Blake Mobley is a former CIA analyst now working at RAND. Terrorism and Counterintelligence: How Terrorist Groups Elude Detection looks at how a number of terrorist organizations have approached the important task of counter-intelligence, and how different key factors shape the challenges and efficiency of their counter-intelligence work.
This is a book that really didn't need to be a whole book for the conclusions it draws, as they're pretty easily summarized in three sentences or less, but I still found it worth reading not just for the discussion of exactly how these factors shape the counter-intelligence work, but also for the general discussion of principles of counter-intelligence work, and the terrorist group histories – the case studies, so to speak – which illustrate Mobley's points. There are four chapters on the Provisional IRA, Fatah & Black September, Al Qaida, and the Egyptian Islamic Group, respectively, as well as a chapter on a number of embryonic terrorist groups who failed to meet the counter-intelligence challenges their situations entailed, and who consequently were eliminated.
I won't rehash the histories of the various groups here; there's Wikipedia and Mobley's book (and others) for those sufficiently interested, and I'm a bit short on time. Instead, I'll present the major theoretical findings of the book – or, the three key factors that "shape how and how well a group identifies and mitigates (…) counterintelligence threats".
The job of counter-intelligence is to defend the organization against human spies, technical collection of various forms of communication, direct observation of the organization's activities in its area of operations and/or controlled territory, passive observation of the group's members moving in/through hostile territory, and exposure in the media.
Organizational structure – more specifically, whether the organizations is strongly controlled top-down or its control functions are decentralized, determines whether there'll be strong, standardized procedures in place to deny the enemy's attempts to penetrate the organization. Standard operating procedures will greatly improve counter-intelligence capabilities – but it also entails a risk: if the enemy knows what your organization is doing to prevent penetration, it can adapt to counter those specific standards and procedures. If, instead, the counter-intelligence methods used depend on who the local commander is, it becomes much harder for the enemy to predict.
Popular support makes it harder for the group's enemies to find informants, and to move among the group's supportive populations undetected and/or unreported. However, if you spend too much time and energy on gaining the population's support – for example, through frequent media appearances – you risk accidentally offering information that your enemies will use to get at you (Mobley offers Yassir Arafat's many media appearances as an example of this).
Controlled territory makes it a lot easier for a terrorist group to train and plan activities, and makes it a problem for its enemies to get close to observe and penetrate it. However, at the same time, it offers those enemies a clear and obvious target for their intelligence operations – and it can also make the terrorist organization overly confident, leading to laxer standards and thus increased opportunities for its enemies.
Anyway, recommended. A negative review on Amazon lists a number of details supposedly wrong with the PIRA chapter, but they're all just that; details that don't seem to affect the general narrative in any major way, nor the theoretical conclusions.
(Unfortunately, I've been unable to verify whether this is the same Blake Mobley who's apparently written a number of Dungeons and Dragons stuff.)