Intelligence group secretly crafts new 'insider threat' policy

New rules to prevent an insider from betraying Canada's most valuable information were quietly drafted in the weeks after a topRCMP employee was charged withpassing along national secrets, according to officials.

The secretive Canadian Committee on National Security Systems is in charge of crafting official protocols for all the departments that need to access, view and protect prized intelligence and top secret information.

In December, the committee approved new standards on "insider threats",said a spokesperson for the Communications Security Establishment just afew monthsafter Cameron Ortis's September arrest.

Given the hushed nature of intelligence work, little is known about what the new guidelines say.

"The scope addresses the organizational, managementand employee responsibilities within an insider threat program," said CSE spokesperson Evan Koronewski. The cyber spy agency acts as the committee's executive secretariat.

Ortis back in court Tuesday

"Previous Government of Canada standards and guidance focused on specific technical and operational safeguards for IT systems and physical facilities," he said. "The [committee] established a community work group to develop a standard on developing an insider threat program based on current best-practices."

The first word of the new insider threat standard was tucked into a recent RCMP report, tabled in the House of Commons last week.

"The RCMP will continue to support the government of Canada's priority to establish standard insider threat policies and procedures across all departments," says the RCMP's 2020-2021 departmental plan.

Ortis worked as the director general of the force's national intelligence co-ordination centre and would have had accessto intelligence gathered by both Canadian authorities and foreign allies.

He's charged withrevealing secrets to unnamed recipients back in 2015 and planning to give classified information to an unspecifiedforeign entity or a terrorist groupin 2019.

Ortis is expected back in court on Tuesday.

Watchdog flagged insider threat problems in 2015

Koronewskisaid the government departmentsresponsible for the national security system are reviewing the new insider threat standard. Once they sign off,each department will have one year to implement any specific changes.

The Canadian Committee on National Security Systems includes assistant deputy ministers from:

• Communications Security Establishment
• Department of National Defence
• Privy Council Office
• Royal Canadian Mounted Police
• Canadian Security Intelligence Service
• Public Safety Canada
• Shared Services Canada
• Treasury Board Secretariat
• Global Affairs Canada
• Transport Canada
• Natural Resources Canada
• Corrections Services Canada
• Immigration and Refugees Citizenship Canada
• Canada Border Services Agency

Their "main responsibility is to oversee the protection of [national security systems], while enabling secure inter-operability within the Canadian security and intelligence community, as well as with allied organizations, today and into the future," Koronewski said.

The Security Intelligence Review Committee (SIRC), the former watchdog for Canada's spy agency, warned about "insider threats" years ago and flagged gaps in the way top secret information is accessed.

A 2015 SIRC report raised concerns about safeguards against insider threats, which the report describes as "any person with authorized access who causes harm, intentionally or otherwise, to the assets of the organization."

The report specifically looked at what was being done at CSIS butwould have been writtenroughly around the time thatOrtis is alleged to have first leaked sensitive information.

"In the aftermath of high-profile classified documents leaks such as those attributed to WikiLeaks, Edward Snowden and Sub-Lt. Jeffrey Paul Delisle, the Five Eyes community has elevated the concern posed by the 'insider threat' to a higher level," says the SIRC report. (The Five Eyes is an intelligence-sharing alliance between Canada, the United States, the United Kingdom, Australia and New Zealand.)

"Intelligence agencies are paying increased attention to the insider threat in order to reduce its potential rate of occurrence and, failing that, to help limit the damage that can be caused by a malicious internal actor."