Still the Fire-Proof House?

Abstract

The popular media is dominated by stories of cyber insecurity, from massive dumps of diplomatic cables on Wikileaks to Chinese cyber spy rings or, most recently, the cyber attack on the French government. Indeed, a flood of policies have emerged in recent years to deal with the problem, among them Canada's cyber security strategy. Canada has been traditionally described as a fire-proof house based on its advantageous geographic situation, however the globalized nature of Cyberspace is eroding this conventional wisdom. The purpose of this article is to critically assess the literature on cyber terrorism and cyber espionage, the threats they pose at both state and international levels, and possible responses to them. The article provides evaluative criteria with which to analyze Canada's cyber security strategy and to inform policy recommendations moving forward. I contend that although the security strategy outlines concrete steps for prevention, real-time response, and law enforcement on a domestic level, it fails to recognize the importance of the international diplomatic and policy cooperation required to deal with the hyper-globalized, highly international suite of threats in cyberspace.The article is divided into four sections: the first section provides terms of reference and conducts a detailed review of the scholarly and government literature on cyber terrorism and espionage. The second reviews the literature with respect to the response to these cyber threats, situates them in the global system, and examines how the international diplomatic community is coping. The third section applies the evaluative criteria that emerge from the literature to Canada's cyber security strategy, and the fourth provides policy recommendations.TERMS OF REFERENCE AND LITERATURE REVIEWFor the purposes of this article, cyber terrorism is defined as computer-tocomputer attacks intended to cause significant damage in order to coerce or intimidate a government or civilian population.1 Cyber espionage is defined as the use of Cyberspace by governments to illicitly procure classified information.The security landscape in the digital age is vastly different from traditional Cold War conceptions of it. Globalization has ushered in new and uncharted realm for observers of security studies and policy makers alike. Ironically, the technologies that form the basic fabric of the Internet [also create]... the 'soft underbelly of vulnerabilities that enables cyber crime and espionage to advance to unprecedented levels.2 In this new arena, hardware and software determine the landscape of the battlefield, not mountains, valleys, or waterways.3 Cyber terrorism and cyber espionage are fuelled by the interconnectedness and interdependency of Cyberspace and the globalized world at large and consequently display considerable complexity in the methods by which they operate and the vulnerabilities they expose.CYBER TERRORISMCyber terrorism has received much scholarly attention over the past decade. Even before 9/11 there had been great angst about the possibilities of cyber terrorism.4 This comes as no surprise; the combination of the two scary concepts conjures powerful imagery. In the post-g/n world counterterrorism has continued to dominate the literature. Cyber terrorists use Cyberspace in two distinct yet complementary ways: first, to facilitate and maximize organizational and operational efficiency, and second, to provide the offensive capacity to carry out cyber-attacks. Most significantly, Cyberspace allows terrorist organizations to disseminate propaganda and recruitment information with little operational exposure. Moreover, scholars cite intelligence, communication, training, and fundraising as key ways that terrorists use Cyberspace.Cyberspace has also provided terrorists with new, highly effective, offensive capabilities. The most common form of these capabilities is called distributed denial of service, where attackers overwhelm websites and servers by bombarding them with data, or 'traffic' through a number of surrogate, or zombie, computers that they have infected with malicious code. …