The FSB, or Federal’naya Sluzhba Bezopasnosti, is possibly the most influential of the KGB’s successors. It is also the principal domestic security capability of the Russian Federation. Hence, it is naturally a highly complex and large organisation. Its entire system is indeed challenging for anyone seeking to map and understand its entire structure, functions, and capability. This article is based on open-source information mainly from using techniques that enable collection from the Russian internet.
Information Gaps
There are information gaps. Due to the secretive nature of intelligence services in general, the main body of information has not been possible to collect from official sources. Thus, two sources, Agentura.ru and the Dossier Center, have proved crucial.
However, the complex structure and the dissident nature of named sources bring challenges. Some minor flaws may appear in the information provided below. However, the intention is to provide a holistic understanding of the organisation. While flaws may appear, the sources are validated to any possible extent by cross-referencing a vast amount of collected material. The data sources range from internet forums and social media posts to news media reporting.
Enjoy the reading and remember to access certain sources with care. Use a Virtual Private Network (VPN) solution or equivalent.
1 The FSB Organisation
The FSB is a federal agency within the executive branch of the Russian government responsible for internal security and counterintelligence. In practice, this means ensuring the security of the Russian Federation and protecting and guarding the country’s borders. It is also responsible for information security including protection from foreign cyber operations and monitoring of domestic criminal hackers. This mission is jointly undertaken by the FSB and the Ministry of Internal Affairs (source). Furthermore, the FSB has a coordinating function regarding the counterintelligence activities of other relevant federal agencies (source).
Since its foundation in 1995, the FSB’s main responsibilities have been within domestic affairs. Still, recent developments suggest that the FSB is increasingly seeking greater influence overlapping with several other agencies. Examples include foreign intelligence activities and offensive cyber operations. These areas partly overlap with the Foreign Intelligence Service (SVR) and the Main Directorate of the General Staff of the Armed Forces (GRU) (source). Within domestic affairs, there is an overlap with the Federal Protective Service (FSO) and the Ministry of Internal Affairs (MVD). The FSB’s function as outlined in the first paragraph as per Federal Law No. 153-FZ of 27.07.2006 states its responsibilities.
1.1 The FSB’s Main Responsibilities
- Counter foreign intelligence operations.
- Combat terrorism.
- Combating crime.
- Provide domestic intelligence.
- Safeguard Russia’s borders.
- Safeguard information security.
The paragraph concludes that “other areas of activity of federal security service organs shall be determined by federal legislation” (source).
The Russian government provides the following description of the FSB’s function:
”The Federal Security Service (FSB) is a federal executive body with the authority to implement government policy in the national security of the Russian Federation, counterterrorism, the protection and defence of the state border of the Russian Federation, the protection of internal sea waters, the territorial sea, the exclusive economic zone, the continental shelf and their natural resources, ensuring the information security of Russia and exercising the basic functions of the federal security services specified in the Russian legislation, as well as coordinating the counterintelligence efforts of the federal executive bodies that have the power to do so.” (source).
In sum, the FSB is the principal domestic security capability of the Russian Federation. The FSB is primarily responsible for internal security, counterintelligence, safeguarding borders, and ensuring information security. Today’s organisation was created in 1995 and serves to protect the Russian government’s interests in Russia and abroad.
2 The FSB Structure
The organisational structure of the FSB is built on the FSB services and directorates. There are directorates assigned to a specific region and constituent territorial entity of the Russian Federation. There are also directorates within the services such as the infamous Directorate “A” and Directorate “V”. These operate under the Special Purpose Center. Other examples are found in Department “K” (not to be confused with TsSN Directorate “K”, or Kavkaz Group) and Department “P” under the Economic Security Service, which in turn are divided into additional departments. Moreover, the FSB disposes of air units, special training centres, additional special operations units, educational and research establishments, and medical facilities (source).
2.1 The FSB’s Internal Hierarchy
The FSB’s services, directorates, and other entities within the organisation are directly subordinate to the FSB central apparatus. While the FSB is directly subordinate to the president of Russia, the organisation is not only led by the FSB Director, Alexander Bortnikov. It is also run through representatives of various units within the special services. This suggests that there is a multilevel FSB control system. This blurred structure brings challenges to anyone seeking to map and understand the organisation in full.
This challenge becomes even more evident as the FSB is one of Russia’s most closed government agencies. However, publicly available information suggests that the key leadership of the FSB is constituted by a director supported by a first deputy director, a first deputy director responsible for the organisation’s border service, and five deputy directors including the state secretary (source). Today, army general Alexander Vasilievich Bortnikov serves as Director.
The deputy director post is held by Colonel General Igor Gennadievich Sirotkin. He is also Chief of Staff of the National Anti-Terrorism Committee. Furthermore, Sergey Borisovich Korolev and Army General Vladimir Grigorievich Kulishov serve as first deputy directors. Kulishnov is currently the head of the Border Service. Colonel General Alexander Nikolaevich Kupryazhkin serves as Secretary of State.
2.2 The FSB Structure: An Overview
Operating from its headquarters in Lubyanka, the FSB’s central apparatus manages at least 17 independent and/or interlinked entities. Among these, at least nine are main services and at least eight are additional directorates. They likely act per their mandate reporting directly to the key leadership. The nine identified services are:
- The Counterintelligence Service
- The Service for Defence of Constitutional Order and Fight against Terrorism
- The Department of Military Counterintelligence
- The Economic Security Service
- The Operational Information and International Communications Service
- The Organisational and Personnel Service
- The Activity Control Service
- The Scientific and Technical Service
- The Internal Security Service/The Organisational Security Service
The eight identified additional directorates are:
- Social Welfare Service
- Special Purpose Center
- The Border Service
- Educational Establishments
- FSB Aviation Directorate
- Military Medical Directorate
- Directorate “M”
- The Financial Control Service
3 The FSB History
The FSB’s rich history and rapid development started in 1995 as a successor of the FSK, FAPSI, and initially the KGB. It reflects an expansive agenda and adaptation to internal and external challenges faced by the Russian Federation.
3.1 1995 – 2000: The Founding Years
The FSB was established on April 3, 1995, succeeding the Federal Counterintelligence Service FSK. FSK was the successor of the Ministry of Security which in turn took over domestic and border security responsibilities from the Federal Agency of Government Communications and Information (FAPSI) in 1992. FAPSI was the original successor of the Committee for State Security (KGB) after the organisation was dissolved in 1991. During the 90’s, the FSB operated as per the traditional KGB Modus Operandi. It focused on domestic security matters such as hostage situations and counter-terror operations.
Prominent examples are the Budyonnovsk hospital hostage crisis in June 1995, and the Kizlyar-Pervomayskoye hostage crisis in January 1996. Moreover, there are allegations that the FSB was behind the apartment bombing in Moscow in 1999. This ultimately led to the First Chechen War in which the FSB’s special purpose units, the Vympel and Alpha groups of the FSB Special Purpose Center participated. Since then, the FSB’s special purpose units have participated in every major conflict fought by Russia (source).
3.1.1 The FSB’s First Steps Toward a Cyber Capability
At the end of the 1990s, the director Vladimir Putin made a move towards the cyber field. This challenged the monopoly that until then was held by FAPSI. In the Central Apparatus of the FSB, a new unit, the Directorate of Computer and Information Security (UKIB) was formed operating subordinate to a larger department of counterintelligence. Moreover, since the late 1990s, divisions have been created within the FSB that can go beyond strictly defined constitutional duties. An illustrative example is how the development enabled control of other law enforcement agencies. This includes the prosecutor’s office, the Interior Ministry, and the Federal Protective Service (FSO) (source).
3.1.2 Directorate K
One of the most important structural changes of the 1990s was the development of the FSB’s Department of Economic Security. Directorate “K”, which gave the special services an increased mandate to intervene in financial and business matters, was also developed. In addition to counterintelligence and counterterrorism, the changes served as an enabler of the FSB’s increasing national economic control.
3.1.3 Developing an Aviation Capability
Another prominent development was the FSB’s increasing aviation capability. The Aviation Department was a part of the Federal Border Service which was integrated into the organisation in 1993. However, the intended efficiency and outcome of the department remained absent. As a result, a commission was created in 1999, intending to create an efficient aviation capability within the FSB.
Only a few months later, in February 2000, the foundation was laid for what is today known as the FSB Aviation Directorate. The development meant that the FSB’s special purpose units received their aviation, performing strictly special operations tasks. The main activity of the FSB aviation was cooperation with the Vympel and Alpha detachments. It also acted as a supportive quick reaction force. This meant that it operated in an extremely short time, delivering a special unit to the right place to carry out assigned tasks (source; source).
3.2 2000 – 2009: An Emerging Cyber Capability, and Domestic Challenges
2000-2003
During the early 2000s, the FSB expanded rapidly with an increased focus on the digital environment and its cyber capabilities. The monopoly of the cyber arena held by FAPSI was dissolved on March 11, 2003. This occurred when President Vladimir Putin split the organisation between the FSB, the SVR, and the Federal Protective Service (FSO).
The disbandment resulted in the 3rd Main Department of FAPSI (responsible for SIGINT) being moved to the FSB as the Center of Electronic Intelligence (ELINT) in Communications, also known as the Center 16. Also, the regional ELINT units of the FAPSI were reorganised into the FSB Information Reception Center. Moreover, this period saw the creation of the FSB’s Operational Information and International Communications Service and today’s Border Service. This gave the FSB responsibility for all cross-border aviation security after the abolishment of the Federal Border Service (source; source).
2004
In 2004, Russia’s federal agencies underwent administrative reforms. This resulted in departments being renamed as services. The UKIB was turned into the 18th Center of the FSB operating within the Service of Counterintelligence. Moreover, the Aviation Directorate and a separate subordinate air squadron were formed in January 2004. One year later, units and aviation units of the Border Service were integrated into the Directorate (source).
Resulting from the reforms, the FSB was broadly divided into two sections: an operative section and a supportive section. The operative section was mainly carrying out counterintelligence, intelligence, and counterterrorism operations. The support department developed special technical equipment and other relevant material capabilities (source).
3.2.1 An Increasing Domestic Threat
Controversy in the 2000s accompanied the FSB’s organisational development. This was mainly characterised by an increasing focus on the digital environment. The decade saw the FSB responding to two of the country’s most devastating terrorist attacks. These were the Moscow theatre hostage crisis in October 2002, and the Beslan school hostage crisis in September 2004. At the Moscow theatre, the FSB filled the building with Fentanyl gas intending to incapacitate the terrorists. While the FSB’s special forces successfully eliminated the terrorists, 130 hostages died from the gas. Only five of those died at the hands of the terrorists. In Beslan, 330 people died including approximately 180 children in a siege that lasted for three days (source).
3.2.2 The FSB: A State in the State
The aftermath of the Beslan siege led President Vladimir Putin to order a reform of the FSB and the MVD. He signed Decree 1167, which looked at “urgent measures to increase the efficiency of the fight against terrorism” (source). The reforms were completed by July 2005, but their efficiency remains unknown. Accompanying the reforms of 2004, the number of deputy directors was cut from twelve to four. Additionally, some departments were abolished. Instead, independent services were created, within which departments were formed resulting in a widespread and decentralised control system (source).
The development practically made the FSB a state in a state through its new self-governing structure. This enabled it to intervene in almost any situation. During this period, the FSB’s Organisational and Personnel Service (SOKR, or then, “Sechin Special Forces”) was created enabling an expansion of FSB operations to include witness protection. Witness protection is of relevance as it offers opportunities to directly influence FSB targets.
3.2.3 A Foreign Focus
This development was later accompanied by a new legislation in the Summer of 2006. This gave the FSB the mandate to engage in targeted killings of terrorism suspects overseas (source). Resulting of the developments in the late 1990s and early 2000s, the FSB emerged as an increasingly powerful organisation which would continue to expand. One such example is the turn towards offensive cyber operations abroad and an increasing mandate overlapping with other agencies. During the infamous cyber-attack targeting Estonia in 2007, the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) only held a supporting role besides the FSB (source). The same goes for the cyber-attacks towards Georgian digital infrastructure in 2008. These attacks were followed by the Russo-Georgian War in which at least 1,500 FSB personnel participated (source).
3.3 2009-2015: Counter-Terrorism Operations and a Foreign Direction
Starting in 2009, Russia saw an increasing terrorist threat mainly from a Chechen separatist shift from pro-Western sympathies towards beliefs strongly influenced by the Salafi doctrine. In March 2010, Islamist militants conducted the infamous Moscow Metro bombings, killing at least 40 people (source). As a result, FSB’s mandate in countering terrorism expanded to enable the detention of civilians for 15 days on terrorist-related suspicions.
Furthermore, the organisation’s special purpose units engaged in counter-terrorism operations during the insurgency in the North Caucasus starting in 2009, and during the annexation of Crimea in 2014 (source; source).
3.3.1 The FSB’s Increasing Foreign Focus
Moreover, an increasing focus on Russia’s border states was followed by a shift towards engagement in military conflicts abroad. The most illustrating example is found in Russia’s intervention in the Syrian civil war in 2015. As the FSB started to consolidate its role within foreign intelligence and international operations, the organisation increasingly started to overlap with the GRU and SVR. This is reportedly still causing friction between the agencies (source).
Finally, moving into the 2010s, the FSB’s cyber units, i.e., Center 16 and Center 18, increasingly engaged in and coordinated offensive cyber operations. These targeted Russian adversaries, opposition politicians, and Russian dissidents abroad.
One of the most prominent developments was the emergence of Callisto Group in 2015. Callisto Group is a Center 18-linked Advanced Persistent Threat (APT) actor known for its sophisticated spear phishing campaigns utilising email accounts that have been compromised by the group.
3.4 2015 – Present: Assassinations, Offensive Cyber Operations, and Interstate War
An emerging development of the FSB positioning itself as Vladimir Putin’s main enforcer became evident in the period between 2015 and 2017. An illustrating example is the detention of three regional governors in criminal cases. The detentions were conducted by the Sixth Service’s Internal Security Department (USB). While political commentators speculated that the agency acted on its own, there were strong indications of Putin’s involvement (source; source). Other prominent examples involve targeted assassinations, an increasing trend of sophisticated offensive cyber operations targeting domestic and foreign actors. Another prominent example is the participation of the FSB in interstate war, i.e., the current war in Ukraine.
3.4.1 Assassinations
A significant development regarding the organisation’s operations involves of assassinations targeting Russian dissidents in Russia and abroad. A prominent example is found in the assassination of Boris Nemtsov, a prominent opposition leader, in central Moscow in 2015. Furthermore, after the 2018 poisoning of Sergei and Yulia Skripal in Salisbury, the British police reportedly identified a suspect as a former FSB officer acting under several code names including “Gordon” and “Mihails Savickis” (source).
3.4.2 Offensive Cyber Operations
Even though the FSB’s offensive cyber operations trace back to at least 2004 (source), particularly the snake malware and its variants which are assessed to constitute a core component in espionage operations conducted by Centre 16, the current modus operandi and sophisticated capability emerged around 2015. From at least 2015 until 2023, The FSB’s Center 18 conducted offensive operations targeting British Parliamentarians from multiple parties, including impersonation of individuals and spear-phishing operations.
Furthermore, starting in at least 2017, the FSB’s Center 16 started focusing on critical national infrastructure including targeted attacks towards the UK energy sector. Other examples are a 2017 attack targeting the European and North American energy sector, a 2018 attack targeting the American energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors, and a 2020 reconnaissance operation targeting the US aviation sector (source; source).
3.4.3 The FSB in Ukraine
The FSB enjoys a leading role in Russia’s intelligence and influence operations. Still, the organisation is expanding its focus beyond Russian borders. A prominent example is the preparations leading up to the invasion of Ukraine in 2022.
In 2021, the FSB was reportedly ordered to prepare plans to occupy Ukraine resulting in the Fifth Service of the FSB taking the 9th Section of the Department of Operational Information and turning it into a Directorate. The operations of the 9th Directorate were aimed at Ukraine’s parliament and critical national infrastructure. Moreover, it was tasked to draw a detailed picture of the access achieved across Ukraine by Russia’s special services and then to plan how existing assets on the ground could be used during the invasion and subsequent occupation (source).
While there are indications of the FSB conducting disinformation campaigns in Africa, the organisation has become almost fully consumed by the ongoing war in Ukraine. Apart from two departments traditionally dedicated to Ukraine, all departments are heavily engaged in supporting the Russian war effort today, including the Department of Economic Security, now in charge of helping Russia survive Western sanctions, and the Office for the Protection of the Constitutional Order within the Second Service, recently tasked with imposing and maintain a pro-Russian narrative across academia, universities, and schools. FSB’s activity in Ukraine marks an unprecedented shift that cannot be compared to previous FSB conflict support.
The FSB’s Operations in Ukraine
The FSB’s current operations related to the ongoing war include the identification of members of Ukrainian armed forces and police, recruiting collaborators, extracting potentially useful intelligence, and collection of ‘testimonies’ regarding alleged Ukrainian war crimes. Here, FSB officers have been reported to interrogate, torture, take fingerprints, mine personal phones for data, and inspect social media accounts as well as personal messages of Ukrainian civilians (source; source). Physical operations in Ukraine are mainly conducted by the FSB’s special operations units, the Military Counterintelligence Service, and the FSB Border Service (source). Publicly available information provides evidence for the Alpha group actively operating and taking part in military operations (source).
3.5 Methodology and Practices
The FSB’s common methods align with the organisation’s principal responsibilities, i.e., the detection, prevention and interdiction of foreign intelligence activities, the coordination of domestic and, to a larger degree, foreign counterintelligence measures, the suppression and detection of crimes, combating organised crime, corruption, and smuggling, as well as preventing illegal migration and illicit arms trafficking ensuring the protection of classified government information (source). Still, following the patterns of what has been mentioned above, the FSB often use methods that violate citizens’ constitutional rights including torture, suppression of freedom of speech, falsification of criminal cases, raids and seized businesses, and assassinations in Russia and abroad (source).
More specifically, high-ranking FSB officers are targeting key figures within various government agencies or major businesses using a wide range of methods from planting evidence to aggressive targeted encounters intended to provoke desired crime. These operations are commonly conducted with the President’s approval. An illustrating example is the case of Denis Sugrobov, who led the Interior Ministry’s anti-corruption unit. Sugrobov was targeted by the FSB and was eventually convicted in 2017 on charges of organised crime and abuse of power (source; source).
3.5.1 Domestic Surveillance and Foreign Interference
Other common methods include wiretapping and monitoring of Russian data traffic via the System for Operative Investigative Activities (SORM) and the State System for Detecting, Preventing, and Eliminating the Consequences of Computer Attacks on Information Resources of the Russian Federation (GosSOPKA), two systems in which all Internet service providers in Russia are obliged to take part (source). Furthermore, the organisation is increasingly attempting to interfere in foreign election processes as per the traditional methodology of “Active measures” (aktivnyye meropriyatiya) (source; source).
The concept of active measures is commonly conducted covertly while violating laws involving blackmail, bribes, and disinformation. Accompanying this Soviet-era methodology is the concept of maskirovka, which is based on concealment and deception. While maskirovka traditionally has been used in military settings, observations from Ukraine suggest that the FSB is utilising the method to influence civilian populations (source).
4.5.2 Circumventing Attribution in Cyberspace
A final prominent methodology in the FSB’s repertoire is the recruitment of cyber criminals to enable domestic and foreign operations. A prominent example of such conduct is the use of criminal hackers during the above-mentioned Yahoo hack. The methodology aligns with that of Maskirovka as criminals for hire offer opportunities for plausible deniability. Another more general example is the common use of Russian hacktivist entities. While these groups rarely cause any substantial damage, they are indeed capable of causing disturbance and service outages that may last for days and undermine public trust towards government institutions (source).
4 The FSB’s Future
As should be evident by now, the FSB is a vast and complex organisation. Hence, any assessment of future developments is indeed challenging and dependent on several internal and external factors. Still, current, and historical developments reveal possible emerging patterns that may guide what to expect in the future of the FSB.
4.1 The FSB in the Arctic Region
FSB’s vast presence within the Russian Federation, reaching from its central apparatus to its most rural border areas, has significance when looking at Russia’s geostrategic aspirations in the Arctic region. Back in April 2012, Vladimir Pronichev announced that the country was planning to build 20 frontier posts in the region to increase the prospects of hydrocarbon deposit exploration. FSB’s border personnel will likely follow. Hence, there are prospects for further expansion of the FSB’s presence in Russia. It is plausible to assume that any such expansion extends beyond national borders including an increased maritime capability.
4.2 Foreign Expansion and Internal Friction
Continuing on the theme of foreign operations is the aspiration of gaining larger global influence (source). While already overlapping with the SVR and GRU abroad, increasing expansive mandates will likely create further friction among Russian intelligence services and thus potential vulnerabilities that may offer opportunities for external influence by foreign states in terms of recruitment and other types of covert influence.
4.3 Corruption
The extensive apparatus and mandate that is currently held by the FSB contributed to significant corruption problems (source). Hence, there are even more prospects partly for external influence and potential recruitment, but also for increased internal splits. How such splits will materialise is a difficult question. Still, it is reasonable to assume that they evolve at the expense of one part or another. When looking at the rapid development of the FSB since its founding, mainly spurred by President Vladimir Putin, there is a realistic possibility that any such split has the potential to weaken FSB’s competitors and further strengthen the organisation’s mandate.
4.4 Militarisation of Russia’s Domestic Security Apparatus
Since 2022, the FSB has been highly occupied in conducting domestic and foreign operations in Ukraine and beyond (source). The domestic focus targeting Russian citizens is of particular interest as it hints at a potential militarisation of Russia’s domestic apparatus. This development includes increasing arrests, harassment, and surveillance of political opposition, dissents, and public critics. An increasing mandate to act targeting Russian citizens may spur public discontent to a degree that, in turn, could be utilised by external actors seeking to influence Russian public opinion.
