What Does Brexit Mean For Britain's Spies?

Uploaded on 2018-02-12 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, FREE TO VIEW

As the UK negotiates its future relationship with the EU, two former intelligence chiefs have warned that Britain's security expertise should not become a "bargaining chip".

When terror attacks hit Paris in late 2015, British intelligence scrambled to find out what it could about the attackers, at the UK's spy agency, GCHQ, a team worked on tracing their communications while MI5 looked for connections to the UK.

It was all a sign that modern threats, whether terrorism, cyber-attacks or Russian subversion, rarely respect borders.

The Paris attacks showed that those responsible crossed borders with greater ease than information which might stop them. That led some to argue for closer co-operation, while others cited it as evidence of the need instead for stronger national border controls.

"Europe is going to be our security backyard forever," Sir John Sawers, a former head of MI6, told the BBC.
"And we need to be able to work very closely with our European partners in order to maximise our own security.

"And their security benefits our security. The more secure France is, the fewer dangerous people are likely to cross from Calais to Dover."

On one level, Brexit does little to threaten these key intelligence and security relationships. This is because in almost all cases the intelligence flows bilaterally, country to country, rather than through Brussels.

Former GCHQ head Robert Hannigan said: "As an institution, the EU's role is extremely limited. "It doesn't really get involved in any sharing of operational intelligence. The real co-operation on operations, counter-terrorism or cyber or hostile states, goes on bilaterally and always has." GCHQ, for instance, would have a liaison in Paris who could ensure information relevant to the protection of France would be shared quickly.

'Need our help'
Officials in Europe and the UK are also aware that intelligence and security is a relative British strength and other countries will not want to be cut off from Britain's contribution.  "The thing that is driving the quality of those relationships currently is the darkness of the threat and the common concern about it," Andrew Parker, the current head of MI5, told the Intelligence and Security Committee last year, with his comments included in its annual report.

"Half of Europe is scared of terrorism and the other half is scared of Russia and both halves want us to help them… That will not change with Brexit," he said. 

The only significant EU intelligence sharing body is INTCEN, which shares analysis of the threats with policymakers.
Some European intelligence officers say that even though Britain is an intelligence powerhouse, there are areas, such as North Africa, where other European services may have better insights.

Because Britain is a net giver rather than receiver of intelligence, particularly in MI5's counter-terrorism experience and GCHQ's extensive collection of communications and cyber activity, there was discussion in government early last year about using what some called the "security surplus" as a bargaining chip in negotiations.

'Bargaining Chip'
But the former intelligence officers caution against playing the security card. "The Brexit negotiation is not a zero-sum game," argues Sir John, who was chief of MI6 until 2014. "Security co-operation can help create an atmosphere in which the EU-27 and the UK can see that it is in everyone's interests to maintain a climate of co-operation.

"If either side try to use it as a bargaining chip or a point of leverage it's likely to be negative on both sides," he says.

Theresa May's letter to Donald Tusk, president of the European Council, setting out her stall on Britain's position surprised some within the intelligence community with its language, and the three serving British intelligence chiefs together expressed concerns, according to one official.

Mr Hannigan, who left GCHQ before the letter, also cautions against playing the security card in upcoming trade negotiations. "I've never thought this was realistic or indeed ethically sound," he told the BBC.

"I mean how could you possibly think of withholding material that might stop a terrorist attack in exchange for fish quotas or something. It's absurd."

The Data Question
But there is one issue that does worry British spies about Brexit, and that is data. The ability to move data across borders is vital, such as information on suspects moving from one country to another. This is even more of an issue for policing and border forces, but their work overlaps with the counter-terrorist work of security services who also increasingly share data on cyber threats. Any impediment to this flow would be a real issue, former and current officials say.

"It would be a very serious problem," says Sir John, adding: "The intelligence these days is based very heavily on having access to data."

Sharing and retaining data requires meeting EU safeguards on privacy. "We have been an active player in that within Europe and now European rules will be made without us and we will be outside the immediate legal framework. "But that is something that the British government is going to have to address very early on - how we continue to retain data."

ECJ 'Burden'
The EU rules have also been shaped by legal challenges at the European Court of Justice (ECJ). Mr Hannigan, who had to deal with the legal challenges as head of GCHQ, said it would not be as simple as being freed from the burden of the court.
He said it was a "bit naive" to think being free from the ECJ would "solve all our problems".

"It will solve our problems if we only wanted data to flow within the UK and never to leave its borders," he says, adding: "But that would mean cutting ourselves off from the modern world.

"That means what the EU regards as adequate regulation of privacy [and] protection of privacy is incredibly important to us and it does effectively give the ECJ a say in what we do."

The US has had to negotiate a deal with the EU and this has proved a difficult and lengthy process. But a UK deal will be vital not just for national security but the economy as a whole. "The UK equivalent - which we will now need to negotiate - will be very difficult," says Mr Hannigan. "And we will have to take some time to do it. But it's vital to the economy broadly."

BBC

You Might Also Read:

What Does Brexit Mean For British Data Privacy?:

UK Deal With EU On Post-Brexit Data Sharing:

MI5 In The Clear Over Terror Attacks:

 

« Hackers Strike Winter Olympics
Nation State Hacking Is On Trend In 2018 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Zybert Computing

Zybert Computing

Zybert Computing provide server solutions with built-in security and information protection features for the SME market.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Repository of Industrial Security Incidents (RISI)

Repository of Industrial Security Incidents (RISI)

RISI is a database of cyber security incidents that have (or could have) affected process control, industrial automation or SCADA systems.

OneVisage

OneVisage

Our award-winning 3DAuth digital identity platform turns any consumer mobile device into a real-time 3D facial scanner that securely authenticates the user in seconds.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

ngCERT

ngCERT

ngCERT is the National Computer Emergency Response Team for Nigeria.

VXRL

VXRL

VXRL is a Hong Kong-based cybersecurity company. We provide consulting services, penetration testing, and corporate training.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

Airtel Secure

Airtel Secure

Airtel Secure’s multi-layered, full service cybersecurity offerings are designed to safeguard enterprises against threats of various kinds and origins.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

eaziSecurity

eaziSecurity

eaziSecurity has built an eco-system of technology and services that bring enterprise scale security solutions to the SME marketplace.

Cypheria

Cypheria

Cypheria harness the expertise of elite military units and combine it with extensive digital combat experience to deliver unparalleled security solutions for organizations.