During the Cold War, CIA operatives considered Moscow to be the agency’s most difficult and hazardous assignment – “Wimbledon, center court,” according to former CIA member Jonna Mendez. “It’s the place where reputations were made, and was also the most dangerous.” There is wisdom that can be extracted from these rules which were developed in that harsh environment, which can be adopted by today’s Chief Information Security Officers in large organisations, who are facing unprecedented threats. Here for reference is a full list of The Moscow Rules.
In Moscow, a mistake did not simply result in a spy being declared a “persona non grata” and tossed out of the country – the usual penalty for spies caught in the act, Mendez said. A mistake could get you killed.
To handle the threat, over the years the CIA’s most seasoned Moscow hands developed informal “rules of engagement” to pass down to fledgling spies.
Known as the “Moscow Rules,” the 40 or so guidelines covered everything from saturation surveillance to the proper way to walk on the sidewalk. A surprising number of the rules simply emphasize the need for spies to trust their instincts. They were never officially or published and have existed in various guises, often referred to in films and books on the subject of espionage. The rules exist as urban legend, yet undoubtedly they very much had a basis in the reality of Cold War spycraft.
Although the rules were developed to counter the Soviet Union’s now-defunct KGB, they remain “universal truths”: every bit as applicable to the “denied areas” of today’s war on terrorism as they did to the heart of communism, Mendez said.
We think some of these rules can be thought provoking for Chief Information Security Officers, who spearhead the efforts of organisations against cyber criminality. Once CISOs operated on domestic missions, protecting internal assets. Now the security paradigm has shifted, so that they have almost no boundaries and the ‘enemy’ is frequently within. In order to maintain effective security in these unusual circumstances, some of the Moscow Rules could help.
Here is a list of all the rules we have seen written down, which we’ve organised into four sections.
1. Rely on face-to-face meetings
2. Assume nothing
3. Never go against your gut; it is your operational antenna
4. Technology will always let you down
5. Murphy is right
6. Any operation can be aborted. If it feels wrong, it is wrong
7. Once is an accident. Twice is coincidence. Three times is an enemy action
8. If your gut says to act, overwhelm their senses
9. Pick the time and place for action
10. Build in opportunity, but use it sparingly
11. Everyone is potentially under opposition control
12. There is no limit to a human being’s ability to rationalize the truth
13. Keep your options open
14. Use misdirection, illusion and deception
15. Hide small operative motions in larger non-threatening motions
16. Float like a butterfly, sting like a bee
17. Always be in a private setting when handing over items of value
18. Whenever carrying items of value (i.e. microfilm) carry them camouflaged for immediate discard
19. Don’t harass the opposition
20. Be non-threatening: keep them relaxed; mesmerize!
21. Keep any asset separated from you by time and distance until it is time
22. Maintain a natural pace
23. Stay consistent over time
24. Vary your pattern and stay within your profile
25. Establish a distinctive and dynamic profile and pattern
26. Make sure they can anticipate your destination
27. Go with the flow; use the terrain
28. Take the natural break of traffic
29. Lull them into a sense of complacency
30. Let them believe they lost you; act innocent.
31. Avoid static lookouts; stay away from chokepoints where they can reacquire you
32. Use of sign and counter-sign to signal (pins, chalk) that surroundings have been reconnoitred and coast is clear to proceed to rendezvous
33. Use of dead letter drops, and other “tradecraft”
34. Never travel directly to a rendezvous, never taking a single taxi to destination
35. Select a meeting site so you can overlook the scene
36. Execute a surveillance detection run designed to draw them out over time
37. If the asset has surveillance, then the operation has gone bad
38. Only approach the site when you are sure it is clean
39. Be aware of surveillance’s time tolerance so they aren’t forced to raise an alert
40. If an alert is issued, they must pay a price and so must you
41. Don’t look back – you are never completely alone
42. When free, in Obscura, immediately change direction and leave the area
43. Break your trail and blend into the local scene
44. After the meeting or act is done, “close the loop” at a logical cover destination
The wisdom extracted from these rules was part of a conference speech, first delivered in Hong Kong, November 2015. If you are interested to know more, please get in touch via the Contact Form.