Intelligence and the War in Ukraine: Part 2

52021818600_9db90d1279_k (2)

Editor’s Note: This is the second article in a series on intelligence and the war in Ukraine. The first article was published on May 11, 2o22. 

The conflict in Ukraine provides a window of dichotomy, simultaneously highlighting the successful use of operational intelligence collection and analysis by the Ukrainian government and its allies, and the collective weaknesses within Russian collection, analysis, and decision-making. High-level intelligence sharing, the leveraging of crowdsourced open source intelligence, and sharp, flexible strategic planning have thus far provided advantages to the Ukrainians. In contrast, Russia’s demonstrable weaknesses on the battlefield stem from seemingly self-imposed limitations, largely led by the bigotry of low expectations when assessing Ukrainian capabilities and morale.

The Ukrainian government and armed forces have proven highly adept at capitalizing on the intelligence failures of Russia, leveraged by intelligence expertise of their own. This results from eight years of experience in Donbas, and more recent training using NATO standards, in which highly integrated and technologically sophisticated intelligence, surveillance, and reconnaissance take a central role in doctrine. And, as with strategic intelligence, this has also transmuted into a distributed, globalized, even “democratized” enterprise as open source information has exploded in terms of scale and capabilities. Increasingly detached and dissociated from the global open source intelligence revolution, Russia mounted its attack on Ukraine entirely unprepared to fight a war in the 21st-century intelligence environment.



The Initial Failed Estimate: Intelligence and Operational Planning

Intelligence supports an operational-level military campaign throughout, but generally has two major phases: intelligence support for planning, then intelligence support for the execution of the planned operation. While the difference is vague, the planning phase tends to have more of an analytical component, whereas the support to the operation is dominated by current intelligence collection. The foundation of intelligence analysis is done in planning—what NATO forces call intelligence preparation of the environment. In the absence of this, not only do operations have a greater chance of going badly, but recovery from errors will be more difficult, as current collection will be based on incorrect initial assumptions. It appears to be the case that Russia’s war in Ukraine was based on poor initial intelligence preparation from the beginning, and that they have been very slow to recover from these errors and flawed assumptions.

While Russian staff procedures are different from those of NATO, all military decision-making processes follow similar steps: understand the mission, conduct intelligence preparation, develop courses of action, evaluate and choose a likely course, and then finally develop orders. Here we look principally at the intelligence aspect, or what Russia experts Lester Grau and Charles Bartles roughly define as the second step of the Russian military decision-making process. Intelligence preparation is itself a process of multiple steps: Loosely speaking, staff evaluate the physical terrain, the adversary’s current capabilities and doctrine, and their assessed intent, and integrate these to determine the adversary’s likely courses of action. These are the basis of how the staff develop their own plans to defeat the enemy according to the commander’s intent. Since it is so fundamental to the development of operational plans, intelligence preparation ought to be done rigorously by competent officers. It ought to be built on solid intelligence collection about the adversary, and the analysis ought to be objective. Assessing an adversary’s intent, or the morale of their soldiers, is difficult, but it can and should be done honestly.

The Russian staff, however, does not conduct planning processes in such a deliberate way, preferring a faster decision cycle — arguably a sound choice if competently done. The directives of the commander are presumed correct, and the staff only determine the specific tactics of how to execute the order. They do not base planning on intelligence preparation to the extent NATO armies might. Instead, they do a more limited (but much more mathematical) correlation of forces and means analysis. This analysis helps the staff pick which tactical option from a limited set will execute their orders.

Russian President Vladimir Putin seems likely to have swayed this kind of analysis. A Russian intelligence service recently analyzed the political sympathies and attitudes in Ukraine, and their findings — the subject of a report by the Royal United Services Institute think-tank — seemed to indicate discontent in Ukraine with the existing political order. Rather than viewing these as “snapshots in time,” which might be changed by Russian intervention, Putin seems to have read the findings as confirming his preexisting notions. Indeed, Moscow entered the war believing that opposition to Kyiv from the Russian-speaking eastern part of Ukraine would result in a quick win. Vladislav Surkov, one of Putin’s close advisers, said in an interview in 2020 that “there is no Ukraine. There is Ukrainian-ness. That is, a specific disorder of the mind.” Putin in turn repeated these terms in his speech right before the invasion, saying, “Ukraine has never had its own authentic statehood.” No dissent from this line is perceived in any Russian open source reporting.

Putin believes Ukraine is or ought to be Russian, and whatever passed for intelligence preparation of the environment may have confirmed this in his mind. This view certainly influenced the ranks as the key planning consideration for Russia’s military. Russian troops appear to have been told that they were there to eject the “gang of drug addicts and neo-Nazis” that were Ukraine’s government, and the Ukrainian people would welcome them. They apparently packed dress uniforms for the expected parade.

We can infer that Russian intelligence services supported Putin’s view of Ukraine as a state ready to be absorbed. Bellingcat’s Christo Grozev suggests that in early April, Putin sacked more than 150 Russian intelligence officers, including the Federal Security Service’s Fifth Service chief, Gen. Sergei Beseda, “for reporting unreliable, overly optimistic information concerning Ukraine,” which suggests a military and political culture of providing inaccurate or outright deceptive intelligence upwards. This move, if true, underlines the hypothesis that Putin believed a false picture of the kind of war he was getting into.

Evidence of this culture was broadcast on television during the pre-invasion meeting of the Russian National Security Council. Putin publicly humiliated the director of the Russian foreign espionage service, Sergey Naryshkin, into agreeing that it was a good idea for Russia to formally recognize the two breakaway Donbas republics and so begin the path to war. We see an intelligence leadership that was not at all intellectually honest with itself or its principal customer. It was widely understood that honesty would be rewarded with humiliation, imprisonment, or death. As David Gioe and Huw Dylan argued in The Washington Post, “either [Putin] ignored the advice of his national security and intelligence advisers; or, as with so many authoritarian leaders before him, he set the conditions under which his subordinates only told him what he wanted to hear.” Neither speaks well of his capacity as a wartime leader.

The results of this institutional assumption played out in the first week of the invasion. Russian forces failed to destroy Ukraine’s air force or air defense system, and so failed in their air assaults to capture Hostomel airport. They continued to reinforce this assault despite Ukraine’s integrated air-defense system still operating and Ukrainian units counter-attacking vigorously, causing crippling casualties and the decimation of Russia’s professionalized airborne units. In addition, Russia had insufficient logistical preparation for an operation lasting longer than four days, and restricted the use of offensive fires (artillery, air, missile strikes) during assaults to prevent damage to civil infrastructure. Other flaws in the Russian military system, and its seeming inability to adapt, have been described elsewhere. We can say, however, that a poor initial estimate (or perhaps more general intellectual dishonesty) seems to underlie much of Russia’s disastrous invasion plan.

One estimate that Putin and his analysts likely made, which may not have been inaccurate at the time, is that the West would not support Ukraine. Since the West — and Europe specifically — did not react to the 2008 invasion of Georgia or the 2014 invasion of Ukraine, why would they react now? Putin had always gotten away with his bold moves. This might be explained by the fact that Georgia was outside the West’s area of interest, and in Crimea Putin achieved genuine surprise. Neither condition was true this time. Regardless, it surprised many observers that Europe has reacted as vigorously as it has to the invasion. Arms now flow in from most states (with Germany an increasingly isolated hold-out), and public support for this is very high in most countries. This was not a given in late February.

Russian Operational Intelligence Failings

One failing of the Russian Federation Army that has received a lot of attention is the battalion tactical group, a product of its “New Look Reforms” (introduced in 2012). The failure of these tactical groupings, and the Russian military generally, are manifest, and were apparent to Western and even Russian analysts for some time. On the intelligence front, the battalion tactical group suffered from its generally small headquarters, which lacks the horsepower for tactical-level intelligence tasks that larger formation headquarters might have. Even the scope of its collection is compromised by the small headquarters and low level of organization. One U.S. service report notes that in the intelligence sphere, the battlegroup mostly has narrow-view tactical systems, and “little general coverage.” To coordinate tactical drone assets, battalion tactical group command and control “requires co-location of maneuver companies and intelligence, surveillance and reconnaissance […] personnel in tactical-assembly areas, which become high-payoff targets.” The Ukrainians were not blind to this.

Communications security also seems to be a casualty of Russian expectations for a short campaign. Early reports suggested that Russia’s communications infrastructure performed poorly on the battlefield, especially cutting-edge encrypted Azart and Akveduk radios. The result has been that the Russian forces have relied heavily on in-field makeshift solutions using mobile phones or unencrypted high-frequency radio that the Ukrainian military — and even radio enthusiasts — have easily intercepted. The Russian-made Era phone system relies on a cellular network to function, but Russia’s own fires destroyed mobile phone towers in many parts of the country, in turn constraining the Russian forces’ ability to use secure phones and forcing them onto open comms systems. This has certainly provided an intelligence boon to the Ukrainians.

In March, the intelligence arm of Ukraine’s defense ministry broadcast what it claimed to be an intercepted phone call between two FSB officers discussing the death of Maj. Gen. Vitaly Gerasimov, chief of staff of the 41st Army, along with several other officers. The claim was later verified by Bellingcat. “While Ukrainian forces may be numerically inferior on the battlefield,” according to one report by the RUSI think-tank, Russia’s poor communications have given the Ukrainians the signals intelligence edge: “By detecting and locating sources of RuAF [Russian armed forces] radio transmissions, Ukrainian forces can find, fix and engage the enemy kinetically and/or electronically.”

Exacerbating this problem has been Russia’s complete failure to implement even elementary security measures. Counter-intelligence, surveillance, and reconnaissance provides commanders with an awareness of the capabilities being deployed against them by their adversaries. This in turn informs the operational security and deception measures vital to achieving freedom to maneuver and avoiding interception or pre-emption by a better-informed opponent. Russia and outsiders both have long perceived the Russian superiority in denial and deception. We even use their term, maskirovka. Now, their only successful deception appears to have been self-directed, a reflection of their poorly executed “correlation of forces and means” analysis. The result has been the death of many commanders, including, at the time of writing, nine general officers and more than 30 colonels. While generals have never been immune to enemy fire, the issues of command and control in the Russian army — especially the need to push forward stalled operations — are likely contributing to their unusually rapid demise in Ukraine. The degradation of staff and command officers is certainly multiplying Russia’s problems in its campaign and poses a long-term challenge for recovery.

An aspect of operational intelligence planning that has played out in Russian operations is their apparent inability to change their tactical approaches when meeting with defeat or failure. Good intelligence preparation provides an estimate of the adversary’s most likely course of action and their most dangerous. While one plans primarily for the former, some eye is kept on the possibility of the enemy’s actions better conforming to the latter. Indicators and warning systems are put in place to warn the commander if that is the case, so the force can pivot to a contingency plan. The Russian forces do not appear to be using their operational intelligence capacity to change the plan if the initial effort fails. Noting that the Russian army kept persisting with failed operations, and applying fires against random, undefended locations, one Ukrainian special forces operator said, “We’re lucky the Russians are so fucking stupid.”

This stupidity, coupled with the poor optimization of Russian battlegroups to manage their own intelligence capabilities, has been met by Ukraine’s own superiority in managing tactical intelligence. The result of this meeting of forces was Ukraine’s advantage, especially noted in the northern theatre around Kyiv, in being able to ambush Russian forces and cause significant attrition without Russian reply. In short, the Ukrainians could see Russian units approaching and plan frequent and widespread “shoot and scoot” ambushes, while the Russian troops found themselves unable to determine where and when the Ukrainians would act. Ukrainian ability to retain the initiative meant local superiority.

As a caution, we must note that we do not know how badly the Ukrainians have been mauled by Russian forces to date. The Ukrainians have been playing a masterful game of information operations, and accurate views of their casualties are not widely publicized or even discussed. While most information suggests otherwise, Russian military intelligence may be providing accurate information, enabling them to target Ukrainian formations effectively. We know Ukraine’s large air-defense systems have taken serious casualties, for instance, and this may be the case elsewhere. It will take some time, and more data, before we can effectively assess the full operational intelligence skill of the invading Russian forces.

Ukraine: Fighting Smart with Intelligence

Two main factors can be identified in Ukraine’s ability to maintain the upper hand on the operational intelligence front: the willingness of Western allies to share intelligence, and the increased power and potential of open source intelligence. The rapid drop in space launch costs have allowed a proliferation of civilian, high-resolution Earth observation systems that rival the very high-cost national “spy satellite” systems of a decade ago. These commercial systems offer sometimes nearly continuous, multi- and hyperspectral imaging, including cloud-penetrating radar. National geospatial intelligence agencies have made use of this civil satellite capacity, which has increased not only their coverage and efficiency, but also made it possible to present imagery intelligence analysis openly or at low levels of classification.

The Ukrainians have also made use of this commercial imagery. As seen in Part 1, firms like Maxar Technologies and Blacksky have been pushing out open source imagery to inform the news media and into the public domain. As the conflict escalated after Feb. 24, Kyiv entered discussion with Maxar and others to secure imagery for operational intelligence exploitation. Meanwhile, a Canadian firm entered a collaboration with a U.S. private-sector imagery analysis firm to provide radar imagery from the Canadian RADARSAT-2 that would be shared with Ukraine. Added to this is the intelligence coming from official sources.

Though much remains to be known, given the sensitivities of intelligence liaison, U.S. officials have commented on the increasing flow of intelligence to Kyiv. White House press secretary Jen Psaki said in early March that the United States had been sharing real-time intelligence assisting Kyiv’s defensive posture, to “inform and develop their military response to Russia’s invasion.” Sources told CNN that the exchanges included information on “Russian force movements and locations,” as well as intercepted communications about their military plans, shared within 30 minutes to an hour of the United States receiving it. Some have suggested foreign intelligence helped the Ukrainians target and sink the Russian cruiser Moskva. In May, unnamed U.S. officials told The New York Times that U.S. intelligence was “helping Ukraine kill Russian generals,” a claimed denied by National Security Council spokesperson Adrienne Watson. “The headline of this story is misleading and the way it is framed is irresponsible,” she said. “We do not provide intelligence with the intent to kill Russian generals.”

Foreign intelligence liaison needs to be caveated, however. Just receiving foreign intelligence is not helpful unless a military has the analytical capacity to integrate it into a single intelligence picture. That the Ukrainians have apparently been able to combine foreign intelligence liaison with sovereign collection and analysis of their own speaks highly of the Ukrainian military staff and the command climate set by Gen. Valerii Zaluzhnyi, the Ukrainian Commander-in-Chief. And overplaying the role of U.S. intelligence is problematic. “I just think it’s disrespectful to the Ukrainians,” says former CIA official John Sipher. “It’s taking away from the people who are actually on the ground, who are taking advantage of the intelligence, who are collecting their own intelligence, who are fighting day and night.”

Ukrainian Open Source Intelligence

Compounding Russia’s terrible performance, and complementing intelligence gathered from Ukraine’s own collection and that provided by friendly governments, has been the general “home ground” advantage possessed by Ukraine and its citizens. Ukraine’s military intelligence has certainly made use of Russia’s poor communications security and unsecured radio and phone transmissions: Since intelligence is so perishable, it stands to reason that Ukraine’s military intelligence have been acting on this information very quickly, and it follows that much tactical intelligence success belongs to Ukraine’s own units.

What has also become clear, however, is how significant the Ukrainian population has become as a “sensor” for providing intelligence on Russian troops. In part because of their assessment that the population would welcome them, the Russian forces took little action to secure their movements from the local Ukrainian population. But very quickly, these citizens and their mobile phones have turned into a gigantic, distributed, open source sensor network. Mykhailo Fedorov, Ukraine’s minister of digital transformation, said in an interview with The Washington Post that crowd-sourced open source intelligence is crucial for his country to the extent that the Ukrainian government public services app, Diia, allows citizens to post geotagged pictures and videos of Russian troop movements. The Diia app “in wartime is not just e-documents and identification of citizens at checkpoints. Now it is also the opportunity to […] report on the movement of the enemy’s military troops and hardware […] It is also the possibility of imagining yourself as a Bayraktar operator.” Fedorov has noted they receive tens of thousands of reports each day and that they are “very, very useful.”

Open source intelligence is not a panacea, nor does it displace longstanding intelligence collection methods such as signals, electronic, and imagery intelligence and other sources from sovereign collection systems (which the Ukrainians have assiduously built since 2014). But tied to a robust analytical capacity and fused with other collection streams, it is a vital contributor. The individual citizen may not be able to identify a vehicle as anything more than “a tank.” However, if a picture of it gets to an intelligence fusion center, the particular model of the tank can be identified. This tank might only belong to a particular unit, which might in turn signal to the analyst that this was the enemy’s main point of effort, and to ignore a feint elsewhere. Sovereign technical systems are also able to collect this information, but they are always in high demand and cannot be everywhere at once. The ubiquity of the citizen with the mobile phone, even amid major combat, provides a much broader net of collection if backed by sufficient processing and analytical capacity.

Beyond the discussions between headquarters and units, individual Russian soldiers have been calling home on personal or looted mobile phones. This has offered insight into the conditions of Russian troops (often poor, with low morale) and has also provided valuable evidence of Russian war crimes. An open source intercepted phone call between a Russian officer and his wife back home about events in Bucha is one vivid example of this. This will no doubt be an important feature of whatever war-crimes trials come out of the Russian invasion.


Ukraine’s ability to integrate intelligence, including open source intelligence, into its military operations signals the success of its reforms and Western aid in recent years. We have few details about how this is working, far fewer than the data available about Russia’s various dysfunctions. This too is evidence of competence. It is safe to assume that, unlike the invading force, the Ukrainian army has the capacity to secure their communications, and to plan for both the most likely and most dangerous course of action. Commanders appear to be well-nourished by intelligence. Although we are forced to speculate, this perhaps is best evidenced by Ukraine’s defense of Hostomel and subsequent counter-attacks. The destruction of Russia’s airborne mission there eliminated the possibility for Russia to achieve a quick victory and its political goals of rapid regime change. Ukraine’s selective use of air power and counterfire, and its widespread integration of tactical-level and open source intelligence and reconnaissance, have been key to its ability to hold off an invading force despite being outgunned. Ukraine’s defense is certain to go down in intelligence history as one of the clearest studies of success in contrast to Russia’s failures. In years to come, Western intelligence officials will need to visit and learn from their Ukrainian counterparts.



Dr. Neveen Shaaban Abdalla is a lecturer in international relations (defense and intelligence) at Brunel University London. Dr. Abdalla specializes in terrorism and counterterrorism and security in the Middle East and North Africa.

Prof. Philip H.J. Davies is the director of the Brunel University Centre for Intelligence and Security Studies. Professor Davies has written extensively on U.K. and U.S. intelligence, joint intelligence doctrine, and counterintelligence.

Dr. Kristian Gustafson is a reader in Intelligence & War. Dr. Gustafson is deputy director of the Brunel Centre for Intelligence & Security Studies and has conducted consultancy and advisory work for the MOD’s Development, Concepts and Doctrine Centre, including an integral role in developing U.K. Joint Intelligence Doctrine.

Dr. Dan Lomas is a lecturer in Intelligence and Security Studies at Brunel University London. He specializes in contemporary U.K. intelligence and is currently co-editing a history of U.K. intelligence reviews for Edinburgh University Press.

Dr. Steven Wagner is a senior lecturer in international security at Brunel University London. Dr. Wagner is a historian of intelligence, security, empire, and the modern Middle East.

Image: CC-BY-NC 2.0, Flickr user manhhai