The Impact Of Brexit On British Cyber Security

Uploaded on 2020-12-29 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

The United Kingdom and the European Union have finally delivered a Brexit deal, but what does this man for cyber security in the UK? 
 
Analysts have begun to dig in to the detail of the newly published trade deal that will govern commercial relationships between the two sovereign entities after the 31st of December and amongst the tortured legal language, the overall aim is to promote cooperation on cyber security while ensuring the autonomy of the  European Union and the United Kingdom's decision-making processes.
 
On page 363 of the Agreement there is a section TITLE II: CYBER SECURITY  Article CYB.1: Dialogue on cyber issues where the text reads as: ‘The Parties shall endeavour to establish a regular dialogue in order to exchange information about relevant policy developments, including in relation to international security, security of emerging technologies, internet governance, cybersecurity, cyber defence and cyber crime. 
 
1. Where in their mutual interest, the Parties shall cooperate in the field of cyber issues by sharing best practices and through cooperative practical actions aimed at promoting and protecting an open, free, stable, peaceful and secure cyberspace based on the application of existing international law and norms for responsible State behaviour and regional cyber confidence-building measures. 
 
2. The Parties shall also endeavour to cooperate in relevant international bodies and forums, and endeavour to strengthen global cyber resilience and enhance the ability of third countries to fight cyber crime effectively. 
Cooperation with the EU Computer Emergency Response Team
 
The EU and the national UK computer emergency response team shall cooperate on a voluntary, timely and reciprocal basis to exchange information on tools and methods, such as techniques, tactics, procedures and best practices, and on general threats and vulnerabilities. 
 
The relevant national authorities of the United Kingdom may participate at the invitation, which the United Kingdom may also request, of the Chair of the Cooperation Group in consultation with the Commission, in the following activities of the Cooperation Group: 
 
  • Exchanging best practices in building capacity to ensure the security of network and information systems; 
  • Exchanging information with regard to exercises relating to the security of network and information systems; 
  • Exchanging information, experiences and best practices on risks and incidents; 
  • Exchanging information and best practices on awareness-raising, education programmes and training; and 
  • Exchanging information and best practices on research and development relating to the security of network and information systems. 
Any exchange of information, experiences or best practices between the Cooperation Group and the relevant national authorities of the UK will be voluntary and, where appropriate, reciprocal. 
 
1. With a view to promoting cooperation on cyber security while ensuring the autonomy of the Union decision-making process, the United Kingdom may participate at the invitation, which the United Kingdom may also request, of the Management Board of the EU Cybersecurity Agency (ENISA), in the following activities carried out by ENISA: 
  • Capacity building; 
  • Knowledge and information
  • Awareness raising and education. 
2. The conditions for the participation of the United Kingdom in ENISA’s activities referred to in paragraph 1, including an appropriate financial contribution, shall be set out in working arrangements adopted by the Management Board of ENISA subject to prior approval by the Commission and agreed with the United Kingdom. 
 
3. The exchange of information, experiences and best practices between ENISA and the United Kingdom shall be voluntary and, where appropriate, reciprocal.’
 
In summary, cybersecurity issues were unlikely to be severely affected unlike other more contentious data sharing on criminal datasets, for instance. This proves to be the case. So there appears to be limited immediate impact on cyber security from this deal. However, it is likely to limit anything fruitful for the UK in the years to come, and it will depend on evolving legislation in the two jurisdictions on whether voluntary participation will continue (especially on things like the NIS Directive). 
 
The UK as a lone jurisdiction that will find itself increasingly steered by the EU’s movements on cyber security and global conditions rather than being at a larger table. 
 
This means that although little will change in the short to medium term - apart from detailed sharing of data, which could impact immediate threats - as cyber security is rapidly evolving, national influence in cyber security will be increasingly limited and will force the UK into equivalence if it wishes to compete in some areas.
 
At the hardest end of the spectrum of cyber threats, cooperation between national intelligence agencies will not be directly affected by Brexit. GCHQ will continue to play its role, including through its extensive network of international partnerships. The UK will still wield significant influence.
 
Overall, however, the picture is mixed. There are ways to mitigate the disruption to the excellent cooperation on cyber security built up with European Partners over recent years, but it will require imagination and  effort and there is an important industrial and commercial dimension, around digital standard setting, that shouldn’t be overlooked, even as we work though issues of quotas, tariffs and rules of origin.
 
AC Dwyer:            European Union:           UK In A Changing Europe:
 
You Might Also Read:
 
Britain's New Regime For Online Platforms:
 
« How to Close the Global Cybersecurity Skills Gap: Two Easy Steps
Cyber Security In 2021 - Predictions & Trends »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Itaccel

Itaccel

IT Accel began a decade ago as a band of technical recruiters who wanted to bring our experience and depth of knowledge to solving complex human resou

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

International Telecommunication Union (ITU)

International Telecommunication Union (ITU)

ITU is the United Nations specialized agency for information and communication technologies – ICTs. Areas of activity include cybersecurity.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

European Business Reliance Centre (EBRC)

European Business Reliance Centre (EBRC)

EBRC is a leader in integrated Data Center, Cloud and Managed Services and a Centre of Excellence in Europe in the Management of Sensitive Information.

Edvance

Edvance

Edvance operates a range of cybersecurity businesses including value added cybersecurity solutions distribution, security technology innovation and development, and SaS solution offerings.

Advisera 27001Academy

Advisera 27001Academy

Advisera is a market leader in providing documentation and online support for the implementation of business standards including ISO 27001, ISO 22301 and EU GDPR.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

Sourcepass

Sourcepass

Sourcepass is an IT consulting company that focuses on providing expert IT services, cloud computing solutions, cybersecurity services, website, and application development.

Department of Homeland Security (DHS) - USA

Department of Homeland Security (DHS) - USA

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

Cyber Unicorns

Cyber Unicorns

Cyber Unicorns is a cyber security consultancy created to help drive cyber security outcomes in the small to medium-sized business space.

DRT Cyber

DRT Cyber

DRT Cyber deploys technology solutions to support the functions of cybersecurity, privacy, and risk management.

BlackOwlCybers

BlackOwlCybers

BlackOwlCybers is a dedicated cybersecurity firm providing comprehensive solutions to protect businesses from evolving digital threats.