COMMENT
T
he primary security concerns of
Britain leaving the EU revolve
around matters such as General
Data Protection Regulation (GDPR); a
loss of threat intelligence cooperation
with Europe; an increasing cost of
security (because of the falling value of
the pound); and the loss of access to
European technical expertise.
When the GDPR takes effect it will
replace the data protection directive
from 1995, which is a welcome update.
The regulation was adopted on 27
April, 2016 and enters into application
on 25 May, 2018 after a two-year
transition period.
Thus GDPR is likely to go ahead in Britain.
Technically, it must go ahead since it
will become law before Britain actually
leaves the EU. Practically, it will go ahead
because it is the easiest way to maintain
‘privacy adequacy’ and continue easy
trading between the UK and Europe.
Hence the concerns raised by GDPR
may be the easiest ones to allay. This
regulation, by which the European
Commission intends to strengthen and
unify data protection for individuals
within the EU, also addresses export
of personal data outside the EU. The
Commission’s primary objectives of
the GDPR are to give citizens back the
control of their personal data and to
simplify the regulatory environment for
international business by unifying the
regulation within the EU.
Concerns have also been raised over
the risk of cyber security suffering
within Britain as a result of Brexit. It
has been suggested that corporate
security defences will be weakened, and
international threat intelligence sharing
with Europe will diminish.
The view on diminished intelligence
sharing with Europe assumes there
will be less cooperation between the
UK’s National Crime Agency (NCA)
and Europol. It has been argued that
this simply will not happen given that
the NCA’s direct access to Britain’s
intelligence agency GCHQ, and indirect
access to the NSA via GCHQ, means
that the UK is too valuable to exclude.
Although the Five Eyes (an intelligence
alliance comprising Australia, Canada,
New Zealand, the United Kingdom and
the United States) loses its peering
glass inside Europe, much of the world’s
communications still has to pass
through GCHQ territory between Europe
and the US.
With respect to the availability of skilled
cyber security personnel falling away
post-Brexit or the assumption that
Britain’s weakened buying power will
stop British companies from investing
in security, there is a view that Brexit
could in fact offer an opportunity for a
complete overhaul and rationalisation
of Britain’s cyber security infrastructure.
Michela Menting, Research Director
for ABI Research, notes that the
British government will need to
review its role in Europol and the
European Cybercrime Centre (EC3).
Both organisations are crucial assets
to EU members in the prevention
and fight against cyber crime in
Europe. The lack of implementation
of new processes of sharing could
have concrete effects on the ability to
respond to a new cyber threat.
WITH RESPECT TO THE AVAILABILITY OF SKILLED CYBER
SECURITY PERSONNEL FALLING AWAY POST-BREXIT OR THE
ASSUMPTION THAT BRITAIN’S WEAKENED BUYING POWER WILL
STOP BRITISH COMPANIES FROM INVESTING IN SECURITY, THERE
IS A VIEW THAT BREXIT COULD IN FACT OFFER AN OPPORTUNITY
FOR A COMPLETE OVERHAUL AND RATIONALISATION OF
BRITAIN’S CYBER SECURITY INFRASTRUCTURE.
24
INTELLIGENTCIO
www.intelligentcio.com