A year after espionage arrest, RCMP still hasn't acted on calls for tighter security
RCMP launched internal security review following the arrest of Cameron Ortis
The RCMP has flagged ways to tighten its security protocols in response to the Cameron Ortis espionage case — but not one of those changes has been implemented in the year since his arrest.
Ortis, who is still awaiting trial, served as director general of the RCMP's national intelligence co-ordination centre. He was arrested on Sept. 12, 2019 and charged with preparing to share sensitive information with a foreign entity or terrorist organization. He's also charged with sharing operational information back in 2015.
In the immediate aftermath of his arrest, RCMP Commissioner Brenda Lucki launched an internal security review.
"This mandate required a review of various security areas, including not only the Ortis incident but also more broadly the overall security practices of the RCMP," said Cpl. Caroline Duval in an email.
The final report coming out of that review is now complete. It made a number of recommendations but it hasn't yet been presented to the force's senior executive committee.
Duval said that will be done over the "coming weeks."
"A management action plan is also under development to prioritize the various recommendations," she wrote.
Jessica Davis is a former senior intelligence analyst with the Canadian Security Intelligence Service (CSIS) who now heads Insight Threat Intelligence. She said it's surprising the force hasn't acted on the findings yet.
"A year is a very long time," she said.
"If the RCMP is publicly saying that they haven't done anything or haven't implemented any of the changes that maybe need to happen in terms of increasing the security posture, what are they telling allies? Because they're obviously still receiving intelligence from the allies. So is the messaging the same to them? And if so, how are they taking that?"
The RCMP won't say what's in the security review report.
"We don't know very much at all about what happened and how it happened. But there seems to be a number of different elements in terms of where there might have been security gaps," said Davis.
"On the technical side, the ability to actually physically remove data from the RCMP's most secure premises is a huge concern. But then there's also the personal side in terms of how the screening of personnel is happening, how often those screenings are taking place and whether or not that needs to change."
A call for more routine oversight
Wesley Wark, a national security, intelligence and terrorism professor at the University of Ottawa, said the Ortis case suggests the RCMP's national security and intelligence operations need more routine audits.
"An internal investigation is fine up to a point but Ortis sat at the centre of an intelligence and communications web that reached to many domestic and international partners," he said.
"The bigger issue is that the RCMP on its national security side is not currently under any regular scrutiny from external, independent review bodies."
Under legislation passed last year to overhaul Canada's national security architecture, any review of the RCMP's national security activities falls under the nascent National Security and Intelligence Review Agency, which is set to present its first annual report to the prime minister this fall.
"But NSIRA is not required to conduct annual or even regular reviews of the RCMP (as it is for CSIS and CSE). It can simply look at aspects of RCMP operations when it chooses," said Wark.
According to documents viewed in the immediate aftermath of his arrest, the classified intelligence material Ortis is accused of preparing to share includes some of the most closely protected of Canada's national security assets, and its dissemination would have threatened Canada's relations with its allies.
"This type of information is among the most highly protected of national security assets, by any government standard, and goes to the heart of Canada's sovereignty and security," says an assessment completed in the immediate aftermath of his arrest by CSIS and the Communications Security Establishment (CSE), Canada's cybersecurity agency.
When asked if CSE has launched its own in-house review in the year since Ortis's arrest, a spokesperson said they can't comment since the case is still before the courts.
"CSE's unique security requirements, processes and procedures are classified, but we can tell you they are and always have [been] reviewed and updated on a regular basis," said Ryan Foreman.
"CSE provides continuous security education and training to staff, which includes increasing staff awareness of insider threat issues."
CSIS provided a similar statement.
"Internal processes to mitigate insider threats are continuously assessed and updated if required. Informed by audits, reviews and best practices, CSIS continuously works to improve training for employees and updates its security policies and procedures accordingly," said CSIS spokesperson John Townsend.
"All CSIS employees undergo an intensive screening process at the time of hiring which must be renewed every five years."
Bullying review launched
In the year since his arrest, the RCMP also has completed a review of Ortis's "managerial actions" in response to multiple employees coming forward to allege that he degraded and abused staff members while working as director general of the national intelligence co-ordination centre.
In a civil lawsuit first reported on by Global News, the employees allege that they had been raising concerns about Ortis' "strange and controlling behaviour" since January 2017, but nothing was done.
Former senior Mountie Alphonse MacNeil was hired to conduct an independent review of the intelligence centre and submitted it to the deputy commissioner on May 11, 2020.
The RCMP said it is still working out how to implement MacNeil's findings.