• C4ISR2020 Vanguard

Spies Among Us: Are We Blind To Insider Threats?

Playing out almost daily, the world’s most impactful nations masterfully engage in various tactics, like sanctions, tariffs, and detainments, for the advancement of greater strategic goals.

Like chess moves, they can be predictable and emerge from a well-worn political playbook and at other times they come out of the left-field, often leaving the opposing nation stuck between their agenda and civil conventions. These unfold on the global stage for all to see and are intended to coerce and pressure political foes while appeasing or outraging the public to gain further leverage.

But beneath the visible posturing is a mantled domain where intelligence, core to the security of a nation’s interests, is harvested and relied upon before any move is made. Conducted by both legitimate operatives and nefarious actors, these protracted games of Spy vs. Spy aren’t meant to be known by, well, anyone.

Every now and again, the public gets a glimpse into this world of need-to-know and permanent secrecy, and the surreptitious modality of the intelligence realm is thrust into the mainstream.

One of those days was Friday, September 13, 2019.

Unlucky Number 13
While still early days, what is publicly known about Cameron Ortis’ alleged exploit is jarring. In 2015, Ortis, an RCMP civilian director of an intelligence unit and one-time advisor to RCMP Commissioner Bob Paulson, allegedly engaged in criminal acts that violated Canada’s Security of Information Act.

Charged on September 13, the dossier claims Ortis had “obtained, stored and processed sensitive information” that was, according to the Crown, “intended to communicate that information to people he shouldn’t be communicating to ”.

Apparently, Ortis had offered sensitive information to organized crime, benefitting criminal activities and circumventing interdiction. Far worse, the release of this intelligence is purported to bring harm to the interests and integrity of Canada, its Five-Eyes (FVEY) partners’ and would compromise and expose informants.

Ortis’ charges are centered on processed information, but appears to be described as finished intelligence – rather than just ‘information’. What’s the difference? Information is the more benign beginnings of what may become intelligence. Simply put, information provides the who and what leading to validation and elaboration once it is processed and analyzed.

Existing on a higher platitude, finished intelligence defines the why, when and how, such as substantiating and correlating an actor to an agenda, planned activities, and associations. It is what critical decisions of national interest – security, military, and political responses – are made upon.

In the threat actor vein, with a cooperative nexus between transnational crime actors, terrorist groups and state and non-state threats, intelligence is a commodity with no shortage of interest in its acquisition.

With Ortis, what immediately stands out is his elevated position of trust and the presumed integrity required to maintain it, and also the actor group involved. The greater questions, if the allegations are true, revolve around causality – what may have caused Ortis to flip and how it could have been detected earlier.

A career death sentence for anyone in intelligence or security, treason is more than a transgression. It is the antithesis of the intelligence persona and a patented turn-coat to their sworn oath to protect national security at all costs. To commit treason puts that resource outside an exclusive realm that they will never see again; there is no atonement, reformation or reinstatement.

While it may be natural to ask “What could the motivation be?”, the answer is extraordinarily complex. While blackmail, financial compensation or a shift in morals, ideology or foreign loyalty could bring some to the life-altering precipice of treachery, is that some of a phenomenon?

There are a lot of pieces in understanding this puzzle. The current screening processes focus on the culmination of personality faults, problematic behavior, habits, and associations that would point to a higher risk of espionage. While these factors are relevant, the psychological aspects and every day wear and tear the ego or self-actualization may pose a greater, dynamic risk.

Is it psychological motivation rooted in ego, control, and power? Is there a psycho-social profile that is perfect or a profile that should be screened out? Or are we ignoring the fluidity of the human experience and the ranges of heightened success and let abject failure define our loyalties?

Certainly, there is something and it is insidious and difficult to detect.

How Delisle Redefined the Insider Threat
Foreign adversaries cultivating sources with compensatory gain or, if coerced or compromised, for self-preservation is not unusual. In fact, it’s been going on even before the Cold War and has evolved into a reliable tactic in the tradecraft. Routinely, intelligence and security resources are warned and coached on the risks of being targeted and scenarios to avoid, at home and internationally.

Then there are the willing, pro-social whistle-blowers and political sympathizers, such as Snowden, Manning, Assange, Montes, and Aragoncillo, who walk right into the shadows of treachery, attempting to sustain their delicate exfiltrations as long as possible. All of these individuals were screened and trusted with privileged national assets, but somehow their true agendas were either hidden or were developed overtime during their employment tenure.

Jeffrey Delisle was one of the willing, although his exploits and apparent causes were oddly different. Delisle, a DND Navy Sub-Lieutenant who was a threat assessment analyst, wasn’t groomed, compromised with threats of blackmail nor did he experience an ideological or political shift.

According to Delisle, the progressive unravelling of his personal life was enough for him to walk into the Russian Embassy in 2007, only blocks from his place of work in Ottawa, and offer valuable defence-related intelligence to the Russian military intelligence service (GRU).

With nothing flagging him as a threat, Delisle was able to make multiple exchanges with the Russians amounting to $71,817.00 – equivalent to almost a year’s salary. In 2011, a tip by the U.S. Federal Bureau of Investigation (and CSIS’ knowledge) brought about Delisle’s arrest and in 2013 he was sentenced to 20 years in prison (he has been out on probation since 2018).

The case against Delisle was precedent-setting under the Security of Information Act, relatively new legislation that was passed after the 9/11 terrorist attacks, replacing the National Secrets Act.

To an intelligence resource, the most chilling statement from Delisle was, “It was never really Canadian stuff. There was American stuff, there was some British stuff, Australian stuff – it was everybody’s stuff.” This was a blatant disregard and absent of remorse.

Aside from potential grievous harm to Canada and its FVEY partners, referring to intelligence as “stuff” was a marker that something in Delisle’s perspective had certainly changed.

Is Ego the Root of All Evil?
While Delisle did have marital problems, financial problems and immersed himself in escapism (video games), that can be said of many people. While emotional instability, social disassociation and compulsive or addiction-based behaviours, such as drugs, alcohol, gaming and illicit sex, are legitimate vulnerabilities to the risk of espionage, these have been inconclusive causal factors.

Dr. David Charney offers a theory in his essay, True Psychology of the Insider Spy. Charney’s work suggests that the core psychology of someone who becomes an ‘insider spy’ is “an intolerable sense of personal failure, as privately defined by that person” as the predisposition. What triggers the metamorphosis is a psychological perfect storm, creating a deep sense of personal failure and despair that requires a massive act of power and control to defend the ego.

Although plausible, Charney’s work hints at a classic and well-referenced theory, the locus of control, and accounts for a layer in this syndrome. The locus of control is one of the four dimensions in core self-evaluations developed by American psychologist Julian B. Rotter in 1954. Rotter also pioneered the social learning theory. Along with neuroticism, self-efficacy, and self-esteem, and locus of control defines to what degree a person believes that they have control over the events in their lives.

An external locus of control is formed on an individual’s belief that external forces are responsible for the negative events and experiences (reflecting upon self-esteem) in their lives – that they have no power to affect the outcomes. An internal locus is the opposite – an arbitrarily high level of confidence emerging from perceived capabilities to control and change those same outcomes.

Regardless of the underlying psychology and characteristics, there is general agreement in the intelligence realm that three key elements that must materialize for an individual to commit espionage: first, dysfunctions in the personality, second, a state of crisis or compounded crises as defined by the individual, and thirdly, an ease of opportunity or probability of success.

On the practical level, an individual who commits an act of espionage also must have an immense intellectual capacity to create and sustain two distinctly separate identities – their secret “spy” identity and their public self. This requires an ongoing, focused effort and private preoccupation with concealment, compartmentation, and deception.

While there is a high propensity and correlation of psychological factors to counterintelligence risks, some of the recent exploits may begin to redefine these frameworks, as well as legislation, ownership of intelligence to a centralized authority and a broader and stricter enforcement of need-to-know regardless of resource seniority.

Intel Community Meltdown?
Interestingly, as investigative findings were being concluded with Ortis, two other incidents were playing out that also stirred up the intelligence community.

In early September, Australian officials raided the Canberra home of a former Australian intelligence officer, Cameron Gill. Like Ortis, Gill was a senior official who was an advisor to former defence materiel minister, Mal Brough, and was involved in meetings with former U.S. ambassador John Berry in 2015.

While many details are lacking with the Gill raid, some believe the recent decisions by heads of defence and home affairs ministries to provision the Australian Signals Directorate to spy on Australian citizens is somehow related.

Also on September 13, U.S. House Intelligence Committee member, Adam Schiff, made an unprecedented move and issued a subpoena to the acting director of the Office of the Director of National Intelligence (ODNI) to compel production of the complaint, which was deemed to be credible and “of urgent concern”.

It was in early August that the ODNI received the complaint alleging serious abuse involving an intelligence activity. When it came to the attention of the House Intelligence Committee, its release by the ODNI was requested. That was met with an emphatic ‘beat sand’ by the acting director, Joseph Maguire, claiming it contains “confidential” and “potentially privileged communications by persons outside the Intelligence Community”.

Reading between the lines, the subpoena intimates unlawful concealment and protectionism by the Department of Justice and the White House, noting that the ODNI director is selected by and reports directly to the U.S. President.

Are these coincidental clean-ups or are they evidence of the infiltration or politicization of intelligence within the FVEY community? We may never know. But with all three incidents implicating senior intelligence officials within the alliance of misconduct, more than a few eyebrows have been raised.

Insider Blindness: Are We The Problem?
Understanding the harm done by “insider spies” is a qualitative exercise.

Delisle’s lawyer argued that his client’s sentencing was excessive since the Crown did not prove precise damage to the interests of Canada. Although it was not known what exactly was conveyed to the Russians, as there was no electronic evidence or record, his lawyer missed the point. The damage to DND and Canada’s reputation was immeasurable.

The subject of a few psychological studies, all arrived at similar conclusions: Delisle was, at that time, an anomaly. Emerging from assessments of his personal life, his socialization and his perceptions of personal agency and status. Delisle did not fit the typical profile of “insider threat” or spy.

Recent and unpopular arguments point out that the disclosure of classified information should be commensurate to its harm and who released it, such as the media. The counter-argument is that opens the door to self-justified whistleblowing and ignores the consequences of aggregation and a lack of understanding of the value of an asset to an adversary. Further, harm cannot be separated from criminalization.

This brings us to a more uncomfortable reckoning. At Ortis’ level, the potential impacts may be more grievous than straight forward sabotage of investigations or exposure of counter-tactics. Extending to acts of treasonous influence or collusion, his access to powerful political and federal officials is troubling, as we have seen the effects of infiltration in these echelons. Expecting a ripple effect, I presume that the damage allegedly caused by Ortis will play out for months.

In terrorism, there is a very simplified causal view of radicalization and rejection of society’s values: the marginalization of an individual’s ideological view, a perceived inequity and inability to access fair processes afforded to the rest of society, leading to the justification of violence to further an agenda. While not precise, it provides a basis for conceptual approaches to counter and mitigate the progression of radicalization.

The act of espionage may benefit from a similar academically and evidence-based approach that spans a spectrum: improved definitions in legislation, stronger partnerships for detection and interdiction, centralization of intelligence under one federal authority, and on the other end, comprehensive and continuous resource assessments.
Until we establish more substantial criteria around the depths of trust afforded to privileged resources, the phenomenon of the “insider threat” will undoubtedly persist and with it, the same echoing question will remain unanswered: why did they do it?

Author: Valarie Findlay

Valarie Findlay is an American Society for Evidenced-Based Policing member and a research fellow for the Police Foundation (USA) with two decades of senior-level expertise in cybersecurity and policing initiatives. She has worked extensively on federal cyber initiatives and is a member of the Canadian Association of Chiefs of Police eCrimes Cyber Council and AFCEA DC. She has a Masters in Sociology and a Masters in Terrorism Studies with her dissertation addressing the impacts of terrorism on law enforcement in Western Nations.

Share This Post On
468 ad

Submit a Comment

Your email address will not be published. Required fields are marked *

Visit Us On TwitterVisit Us On FacebookVisit Us On LinkedinVisit Us On Youtube