What Does Brexit Mean For Britain's Spies?

Uploaded on 2018-02-12 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

As the UK negotiates its future relationship with the EU, two former intelligence chiefs have warned that Britain's security expertise should not become a "bargaining chip".

When terror attacks hit Paris in late 2015, British intelligence scrambled to find out what it could about the attackers, at the UK's spy agency, GCHQ, a team worked on tracing their communications while MI5 looked for connections to the UK.

It was all a sign that modern threats, whether terrorism, cyber-attacks or Russian subversion, rarely respect borders.

The Paris attacks showed that those responsible crossed borders with greater ease than information which might stop them. That led some to argue for closer co-operation, while others cited it as evidence of the need instead for stronger national border controls.

"Europe is going to be our security backyard forever," Sir John Sawers, a former head of MI6, told the BBC.
"And we need to be able to work very closely with our European partners in order to maximise our own security.

"And their security benefits our security. The more secure France is, the fewer dangerous people are likely to cross from Calais to Dover."

On one level, Brexit does little to threaten these key intelligence and security relationships. This is because in almost all cases the intelligence flows bilaterally, country to country, rather than through Brussels.

Former GCHQ head Robert Hannigan said: "As an institution, the EU's role is extremely limited. "It doesn't really get involved in any sharing of operational intelligence. The real co-operation on operations, counter-terrorism or cyber or hostile states, goes on bilaterally and always has." GCHQ, for instance, would have a liaison in Paris who could ensure information relevant to the protection of France would be shared quickly.

'Need our help'
Officials in Europe and the UK are also aware that intelligence and security is a relative British strength and other countries will not want to be cut off from Britain's contribution.  "The thing that is driving the quality of those relationships currently is the darkness of the threat and the common concern about it," Andrew Parker, the current head of MI5, told the Intelligence and Security Committee last year, with his comments included in its annual report.

"Half of Europe is scared of terrorism and the other half is scared of Russia and both halves want us to help them… That will not change with Brexit," he said. 

The only significant EU intelligence sharing body is INTCEN, which shares analysis of the threats with policymakers.
Some European intelligence officers say that even though Britain is an intelligence powerhouse, there are areas, such as North Africa, where other European services may have better insights.

Because Britain is a net giver rather than receiver of intelligence, particularly in MI5's counter-terrorism experience and GCHQ's extensive collection of communications and cyber activity, there was discussion in government early last year about using what some called the "security surplus" as a bargaining chip in negotiations.

'Bargaining Chip'
But the former intelligence officers caution against playing the security card. "The Brexit negotiation is not a zero-sum game," argues Sir John, who was chief of MI6 until 2014. "Security co-operation can help create an atmosphere in which the EU-27 and the UK can see that it is in everyone's interests to maintain a climate of co-operation.

"If either side try to use it as a bargaining chip or a point of leverage it's likely to be negative on both sides," he says.

Theresa May's letter to Donald Tusk, president of the European Council, setting out her stall on Britain's position surprised some within the intelligence community with its language, and the three serving British intelligence chiefs together expressed concerns, according to one official.

Mr Hannigan, who left GCHQ before the letter, also cautions against playing the security card in upcoming trade negotiations. "I've never thought this was realistic or indeed ethically sound," he told the BBC.

"I mean how could you possibly think of withholding material that might stop a terrorist attack in exchange for fish quotas or something. It's absurd."

The Data Question
But there is one issue that does worry British spies about Brexit, and that is data. The ability to move data across borders is vital, such as information on suspects moving from one country to another. This is even more of an issue for policing and border forces, but their work overlaps with the counter-terrorist work of security services who also increasingly share data on cyber threats. Any impediment to this flow would be a real issue, former and current officials say.

"It would be a very serious problem," says Sir John, adding: "The intelligence these days is based very heavily on having access to data."

Sharing and retaining data requires meeting EU safeguards on privacy. "We have been an active player in that within Europe and now European rules will be made without us and we will be outside the immediate legal framework. "But that is something that the British government is going to have to address very early on - how we continue to retain data."

ECJ 'Burden'
The EU rules have also been shaped by legal challenges at the European Court of Justice (ECJ). Mr Hannigan, who had to deal with the legal challenges as head of GCHQ, said it would not be as simple as being freed from the burden of the court.
He said it was a "bit naive" to think being free from the ECJ would "solve all our problems".

"It will solve our problems if we only wanted data to flow within the UK and never to leave its borders," he says, adding: "But that would mean cutting ourselves off from the modern world.

"That means what the EU regards as adequate regulation of privacy [and] protection of privacy is incredibly important to us and it does effectively give the ECJ a say in what we do."

The US has had to negotiate a deal with the EU and this has proved a difficult and lengthy process. But a UK deal will be vital not just for national security but the economy as a whole. "The UK equivalent - which we will now need to negotiate - will be very difficult," says Mr Hannigan. "And we will have to take some time to do it. But it's vital to the economy broadly."

BBC

You Might Also Read:

What Does Brexit Mean For British Data Privacy?:

UK Deal With EU On Post-Brexit Data Sharing:

MI5 In The Clear Over Terror Attacks:

 

« Hackers Strike Winter Olympics
Nation State Hacking Is On Trend In 2018 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Council of European Professional Informatics Societies (CEPIS)

Council of European Professional Informatics Societies (CEPIS)

CEPIS is the representative body of national informatics associations throughout Europe and represent over 450,000 ICT and informatics professionals in 32 countries.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Aqua Security Software

Aqua Security Software

Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines.

LSEC

LSEC

LSEC is a global innovator and facilitator for the Cybersecurity industry. It is a non-profit membership organisation supporting further maturing the industry through its end users.

Assac Networks

Assac Networks

Assac Networks ShieldIT is an app that completely protects any BYOD smartphone from both tapping and hacking.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

GovernmentCIO

GovernmentCIO

GovernmentCIO was founded with a single purpose: to transform government IT. We are thought leaders in data analytics, machine learning, cybersecurity and IT transformation.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

Sure Valley Ventures

Sure Valley Ventures

Sure Valley Ventures is an entrepreneur led venture capital fund focused on helping software entrepreneurs grow and scale businesses that will have a global impact.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

LockMagic

LockMagic

Lockmagic is an information asset management solution to protect, track, audit and control accesses to sensitive information inside and outside your organization.

Longbow Security

Longbow Security

Longbow automates root cause for your application and cloud risks, enabling teams with intelligent remediation actions that reduce the most risk with the least effort.