The real Brexit opportunities for cyber security
The UK’s attempted Brexit deal feels uncertain at best and fanciful at worst. But is it all doom and gloom when it comes to Brexit and cyber security? Organised crime researcher, lecturer and consultant Chris Allen takes a look at potential positive outcomes for UK businesses – in the second of this two-part Brexit series…
A successful Brexit deal on cyber security is one nobody notices. While maintaining the status quo is a strong aim, there is potential for streamlining what already exists. This presents a Brexit opportunity.
One challenge of negotiating a custom deal for the UK on policing and cyber security is the UK already has a custom deal on policing and criminal justice, which it negotiated in 2009 as part of the Lisbon Treaty.
Theresa May, in her previous role as home secretary, decided not to participate in around 100 measures but kept the UK opted-in to 35, including Europol and the European Arrest Warrant. The elements relevant to cyber security are:
- Co-operation between financial intelligence units of Member States
- Eurojust: enhanced cross border prosecution
- Joint Investigation Teams (where investigators from different Member States come together for a particularly complex or important case)
- Simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union
- Establishment of the European Criminal Records Information System
Essentially, these measures are important because they make the UK’s law enforcement response to cybercrime stronger, making businesses more secure through its deterrent.
Speaking after the opt-out announcement in 2009, May said: “For reasons of policy, principle and pragmatism, I believe that it is in the national interest to exercise the United Kingdom's opt-out option and to rejoin a much smaller set of measures which help us to cooperate with our European neighbours in the fight against serious and organised crime.”
So, what’s so good?
The benefits of a new relationship with Europol are, in theory, limitless – the agency is designed to operate in partnership with law enforcement agencies and governments. It has struck unprecedented strategic and operational agreements with countries such as Brazil, China and Russia – countries responsible for a large chunk of world cybercrime.
Leaving those agreements, even temporarily, would mean a higher risk of opportunistic Russian, Chinese or Brazilian cybercriminals attacking UK business.
But, if the UK broke away and established its own direct international links, it would cut out the middle man, something one former senior police officer, who has extensive experience of international policing, said could be successful: “Cooperation is still going on even though we are persona non grata politically at the minute. We have bi-lateral and multilateral treaties to fall back on. Current processes will fall by the wayside and new processes will be created [if we leave with no deal]. The daily operational work of going out and making arrests will continue.
“Europol has some great experts, but [from a policing perspective] it’s not the be-all and end-all. As long as those officers know they can pick up the phone to their counterparts in other countries then the loss of Europol won’t be drastic and the system will keep moving.”
Custom information sharing and cyber prosecution agreements would certainly make a statement and be a huge boost for UK businesses, but given we are leaving the EU in less than two months, the creation and signature of these agreements in that timeframe, seamlessly taking over from current agreements, is a challenge.
Another value of Europol is the relationships it has built with leading technology corporations, such as TrendMicro, Kaspersky and Microsoft. The UK currently benefits from these memorandums of understanding as a Europol member – receiving enhanced training and threat monitoring as well as better analytical capabilities.
Again, the UK could deepen these relationships if it has the ability to make its own decisions – but again the timeframe is against this.
The most likely option – and the least disruptive – is to protect what is already in place. And if shaking off an EU comfort blanket means long-term prosperity, first there may be stormy seas. Then again, as John A Shedd said: “A ship in harbour is safe, but that is not what ships are built for.”