A newly declassified analysis by the Canadian Security Intelligence Service warns that the Jeffrey Delisle case typifies the "insider threat" — acts including espionage, unauthorized disclosure of secrets, embezzlement, sabotage and theft.
Delisle, 42, was sentenced to 20 years in prison this year after pleading guilty to passing classified western intelligence to Russia in exchange for cash on a regular basis for more than four years.
"The Delisle case, while not unique among NATO-member states, highlights the risk of the 'insider threat' to Canada and the importance of protecting sensitive information," says the February CSIS assessment.
Individuals who engage in insider espionage can be motivated by many factors, but selling secrets is "usually the last act of a long-simmering emotional crisis," CSIS says.
Delisle was experiencing financial difficulties and felt distraught over the breakup of his marriage, telling authorities he felt dead inside when he offered his services to Russia in 2007.
The Canadian Press obtained a heavily censored copy of the secret CSIS analysis under the Access to Information Act.
It cites research by the American Defence Personnel Security Research Center, which found that almost all spies were loyal and trustworthy when given their initial security clearance.
"These individuals, however, changed over time. More than half spied solely as a result of divided loyalties, and a majority volunteered their services to a foreign government," CSIS says.
In addition, 80 per cent of the 173 individuals who posed an insider threat between 1947 and 2007 received no money for spying.
The research also found most rogue insiders were male and were spurred to betray their country by factors such as revenge for a perceived wrong, the need for cash to support an addiction like gambling, divided loyalty that prompted a desire to help another country, or radicalized beliefs that made them see their organization as an adversary.
There are also several factors that can increase the risk of the potential insider threat, the CSIS assessment says.
"In addition to predisposing personality traits or behaviours, a personal, financial, or career crisis often precedes or triggers espionage. These events are often accompanied by an absence of support networks or intervention / mitigation strategies / programs in the transgressor's workplace."
Upon revelation of Delisle's personal troubles, some criticized National Defence for missing signs of his distress and failing to ensure his security clearance was up to date.
Although his spying was uncovered at the military's Trinity intelligence centre in Halifax, the naval officer had moved through other sensitive posts, including the directorate of defence intelligence in Ottawa.
CSIS was tipped to the Delisle case by the U.S. Federal Bureau of Investigation in 2011, and the RCMP later arrested him.
Once Defence was told of Delisle's espionage, it touched off frantic assessments inside the department, where officials attempted to satisfy themselves that the insider threat was limited to the junior intelligence officer.
Internal Defence documents, released to The Canadian Press under the access to information law, show the military believed its overall security approach was not in doubt, but that improvements were required on the "domestic" front.
Defence officials conceded the spy's actions revealed several "deficiencies" in the security program, many of which had already been pointed out to the department by its own chief of review services and the auditor general.
"Good security practices harden facilities, systems and organizations against attack and compromise, and when used in an interlocking fashion with other measures, greatly reduce the possibility of successful espionage," says a Sept. 28, 2012, report prepared by a team at the Strategic Joint Staff, the military nerve-centre where Delisle once served.
One result was a more streamlined process of auditing security clearances and suspension of access to classified material should concerns arise, said the heavily censored report.
The navy undertook its own separate review and instituted "refresher" security training at installations on the East and West coasts.
The fact Delisle was able to copy top secret material on to a thumb drive and walk out of a secure building in Halifax pointed out "internal gaps" in the military's cyberdefence — something that officials worried could haunt them in future.
They swept Trinity computers for viruses and malware that experts feared Delisle and his Russian handlers could have left behind, but also implemented tighter measures that included system administrators "maintaining network logs" of who signed on to various computer terminals.
— With files from Stephanie Levitz