Coping with Russia’s Penetration of Ukraine’s Security Service

Coping with Russia’s Penetration of Ukraine’s Security Service

In a 30 December 2014 article in Mashable, Christopher Miller described how Ukraine’s intelligence organization, the SBU, was thoroughly penetrated by Russia during the Yanukovich (and previous) years – and how the SBU is now struggling mightily with the consequences of that penetration. This blog post examines what that penetration has meant, and continues to mean, for the government of Ukraine as it struggles to cope with ongoing Russian government subversion and armed aggression in the Donbas region. It also offers some recommendations for how the SBU can recover over time.

Sluzhba Bespeky Ukrayiny (SBU)

Formed in September 1990 in what was then the Ukrainian Soviet Socialist Republic (part of the Soviet Union), the Security Service of Ukraine (SBU) was the direct successor to the Soviet KGB. As such, when Ukraine gained independence in September 1991, Ukraine’s SBU was completely staffed with Soviet-trained and vetted intelligence officers. Subordinate to the Ministry of the Interior, the SBU is responsible for:

  • State security (including secret police tasks);
  • External security and non-military intelligence;
  • Counterintelligence;
  • “Crimes against state and people” (counter-terrorism, smuggling, weapons trade, etc);
  • Personal security for Ukraine’s President, the Verkhovna Rada (Ukraine’s parliament), and other officials and institutions.

February 2014 Raid on SBU and Key Defections

Immediately prior to fleeing to Moscow on 22 February 2014, Ukrainian President Viktor Yanukovich ordered the ransacking of Ukraine’s Security Service (SBU). Those orders were carried out with violence, speed and efficiency: Not only did perpetrators destroy countless computer hard drives and flash drives, but also stole data pertaining to 22,000 SBU officers and sources, as well as “anything documenting decades of cooperation between the SBU and its Russian counterpart, the Federal Security Service, or FSB.” Four days later, the Director of the SBU, Oleksandr Yakymenko, turned up in Russia – where he, four other senior SBU officers, and around a dozen subordinates had defected.

Putting Events into a U.S. Context

In terms of its domestic counterintelligence responsibilities, Ukraine’s SBU is analogous to the Federal Bureau of Investigations (FBI) in the United States. Just imagine the consequences for the U.S. if the Director of the FBI, his principal deputies, and other key personnel defected to a country hostile to the United States – right after ordering and achieving the destruction of all FBI computer hard drives and files containing intelligence and source data.


The SBU’s current director, Valentyn Nalyvaichenko, continues to grapple with the February 2014 raid – and with the consequences of having inherited an intelligence agency riddled with intelligence officers of unknown loyalties. To date, 235 SBU officers – including the former chief of counterintelligence (CI) and his cousin – have been arrested. 25 High Treason investigations have been initiated. All SBU regional directors have been replaced, as have half of their deputies.

Operational Consequences

One anecdotal example Miller relates illustrates the devastating consequences Russian penetration of SBU has had: In April 2014, the SBU started planning for its elite Alpha unit to conduct an operation to capture former Russian FSB colonel and Donbas region separatist leader Igor Girkin (aka Strelkov). The SBU learned Girkin had been spending time at a checkpoint on the edge of Sloviansk, and began making preparations to capture him. However, Girkin was tipped off by an informant inside SBU and avoided capture.

Impacts on Ukraine in 2014

  • The Russian operation to annex Ukraine that played out in March-April 2014 was a well-planned and orchestrated military operation. Key to the success of such an operation is reliable intelligence; one clear Russian objective in that operation was to gain control of Crimea without having to fire a shot – an objective whose accomplishment was clearly furthered by having accurate information as to the capabilities, loyalties, and intentions of key Ukrainian military and government personnel based in Crimea – and back in Kyiv.
  • SBU intelligence assessments of their own military, political and economic vulnerabilities are now in Russian hands.
  • The SBU’s source network, at least as of February 2014, must now be considered totally compromised.
  • Doubtless there remain some disloyal SBU officers who did not defect to Russia, and who remain in place within the SBU as “stay behind” assets.
  • SBU sources acquired since February 2014 may also be compromised, as Russian agents within the SBU may have access to source dossiers – or could even be those sources’ handlers themselves.

What SBU Penetration Means for Ukraine Now

  • The struggle between Ukraine and Russia has been, and will continue to be, first and foremost an Information War. Russian intelligence services’ penetration of the SBU provides the Kremlin with considerable advantages in such a struggle.
  • Foreign Intelligence Services (to include those of the U.S. and NATO countries) willing to cooperate with the SBU must assume there is a significant risk that information shared with the SBU will end up in the hands of Russia’s FSB. This situation severely hampers the Ukrainian government’s ability to benefit from the intelligence capabilities, and intelligence information, of friendly nations.
  • The SBU’s inability to trust its sources, agent handlers, and officers with access to source information and reporting seriously hampers the efficiency, efficacy, and reliability of the organization. How can the SBU be sure that certain reported information is not simply Russian desinformatsiya, intentionally inserted by Moscow into Ukrainian hands via a double agent conduit? How can the SBU carry out its duties without the risk of a mole tipping off the adversary, as reportedly happened in the Girkin operation?

What the SBU Must Now Do

SBU Director Nalyvaichenko has the unenviable task of having to clean up the SBU while at the same time carry out the various missions of the organization in the midst of a governmental financial crisis and conflict with Russia and its heavily-armed proxies in the Donbas region. All intelligence organizations must be able to trust their officers, the reliability of their sources, and the integrity and security of source biographic data and reported information. This is certainly the case in peacetime, and doubly so in periods of international tension or conflict. To achieve that end state, the SBU will need to implement the steps listed below.

Enlist Competent and Reliable Outside Assistance

When it was formed in 1990, the SBU inherited KGB staff, tradecraft, methodologies, processes and procedures. For more than two decades thereafter, the SBU “benefited” from a close working relationship with Russia’s FSB. Now that the SBU’s relationship with the FSB is an adversarial one, Ukraine must turn to the US, NATO, and other countries for advice and assistance. This assistance can, and should, extend to the training of new SBU officers: Newer SBU recruits of greater presumed loyalty to Kyiv will lack the training and years of field and agent handling experience of former SBU officers. Outside assistance can also yield the SBU new capabilities and bilateral intelligence exchanges.

Vet Existing and New Staff

Since February 2014, a primary task for the SBU has been the urgent need to weed out officers of questionable loyalty and integrity. Better for the SBU to have, say, 40 vetted and reliable officers than 100 offices on the payroll whose reliability, loyalties, and/or integrity are in doubt. But accomplishing this task will not be easy: As in other former Soviet republics, Ukraine post-1991 has suffered from rampant corruption across government agencies. According to Miller’s article, SBU salaries are low, averaging $200 a month. Doubtless an SBU officer “moonlighting” as a Russian FSB source could significantly augment his meagre Ukrainian government-provided income. The SBU will need to either create, or beef up, its Internal Affairs (IA) section. Even now, SBU officers are subject to periodic interviews and polygraph examinations. However, polygraphs are by no means infallible, and certainly not foolproof; Russian intelligence services presumably train their assets in counter-polygraph techniques. IA officers need to pay close attention to things as inexplicable or sudden wealth, lifestyle changes, overseas travel and bank accounts. (Had the CIA done that sort of thing years earlier, for example, they might have caught on to – and arrested – Russian spy Aldrich Ames much sooner than they did.)

Implement a Vigorous Asset Validation Program

Not only SBU officers, but also SBU sources must be thoroughly vetted and periodically tested and validated. This is one area in particular where the SBU could benefit from advice and assistance from such foreign partners as the FBI, Great Britain’s MI5, Germany’s Ministerium für Verfassungsschutz (MfV), or others.

Enforce Need-to-Know

Clamping down on access to source identifying data and source-provided information is a necessary practice for any intelligence organization – and doubly necessary for an SBU in the throes of recovering from penetration from a now-hostile foreign intelligence service.

Restrict Access to IT Systems

The destruction of SBU computer hard drives and memory devices in February 2014 demonstrates the threat that this information posed to Russia – and, conversely, the value that it had to the Ukrainian government. Presumably, the SBU is in the process of completely revamping its approach to storing and safeguarding information on IT systems with the objectives of ensuring the authenticity, accessibility, reliability, and security of information. Under the most ideal circumstances, this would be a daunting task. Having to do it in a resource-constrained environment in a time of conflict and with personnel of uncertain reliability and loyalty would be a nightmare scenario for any organization. This is another area where outside assistance would be especially beneficial to the SBU.

Conduct Offensive Counterintelligence Operations

“When life hands you lemons, make lemonade.” As the SBU uncovers “dirty” officers and/or compromised source operations, it should dispassionately assess the opportunities for exploiting those as conduits back to the FSB – perhaps to surreptitiously pass misleading information to the FSB, for example. After all, giving the FSB reason to question the veracity of information and reliability of source in Ukraine would be some measure of poetic justice for the SBU.