Western Intelligence Goes on the Offensive

By

In response to intensified Russian and Chinese hybrid warfare, Western governments have started to expand the remit of their intelligence agencies. France and the UK have tightened their sabotage legislation, and Finland aims to give more powers to its intelligence service. In Germany, the Merz government is drafting a new BND Act to let the foreign spy service go well beyond passive surveillance, allowing it to conduct “operational measures”, including sabotage and cyber-attacks, against hostile forces outside Germany.

European security agencies assess that Russia has intensified a low-cost, high-disruption proxy campaign across the continent, targeting transport links, logistics hubs and symbols of support for Ukraine. Western officials link at least 145 incidents since 2022 to Russian intelligence services, their proxies, or Belarusian facilitators.

A recent case in eastern Poland illustrates the pattern. In November, a passenger train carrying nearly 500 people was forced to stop after an overhead line was damaged, shattering windows; elsewhere on the same route, explosives detonated beneath a freight train. No casualties were reported, but Warsaw blamed Russian intelligence and responded by deploying 10,000 troops to guard critical infrastructure. “We are now operating in a space between peace and war,” Blaise Metreweli, the new Chief of the Secret Intelligence Service (MI6), stated in mid-December 2025. “We all continue to face the menace of an aggressive, expansionist and revisionist Russia,” she said, also listing China as a potential threat.

“We are looking for terrorists. Help us find them.” -BND bilboard
“We are looking for terrorists. Help us find them.” -BND bilboard (Image: Shutterstock)

Both France and Britain have recently sharpened their legal penalties for sabotage and publicly mobilised their spies to warn of and deter these attacks. Finland plans to expand the right to share information between its intelligence service and other authorities when it identifies a serious threat to national security.

Berlin is preparing to let its foreign intelligence service do more than watch and listen. Under a draft overhaul of the law governing the Bundesnachrichtendienst (BND), Germany would authorise offensive covert action, including cyber operations and sabotage, to weaken an adversary’s capabilities in exceptional threat scenarios.

The German Chancellor Friedrich Merz with Ukrainian President Zelensky. (Image: Shutterstock)

“We are on a daily basis fending off hybrid attacks… acts of sabotage, espionage, disinformation.”
– Chancellor Friedrich Merz

BND’s Hands Are Currently Tied

Under current German law, the Bundesnachrichtendienst (BND) is a foreign intelligence agency whose legal basis is the Gesetz über den Bundesnachrichtendienst (BND-Gesetz). Its primary mission is information gathering and analysis abroad, not offensive operations:

  • The BND collects intelligence on foreign states and trends relevant to German foreign and security policy.
  • It intercepts communications, signals intelligence, analyses data and prepares reports for policymakers.
  • Where necessary, it deploys technical means and human resources to gather such information.
  • It is strictly a non-military intelligence body. It does not have a mandate to conduct offensive operations, including sabotage or armed force.
  • Activities inside Germany are tightly regulated by constitutional protections, such as telecommunications secrecy.
  • Independent oversight structures like the Unabhängiger Kontrollrat ensure legality for technical surveillance tasks.

The BND cannot carry out sabotage, military strikes, direct cyberattacks, or physical interference with weapons systems. All measures abroad must remain within the scope of information collection and analysis, not active confrontation. Constitutional law (Basic Law) and court rulings constrain how far surveillance can go, especially regarding privacy and human rights.

Germans Are Turning into Proactive

The German government is proposing a major overhaul of the BND’s mandate to allow it to act proactively in the face of serious threats, not just collect intelligence. The proposed changes:

  • a) Operational Activities Abroad
    – For the first time, the BND would be allowed to go beyond passive intelligence and take limited active measures abroad in defined scenarios.
    – These measures may include sabotage operations and interference with foreign military or weapon systems aimed at weakening an adversary’s capabilities.
    – Such actions would only be possible upon declaration of a “special intelligence situation” by the National Security Council and subsequent approval by the parliamentary intelligence oversight committee with a two-thirds majority.
  • b) Counter-Cyberattacks
    – In addition to passive cyber defence, the new law would allow the BND to launch cyber counter-attacks, reroute data traffic, disrupt hostile cyber operations, and disable suspicious drones threatening German infrastructure.
    – This would mark a shift from defence to active cyber operations in response to hybrid threats.
  • c) Expanded Technical and Human Tools
    – The draft law envisions expanded use of artificial intelligence, facial recognition, and broader data analysis capabilities.
    – It may also allow covert entry into premises to install surveillance or cyber tools, where permitted under the special regime.
    – Data retention periods might be extended and some current protections, such as, against retention of information about minors, relaxed.
  • d) Trigger Conditions
    – All offensive or operational measures require:
    1) A finding of systemic threat by the National Security Council, and
    2) a two-thirds affirmative vote from the parliamentary intelligence oversight committee (PKGr). This is intended as political and parliamentary control over new powers.

Defence, Retaliation or Escalation

Supporters of the BND law sell it as a deterrence upgrade: you cannot deter sabotage with strongly worded press statements. Critics see a slippery slope: once Secret War authorities exist, missions expand, oversight blurs, and mistakes become international incidents.
According to critics, there are at least three risks.

  • The Law-of-War Fog. If Germany is not formally “at war”, then offensive cyber and sabotage operations can look, to outsiders, like aggression, or worse, unlawful covert violence. The legal framing may be tidy in Berlin, but consequences happen abroad.
  • Accountability Versus Plausible Deniability. Intelligence services are built to keep secrets. Democracies rely on scrutiny. Expanding powers without expanding transparency is a classic recipe for scandal later, especially if “exceptional” authorities become routine.
  • Capability Creep. Once you legislate for sabotage, you create a standing demand for sabotage options: training, doctrine, target development, operational partnerships. That is not just a legal change. It is a cultural shift inside the service and its political masters.

German reporting indicates the draft is being developed out of the Chancellery and is heading towards parliamentary consideration.

Whether the law, if passed, becomes a credible deterrent, or just another black box of state power with weak democratic control, will depend less on the fine print and more on how often ministers decide that the Exception has arrived.

France & the UK: Sabotage and Foreign Interference Criminalised

“We are now operating in a space between peace and war,” Blaise Metreweli, the new Chief of the Secret Intelligence Service (MI6), stated in mid-December 2025. (Image: SIS)

France has seen no comparable legislative overhaul, but its agencies are on high alert. Paris has repeatedly publicly attributed state-sponsored cyberattacks to Russian military intelligence, such as e.g. GRU’s APT28 hacking of TV5Monde and Olympic-related networks. French officials vow to use “all the means at their disposal to anticipate… [and] respond” to such threats. In practice, France already grants the DGSE, external intel, and DGSI, domestic security, wide latitude under France’s 2015/2017 intelligence laws. Those laws survived a 2021 amendment preserving strong surveillance authorities, with added judicial oversight, and forbidding civilian espionage. Unlike Germany, France has not formally authorised sabotage, but officials stress countermeasures in the cyber and law enforcement spheres. France recently formally criminalised sabotage and foreign interference via its 2023 National Security Act, following the UK’s lead, reminding that such acts are offences against French infrastructure or democracy, rather than tools for French agencies.

In the United Kingdom, new legislation and strategy similarly reflect the hybrid threat. The 2023 National Security Act overhauled Britain’s espionage laws to criminalise sabotage, foreign interference and expanded espionage. Though the Act targets hostile agents, intelligence chiefs note Russia’s campaign directly: UK MI6 chief Blaise Metreweli warned in late 2025 that Moscow uses “tactics just below the threshold of war”, cyberattacks, airport-drone incursions, arson and sabotage, to sow fear and chaos. According to Metreweli, Britain now sees sabotage as a form of warfare that “export[s] chaos” as a feature of Russia’s strategy. The UK has also granted GCHQ and military cyber command a more forward-leaning role, “defend forward”, in cyberspace, though such operations are mostly classified. By mid-2025, the heads of the CIA and MI6 publicly decried Russia’s “staggeringly reckless” sabotage across Europe, signalling Western intelligence solidarity against it.

Even Canada, ever closer to its European NATO allies, has moved to modernise its laws amid fear of Chinese and Russian interference. Bill C‑70 (2023) revised the Security of Information Act and Criminal Code, tightening espionage and sabotage laws and creating new offences for attacking critical infrastructure. CSIS, the Canadian Security Intelligence Service, remains strictly defensive: its public reports stress that CSIS may investigate espionage and sabotage and has long used Threat Reduction Measures (TRMs), from disinformation to minor network interference, under strict warrants. In 2024, CSIS for the first time explicitly used TRMs to disrupt perceived sabotage plots. Meanwhile, Ottawa is beefing up intel budgets and partnering with Five Eyes allies, but has not, so far as public law goes, authorised Canadian spies to go on the offensive outside the law.

Power Struggles, Scandals and Political Battles Around Nordic Secret Services

The trend is similar in Nordic countries. However, each Nordic Secret Service has also had other things to worry about than foreign threats.

Finland historically limited its Security Police (Supo) to domestic defence but has begun changing tack after joining NATO. The Finnish government is proposing major amendments to its Civilian Intelligence Act “to streamline information‑sharing and intelligence collection”. The amended law would allow Supo to share information with police and other authorities when it identifies a serious threat to national security. The various intelligence methods set out in the intelligence laws may be used by the Security Police and military intelligence even in the absence of a concrete suspicion of a crime. Under current legislation, intelligence authorities are permitted to notify criminal police of their findings if the most severe penalty prescribed for an already committed offence is at least three years’ imprisonment. Earlier in 2025, the agency reiterated that Russia continues to pose the greatest threat to Finland’s security.

Since the 2019 intelligence laws, Supo has ceased to be merely a domestic police-security body. It is now a civilian intelligence service with strategic relevance to foreign, defence and alliance policy. That shift has made its traditional placement under the Interior Ministry increasingly uncomfortable and politically sensitive. The Interior Ministry has announced that its National Security Unit will be abolished from the start of 2026, with responsibilities redistributed across the ministry. Prime Minister Petteri Orpo has publicly argued that Intelligence reporting should flow directly to the Prime Minister, not via a sectoral ministry. Supo has traditionally been part of internal security, alongside the police and border guard. Moving Supo to the prime minister’s direct control would strip the internal ministry of its most powerful security asset. However, now a NATO country, Finland’s intelligence is increasingly strategic, multinational and forward-looking, rather than merely focused on domestic threat prevention.

Sweden’s intelligence services, Säkerhetspolisen (SÄPO) and military MUST, have issued stark warnings. SÄPO reports that Russia is intensifying sabotage tactics as part of hybrid warfare, even recruiting marginalised individuals to plant explosives or cause disruptions.

According to the Swedish Security Service SÄPO, roughly 30 per cent of the staff at the Russian embassy on Gjörwellsgatan 31 in Stockholm are intelligence officers, tasked with recruiting and managing agents. SÄPO has also identified the Russian Orthodox Church in Sweden as a secondary, formally legitimate platform that Moscow uses for intelligence collection, influence operations and other activities deemed harmful to national security.
No major Swedish law change has been announced, but public reports show Stockholm and its NATO partners are beefing up defences of critical infrastructure and information security.

The Swedish government proposed a budget increase for SÄPO, 100 million SEK (EUR 9 million) more per year from 2026 to enhance its capacity to counter foreign intelligence activity, terrorism and violent extremism, especially the Russian threat. There is an ongoing debate in Sweden, focusing on whether SÄPO’s mandate and legal tools are sufficient for modern threats.

Beate Gangås, head of Norway’s domestic security service PST, has consistently framed Russia and China as the primary state-level threats to Norway’s security. In Norway’s National Threat Assessment 2025, she stated that Russia remains the biggest threat and that China’s intelligence activities are rising. PST warns that state actors, especially Russia and China, are conducting sabotage, influence and espionage operations against Norwegian interests. The report notes that sabotage and covert interference could occur on Norwegian soil and that both powers will intensify efforts to gather sensitive information and influence decision-making. In August 2025, PST chief Beate Gangås publicly blamed Russian hackers for hijacking a dam floodgate, warning that such operations aim “to influence and… cause fear and chaos” among civilians. Norway has so far avoided giving PST novel offensive powers, but parliament has debated expanding police and intelligence tools against espionage and sabotage, mirroring Sweden’s emphasis on prevention and shared Nordic security planning.PST stresses that broader civil-military and inter-agency cooperation, with E-tjenesten and NSM, is crucial, as threats from Russia and China are multi-domain and sophisticated.

In his report, published in December 2025, Norway’s Supreme Auditor criticised PST’s capacity given the threat environment, pointing to a gap between obligations and resources despite recent budget increases. “PST’s capacity to fulfil its obligations as a security and intelligence agency is limited,” the Norwegian State Auditor General Karl Eirik Schjøtt-Pedersen stated, remaining unhappy over how the Justice Ministry has responded to PST’s needs.

In Denmark, there has been an active debate about the role, oversight and legal limits of the Danish Security and Intelligence Service (PET). Politicians and civil liberties groups have discussed whether PET’s legal basis and powers are sufficiently clear and democratically controlled. A government proposal from late 2023 would strengthen intelligence oversight, giving the supervisory body new authorities, including oral reporting from PET leaders, as a response to concerns about accountability. Human rights organisations and think-tanks have also called for tighter limits and clarity on PET’s surveillance powers, arguing that vague legal language risks excessive intrusion into privacy.

High-profile intelligence controversies have pushed the issue into public view. A 2020s scandal involving Denmark’s foreign intelligence (FE/DDIS) and illegal actions produced intense scrutiny of intelligence operations and, by extension, debates about transparency and control, which inevitably touch on how resources are used. In September 2025, an ongoing Supreme Court case involving a man claiming he worked as a Danish intelligence agent has prompted broader public discussion about secrecy, legal limits and the intelligence services’ accountability.

Read More:

Must Read

×