OTTAWA—The discovery of a Russian spy in the ranks of Canada’s military sparked a cyber search to discover whether he had sabotaged government computers with a virus, the Star has learned.

And in the wake of the serious spy incident that cost Canada credibility with its allies, top officers concluded the Defence Department’s security program needed an overhaul.

The arrest of sub-lieutenant Jeffrey Delisle on espionage charges in January 2012 set off a scramble within the military to learn how much sensitive intelligence had been spilled and to plug other potential security leaks, according to documents obtained under Access to Information.

At the time of his arrest, Delisle was at HMCS Trinity, the Halifax base that serves as communications and intelligence hub for the navy's East Coast operations. In that post, he had access to intelligence about Canadian Forces operations as well as data concerning “allies and countries of interest to Canada,” according to the documents.

During his prosecution, Delisle told the court he gave away “a lot” to his Russian handlers, a comment confirmed by one memo titled, “possible compromise of allied documents.”

It says that classified documents “proprietary” to an unnamed agency or nation were accessed by Delisle and “therefore suspected of having been compromised.”

Delisle was picked up by the RCMP in early 2012 after authorities were tipped that the junior naval officer was spying for the Russians. Within two weeks of his arrest, a top general established a high-level committee that touched on many branches of the military to deal with the fallout.

But as officers struggled to understand what may have leaked, they dealt with another worry too — that Delisle and his Russian handlers may have sabotaged Defence Department computers.

There were urgent inspections to “ensure the confidentiality, integrity and availability” of work spaces and infrastructure.

A forensic analysis of computer drives turned up “no evidence (of) cyber exploit or malware detected based on current analysis capabilities.”

“We have not found evidence of a network compromise related to the activities of SLt. Delisle and network operations have returned to Normal,” said a Jan. 27, 2012 briefing note.

Several months later, a special “security issue management action team” issued a report assessing the impact of Delisle’s espionage and actions needed to prevent a repeat of it.

That report says there were “extensive efforts to contain, resolve and otherwise mitigate extant and potential vulnerabilities within the security and intelligence apparatus.”

The team’s sensitive findings were heavily censored before release to the Star but make clear that other potential gaps existed. It concluded that the Delisle case laid bare “several deficiencies” in the department security program, which it said needed “transformation.”

A separate report from a so-called “Tiger Team” concluded that work was needed to plug potential weak spots and suggests that military shouldn’t rely entirely on other agencies.

“Resources are required to fill security gaps. Non-DND security service providers (eg CSIS, RCMP) do not have an indepth knowledge of military strategic issues,” says the report from the director of defence security.

The documents, including a briefing note to the defence minister, reveal that the department has faced other security breaches, including one involving Operation Athena, Canada’s mission in Afghanistan. While providing no details of the breach itself, the comments suggest it was serious, requiring “containment and sanitization.”

Loading... Loading... Loading... Loading... Loading... Loading...

A task force was established to undertake “specific, concerted actions to localize, contain and mitigate the effects of a security pertaining to that operation,” the department said.

In another incident, a top-level department official had secret paperwork, including cabinet documents, stolen from a private vehicle where they had been “inappropriately secured.”

Though the documents were recovered quickly and apparently had not been “compromised,” their disappearance underscored broader problems in the department, the defence minister was told.

The incidents highlight the “prevalence of poor security practices over the years and the requirement for dramatically improved security awareness, education and training in DND in order to improve the overall security culture,” the note said.

As a result of the breaches, the military would be creating the Defence Security Agency to consolidate all aspects of security in the department into one organization, said the note, dated April, 2012.

In February, Delisle was sentenced to 20 years in prison and fined $111,817, equal to the amount the father of four collected for his espionage work. He had pleaded guilty in October to charges under the Security of Information Act, as well as breach of trust under the Criminal Code.

Read more about: