Deal or no deal. The implications for cyber security are as hard to predict as Brexit

Unless you’re (perhaps blessedly?) a social hermit, cooped up somewhere entirely off-grid you’ll be aware that Brexit is the big talking point for everyone just now and it seems that no matter what the pundits predict another curve-ball seems to come out of nowhere. At the time of writing Brexit has been delayed till the end of October and things will probably change before the publish button on this blog is pressed.

One thing that is certain though is that Brexit will have implications for our cyber security. What those implications will be, however, are probably just as hard to predict as the outcome of Brexit.

Security is a team sport

Cyber security is essentially a ‘team sport’. It requires cooperation from lots of people: industry, government agencies and international partners. After Brexit, deal or no deal (in the words of Noel) many of the frameworks that help build better cyber security will remain in place. Take the Five Eyes Partnership, a cooperation between Australia, Canada, New Zealand, US and the UK which will remain unaffected. Five Eyes is considered the world’s most significant intelligence alliance. Moving on, nothing much should change in terms of our relationship with NATO and the information sharing opportunities which exist there and the NCSC (National Cyber Security Centre) is confident that Brexit will have little impact on cooperation with European nations. One other thing that isn’t going to change, at least in the short to medium term, is the GDPR regulations which have been written into UK law.

Europe does need us. Most of the international communication cables land in the UK before hitting Europe and these are not going to be replaced quickly or cheaply. We have fantastic resources and skills in our country and work carried out by GCHQ and NCSC are vital in protecting not just our cyber safety but that of other nations too.

The grey areas

Having said all that, there are still some areas of concern post Brexit. The internet is ‘without borders’. Although there is confidence from the NCSC that cooperation will continue post-Brexit (whenever that may be) the UK will lose their seat on the Europol Management board. Europol does some top-quality work around Cyber Security and they have access to a wealth of intelligence that we may well lose after B-Day (Brexit day, not Birthday). Law enforcement agencies in the UK need to work with Europol to not only protect us but to also identify and stop cyber criminals.

Even if we are not excluded from information sharing, there may well be the perception that we are cut off. And guess what? Our apparent banishment to the naughty corner added to the sheer confusion around the whole subject of Brexit will lead to the very thing we’re trying to avoid; an increase in attacks from criminals. Always on the lookout for security weaknesses, these hackers will be keen to capitalise on the uncertainties around regulations, rules, imports and exports and I’m sure that we will see an increase in social engineering attacks against firms. Hackers will be hoping to capitalise on the fears of businesses to provide a route into their data. Businesses aside, rogue actors may well see us an easier target. The NCSC has already raised concerns around increased attacks on our critical infrastructure and these attacks may also increase after B-Day.

Although GDPR isn’t going to go away anytime soon, regulations do change over time. What is going to happen in the future? Will the UK, who are keen to be seen as a leader in data protection, change the rules before the EU do and what implications will that have? No longer will we be able to shape European regulation or strategy around cyber security.

Finally, there are concerns around the skills shortage that we already face in cyber security. Demand for these skills in the UK is already an issue. With the freedom of movement restricted, are we going to be able to attract and retain the best talent to keep us at the forefront of cyber security in the future?

The Post-Brexit cyber future is not all bleak, but it’s always better to ensure that we are as educated as possible and understand the issues which we could potentially face. When it comes to protecting your business surely it’s better to hope for the best, but prepare for the worst.

Suddenly being that social hermit cut off from civilisation seems more appealing. Brexit, what Brexit?

Gerry Grant, chief security officer of Converged Communication Solutions

Gerry Grant, chief security officer of Converged Communication Solutions