Brexit – Will it lead to Cyber Security Black swans ?

The Brexit shock continues to reverberate throughout the global economic and policy worlds. Despite protests against the referendum’s results being cancelled due to concerns of violence, thousands of protesters demonstrated outside the House of Parliament. As a Cyber Security Subject Matter Expert, herewith I am sharing my view points on how Brexit could impact Cyber Security Practices of UK and the rest of the EU. In Risk Management terminology a “Black Swan” is a risk event that comes as a surprise, produces a major effect, deviates beyond what is normally expected of a risky situation and is extremely difficult to predict.

Post Brexit UK may have many Cyber black swans. The reality is that nobody will know what the real cyber consequences are going to be due to Brexit.

Because of new bureaucratic controls that may arise due to Brexit, information sharing with the EU, as well limited cross national collaboration in fighting cyber criminals may have significant impact. The UK will no longer be obliged to implement EU Directives. This may include the NIS Directive, although on its current legislative timetable the NIS Directive seems likely to be required to be implemented into Member State law before any Brexit takes effect.

The EU is known for its strong regulation for protecting the privacy of its citizens. The UK is known for its traditional ‘state security first’ system. The two are not necessarily congruent by any means. So, if the UK deviates from the EU practice, a more detrimental impact on users privacy is very much possible.

Brexit might increase the vulnerable targets because it will create uncertainty, which markets hate but some criminals can exploit well.  Uncertainty may create new opportunities, like the opportunity to target people who are fearful or confused, perhaps through online scams and social engineering attacks related to immigration status, state benefits, and so on. Hackers and other cyber criminals may take advantage of any confusion that is created by changes in laws due to Brexit. Because Hackers can thrive well in environments of chaos and uncertainty, and the political and economic turmoil happening in UK due to Brexit is very much conducive for this.

Cyber Intelligence sharing between countries in the EU will have a major blow and might come to a stop from the end of the UK Government. The EU will for sure miss the opportunities to leverage the intelligence and latest technology supported cyber capabilities of the UK Government.

Brexit might hamper prosecution of cross border cybercrimes, and most such crimes cross borders. Complex issues of transnational law enforcement funding could degrade police performance, and the UK’s need to renegotiate 80,000 pages of legal agreements with the EU may strain legal resources.

The UK Government has to review its role within the EU law enforcement and information security agencies notably the European Police Office (Europol) and the European Union Agency for Network and Information Security (ENISA).  The Union has bolstered efforts in recent years with the publication of the EU Cyber Security Strategy and the creation of the European Cybercrime Centre (EC3) within Europol in 2013. EC3 has become the focal point in the EU’s fight against cybercrime, supporting member states and EU institutions in building operational and analytical capacity for investigations and cooperation with international partners.  The UK Government’s involvement in these institutions will again depend only on the country’s ability to negotiate favorable terms regarding its role. Organized online criminal activities are undeniably best tackled from a cooperative, supra-national perspective, and the UK’s isolation from the EU may result in an unwelcome development in the fight against cybercrime. 

New cybersecurity information and asset sharing structures will need to be put in place between the EU and the UK post Brexit.

There is also a possibility of a having severe brain drain as the security talent pool might flee the UK which could increasingly impact security and data protection initiatives of the UK Government.

Browse

Article by channel:

Read more articles tagged: Cyber Security, Featured

Cyber Security