Connections

The hypothesis is that intelligence reform and intelligence sector reform result from traumatic catalyst rather than gradual evolution, reactionary rather than proactive, and not soon or quickly. The threat environment, an emergency, a necessity, e.g., democratization, gross failure, and scandals, are causes for reforms. The case is South African intelligence services. South Africa is significant due to diverse and constantly changing operational environments: the Cold War, decolonization of Africa, apartheid, post-Cold war, and post-Apartheid democratization. From the first non-military intelligence agency created in 1968, the Bureau of State Security, it was clear the nature of intelligence was such that the balance between secrecy, transparency, and accountability would always be a fine one to strike. The relationship between the political echelons, e.g., the Prime Minister and the Bureau’s Director, was too close and so allowed misuse of state funds. The uncovering of the abuse of state funds, the Infogate scandal, had an influence on subsequent reforms, including those for democratization to abolish apartheid and introduce a “one-man, one-vote democracy,” achieved in 1994. Reforms through legislation, jurisdictions, restructuring, micro-managing intelligence, merging apartheid and opposition intelligence services, and creating post-apartheid intelligence services are examined in this article. The experience teaches us that errors can be avoided by not making uncoordinated, piecemeal changes; every reform is unique and rarely easy; operationalizing legislative mandates of transformation is more difficult than anticipated. The reform process starts with reflecting the envisaged ideal situation, yet the outcome is not always as expected and thus requires more reforms.

Though Ukraine was among the first successor states of the Soviet Union to create a legal framework for the activities of its intelligence and security community, said framework addressed inherited and unreformed structures. Subsequent reform plans have not led to the success desired by Ukraine’s international partners and, we must assume, a majority of the Ukrainian voters and taxpayers. Among the reform demands is also the credible subordination to parliamentary oversight, which, though stipulated by law, has effectively been neutralized by reference to subordination to the President in the same law. Who would want to be controlled by an ever-undecided parliament if a personalized oversight by the President and the expert committee of the National Security and Defence Council is the possible alternative? As a consequence, the Security Service of Ukraine (SSU) remains subject to much criticism – for the corruption of some of its representatives, for overlapping mandates with other security institutions, and for lack of control other than by itself and the changing presidents and their administrations.

The classic types of national security services are external and internal intelligence services, as well as integrated, internal, and external intelligence organizations. From a professional perspective, external and internal intelligence cannot be interpreted as entirely independent. Some theoretical schools consider internal intelligence (counterintelligence) part of intelligence; others attribute a significant distinction between internal and external intelligence. Regarding the number of national security services, two trends are observed in countries comparable to Hungary in the last decade. One is the increase in the number of services reflecting the increasing number and complexity of tasks and threats; the other is the decrease in the number of services through the integration of existing organizations, usually due to financial reasons.

In Hungary, military internal and external intelligence were merged in 2012, establishing an integrated organization, the Military National Security Service (MNSS). Although an impact assessment did not precede the merger, the official evaluation of the Court of Auditors in January 2014 stated that the creation of NMSS resulted in savings in public money and this new organizational form ensured the better implementation of unchanged tasks.

This article briefly presents the current political situation in Hungary, the Hungarian secret services, the development of the Hungarian Defence Forces in the past decade, the reasons for reforming the special military services, the periods, the aims, and the results of the integration process. It provides general and specific conclusions and lessons learned from military intelligence services reform in Hungary.

Since 1989, the Polish intelligence sector has been undergoing a democratic transformation which has turned into a continuous institutional change. In the process, the old communist services were abolished and new ones established in parallel with setting up executive and legislative oversight structures. But while the intelligence institutions and the oversight structures, on the whole, meet democratic standards and do not appear to threaten the constitutional system or citizens’ rights in any systemic way, the more recent developments in the sector demonstrate that democracy in Poland has not in fact been consolidated. The state proved incapable of forming any dependable and effective model of control over the security sector in the sense of exercising both political guidance and democratic oversight. The intelligence services and some security institutions continue to enhance their prerogatives in the realm of covert operations, democratic control mechanisms are not sufficiently effective, and the issues of the communist past continue to be a disruptive factor. Under the circumstances, it is hard to single out good practices; rather, one should speak of lessons learned.

In its Global Strategy for foreign and security policy, the EU applies resilience as a comprehensive concept of internal and external security. In parallel, at the 2016 Summit in Warsaw, Allied leaders decided to boost NATO’s resilience to the full spectrum of threats. Each NATO member needs to be resilient to a major shock caused by a natural disaster, failure of critical infrastructure, a hybrid or an armed attack. Hybrid warfare, including cyberattacks, is recognized as a significant security challenge.

The National Security Strategy of Hungary, adopted in 2020, confirms that the primary international framework of Hungary's security and defense policy is NATO and EU membership and highlights the need to enhance the country’s resilience against hybrid attacks. This article provides analysis of the application of the concept of resilience in the Hungarian defense sector and introduces the resilience development of the Hungarian Defence Forces against hybrid threats, including their cyber component, while generating options for the decision-makers regarding the military and information instruments of national power. The author identifies potential hybrid threats against Hungary, a possible cyberattack scenario, and lines of effort to achieve a feasible level of resilience to such threats. He takes account of the political and military environment, as well as wider national issues in view of hybrid threats and main features and dilemmas of cyber warfare, thus aiming to facilitate the application of the concept of resilience in Hungary.

This article provides an overview of maturity levels and assessment methodologies for the evaluation of cybersecurity and resilience in relation to their applicability and usefulness at sectoral and national levels. Reference maturity models and assessment frameworks, such as CERT Resilience Management Model, Cybersecurity Capacity Maturity Model for Nations, C2M2 (Cybersecurity Capability Maturity Model) are compared and analyzed for their applicability in designing and implementing national cybersecurity strategies and programs to achieve cyber resilience. Cyber readiness indexes are also outlined in view of their use to indicate possible improvements. The author explores the development of national cybersecurity strategies with focus on cyber maturity and provides examples. A maturity-based approach for the Bulgarian cyber resilience roadmap is also described within the context of the evolving cyber-empowered hybrid threats and the need for an institutionalized collaborative public-private resilience.