Chapter 1Canada’s Cyber Security Policy: a Tortuous Path Toward a Cyber Security Strategy ¹

1.1. Introduction

In this day and age, no developed nation is immune to computer attacks. The attack on many Canadian federal government servers in January 2011¹ was indicative of the state of affairs in this matter. Canada had been developing a greater awareness of the significance of this type of threat since 2001, a turning point that led to the introduction of more drastic security measures, particularly with regard to electronic security. In 2009, the Office of the Auditor General of Canada then warned the Canadian federal government that: “Threats to computer-based infrastructure, or cyber threats, are increasing and Canada is certainly not immune to them.”² The incidents related to the viruses I Love You in 2000 and MYDOOM in 2004, as well as the Slammer and Blaster worms in 2003³, illustrate the reach and impact of risks emanating from cyberspace and the problems these may cause for Canada’s national security.⁴ Moreover, these “events […] demonstrate cyber-related vulnerabilities resulting from the interdependence among critical infrastructure sectors.”⁵

In this context, a major concern of the Canadian federal government in matters of national security pertains to the protection of the critical infrastructure (CI),⁶ which is defined as “processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being ...