Professor Philip H. J. Davies
On 10 June, 1978 a 31-year-old Red Army captain defected to the UK’s Secret Intelligence Service (SIS, aka ‘MI6’) in Geneva. Vladimir Bogdanovich Rezun was an officer in the GRU (Glavnoye Upravlenoye Razvedivatelnie), Russian defence intelligence, who would later write a succession of nominally factual books as well as fiction under the pseudonym Viktor Suvorov. At the time, GRU personnel were rare catches and SIS, as far as is known, had not run a significant GRU source since the demise of Oleg Penkovsky in 1962. Rezun was, unsurprisingly, a font of valuable information about the organisation, personalities and working methods of the GRU. But amongst the more significant themes on which he reported was the GRU plans for sabotage operations in the event of a war between the Soviet Bloc. These plans focused on two principal strategies. The first was infiltration of Spetsnaz special forces (in the UK most likely by air or sea), and longer term recruitment of often illegal sleeper agents that GRU designated ‘sabotage agents’. Sabotage agents stood in contrast to what GRU termed ‘procurement agents’ because, as their name suggests, their role was sabotage and assassination rather than the procurement of information. In theory, sleeper sabotage agents would like fallow until activated, presumably on or shortly before the outbreak of war between the Warsaw Pact and NATO.
The GRU’s sabotage agents had two main classes of target. The first was the basic armature of warfighting – military equipment and facilities, logistical centres and infrastructure, nuclear weapons storage sites and the industrial base for what used termed ‘economic warfighting ability’. Second was what Rezun termed ‘anti-VIP’ actions, essentially the assassination key figures in the political and military leaderships.[1] According to journalist Gordon Brooke-Shepherd, Rezun’s information was instrumental in the delivery of ‘the largest military home defence exercise … in Britain since the Second World War’, operation BRAVE DEFENDER in 1985. Although it was executed some seven years after his defection, BRAVE DEFENDER was specifically designed to game out defence against Spetsnaz and hypothetical sabotage agents.[2]
The sabotage threat wasn’t, or shouldn’t have been, news. In April 1971, a KGB officer in London called Oleg Adolphovich Lyalin had defected to the UK bringing details of the KGB’s wartime irregular warfare plans and methods run by Department V of KGB’s foreign operations First Chief Directorate.[3] Just over a year later in September 1972, as part of a wider reorganisation, the Intelligence Corps established 163 (Counter-Intelligence) Section. According to Corps historian and former member Nick van der Bijl, this was ‘the key specialist counter-sabotage section’ tasked to ‘survey Key and Vulnerable Points against attack by Soviet special forces, or Spetsnaz, during the Transition to War Phase’ of any conflict with the Soviet Bloc.
Counter-sabotage is one of the three traditionally central missions of counterintelligence, alongside counterespionage and countersubversion. But sabotage has typically been regarded as a low threat priority in peacetime. At the national level, it was a central task of MI5’s Counterespionage Division during the Second World War. After the war, however, the threat of actual kinetic attack by nation states receded significantly, especially because of fears about potential escalation of conflict during the protracted Cold War nuclear stand-off. As a result, the counter-sabotage function waned in significance. While it remained a requirement for counterespionage operations (as in the case of Lyalin), it was otherwise subsumed as essentially an aspect of physical protective security within MI5’s omnibus protective security C Branch. And so it remained, apart from intermittent flashes of alarm from incidents like the Lyalin and Rezun defections.
After the end of the Cold War, Security Service priorities shifted almost exclusively to a focus on counterterrorism. Even before 9/11, terrorism occupied two entire Branches and consumed more than half of MI5’s total operational investment.[4] At its lowest ebb, protective security and counterespionage were so diminished that C Branch fused with the counterespionage K branch, along with counter-organised crime functions that had been added as an afterthought in 1995. Together they became a sort of ‘anything not actually terrorism’ as D Branch.[5] In 2007, the remnants of the erstwhile C Branch, now called the National Security Advice Centre (NSAC), were hived off and combined with an external infrastructure protection unit to become the Centre for the Protection of National Infrastructure (CPNI). Housed within MI5 but comparatively outward facing, CPNI was chiefly concerned with ‘terrorist bombs’, insider threats and especially cyber threats.
To be sure, terrorists are non-state actor purveyors of sabotage. But while the outcomes of terrorism and state actor sabotage may be similar, the root causes are entirely different. Moreover, the resources available to a nation-state’s special services are of a different order from violent non-state actors, however well they may be resourced. CPNI’s work has been since taken over by the National Protective Security Authority (NPSA). NPSA it appears as focused on the state espionage and cyber threat as CPNI was on terrorists and cyber threats. This effort to engage with state threats comes across, frankly, as too little too late.
As a result, the west has had three decades to collectively, institutionally forget about the threat from nation-state sabotage. For three decades the democracies have starved the counter-sabotage mission of resources, personnel and significance in the requirements and priorities that are the first premise of intelligence operations.
Recent events make it apparent that this attitude is no longer sustainable, has not been sustainable for many years, and probably never was sustainable at all. The appearance in the press recently of an explosion at a BAE weapons manufacturing facility at Glascoed in Wale on 17 April two days after a fire at Scranton Army Ammunition plant in Scranton, Pennsylvania in the US may, or may not, be connected and may, or may not, have been the result of sabotage (indeed, it is not a simple ‘either/or’ – one or the other may have been sabotage as well as both, and possibly also neither). Together they make a worrying coincidence, but combined with other events that have been attributed to the GRU over the last few years they suggest the alarming likelihood that the GRU has returned to its Cold War ways but with a willingness to activate and use its sabotage agents rather than leaving them to lie fallow before some ultimate NATO-Russia crisis. There has been a steadily escalating sabotage campaign against defence facilities and industry in Central and Eastern Europe for some time. Bellingcat has credibly attributed the 2014 bombing of the Czech Vrbetice munitions Depot to the GRU’s Unit 29155, as well as the 2018 poisoning of officials from the Bulgarian defence manufacturer EMCO (sometimes given as EMKO) to, followed by explosions at EMCO’s factory in 2023.
To a certain degree, the recent spate of sabotage operations – whether or not they include the Glascoed and Scranton incidents – look outwardly like something of a break with Russian Cold War practices (or, perhaps, our perception of those practices). That precedent is one where paramilitary operations, especially ‘wet operations’ or assassinations, have typically been directed against Russian nationals and entities operating in the West. Reaching out to murder an Aleksander Litvinenko or trying to kill a Sergei Skripal (and his daughter) might be presented as essentially the extraterritorial application of Russian domestic jurisdiction. In a rather formal sense, the attacks on Litvinenko and Skripal were not attacks on the UK even though they were attacks in the UK and in any realistic sense violations of UK sovereignty.
This does not describe the recent run of sabotage operations against foreign nation states. Yes, they are often in the supply chain of military support to Ukraine, but they are not Ukrainian assets as such (although some targets have been). But they also constitute unambiguous attacks on the sovereignty of the states being targeted. If the GRU is undertaking what been called ‘implausibly deniable’ kinetic operations against Western targets in the West as opposed to Western assets being caught in the crossfire, this raises a range of serious concerns that need to be addressed sooner rather than later:
The first is what we need to do immediately to up our counterintelligence and especially counter-sabotage game. The second the question about the current state of Russian strategic thinking that the Cold War fear of escalation no longer inhibits their willingness to engage in paramilitary actions against NATO directly. The third is the point at which such attacks constitute and have to be formally designated violations of NATO’s Article 5 commitment to collective, mutual protection. And, perhaps more crucially, fourth there is the question of the quality and confidence of the evidential judgements that publicly attribute culpability to invoke NATO’s Article 5 in response. It could quite reasonably be argued that the most important but least appreciated lesson from the 2003 invasion of Iraq is that one does not go to war on the basis of estimative intelligence. There has to be, pardon the phrase, smoking gun evidence. And if an Article 5 response is considered as an option, what level of escalation is justified and feasible?
And finally, if the escalatory impact remains below Article 5, what should we do in response? Is it going to be sufficient to opt for enhanced passive defence, up-resourced investigations and intensively hardening targets? Or does there need to be a more aggressive response that prioritises– as Jack Watling and his co-authors suggest – exposing and disrupting the apparatus that delivers Russian irregular warfare? Or is it even time to consider a clandestine counter-offensive of our own? Rory Cormac[6] has argued that while the UK has a long history of irregular warfare of our own, they have always been formulated and justified within Whitehall has defensive ripostes to prior subversive offenses by other states. The UK and her allies spend a lot of money on highly capable clandestine services. One might usefully ask whether we are using their potential to best effect in the current implausibly deniable conflict.
[1] For an overview of Rezun’s information on GRU sabotage agents see, e.g. Suvorov Soviet Military Intelligence (London: Hamish Hamilton, 1984) pp.147-154, Gordon Brooke-Shepherd The Storm Birds: Soviet Post-War Defectors (London: Wedenfeld & Nicholson, 1988) pp.225-228, Brooke-Shepherd The Storm Birds p.198.
[2] Brooke-Shepherd The Storm Birds pp.225-226.
[3] Christopher Andrew Defence of the Realm (London: Allen Lane 2009) pp.567-568,
[4] Security Service. MI5: The Security Service 3rd Edition (London: HMSO 1998) pp.9, 28.
[5] Andrew Defence of the Realm pp. 864
[6] Rory Cormac Disrupt and Deny: Spies, Special Forces, and the Secret Pursuit of British Foreign Policy (Oxford: Oxford University Press, 2018) passim.
Intelligence Studies Review 
Leave a comment