Intelligence the key to understanding Russia’s intentions.
By Philip Ingram MBE
Last week U.S. national security advisor Jake Sullivan said that the U.S. is not certain that Putin has made a final decision to invade Ukraine. But “it may well happen soon.” Ben Wallace the UK Secretary of State for Defence told The Sunday Times that “Russia invading Ukraine is “highly likely” and warned that the military presence on the border has now reached such a size that they could “launch an offensive at any time”.” Wallace has cancelled a planned long weekend holiday!
The question on everyone’s lips is how, how could we know what Russia is going to do? The only way to answer that question is through intelligence and the overriding caveat is that intelligence is not an exact science. However, there are certain indicators that would point more to an invasion than a bluff and it is these I will explore in more detail.
So how do we know what is going on at the moment? I examine the intelligence gathering effort in more detail in my blog here: https://greyharemedia.com/russia-and-ukraine-an-intelligence-goldmine/ However, there are a few things I want to pull out to set that background to this analysis. The first is how do we know there are over 100,000 troops with the right equipment to invade Ukraine?
The first thing is Open-Source Intelligence or OSINT. Russia has declared it is carrying out manoeuvres in Belarus, in training areas around the Ukrainian border, in the Black Sea so we have definitively from the Russian Government that they are doing something. Next, we have what is being posted on special media; videos of convoys, trains full of equipment, soldiers leaving their home bases and more.
What must be considered with anything from open source is it could be being posted deliberately to mislead. Sun Tzu the infamous Chinese 6th century general and philosopher said in his book the Art of War, “All warfare is based on deception. Hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.” The Russians have a doctrine called маскировка (maskirovka) which is all about ‘masking’ or deception and is central to all they do; they follow the philosophy laid down by Sun Tzu.
Analysis of the vehicle and aircraft types, badges on soldiers’ uniforms, vehicle registrations and symbols can identify units and therefore where they are coming form, geo-referencing the imagery and from that, by comparing with historical data, if this is usual activity. Alongside that, private social media posts by Russian military personnel will be looked at for indicators. Again, маскировка (maskirovka) must be considered.
This OSINT will be fused with imagery intelligence from satellites and Measurement and Signature Intelligence (MASINT) gathered from Satellites, Drones and Fixed Wing Aircraft flying along the borders, staring into Russia and Belarus with specialist radars. These radars can see anything in the open including equipment hidden in forests and or under camouflage nets and their numbers can be counted regularly to see and changes. It can also be used to identify what types of equipment there are and that in turn will indicate the unit or formation. The same radars can track convoys and trains moving in real time, distinguishing military equipment from civilian traffic. Other sensors can see if equipment has moved recently and how long ago often being able to identify where it has moved to.
What is key here is identifying what formations are where and what they are doing? So, if the deployment is being billed as just training on home territory, are all the formations and units participating in that training, what are the ones with the best levels of training and the best equipment’s doing as not every unit or formation is equal? What is happening to the unit and formations logistic tails as they move and train and do those logistic tails match what is a norm for practice manoeuvres or are they larger? (You would not use as much ammunition on manoeuvres as you would need for operations, or as many medical facilities, or as many spare parts for armoured vehicles, so are these natures pre dumped and if so, where?).
Next will be looking at supporting units and formations, communications networks, air defence, air support and artillery as well as Intelligence, surveillance, and reconnaissance (ISR) capabilities. The questions are what has been deployed to where and with what? For purely manoeuvres you do not need large numbers of live anti-aircraft missiles, or the artillery ammunition stocks you would need for offensive operations, or the same balance of ISR assets or the communications networks needed to control multi levels of ground offensive capabilities, and integrate it with air support, ISR feeds and logistic networks over the same geographical footprints.
Satellites, RC135, JSTARS and Global Hawk and other surveillance platforms will be hoovering up all of the information needed to work all of this out. Networks need to be tested, comms checked, radars positioned and tested, aircraft systems checked. No matter how good your comms plans are at suppressing emissions, you can never supress them all. Each emission is an indicator!
Air capability will play an important role, for manoeuvres you need a lot less than you would need for offensive operations and different types and certainly different weapons. Numbers and types will be critical. The first thing any Russian offensive operation would want to do is SEAD, suppression of enemy air defence (AD), i.e. destroy Ukraine’s ability to track and shoot down Russia’s aircraft so Ukrainian air assets could be targeted and then ground offensives begin.
SEAD would be carried out through a combination of Special Forces, Attack Helicopter, indirect fire usually from long range missiles and specialist SEAD aircraft as well as ground based and air based Electronic Warfare (jamming) capabilities. Where are the assets needed to do this and how ready are they and what are they equipped with?
These capabilities would need to ensure safe corridors to all Ukrainian air assets and ground formations were safely opened, so even if there were a geographically limited invasion of Ukraine, AD and air assets across the whole country would have to be targeted. It would be highly unusual for these assets to be grouped and deployed in sufficient numbers just for manoeuvres.
Alongside all of these physical indicators, communications will be being listened to, whether that is over military communications means or civilian means, the technology to intercept and often decode exists. This will give a clear understanding of the quality of military communications, readiness of units and formations and some will give indications of intent. However, communications can also be used for маскировка (maskirovka).
Adding another layer on top of this are the Human intelligence (HUMINT) assets, at the strategic level running agents into the decision-making organisations in Moscow, military command headquarters and elsewhere and at the more tactical level, people reporting what is going on on the ground. Good HUMINT assets can get a real understanding of thinking and intent but getting good HUMINT agents with the right access is a massive challenge.
What must be considered at all times is that lovely word маскировка (maskirovka) – it could all be a huge expensive bluff, we have to remember that during the Second World War in preparation for D Day the allies had Operation Fortitude where amongst other things they created a fake army with a real commander, fake tanks, fake aircraft, fake radio transmissions, and fake spies with fake plans delivered to the Germans in a novel way through Operation Mincemeat. We knew what the Germans were looking for and provided it to them. The Russians know what we are looking for. That is partially why the intelligence game is very complex.
However, the subtle military indicators, with the sophisticated collection capabilities we have today compared to what existed during WW2 will give a much clearer picture of readiness and intent. This is what our politicians are being briefed and for them to order citizen’s out of the country and for the Defence Secretary to cancel his personal holiday, the indications supplest an invasion is more likely than not.
I have examined the why and what the possible objectives could be in another blog here: https://greyharemedia.com/what-is-driving-putins-thinking-on-ukraine/. My conclusions today remain as they were when I wrote that. There are so many other possible indicators such as status and loading of Russian Naval vessels, the defensive posture of the Kaliningrad Oblast and around Russian Naval bases in Syria, the Northern, Baltic, and Pacific fleet bases, but to examine them all would be a book. We are seeing one of the most dangerous, complex political and military events in Europe since the Cold War or even before that.
Philip INGRAM MBE is a former Colonel in British Military Intelligence and was a senior military planner, he is available for comment.
Russia and Ukraine – an Intelligence goldmine
As the crisis between Russia, Ukraine and the West continues to deepen and speculation over a potential conflict, and its scope, grows, what is clear is President Putin has given the West an unprecedented opportunity for intelligence gathering at so many different levels.
What has been noticeable on the many open-source aircraft monitoring platforms are the airborne intelligence gathering platforms that have been bracketing Ukraine, Russia and Belarus from Poland, the Baltics, inside Ukraine and from the Black Sea, hoovering up information from different sources and turning it into intelligence.
There hasn’t been an opportunity since the Cold War for the deployment of large formations of Russian Ground Troops, configured for a large-scale warfighting operation to be looked at and examined in so many different ways. So, what is likely to be going on and what will we know?
The first caveat is that I have to be more generic that I would like to but within the intelligence game there are only so many ways to gather information whether through the use of humans or through exploitation of the electromagnetic spectrum. The actual capability of many if not all of the collection platforms being targeted at the Russian build up remain highly classified and my analysis is therefore speculative but from a position of knowledge having overseen many operations to monitor large formation deployments of Russian style formations.
There is a real alphabet soup of intelligence techniques that will be targeted against Russia, and each will be hoovering up vast amounts of information, processing it into a specific brand of intelligence that will then be fused together to provide all source intelligence thereby building a much better and clearer picture as to what is going on.
I do have to caveat that when a sensor picks something up it means it has happened, i.e. it is history and intelligence is all about looking at what has happened in order to predict what will happen. Predicating the future is never an exact science and if fraught with potential misinterpretations; especially when the opposition know what you are doing and are therefore actively trying to deceive you.
So, what are the aircraft doing and what can they see from so far away from the Russian border? Essentially, they are carrying out 3 types of intelligence gathering, SIGINT, ELINT and MASINT.
Signals Intelligence (SIGINT) will be listening to all of the broadcast communications between military units, formations, headquarters and bases, looking at the frequencies used, the networks that are operational and what is being said in the messages. This will have the ability to conform the order of battle, i.e., what formations with what kit are deployed and, as the units and formations practice their communications, it will give the intelligence specialists a lot of material to decrypt, confirm previous knowledge and prepare wider indicators and warnings for certain activities.
Electronic Intelligence (ELINT) will be monitoring all of the Radar and other emitters operating in support of Russian activity. It will be looking at what they use to find and track targets and what weapon systems could be used supported by the radars. It will also be looking at the control mechanisms for weapon systems. The very act of flying aircraft, and in the case of the HMS Queen Elizabeth deployment, sailing a warship along the Ukrainian Coast, will stimulate a lot of electronic activity. The ELINT Sensors will hoover all of that activity up and use it to make sense of what systems are being used, but also use it to understand how to disrupt those systems if needed.
Next comes MASINT – Measurement and Signature Intelligence, and this is where the operational and tactical magic happens when monitoring large ground-based formations. vehicles are effectively lumps of metal and they emit different heat and radar signatures to natural surroundings and even buildings. MASINT can be used to monitor what is where, what has moved and give indication on what could be happening. It takes a long time to prepare Armoured formations for operations and they must prepare for specific formations as they advance, all of this data can be picked up utilising a number of techniques when applied to MASINT sensors. This message the Russians will know well, as they have their own capabilities, nothing is hidden, no matter how many camouflage nets there are over it, the only real secret is how much can be seen and how far away?
As platforms are flying, they will be stimulating activity on the ground in response, stimulating reports being sent up chains of command, sent to military and political masters and these reports relate to activity we know about, because we will have caused it. These reports will be targeted by more strategic collection capabilities to identify how they are processed and sent and therefore identify potential vulnerabilities in the systems used to process them and the mechanisms of their transmission. This information is vital in allowing newer responses through cyber to be brought to bear if necessary.
It is the good old tactic espoused by General Rupert Smith during the first Gulf War, when he said, “If the pond is still, don’t be afraid to thrown in a pebble and watch how the waves promulgate.” This is exactly the same tactic used in June 2020 when HMS Defender sailed along the Crimean Coast and for the whole of the HMQ Queen Elizabeth task force deployment, watching those who were watching it, was invaluable.
Of course, the airborne assets will be complementing what the space-based assets are monitoring and being used to complete the picture from 2 other critical intelligence disciplines. The first being HUMINT, at a strategic level the national agencies of many countries will be trying to find out what is going on inside the Russian Political, military, and operational headquarters and working to get a handle on the wider intent of President Putin and the real capability of the military forces deployed.
It is almost certain Ukraine will have HUMINT assets targeting the Russian formations deployed close to its borders looking at the orders of battle and the levels of preparations. However, one of the most valuable resources is the huge amount of Open-Source material that is circulating on various social media platforms. There are hundreds of pictures and videos of Russian equipment being moved towards the borders, pictures of training and troops putting personal pictures onto social media. This Open Source Intelligence (OSINT) is invaluable and colours in or targets much of the information and intelligence gathered from more classified sensors.
So, what is likely to happen? That is anyone’s guess at this point, but there are certain factors that come to bear. Putin won’t want the full might of the international community to come to put pressure on his fragile economy, but he must be seen to do something for his domestic audience and for the massive deployment to seem ‘legitimate.’ He seems to like the NATO Kosovo scenario of going to protect an element of the local population, but to do that he needs to escalate the crisis to the international community before he can think of going, else he needs to de-escalate his preparations in the eyes of the Russian public.
The sorts of potential indicators and warnings of a potential move could include:
- Increasing domestic rhetoric suggesting Western Interference
- Increased international rhetoric accusing the west of interference
- Increasing Rhetoric around ethnic Russians being targeted
- Rhetoric around Ukrainian incursion into Russia
- Increased Belarus activity on Polish border with refugees
- Ukraine Cyber attack
- Global Cyber attack
- Russian Black Sea fleet deployed
- Elements of the Russian Med Fleet deployed
- Elements of the Russian Northern Fleet Deployed
- ‘Manufactured’ terrorist activity both against Ethnic Russians but also inside Russia itself – bombs in Moscow / Airliner Shot Down?
However, if he does, he will have limited objectives the worst-case scenario could be annexing a large part of Eastern Ukraine where the majority Russian Speakers live. He is likely to calculate this as being just under the threshold of a very robust Western intervention as the last thing Putin could afford is a conflict with the West and he knows this, but emotionally he wants all of Ukraine. He could easily de-escalate but indicators of that will be domestically focused rhetoric regarding meeting Russias objectives and capitulation by the West in some way. We live in interesting times and the robustness of our political leaders will likely be tested to their fullest extent.
A potential Op Plan schematic for a limited Russian Invasion is:
As the situation develops, further blogs will drill into the detail of what we are seeing but the author can be contacted at any time and details are available on the Contact Us Page. Philip Ingram MBE is a former Colonel in British Military Intelligence.
In the streets of Tehran, for many years Israel’s Mossad, Germany’s MRD, Americas CIA, France’s DGSE and of course the UK’s MI6 with many others will have been playing the potentially deadly game of HUMINT. Human Intelligence, recruiting individuals with access to pass on secrets from the organisations they have access to. If they are caught, they will almost certainly be tortured and killed, it is probable that their families will disappear, and that access will be lost. This is part of the intelligence game.
One of the key targets of the international intelligence community will be the Iranian Revolutionary Guard Quds force. Their special operations division, the part of the revolutionary guard that infiltrates other states, that carries out guerrilla and terrorist type attacks, that carries out ‘black’ operations, that is currently being blamed by the US and UK for the spate of attacks on oil tankers in the Gulf of Oman.
If one of the intelligence agencies has recruited an agent inside the Quds Force then their intelligence, their presence and their access will only be known by a very very small number of people; their identity by even fewer. Their reports will be unlikely to be shared, but assessments utilising intelligence provided may be shared with allies.
Luckily, HUMAN intelligence is the icing on the cake and not needed in all cases to form an intelligence assessment. It is highly unlikely to have formed part of the picture that allowed the US Secretary of State Mike Pompeo to blame the Iranians for the attacks on Thursday on two tankersin the Gulf of Oman, just a month after four others were targeted off the coast of the United Arab Emirates. The British Foreign Minister Jeremy Hunt said that the Iranian regime was “almost certainly” behind it, but how would they know?
The key is knowing exactly what happened and when and that is very easy in this case. It is easy because the exact time and location is known and the ships at 06:12 (02:12 GMT) the Norwegian-owned Front Altair followed at 07:00 the Japanese-owned Kokuka Courageous sent distress calls following explosions and these were picked up by US naval forces in the region.
The US has already released video from an unmanned drone flying in the region, this is one of the most highly surveilled regions in the world. The drone reportedly showed Iranian Revolutionary Guards boats evacuating crew from one of the distressed ships whilst surreptitiously removing an unexploded limpet mine. Some commentators have questioned its validity especially as the owners of the Kokuka Courageous claim that the crew saw a flying object just before the explosion.
One thing that people should recognise is the drone was not alone! There are layers of intelligence collection systems all watching and listening to target areas of interest, which the Gulf of Oman is. These systems have the ability to monitor the whole electromagnetic spectrum passively through satellites, drones, aircraft, ships and land based capabilities and also actively through land based, sea borne and airborne radar.
So, what would be looked for? We have boat movement, the 2 ships that were attacked and any smaller craft that approached them through their journey. Small craft present a problem for intelligence systems as they can often get lost in the background clutter in images, or radar returns and that clutter can be caused by atmospherics, sea states and geography. This means that unless they are being actively looked for, they can often hide. Boats no matter what size leave a wake, a temperature difference in the sea as they travel, a radar and an acoustic signature, a thermal signature and if they use radar and/or radio, an electromagnetic signature. If crew members are carrying mobile phones, those too leave a unique signature in the electromagnetic spectrum.
For limpet mines to be attached, this is either done in port or on the journey from a surface or sub surface vessel. The location of the explosion and the alleged limpet mine that was removed can rule out a sub-surface approach. But what of the flying object?
The ships were over 50 km off shore, for anyone with experience at sea, that is a long way! Any ‘flying object’ would have to be launched from Land, the Air or the Sea. It would also have to be guided to the target either actively or using passive on board guidance systems. We are talking about a very sophisticated system to get a warhead to a ship. At that range any land launched system would have been spotted immediately through its thermal signature, the US would have called it out immediately. Again, if launched from the air, aircraft type, course, time of flight are all being recorded, not just by civil air traffic control but also military assets across the region. The USS Bainbridge, a US Arleigh Burke-class guided missile destroyer, over 500 feet long and weighing in at 9,200 tons, has some of the most sophisticated radar and other sensors and it was operating in the area.
So, a close in missile launch would see the need for a small boat to get within a few km of the tankers, leaving its own signature and once a missile is launched, leaving another trail of ways of identifying it. I would assess it as unlikely that a missile system was used to attack the tankers.
Will we ever know for sure? Well if samples of the explosive residue left around the site of the explosion and the size and shape of the damage to the ship’s hull can be gained – the type of explosive can be determined and the exact weapon system used therefore determined with a very high probability, if it is a manufactured weapon and not a home-made IED, even then the residue will indicate where the explosive substance came from.
So, for all the doubters out there who want to immediately counter the state narrative. Realise, it is certainly based on much more than will ever or should ever be in the public domain. Meanwhile, the attempts to recruit human assets in Tehran and elsewhere will continue.
This blog was written by Philip Ingram MBE a former Colonel in British Military Intelligence who has worked in the Gulf region. Please go to contact us if you want further comment from him.
How can we be certain, the intelligence game?
In the run-up to the action in the early hours of Sat 14thApril to bomb very specific targets in Syria to send a clear message, not just to Bashar Al-Assad but the world, that the use of chemical weapons is completely unacceptable, I have noted with sadness the large number of dissenters questioning the decisions of 3 elected heads of state, who represent the worlds policing body, the P5 of the United Nations Security Council.
Even after the attack, we have the leader of the opposition calling it illegal, questioning the decision making and the evidence to say it was Assad who carried out the horrific chlorine attack on Douma killing countless women and children.
The reports that came out of Douma alongside video released by the Syrian civil defence force, the White Helmets was not the evidence or intelligence the leaders of the USA, France and UK used to make their decision to bomb Syria, it was merely the initiator of a complex, layered process to understand what happened.
For the uninitiated, I am going to describe the sorts of processes that are in place to ensure that our leaders know that Assad’s forces were behind the chemical attack. I am leaving myself open to criticism as I cannot go into the real detail of how systems work and what their exact capabilities are, but I ask that people recognise I have used these systems and processes in the past, I have personal experience. Also, intelligence can be wrong but the more independent sources used and the fact here there would be 3 independent national collection and assessment operations reduces that possibility enormously.
The Middle East and Syria, in particular, is a focus for the intelligence capabilities of many countries involved or affected by the conflict. These will include the USA, UK, France, Russia, Turkey, Israel, Iran and many more. It is a part of the world with a huge volume of intelligence gathering platforms listening, sniffing, watching, reporting every piece of activity. Banks of analysts will be trying to analyse and interpret that activity, 24/7, 365 days a year – the intelligence cycle of direct, collect, analyse and disseminate is unending.
So, starting with the video from the White Helmets it gave a possible activity at a claimed time with a claimed weapon, how can we know it was a chlorine bomb dropped from an aircraft by Assad’s forces?
Once the reports started coming in, the banks of analysts pouring over their intelligence databases will have started to put together the questions they need answering, and looking for information collected that relates to those questions. The first in this instance would be – was there an aircraft at the claimed time over Douma and if so what type was it, where did it come from and who owned it?
AWACS Airborne early warning aircraft and other capabilities are watching all aircraft movements on a continual basis – they can track hundreds of movements simultaneously and will know if one was there, what type of aircraft it was, civilian/military, fixed wing/rotary wing and possibly even the callsign and model. They will know where it took off from, the route it took to Douma and where it went back to and the route with the exact times of all activities.
Cross-referencing the movement with signals intelligence data gathered from the aircraft, ships, UAVs and other assets hoovering up all radio traffic and more, there will be recordings of the aircraft’s crew checking in with their air traffic control and operational base. Those recordings will be translated, and translations checked.
So, we now know there was an aircraft in the right vicinity at the right time and we know where it came from and when. Imagery Intelligence of the base it flew from the moment it took off going back in time will be poured over by imagery intelligence specialists looking for the preparation of the aircraft, the weapons being loaded onto it, the crew joining it and everything that happened prior to it taking off. That capability exists and can be cross-referenced with capability from partner nations.
It will take time, but the loading of the aircraft will have been photographed. From those pictures an assessment of the weapon can be made – a barrel bomb is not easy to hide from the prying eyes of Western Intelligence. Once that assessment has been made and the number and types of vehicles used to move the weapon to the aircraft identified, the next task is to find the convoy which brought the bomb to the airfield. Intelligence gathered by the likes of the US JSTARs or UK Sentinel R1 can look for movement from known weapons dumps to the airport over a period of time. Various possibilities will be identified and will be cross-referenced with detailed imagery analysis of all of these sites and communications to and from the sites. The picture is building.
Human Intelligence (HUMINT) agents on the ground and Signals intelligence (SIGINT) assets will have been tasked to see what they can find out, what are personnel from the bases saying? What are the discussions Syrian military and political decision-makers having? How are they reacting to the international condemnation? What is being said between Assad’s people and the Russians? What are the Russians saying back to Moscow? Information in little snippets will be being fed to the analysts, agents will be talking to their contacts, supercomputers will be cross-referencing thousands of communications.
It is highly unlikely that there will be a report of the clarity, “Hello base, this is the heli, we have just dropped the chlorine bomb on Douma and are returning to base, over.” But what our intelligence will have told us is there was a Syrian aircraft over Douma at the time the alleged incident occurred, that aircraft came from an airfield where an object consistent with a barrel bomb was seen to be loaded. That object is consistent with one loaded onto trucks from a known chemical weapons storage site. HUMINT and SIGINT will add further context.
Intelligence is an art, scientifically approached, it can be wrong, it never (well rarely) gives a 100% picture, but we can be confident that the picture it does give is pretty close to what actually happened.
What I have described above is not necessarily what happened in the run-up to the decision to attack Syria but it will be in the right ballpark….
Note: This blog is written by Philip Ingram MBE, a former British Army Intelligence Officer who has served in the Middle East and Cyprus. If you would like any further comment from Philip, please contact him by clicking HERE