to resist interrogation or say nothing to the police, reducing the amount of information that security services can get from a successful capture of a group member. Active counterintelligence - "mole hunts" - also seeks to limit the damage from an informant by discovering and stopping their activities and are thus a resilience approach. In general, anything focused on countering the successful actions of the opponent (discovering a cell, capturing a group member, gaining an informant) is a resilience measure.

Prevention seeks to keep the security services from learning anything in the first place. Surveillance detection, security procedures such as not using cell phones, and other direct countermeasures prevent information from being disclosed at all.

At one extreme, a group may all know each other's names, every member may know every other member, and yet extremely thorough precautions may keep the group entirely out of the hands of the police or army. This requires incredible discipline and attention to detail on the part of every individual, since any mistake (or betrayal) could give up information on the entire group. This could even go so far as the entire group being visibly, openly associated - if the security services never find out that they're conducting subversive activities, they can continue on happily, but if they slip up, they'll all be captured at once.

On the other hand, a highly resilient approach could divide members into small cells, isolated from each other and receiving information only through cutouts or other methods that prevent even an informant from being able to give up much information about the group outside their individual cell. Individuals could be incredibly careless without endangering the group overall, since they each simply don't know anything that can be used against more than a handful of other members. The leaderless resistance concept falls much more toward this extreme - individuals may have absolutely no sense of security whatsoever, but since they're operating on their own or in small self-formed groups, there's no larger organization that can be damaged by their capture or betrayal.

While the first group, relying on individual discipline and skill to prevent security lapses, is able to easily communicate to plan and carry out their activities, any mistake is catastrophic and will likely end the entire organization. The second group, highly compartmented, will have a great deal of difficulty even knowing the extent of the organization, much less planning and using its capabilities to the fullest, but can tolerate cells being regularly discovered without much risk to the greater organization. While any successful group will have a mix of these two approaches, prevention generally relies on a high level of individual skill and training, while resilience is more forgiving of mistakes and can allow for less disciplined members in a group.

Secrecy vs Publicity

Fundamentally, guerrilla groups require public support to achieve their political objectives. Recruits, resources, silence when the security forces ask questions, timely information and intelligence, and more all require support from at least part of the population. The "hearts and minds" counterinsurgency strategy pursued by the US over the past decades is a direct response to this truth.

At the same time, however, guerrilla groups require secrecy to function. Members who are discovered to be part of the group may be detained or killed, supplies and infrastructure may be captured or destroyed, and security forces are always looking for a way to infiltrate an informant or turn an existing member of the organization. Guerrillas lack conventional firepower and must compensate using an asymmetry of information - which requires secrecy.

This poses another dilemma - on the one hand, public statements, outreach or propaganda programs, and large visible acts of resistance can increase support from the public and help the guerrilla group in all the ways mentioned above. However, each of these acts exposes the group to the public - by design - and poses a risk to the group. Balancing this paradox consciously is a key component of success for guerrilla groups, who can't be completely isolated from the population but at the same time take a risk every time they divulge information.


Three paradoxes of counterintelligence must be balanced by any clandestine group struggling against a conventional security force:

  • detect vs. distinguish
  • prevention vs. resilience
  • secrecy vs. publicity

In all these cases, there's no right answer. By consciously balancing each tradeoff, groups can more effectively stay alive, continue their struggle, and perhaps one day achieve their goal.

Further Reading

Full Spectrum Resistance, Aric McBay
Guerrilla Counterintelligence
Out of the Mountains, David Kilcullen
Terrorism and Counterintelligence, Blake Mobley