Still the Fire-Proof House?
| Published date | 01 March 2012 |
| DOI | 10.1177/002070201206700111 |
| Author | Victor Platt |
| Date | 01 March 2012 |
| Subject Matter | Over the Transom |
Still the fire-proof
house?
AnanalysisofCanada’scybersecuritystrategy
The popular media is dominated by stories of cyber insecurity, from massive
dumps of diplomatic cables on Wikileaks to Chinese cyber spy rings or,
most recently, the cyber attack on the French government. Indeed, a flood of
policies have emerged in recent years to deal with the problem, among them
Canada’s cyber security strategy. Canada has been traditionally described as
a fire-proof house based on its advantageous geographic situation, however
the globalized nature of cyberspace is eroding this conventional wisdom. The
purpose of this article is to critically assess the literature on cyber terrorism
and cyber espionage, the threats they pose at both state and international
levels, and possible responses to them. The article provides evaluative criteria
with which to analyze Canada’s cyber security strategy and to inform policy
recommendations moving forward. I contend that although the security
strategy outlines concrete steps for prevention, real-time response, and law
enforcement on a domestic level, it fails to recognize the importance of the
international diplomatic and policy cooperation required to deal with the
hyper-globalized, highly international suite of threats in cyberspace.
Victor Platt is a recent graduate of the University of Toronto.
| International Journal | Winter 2011-12 | 155 |
| Victor Platt |
The article is divided into four sections: the first section provides terms
of reference and conducts a detailed review of the scholarly and government
literature on cyber terrorism and espionage. The second reviews the literature
with respect to the response to these cyber threats, situates them in the
global system, and examines how the international diplomatic community
is coping. The third section applies the evaluative criteria that emerge from
the literature to Canada’s cyber security strategy, and the fourth provides
policy recommendations.
TERMS OF REFERENCE AND LITERATURE REVIEW
For the purposes of this article, cyber terrorism is defined as “computer-to-
computer attacks intended to cause significant damage in order to coerce
or intimidate a government or civilian population.”1 Cyber espionage is
defined as the use of cyberspace by governments to illicitly procure classified
information.
The security landscape in the digital age is vastly different from
traditional Cold War conceptions of it. Globalization has ushered in new
and uncharted realm for observers of security studies and policy makers
alike. Ironically, the “technologies that form the basic fabric of the Internet
[also create]…the ‘soft underbelly’ of vulnerabilities that enables cyber crime
and espionage to advance to unprecedented levels.”2 In this new arena,
“hardware and software determine the landscape of the battlefield, not
mountains, valleys, or waterways.”3 Cyber terrorism and cyber espionage
are fuelled by the interconnectedness and interdependency of cyberspace
and the globalized world at large and consequently display considerable
complexity in the methods by which they operate and the vulnerabilities they
expose.
CYBER TERRORISM
Cyber terrorism has received much scholarly attention over the past decade.
Even “before 9/11 there had been great angst about the possibilities of
1 Michael Vatis, “The next battlefield: The reality of virtual threats,” Harvard international
Review 28, no. 3 (fall 2006): 56-61.
2 Dan Dunkel, “The new security order,” SDM (June 2010): 44-50.
3 Kenneth Geers, “The cyber threat to national critical infrastructures: Beyond theory,”
Information Security Journal: A Global Perspective 18, no. 1 (January 2009): 1–7.
| 156 | Winter 2011-12 | International Journal |
| Still the fire-proof house? |
cyber terrorism.”4 This comes as no surprise; the combination of the
two “scary” concepts conjures powerful imagery. In the post-9/11 world
counterterrorism has continued to dominate the literature. Cyber terrorists
use cyberspace in two distinct yet complementary ways: first, to facilitate
and maximize organizational and operational efficiency, and second, to
provide the offensive capacity to carry out cyber-attacks. Most significantly,
cyberspace allows terrorist organizations to disseminate propaganda and
recruitment information with little operational exposure. Moreover, scholars
cite intelligence, communication, training, and fundraising as key ways that
terrorists use cyberspace.
Cyberspace has also provided terrorists with new, highly effective,
offensive capabilities. The most common form of these capabilities is called
distributed denial of service, where “attackers overwhelm websites and
servers by bombarding them with data, or ‘traffic’” through a number of
surrogate, or “zombie,” computers that they have infected with malicious
code.5 This form of attack has taken place a number of times in places as
diverse as Israel, Estonia, the US, and Japan, and essentially renders websites
and online services useless. However, there are new and evolving forms
of attacks that terrorists can and do employ. Governments have identified
worms and viruses that have much more damaging effects. In 2003, 21
power plants were compromised, resulting in a loss of power in the US and
much of eastern Canada. A number of strategic sites were affected, such as
Edwards air force base, which houses B-2 and B-1 bombers. According to
the US government, “these breakdowns were the result of the W32 Lovsan
worm.”6 Nonetheless, conventional wisdom is that “at this time, cyber
terrorism does not seem to pose an imminent threat.”7
However, the discovery in June 2010 of the Stuxnet worm is changing
this line of thought. Reports emerged indicating that “a cyber worm dubbed
‘Stuxnet’ had struck the Iranian nuclear facility at Natanz [and] suggested
4 Michael Stohl, “Cyber terrorism: A clear and present danger, the sum of all fears,
breaking point or patriot games?” Crime, Law, and Social Change 46, nos. 4-5 (2006):
223-38.
5 Susan W. Brenner, Cyber Threats: The Emerging Fault Lines of the Nation-State (New
York: Oxford University Press, 2009), 1.
6 Philip Brunst, Use of the Internet by Terrorists: A Threat Analysis (Fairfax, VA: IOS
Press, 2008).
7 Stohl, “Cyber terrorism,” 235.
| International Journal | Winter 2011-12 | 157 |
| Victor Platt |
that, for cyber war, the future is now.”8 This highly sophisticated technology
in the...
To continue reading
Request your trial