What Healthy Counterintelligence Culture Looks Like
Here's the exact framework you should be building.
Most groups treat counterintelligence (CI) as a reactionary protocol, or something you do when you suspect a breach or infiltration. The problem is that CI isn’t a checklist that’s titled “Use in Case of Emergency.” Healthy, effective groups use it as a mindset baseline and part of a disciplined culture.
Daily, embedded counterintelligence should be part of your everyday operations, and today we are going to break down what it looks like, what it does, and how to implement it.
What Counterintelligence Culture Is and Isn’t
CI culture, at its core, is a facet of your overall group Orientation. While many think of it as the “fed-catching” side of things, the truth is that it’s much more than anti-infiltration. If intelligence is the act of collecting, analyzing, and disseminating information for decision-making, then counterintelligence is the discipline focused on denying, disrupting, or even deceiving that process when it’s aimed at you and your group.
A healthy CI culture is:
Behavioral discipline
Information control
Normalization of risk-awareness
The umbrella that oversees a robust vetting process
Movements and groups that fail at CI are subject to infiltration, but they will also miss the internal cultural rot that is present before the infiltrator shows up—which is, by the way, how they get in.
Core Principles of Day-to-Day CI Culture
Default Minimalism
The concept of need-to-know isn’t considered rude in CI culture. It’s literally the baseline. One facet of a toxic group is that bad is good, and good is bad; this means that healthy processes are called toxic, and actual toxic or dangerous behaviors are framed as The Way It Should Be Done(tm). When it comes to need-to-know, a toxic group will view it as information hoarding, and it causes drama and dysfunction. In a healthy group, everyone is on board with the concept.
Normalized Vetting Behavior
This is another thing that toxic groups will balk at. Real CI culture asks questions of prospective members. Even more ideally, they observe and vet before inviting them in (remember the closed recruiting model?). At the absolute least, a very long and detailed process should exist, and every single person in the group should have gone through it.
Behavioral Discipline Over Charisma
In a healthy group, people do not get promoted for being bold, loud, or intense. Instead, they are chosen because they are controlled, clear, and competent. If your group tends to view intensity as leadership, that is not a CI culture; you have a problem.
Internal Surveillance Done Right
While the phrase “internal surveillance” might conjure up this idea that everyone in the group is spying on each other, that’s not what I mean. You’re not spying on each other; you’re noticing patterns and inconsistencies, flagging shifts, and understanding when the group starts to drift. If you’ve ever heard the phrase “safety is everyone’s responsibility,” then you can understand this. CI isn’t just something your intel officer does. Every member is involved in the tracking, and every member is expected to bring those concerns to the front.
Containment Before Exposure
Toxic or drama-driven groups thrive on the chaos created when a threat is exposed, usually loudly and publicly (at least within the greater resistance community). This is not how it’s done. Don’t out a potential problem without preparing. Isolate the problem, verify it, and then act.
Don’t go to the other extreme either, where you investigate forever but never act. If you have a verified threat, don’t just sit there and do nothing while claiming you’re “still observing” or that you have a “mitigation plan.” Threats are still threats, even if your hubris tries to convince you that you can manage it internally.
Group Practices That Build Your CI Health
Structured Debriefs: After every action or meeting, debrief what worked and what didn’t. Who showed drift? What signals were missed? Be honest while following the rules for constructive conflict. None of this should be personal, and healthy people won’t take it that way.
Pre-briefs With Cover for Action: Rehearse the “why” and “what” of every action. Practice talking to outsiders. Put as much time into understanding and training for information operations (both incoming and outgoing) as you do any other area.
Red Team Exercises: Designate people to simulate infiltration or testing of OPSEC. There is no substitute for practice.
Cross-role Redundancy: No one should be a single point of failure. Knowledge is spread to all. But please note that knowledge and skills are not access. That still comes under need-to-know.
Signs You Don’t Have a CI Culture, and Answering Your Objections
If you’re wondering about your group and unsure if you really have a CI culture because there are some problem areas but also some solid ones, here’s a list of problem behaviors for you, as well as the objections I typically hear.
Planning and decision-making happens in unencrypted or public platforms.
OBJECTION: “I’m part of a group that is so spread out that we HAVE to use online messaging, and some of the folks aren’t tech savvy enough to use encryption and all of that.”
You have a problem, not a CI culture.
Dissent is labeled disloyalty.
OBJECTION: “We don’t do drama; if a member has an issue, we kick them or get them to leave, because we aren’t going to have problem members.”
The problem member is you.
There are “golden calves”—untouchable people or topics.
OBJECTION: “There’s no need to discuss __________ because people get really upset. We just agree to disagree on it, or members keep that stuff to themselves. We focus on unity.”
No, that’s toxicity.
No one is tracking behavior patterns.
OBJECTION: “We don’t have time to spy on our own members, and we think that’s unethical. We’re focusing on getting things done.”
It’s not unethical to pay attention to the dynamics in your group and head off problems before they get out of control. It’s not spying on your members, and your focus on “getting things done” is completely subverted by the toxic culture that is absolutely growing in your group.
Rewiring Your Group
You’ve gotten this far, and you’re willing to admit that there might be some issues. How do you fix them? There are three areas you should look into right away.
Recruiting: This is the absolute first thing you need to overhaul. Stop taking on new members at all until you fix your vetting process.
Logistics: Secondly, look at your group’s gear and capabilities. Who knows about it? Who has access? Why do they have it?
Communications: How do you talk to each other (methods, security protocols, level of intimacy online)? Are you hanging out in group chats where everyone talks about their kids and daily routines? Are you on an unsecured zoom call once a week where anyone who has the password can get in? Do you deviate from the standard protocol for one or two members who either can’t seem to get up to speed or simply refuse to use the approved methods?
Introduce CI to your group by starting with ‘what-if’ drills, done in a classroom or discussion environment. Model it in your own leadership. Do daily check-ins to drive the points home and figure out where the weak spots are. The culture in your group will shift when the average member starts thinking from a CI perspective.
Your culture is what invites the infiltrator. It erodes member safety and trust, and fixing the problem is a lot harder than just preventing it. CI is a discipline that is consistently practiced, taking responsibility for the structures that make your group work.
Don’t wait for something to go wrong; instead, build the culture that will keep it right.