Belgian intelligence chief talks to EUobserver: transcript
EUobserver: In what way does the VSSE co-operate with the EU institutions and Nato?
Alain Winants: Belgium hosts the institutions of two major international bodies - the EU and Nato, which is a great privilege but it's also a great responsibility security-wise. We are fully aware nowadays that security challenges suprass the legal competences of any one legal authority, so of course we do co-operate with the [EU] Council, the [European] parliament, the [European] commission and also Nato and especially the Nato security office. We do this on an ad hoc basis and on recurring paltforms with those services. We have regular contacts with officials at Nato and with the security services of the EU institutions. These institutions are responsible for the threats directly aimed at their staff, their documents and their buildings. But the competence of the security services of the EU institutions is limited to their premises. So once the activity takes place outside the EU premises, the VSSE is in full comptence. If a hostile intelligence officer is trying to recruit or approach someone from Nato or the EU it is very probable he won't do this by going to meet the person in question in the official building. There is a possibility of contact in an official building, but once contact is established and goes further on, it's likely to take place outside the premises, so on Belgian territory, whether it's inside or outside Brussels, at that moment we are of course fully competent. We will co-operate with the security services of the concerned institution and in many cases the collaboration will also extend to a third party, being the intelligence services of the country of origin of the targeted person. Generally speaking, that's how we handle things.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
EUobserver: Is the co-operation just information-sharing, or do you also, for example, help to train EU security officials?
Winants: It's information exchange. Vetting [of EU officials] in some cases. Training in some situations - we have contacts, of course, and if we are asked to give some training on a specific subject that is something which could be done. But training is mostly done inside the institutions and of course by [EU countries'] intelligence services, who, I think, before some official comes to Brussels to take up his position in Nato or the EU, the intelligence service of each country will brief the individual and make him aware of some of the dangers here. It [training] is something the EU and Nato try to keep for themselves.
EUobserver: If a threat is identified, how do you follow up? Do you conduct an investigation and pass information to the Belgian police?
Winants: I can't elaborate on that because this concerns the operational part of the job. We won't pass things to the police unless we have evidence of criminal behaviour. We are an intelligence agency. We don't have police and judiciary competence. So we investigate with the help of the intelligence institutions of the Council or the commission and of course in contact with the services of the country of origin of the targeted person. If there is any judicial consequence it's more likely to be in the country of origin of the person unless there are criminal activities here in Belgium. If we have criminal activity in Belgium we as a service are obliged at that moment to pass it over to the prosecutor in Belgium. But the major part of our job is exchange of information between our service, the security services of the EU and Nato and with the services of the country to which the individual belongs.
EUobserver: If a foreign intelligence officer registers as a diplomat in his embassy in Brussels, is that a violation of Belgian law?
Winants: No. I think every intelligence service will tell you that diplomatic and journalistic covers are classic covers for people. We know, and every intelligence service knows, that many people who are registered as diplomats are in fact members of intelligence services. But it's not a violation of law or criminal behaviour. The violation could be in the work that they are doing - are they targeting something? Are they trying to recruit someone and so on?
EUobserver: How do you rate the quality of EU and Nato security staff?
Winants: It's not for us to rate or assess the vulnerability of the institutions. Let me underline that safeguarding the integrity of such a large supra-national institution as the EU or Nato is of course not an easy job. In terms of the scope of the threat, it's no secret that the security bodies in these institutions are probably understaffed. I think that Nato by its history has maybe a more security-minded and oriented culture than the EU institutions. Maybe the EU institutions are not historically focused on dangers coming from intelligence services and one of the biggest challenges will be the integration of the EEAS [European External Action Service]. Now, there is within the EU an institution that has a background in intelligence and security, this is the former SitCen, now IntCen, which is being fitted into the EEAS. Lots of people working there have an intelligence background. The director is a former director of the Finnish security service and lots of [EU countries'] services have seconded analysts who come from an intelligence service and work at SitCen/IntCen, so the role of IntCen to make sure the EEAS will acquire a sufficient intelligence and security-minded organisation will be a fundamental one. When I said that Nato historically has a better background in intelligence and security, then you must except IntCen from that because IntCen is a professional organisation where the staff is partly people from intelligence services, so they know what they are doing. They know what they are talking about and the big challenge will be to pass that culture to the EEAS.
EUobserver: Is it not the case that IntCen's mandate is intelligence analysis, not counter-intelligence?
Winants: IntCen is of course a body that does analysis and passes this to other people like [EEAS chief] Lady [Catherine] Ashton. When she goes to some country, there will be an analysis coming out. But I'm not going to talk about IntCen - [IntCen director] Mr [Ilka] Salmi would be best placed to say how he sees the evolution from SitCen to IntCen and its integration into the EEAS. I know him as a former colleague and I think he is the right person in the right place.
EUobserver: The Hermann Simm [as Estonian official who stole EU and Nato secrets] case is well publicised. Have there been other incidents that were kept quiet?
Winants: I am not going to enter into whether there were other cases. Cases like the Simm case are exceptional and I don't think there were any others like it. But, of course, in the life of every intelligence service there are other cases that are dealt with on the level of intelligence services only. I don't think we have had other cases like the Simm case.
EUobserver: China is often named as a new spy threat. How has the security threat in Brussels changed since the end of the Cold War?
Winants: In Brussels we have seen an evolution going from classic Cold War espionage, which was roughly in the 1950s, 1960s, 1970s - in fact, until the fall of the Berlin wall. We saw in Belgium in the 1980s some terrorists like the CCCs [Communist Combatant Cells]. Then we had also during a certain period an export from Irish terrorism to the mainland, between the 1980s and 1990s. The last evolution in this trend is now, of course, the threat of Islamic terrorism, which is an item which occupies, I think, all services around the world and we see for the moment from the 1990s that this is the item on which a great a deal of the services are focusing. This being said, it does not mean that classic espionage has been wiped out. I have said several times, and we are very well placed here in Belgium and particularly here in Brussels to say it, that the level of espionage is the same if not even higher than in the days of the Cold War. Some services thought that with the coming down of the Berlin wall the Cold War was over and espionage was somethig of the past. But we can state that in Belgium, espionage, Russian espionage and from other countries, like the Chinese, but also others, we are at the same level as the Cold War, which is not surprising given where we are. We are a country with an enormous concentration of diplomats, businessmen, international institutions, Nato, European institutions. So for an intelligence officer, for a spy, this is a kindergarten. It's the place to be. You have people here who have commercial and political information, people whom you can try to recruit, people you can try to influence. You have governments where you can try to lobby. And the border between allowed lobbying and not-allowed interference - influence and espionage - is sometimes very hard to identify. Given the special context we have here, I think you can safely say that Brussels is one of the big spy capitals of the world.
EUobserver: The biggest in Europe?
Winants: You have Geneva, of course. But I think that Brussels is one of the biggest, if not the biggest, in Europe, given the enormous concentration of people coming from several intelligence services and several nations around the world.
EUobserver: Do people target mainly commercially-valuable information or defence and security information?
Winants: Different services are interested in different items, commercial items, defence items, political items, espionage items. I think there is a lot for everybody to do here. One of the things that other countries' intelligence services are interested in is the energy policy of the EU institutions for instance. If we look at our mandate, the mandate of the VSSE, we have seven fields of interest on which we have to follow up: terrorism; extremism; espionage; [arms] proliferation; interference; criminal organisations and harmful sectarian organisations; and also protection of the economic and scientific potential of the country. I can say that the other intelligence services are active and interested in all these domains.
EUobserver: A contact at IntCen said it is naive to think only Russia and China spy on Brussels. Do other countries, such as Israel, Turkey or the US, also spy on the EU?
Winants: I am not going to name countries. Let's say that generally speaking I can agree with the person at IntCen that it would be naive to think that only countries like Russia, China, Iran are spying. But, of course, the level of the activity can be quite different. We have what we call sister services, then you have neutral services, then you have unfriendly services, if I can put it that way. What I can say is that there is one field where the difference between neutral, friendly and unfriendly services tends to disappear and that's when you are talking about the protection of economic and scientific potential. In this case, I think every service is in competition with the others.
EUobserver: How many foreign intelligence officers are there in Brussels?
Winants: I can't give you a figure. We know of course how many there are from this or that service. But it's not useful to give you a figure. When I say that Brussels is one of the biggest or maybe the biggest European spy cities, that would be a correct statement.
EUobserver: Dozens? Hundreds?
Winants: If you are making no difference between nationalities, we are not speaking in the dozens, we are speaking in the hundreds, several hundreds, but distributed in several services. The covers for intelligence officers are diplomats, journalists, sometimes students. So, classic covers. So we are speaking of many hundreds. They are not all intelligence officers per se. But given the concentration of people here in Brussels, we are speaking of such a figure.
EUobserver: In terms of lobbying, what would be overstepping the line? For instance, GPlus [a Brussels-based lobby firm] works for the Kremlin and recruits as staff former high-level EU officials - is that overstepping the line?
Winants: It's very hard to draw the line. Lobbying has everything to do with gaining access, having people in the right places. Overstepping the line would be to try by lobbying to influence the policy of the EU or of separate countries in the EU. But it can be very difficult to make the distinction between lobbying and interference. You must look at the person being targeted and if this person has access to classified information for instance.
EUobserver: What if a lobby firm targeted an EU official with money problems and offered to help them in return for information?
Winants: Then you cross the line. At that moment we are not talking about lobbying any more. If you help someone out of debt and blackmail them then you are doing an offensive act which is against Belgian law. It's a tactic of lobbying, but I wouldn't call it lobbying. You're already recruiting somebody and trying to exert influence over their thinking and their behaviour and here you are in the territory of offensive action by an intelligence services, which we try to detect and to discourage.
EUobserver: The commission back in 2009 publicly said that "pretty" trainees with "long legs and blonde hair" could be spies. Is sex used in this way in Brussels?
Winants: I think there are stories enough about the possibility of that weapon being used. The idea doesn't make me smile because when the commission spokeswoman talked about this, a few weeks earlier, we had just launched a general awareness campaign to say that a lot of intelligence officers in Brussels use various covers - journalists, students - and following this there was this statement about the long-legged, blonde secretary. It's a possibility. Without going too far, I can say that it's historically proven that in the 1950s and 1960s some former eastern services, like the Stasi for instance, used what they called Romeos to attract women who were then placed in interesting positions in Nato and elsewhere. Presently, I don't have any cases in mind and I myself have never been targeted in this way. We are not an offensive service, so we don't use those kinds of methods.
EUobserver: On the subject of cyber security, what can you do to help keep the EU and Nato safe?
Winants: We are all being confronted with this new threat, which is growing very quickly. We co-operate with our military counterpart [the ADIV] on this issue. We co-operate with the security bodies of the EU and Nato when they are targeted by cyber attacks. But unlike some other countries, such as the UK, Belgium for the moment does not have a central organisation that is tasked with cyber defence. The Belgian government is working on that issue. I think the aim would be to have a body or an organisation where all the services which have parts of competence in this field - our service, the military counterpart, the federal police if cyber attacks are used in criminal behaviour - would try to come together and find an answer to this growing problem. At the level of international co-operation, it's an item where exchange of information between intelligence services is very active. You must have specialists within the service who can study what is happening. The problem is that such specialists are in high demand in the private sector as well and the private sector is probably capable of paying them a higher wage than our service. There is certainly a need for a general approach on cyber attacks, a general body where all the competent parts of all the services are brought together.
EUobserver: How many attacks are you witnessing?
Winants: I can't give you a figure but it's very big. Hackers are attacking private companies, state departments, international institutions. It's a growing threat and there is a need for more co-operation at the national and international level. We also see that some companies or institutions are unwilling to say that they have been a victim of a cyber attack. It's a loss of prestige. It damages their trustworthiness. We have competence here and we are trying to explain what are the ways to protect internal documents for instance. We are attracting attention to potential risks. And when there is a cyber attack, with the co-operation of the military services, which has more technical capabilities, we try to see which country it comes from and what is the nature of the damage. It's ongoing work for the long term. It's very sensitive and very expensive.
EUobserver: Are there any new types of cyber threat?
Winants: A novel development is hacktivism, groups such as Anonymous. For the rest, you have the classic cyber attacks coming out of unfriendly countries targeting some departments. It's a growing threat, so it's likely we will see other possibilities, other groups appearing with political or commercial interests, lobbying interference. You must take it into account that we are a relatively small service given the large scope of threats we have to deal with, so we need the co-operation of other services in this domain because we will not be able to cope with it alone. It's very hard to trace [an attack] and when you see the result it's already too late - you've been hacked. Then you must make a damage assessment. You must look for a smoking gun that could lead you to the country from which it originated.
EUobserver: Is Nato also better than the EU in this domain?
Winants: Historically speaking, Nato is more security and intelligence-minded than the EU institutions. But the EU institutions will have to grow their capacity in this area. Co-operation between intelligence services from EU countries, of the EU and Nato services, is indispensible in this field.
EUobserver: How does the VSSE classify and protect its own internal documents?
Winants: We have national legislation which sets out three levels of classification: confidential, secret and very secret. That's the national standard we use. In this law there is a description of how people handle classified information. In Belgium, if you handle classified information, you must have security vetting and authorisation to handle such information. To handle very secret information, you must have very secret authorisation and there is a national entity here which delivers security clearance. Now, how you classify a document depends a bit on what you are aiming to achieve with it. If we think it might be useful to pass it to a public prosecutor to start a criminal pocedure on the basis of that information, the information must be declassified because the aim is to put it in an open file where all the parties in the case will have access. You must consider who is the person to whom you are sending the file, what are they going to do with it and on that basis you must find a useful classification. What we [in Belgium] understand as secret can be different from what other countries consider as secret. But we try within the circle of [friendly countries'] intelligence services to have in effect the same standards.
EUobserver: Can you give an example of what might merit classification?
Winants: Everything that is of an operational nature or that has intelligence coming from human sources is of course for our services something we classify as very secret.
EUobserver: You mean something which might expose a human source?
Winants: Something which might expose a source or put a source in danger is classified very secret.
EUobserver: What about, say, details of a new IT system bought by the VSSE?
Winants: Every such contract is a commercial piece of paper which simply allows people to know what is the price and what is the instrument that we are buying. That's not classified. But the way that we use it, what we do with it, is secret. Anything about the encryption systems that we use is classified as higher than confidential. We do not classify information that we exchange between colleagues within the services. We don't need to do it. We have an internal and an external network. The external network is fully separated. The internal one is encrypted and fully protected. So when I want to, for example, outline the agenda of a meeting, I don't need to classify it because the way I send it to a colleague is already secure.
EUobserver: What if a journalist wanted to see such an agenda for the sake of freedom of information?
Winants: I have never been faced with that kind of problem. But I don't see on what basis a journalist could ask to see the agenda of a meeting inside the service. Everything that happens here is ipso facto secret. Everybody who works here, from the administrator general to the cleaning lady, has to have the highest vetting level. Nobody works here without a clearance to very secret level. So the information here is not something that is free for journalists. A journalist has no possibility to ask me, to oblige me to give him information about an internal meeting.
Alain Winants has been the secretary general of the VSSE, the Belgian state security service, since October 2006