![Sample our Politics & International Relations journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5947/TOC-Subject-Sample-2021-Politics-International-Relations.jpg"})
Abstract
Cyber security has become a major concern for nation states. This paper analyzes the Canadian discourse of cyber security and the development of new cyber threats. Cyber security discourse has so far been studied largely through its public pronouncements and policy documents, but this analysis also covers operational texts generated through Canada’s cyber security institutions. Echoing the Paris School’s critique of securitization, I argue that we need to consider institutional routines and the hidden work of security professionals alongside the ‘securitizing moves’ of prominent speech acts. Some new threats are announced publically by political actors promoting remedies, but others are classified and dealt with quietly by technocratic institutions. The range of cyber threats addressed by Canada’s federal security agencies has expanded, but this expansion can only be fully appreciated by examining operational and technocratic discourse.
Notes
1. At the federal level, CCIRC was the first dedicated agency tasked with responding to cyber incidents (in 2005). In the aftermath of major compromises of government systems, CCIRC was given additional resources, and two agencies were created to take responsibility for government systems – Cyber Threat Evaluation Center (CTEC, in 2011) and Government of Canada Cyber Incident Response Team (GC-CIRT, in 2013, see Note 9). Other cyber security responsibilities are scattered through a large number of government agencies.
2. Principally ‘information [or IT] security,’ which addresses many of the same issues and threats but, is often more circumscribed – lacking the strategic dimension of cyber security and its frequent ties to national interests.
3. The greatest agreement on the role of the liberal state in cyber security is that it can serve to facilitate and coordinate ‘information sharing’ between various state and private actors (see Barnard-Wills and Ashenden Citation2012). There is currently a great deal of disagreement on the appropriate role of state institutions in intervening against cyber threats, or in securing private networks.
4. Also see ‘Cyber’ in Government of Canada (Citation2012).
5. The 2010 strategy affirmed and encompassed existing cyber security efforts that had been underway since the mid-2000s. These included CCIRC’s role in preventing, mitigating, and responding to cyber threats; the cyber-related activities of Canada’s police, military, and intelligence agencies; and ‘partnerships’ with other governments and industries to secure ‘critical infrastructure.’ Wholly new efforts, such as the Get Cyber Safe public education campaign launched in 2011, were limited, but the strategy positioned Public Safety Canada as a coordinating node in an evolving approach that implicated the ‘whole-of-government.’
6. In 2012, the auditor general remarked that Public Safety Canada could not provide action plans ‘on how funds for cyber security were to have been spent, what they were to achieve, and by when… with the exception of the National strategy and action plan for critical infrastructure’ (Office of the Auditor General of Canada Citation2012, paragraph 3.23). More recently, Public Safety Canada released an interdepartmental action plan (Public Safety Canada Citation2013a) that provides some broad insights into the implementation of CCSS.
7. In 2012, Canada’s Department of Foreign Affairs and International Trade was tasked with creating a ‘cyber security foreign policy,’ which was meant to be completed in the fall of 2013 (Public Safety Canada Citation2013a).
8. Unique identifiers for devices attached to the internet (see Government of Canada Citation2012).
9. CCIRC is Canada’s national Computer Emergency Readiness Team (CERT) and is a part of Public Safety Canada’s National Cyber Security Directorate. In 2011, CCIRC transferred responsibility for protecting government systems to Communications Security Establishment Canada (CSEC) and its Cyber Threat Evaluation Center (CTEC), which in many ways fulfills a similar role to CCIRC but focuses internally on government systems. While CCIRC is now oriented primarily at the private sector, it and CTEC must often communicate with or refer incidents to one another. Since October 2013, these two agencies also coordinate with the GC-CIRT in Shared Services Canada, which has assumed ‘first line tasks’ in responding to attacks against government networks (CSEC Citation2014, 54–57).
10. See Note 9.
11. See Note 9.
12. The signals intelligence agencies of the United States, the United Kingdom, Canada, Australia, and New Zealand.
13. Since renamed as the Communications Security Establishment (CSE).
14. In addition to the original Five Eyes partnership between intelligence agencies, the five nations also collaborate on cyber security as the ‘Usual 5’ (of which CCIRC is a member) and the ‘Ottawa 5’ (Public Safety Canada Citation2013b, 661–664).
Additional information
Notes on contributors
Mike Zajko
Mike Zajko is a PhD candidate in the Department of Sociology, University of Alberta, studying the roles and responsibilities of Internet service providers. His personal website is at http://zajko.ca/