Cyber Britain in a post-Brexit world

Monday 29th May 2017




Dr Andrew Murrison, a member of the Joint Select Committee on the National Security Strategy and Conservative MP for South West Wiltshire
There will be moments in the months ahead when our European Union interlocutors cut up rough. Therefore, it is time for everyone to remember that the UK has always been a net contributor to Europe – economically, of course, but, more importantly, in safeguarding our neighbours from threats, old and new.

The UK is the pre-eminent security power in Europe. At the moment, my constituents, being good Europeans, pay for and provide cover which EU member states enjoy, without themselves paying the full premium for. But European leaders, tempted to punish Britain for Brexit, must not take my constituents’ goodwill for granted.

Many of those I represent are infantrymen – traditional providers of security, of the cold steel variety. The countermeasures deployed by others are subtler. Those are the technocrats who work, quietly, in places like GCHQ.

Their business – cyber – presents a whole new security paradigm. It is a threat that can be wielded successfully against countries with vulnerable and critical national infrastructures, and against ill-prepared businesses and individuals by a whole spectrum of malevolence – hobby hackers out for kicks, competitors in the marketplace, jihadists and major state actors.

But, since 2008, Britain has been taking cyber very seriously. It was the first European country to come up with a proper cyber security strategy, and has recently more than doubled the cash it is putting into protecting the UK from cyber-attack, while developing the means to interfere with the systems of those who threaten us. The National Cyber Security Centre, a spinoff from GCHQ, was opened last October. More public facing than GCHQ, it will further strengthen businesses that are operating in the UK, already among the world’s most cyber resilient.

So what does that have to do with Brexit?

Well, firstly, cyber presents an existential threat to the financial services sector, including the sort of businesses which may be huffing and puffing about quitting London for Frankfurt, Paris or the Far East. Nothing is perfect, but the cyber resilience of our financial services sector is second to none. A strong reason to stay if you are a main board director kept awake, as you should be, worrying about that. From next year, main board directors will be given a little extra encouragement to put their own house in order, as the provisions of the UK Data Protection Act are upgraded through the implementation of the General Data Protection Regulation, and as, across the EU, the GDPR reboots data security. Among other things, that will land companies with a fine of up to 4 per cent of worldwide annual turnover if they fail to comply with cyber security measures. TalkTalk must be thinking it got off lightly.

It goes without saying that the UK has been a major player in the development of GDPR. It is difficult to conceive of circumstances in which we will not wish to retain it post Brexit, or to continue to engage fully with our neighbours on data protection and security.
Secondly, if Europe’s security has historically been assisted by British cold steel, today it is just as much our cyber security operatives and institutions that are in demand. But cooperation cuts both ways.

The instincts of the British public are to help neighbours who find themselves threatened, even if that is, in part, the result of their own lack of preparedness.  All for one and one for all underpins our defence and security philosophy. However, sharing with countries whilst they are administering a commercial punishment beating would be a big ask.

The means of ensuring Europe’s security from traditional and novel threats from state and non-state actors has to continue to be common ground in the years ahead, and all parties to the talks now underway must understand this.

Website Security Test