Russia-Ukraine Conflict: Managing Intelligence Activity During Times of Turmoil

Chuck is the Executive Director of Strategic Intelligence at Ontic. Prior to Ontic, he was the Senior Director for Global Operations and Intelligence for AT-RISK International. Along with a corporate career, Chuck is a Lieutenant Colonel, retiring with 30 years of service in Operations, Information Operations, and Intelligence spaces. 

On February 23rd Russian President Vladimir Putin escalated an already tense situation by declaring war and entering Ukraine after proclaiming both Donetsk and Luhansk as independent states earlier in the week.

As of February 28, Ukraine’s Interior Ministry has indicated over 352 have been killed and another 1,684 people have been injured. Ukrainian President Volodymyr Zelensky has called on Western countries to “take stronger action against Russia and anyone with military experience in Europe to help defend the country’s independence.”

Response to the Russian incursion ranges from economic sanctions to bolstering of defensive troops by NATO. There is also a growing concern about expanded offensive cyber operations in response to actions from western and NATO-aligned nations. In a globally connected supply chain, multinational corporations (MNCs) who may be perceived as supporting the U.S. Government or NATO could be targets of opportunity for Russian or surrogate cyber-attacks, or additional intelligence collection efforts. This also is true for non-Governmental Organizations (NGOs) who could be seen as “helping.” 

As indicated in our 2022 State of Protective Intelligence Report, geopolitical issues continue to be a high priority for security leaders as the “global threat landscape” affects supply chain risk and core business operations. Risk leaders for MultiNational Corporations are being tasked to monitor, report, and assist organizational leadership in identifying issues and making decisions. Of course, these burgeoning priorities must be done in conjunction with existing threat requirements.

Here are some keys to managing intelligence and risk activity during an escalated crisis.

Fundamentals Are Key

As the global situation develops, it is crucial to continue to focus on core operations. Prioritizing workflows and asking the question, “what does this mean to our business?” is important in identifying where the action is needed and assures value is being provided within the further noise. Any crisis creates additional signals that must be dealt with, and in doing so, the possibility that practitioners will miss other threats will only increase.

Consider Sources

Information immediately began emerging surrounding the extent of Russian operations in Ukraine. But there are also many false claims and intentional misinformation for as much real-time data that is available. If social media can be used to direct war efforts, it clearly remains an essential tool for any protective intelligence analyst. Still, verifying sources is a critical element in ensuring valuable and accurate deliverables.

Triggers and Indicators

Understanding the informational needs that support the risk decision-making process plays an integral part in forecasting issues on the horizon. While the news cycle may keep people focused on the immediate, understanding follow–on issues will allow for consideration of risk and anticipating any needed responses.

Partner Alignment

Risk remains and will continue to be hybrid. Therefore, our approach to monitoring must be as well. The trend towards unifying threat intelligence, monitoring, and alerting solutions will require that analysts of all types discuss and share their requirements and findings. It is more important than ever to ask your strategic stakeholders what they see and what they need to know to help make better risk decisions.

Hear security leaders share insights from the 2022 State of Protective Intelligence report in the 2022 Security Outlook webinar on-demand. To learn more about our findings, download the report here.