Exploring the U.S. institutional discourse about critical information infrastructure protection (CIIP): a corpus-based analysis

Abstract This study uses a combinative method of quantitative and qualitative discourse analysis applying the discourse-historical approach (DHA), based on a self-built special corpus composed of the U.S. laws, policies and strategy documents that are directly related to critical information infrastructure protection (CIIP); through a Word List ranked by frequency, it is found that there seems to be a coherent securitizing system which has been formed in the U.S. CIIP legislative practices, with some specific considerations in the CIIP policy-making process including the strategy for risk management. By further investigating the internal institutional relationships and institutional mechanisms with corpus tools, four discursive features and strategies of the U.S. CIIP institutional discourse can be discovered: the leading role of private and specific institutions in public-private cooperation; the coexisting characteristics of generality and precision in the process of object definition; the center-divergent institutional settings in executing CIIP execution; and the coordinating discourse patterns for CIIP within the U.S. legislation. Those discursive practices concerning different institutional actors can be further explained in the broader context of the U.S. social reality. This study is not only helpful in better understanding the legal practices in U.S. cybersecurity, but also provides some meaningful insights on CIIP legislation to policy makers in other countries as well as at the international level.