Intelligence group secretly crafts new 'insider threat' policy

New rules to prevent an insider from betraying Canada's most valuable information were quietly drafted in the weeks after a top RCMP employee was charged with passing along national secrets, according to officials.

Move comes as case against RCMP official accused of passing along national secrets returns to court

Cameron Ortis, a senior intelligence official at the RCMP, walks with his lawyer Ian Carter, obscured at left, after leaving the courthouse in Ottawa after being granted bail, Tuesday, Oct. 22, 2019. Ortis is accused of violating the Security of Information Act and breach of trust for allegedly disclosing secrets to an unknown recipient. (Justin Tang/The Canadian Press)

New rules to prevent an insider from betraying Canada's most valuable information were quietly drafted in the weeks after a top RCMP employee was charged with passing along national secrets, according to officials.

The secretive Canadian Committee on National Security Systems is in charge of crafting official protocols for all the departments that need to access, view and protect prized intelligence and top secret information.

In December, the committee approved new standards on "insider threats", said a spokesperson for the Communications Security Establishment — just a few months after Cameron Ortis's September arrest.

Given the hushed nature of intelligence work, little is known about what the new guidelines say.

"The scope addresses the organizational, management and employee responsibilities within an insider threat program," said CSE spokesperson Evan Koronewski. The cyber spy agency acts as the committee's executive secretariat.

Ortis back in court Tuesday 

"Previous Government of Canada standards and guidance focused on specific technical and operational safeguards for IT systems and physical facilities," he said. "The [committee] established a community work group to develop a standard on developing an insider threat program based on current best-practices."

The first word of the new insider threat standard was tucked into a recent RCMP report, tabled in the House of Commons last week.

"The RCMP will continue to support the government of Canada's priority to establish standard insider threat policies and procedures across all departments," says the RCMP's 2020-2021 departmental plan.

Ortis worked as the director general of the force's national intelligence co-ordination centre and would have had access to intelligence gathered by both Canadian authorities and foreign allies.

He's charged with revealing secrets to unnamed recipients back in 2015 and planning to give classified information to an unspecified foreign entity or a terrorist group in 2019.

Ortis is expected back in court on Tuesday.

Watchdog flagged insider threat problems in 2015

Koronewski said the government departments responsible for the national security system are reviewing the new insider threat standard. Once they sign off, each department will have one year to implement any specific changes.

The Canadian Committee on National Security Systems includes assistant deputy ministers from:

  • Communications Security Establishment
  • Department of National Defence
  • Privy Council Office
  • Royal Canadian Mounted Police
  • Canadian Security Intelligence Service
  • Public Safety Canada
  • Shared Services Canada
  • Treasury Board Secretariat
  • Global Affairs Canada
  • Transport Canada
  • Natural Resources Canada
  • Corrections Services Canada
  • Immigration and Refugees Citizenship Canada
  • Canada Border Services Agency

Their "main responsibility is to oversee the protection of [national security systems], while enabling secure inter-operability within the Canadian security and intelligence community, as well as with allied organizations, today and into the future," Koronewski said.

The Security Intelligence Review Committee (SIRC), the former watchdog for Canada's spy agency, warned about "insider threats" years ago — and flagged gaps in the way top secret information is accessed.

A 2015 SIRC report raised concerns about safeguards against insider threats, which the report describes as "any person with authorized access who causes harm, intentionally or otherwise, to the assets of the organization."

The report specifically looked at what was being done at CSIS — but would have been written roughly around the time that Ortis is alleged to have first leaked sensitive information.

"In the aftermath of high-profile classified documents leaks such as those attributed to WikiLeaks, Edward Snowden and Sub-Lt. Jeffrey Paul Delisle, the Five Eyes community has elevated the concern posed by the 'insider threat' to a higher level," says the SIRC report. (The Five Eyes is an intelligence-sharing alliance between Canada, the United States, the United Kingdom, Australia and New Zealand.)

"Intelligence agencies are paying increased attention to the insider threat in order to reduce its potential rate of occurrence and, failing that, to help limit the damage that can be caused by a malicious internal actor."

With files from the Canadian Press

Add some “good” to your morning and evening.

A variety of newsletters you'll love, delivered straight to you.

Sign up now


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?