Cyber Security In European Union: Brexit Negotiations

Reversing the clock back, the main focus of Brexit negotiations had been on the key issues of the Brexit vision and the other equally important issues had been overlooked. One such area is security, particularly cyber security which is a global phenomenon. In this paper, the researcher discusses the concerns raised about Post-Brexit national security, emanating from cyber activities and such concerns should not be ignored.

The Minister for the Digital Economy has described UK as a world-leading digital economy, and cyber security has been made a top priority by the government. UK has also been working closely with EU partners to develop Cyber security strategy. This suggests that UK is committed to strengthen European cyber-security but would that last after Brexit, and could there be any significant changes.

It is hard to predict the effect on skilled labour and expertise, specially the EU migrants, after Brexit. In November 2015, cyber-security was added to the UK skills shortage register, allowing people outside UK to apply for a working visa, provided they had met the skill criteria. As suggested by the experts, the post Brexit skill shortages are likely to impact on all sectors of life in the UK, and cyber expertise is one such area where skilled labour, information sharing and regulatory compliance play a crucial part, yet there are no known indications as to how future collaborations would be maintained. A senior cyber intelligence analyst at Barclays has pointed out that cyber-security already faces a skills shortage, and difficulties in finding qualified candidates. This suggests that skilled staff shortages had been there even before the start of Brexit campaign. In anticipation of further shortages of skilled professionals after Brexit, as a precautionary measure, year before GCHQ had hired 800 people and BT had 900 for entry-level cyber-security jobs.

The pattern of cyber-attacks makes it clear that those responsible are well organised and always one step ahead, and their origins and identification are hard to trace, therefore the need to have an effective mechanism to tackle this menace cannot be underestimated. To achieve that, data sharing between nations and security agencies becomes crucially important as no country can address these issues on their own. A research fellow attached to Imperial College Business School has said that in her view co-operation in cyber security will continue after Brexit, also that many international communications cables to Europe land bypass UK, and it would not be possible to replace those without additional cost irrespective of the final deal.

UK collaborates with EU organisations such as Europol and the European Cybercrime Centre (EC3) in sharing data and shaping EU cyber-security policy and regulation. In all probabilities, UK would end up with limited options, to retain its full membership of Europol and get access to European security databases, to reapply for a second-tier membership or to seek a supplementary agreement with Europol. If, however UK were to be left out without closer links after Brexit, the countries could become exposed to cyber threats as the hackers are always on the lookout for vulnerable targets. There is of course the option to use other routes, NATO, United Nations Security Council and the Five eyes. In addition, UK has already looked for partners outside the EU for data sharing, for instance TAC security, an Indian company who has announced that they have a special service in place to fight UK Cyber War. In addition, TAC-CERT (Cyber Emergency Response Team) the newest service is about to be launched in the UK.

In January 2012, the European Commission set out plans for data protection reform across the European Union in order to make Europe fit for the digital age. Britain as a member followed suit in line with the General Data Protection Regulation (GDPR). Any organisation who have clients or market in any part of the EU are under obligations to comply with EU regulations, therefore UK organisations continuing or willing to trade with any EU country after Brexit will be bound by GDPR terms and conditions. UK government has said that GDPR will still work for the benefit of UK despite being outside the EU. Recently UK reformed its Data Protection Act 1998 in line with the GDPR. This has been underpinned by the UK Information Commissioner’s Office and has given a pledge not to abandon previous commitments and that data protection will stay aligned to GDPR. This could be taken as an indication of the government intention to make people feel confident about security after Brexit. It is highly unlikely that there would be any changes to the applicability of GDPR, changes if any would not be forthcoming immediately.

According to the head of technology at the National Crime Agency’s National Cyber Crime Unit, there is no visible impact on their operations and it is too early to make predictions at this stage. The cyber-attacks in reality will continue to be a phenomenon despite the final outcome of Brexit.

It is highly unlikely there would be an immediate impact on cyber security, however, there could be possible implications, in the long terms. With the aim of becoming a world leader in cyber security, UK government plans to invest a £1.9 billion over the next five years tapping into the savings from the EU budget. In addition, the government has established a new National Cyber Security Centre (NCSC) along with a new five-year National Cyber Security Programme. It is reported that even though the new strategy does not directly address the issue of Brexit, it does outline the UK’s intent to continue to work closely with international partners, including the EU and other organisations such as the UN, NATO, G20, Commonwealth and Organization for Security and Co-operation in Europe (OSCE). Therefore, it is evidently clear that regardless of the Brexit outcome UK would not compromise her security under any circumstances.