RCMP review after arrest of staff to strengthen internal security – National | Techno Glob

A confidential RCMP review, following the arrest of a senior employee for allegedly leaking classified information, has called for top-level leadership to fundamentally change the national police force’s security culture.

The newly released report makes 43 recommendations, including training updates, stricter adherence to federal security screening standards and the possible introduction of random physical searches.

The review “confirms gaps in the RCMP’s security practices that could be closed or at least reduced,” the study’s joint chairs said in a message.

Read further:

Richmond RCMP issued a public warning after a woman was sexually assaulted near Abercrombie Drive

“The security posture of the RCMP can and should be improved to reduce risk within the RCMP and protect public safety,” it read.

Story continues below advertisement

The review, led by a retired RCMP superintendent, followed the September 2019 arrest of Cameron Jay Ortiz, who was then director general of the force’s National Intelligence Coordination Centre.

Ortiz is accused of violating the Information Security Act by allegedly disclosing secrets to an unknown recipient, as well as breach of trust and a computer crime. The trial will be held next year.

The review, ordered by RCMP Commissioner Brenda Luckie, looked at security issues related to organizational elements and personnel, physical settings and information technology, as well as “insider threats” within the force.

The resulting report, completed in June 2020, was recently disclosed to the Canadian press in response to an access to information request filed 19 months ago.

Click to play video: 'Over 80 guns, ammo seized in rural Manitoba home raid: RCMP'

More than 80 guns, ammunition seized in rural Manitoba home raid: RCMP

Several parts of the 78-page document were deemed too sensitive to be released.

Story continues below advertisement

The report says a management plan is being drawn up to map out how power can change. In response to questions about progress on specific solutions, the RCMP indicated that efforts are still ongoing.

“The RCMP is committed to addressing the recommendations from the review which gives the organization an opportunity to modernize our security practices and posture,” Mountie spokesperson Robin Percival said.

“We continue to review and adapt our security posture to protect RCMP information, assets and the ever-evolving landscape facing the national police force.”

The review team drew on expert knowledge from across the RCMP and examined previous audits, evaluations and security-incident files.

The report said that information from Ortiz’s investigation, known as Project S, also had a “need to know.”

This information was provided through interviews with 53 employees that allowed the team to “study the breach committed by Ortiz, which, in turn, informed efforts to identify vulnerabilities.”

However, some individuals could not be interviewed to maintain the integrity of the criminal investigation.

Read further:

Emails reveal NS RCMP concerns about conflict of interest in husband-wife appointment

Story continues below advertisement

Among the key findings of the report:

_ Security awareness training was not mandatory in the RCMP, and existing training was outdated;

_ a widespread attitude that security restrictions are something that must be worked around to get the job done;

_ Although the RCMP processed requests for security clearance updates and upgrades, limited resources were directed to vetting new hires, meaning delays and backlogs related to updates for current personnel;

_ Lack of standards on the management of information technology assets, including portable storage devices;

_ Authorization for access to computer systems, such as the Canadian top secret network, was granted even when the employee’s duties did not require access;

_ There is a feeling that employees are reluctant to report safety incidents because they fear the consequences for themselves or colleagues; And

Organization-level factors contributed to “creating opportunities for exploitation,” including poor management practices, ineffective communication between different sectors of the RCMP and a strong belief that existing security controls were adequate.

The report emphasizes that the allegations against Ortiz have not been proven in court. But the review team concluded that he was able to gain and maintain the trust of many senior leaders.

Story continues below advertisement

“The level of trust and confidence gained by Ortiz is reflected in common insider threat warning signs even before Ortiz evaded arrest.”

The report said Ortiz’s alleged breach could prompt valued partners to deny the RCMP access to sensitive material critical to fighting crime, protecting public safety and preserving national security.

“Efforts and costs to re-establish lost access and capacity can be significant,” the report said.

Because of this, it was important to conduct a serious internal investigation into not only the broader security issues, but also the climate within the RCMP that “was a significant factor in how the events unfolded.”

The report recommends several changes, including the following steps:

_ Strengthening the role and influence of the RCMP’s Chief Security Officer;

_ Apply Treasury Board standards on security screening to the greatest extent possible;

_ Develop specific mandatory training measures to address insider threats and increase knowledge and awareness of security responsibilities;

_ Guide the Department of Justice on how to conduct random physical security inspections;

_ Combine the number of high-security zones with classified network and printing locations to a strict minimum;

Story continues below advertisement

_ Analyze positions requiring access to Canadian top secret networks;

_ Integrating physical security controls into future buildings from the outset;

_ Create a new Policy Center for Insider Threats within the Departmental Security Branch;

_ Develop programs to provide ongoing assurance of an individual’s credibility

_ Implement online means to submit anonymous security incident reports; And

_ Update security clearance forms to include vulnerabilities and pressures experienced by RCMP personnel.

“The vast majority of RCMP personnel are dedicated and loyal but, as Ortiz’s alleged actions demonstrate, we can no longer trust them without regular verification,” said the message from the review’s joint chairs.

The report revealed the criminal and administrative investigations and various internal procedures triggered by the Ortiz case “caused millions of dollars in additional costs” for a force struggling to meet key policing components of its mandate.

He concludes that implementing the recommendations must be accompanied by “a clear change in the safety culture of the RCMP led by the organization’s top leadership.”

But the report cautioned that it is impossible to eliminate all security threats.

Story continues below advertisement

“Although the RCMP has made prudent risk judgments, put in place appropriate security controls, and enabled a strong, risk-aware security culture, it cannot completely insulate itself from individual decisions to use employee knowledge, privileges and access rights. To circumvent these controls and to harm institutions and Canadians.

Source link