Human intelligence has always had survival value, to reduce ignorance of what might be over the hill, assessing whether the rustle in the trees ahead is most likely the hunters’ lunch or whether they will end up being a predator’s lunch. Also of proven value is secret intelligence – information that people who may mean harm do not want to be known, both concerning their hostile intentions and their capabilities to cause damage. Such information has to be stolen, against the wishes of the holder, preferably without their knowing that their secrets have been exposed. Obtaining such secrets is the timeless business of intelligence officers, now as an organised activity of the state under the law, exploiting all the marvels of modern digital technology as well as the traditional tradecraft of the spy.
Equipped with such intelligence, the State can better fulfil its traditional and fundamental duty of protecting its citizens and helping protect those of friendly nations. It can help map out diplomatic routes to resolve or moderate disputes (such as the role played by satellite observation in Cold War nuclear arms control), expose hostile intentions (as the US and UK intelligence communities did before the Russian attempt to overthrow the government in Kyiv in 2022), and guide sound investment in defence and security on the basis of knowledge of adversary capabilities (as the United Kingdom has just done in its 2025 Security and Defence Review).
The same anticipatory logic applies to other threats, including terrorism, weapons proliferation and serious and organised international criminality including narcotics and illegal migration. It also applies to the new vectors of cyber threat that are emerging in the digital world we now depend upon for everyday life and economic activity. Every aspect of the world is now described in numbers, including text, images, video, speech, sensor data and geo-location, DNA and health data, financial transactions and our Internet use, and data from our cities, our homes and our wearables. These key strings of numbers can be easily stored, retrieved, searched, manipulated and denied to us. A key characteristic of modern inter-State sub-threshold warfare is that it takes place in this digitised world, such as we see in the wave after wave of cyberattacks that Russia has unleashed on Ukraine. And from the discovery of Chinese State penetration of US critical national infrastructure with the planting of ‘trojan horse’ malware intended to provide the capability to disrupts in the event of a China/US crisis.
To use secret intelligence for defence against such threats a number of stages have to be passed successfully. There have to be sufficient data points that can be collected in the first place to form the necessary situational awareness of what is being faced. There have to be sufficiently sensitive sources and methods able to access and report both secret and open information. And to detect when an adversary is trying to use deception and fake information to mislead. The intelligence analysts need to be able to explain adequately what is going on, for example whether the massing of forces by an adversary is for intimidation or is a prelude to attack. With good situational awareness and a sound explanation of what is being seen then the analysts can move on to provide estimates of how events may unfold in the coming weeks or months The resulting intelligence estimate has then to be conveyed honestly to the policy makers and Ministers in terms they can understand, with any warnings sufficiently forceful to get senior attention. And, finally, the government must want and be able to act on the warning in sufficient time.
One stage where experience shows this process is most likely to go wrong is the failure of the analytic process to explain correctly the information being gathered. For example, the indications that Israeli military intelligence is said to have picked up before the devastating Hamas attack of 7 October 2023, including a plan for such an attack and training and reconnaissance, appear to have been explained away by senior intelligence officers since they assessed Hamas as having neither the capabilities not the intent to conduct a major attack on Israel. That fateful misreading of the intelligence was probably influenced by a second likely cause of failure, when powerful policy makers overestimate the success of their policies, for example that Hamas could not pose that kind of threat since Israeli Cabinet policy towards Hamas governing in Gaza was designed to eliminate that risk. Just because the likelihood of an event is assessed as low does not mean it cannot happen, as the world has so often discovered. Contingency planners must work on the basis of the reasonable worse case not always the most likely estimate. Which is why I have always argued for secret intelligence assessment to be complemented by horizon scanning for serious longer-term developments to provide strategic notice of what might come to challenge us, and the comfortable assumptions we can too easily make.
Sir David Omand is Visiting Professor in the War Studies Department, King’s College London after a career in UK defence, intelligence and security including Director of GCHQ and UK Security and Intelligence Coordinator.
Sir David Omand
Visiting Professor
War Studies Department
King’s College London
United Kingdom
david.omand@kcl.ac.uk
