The potential cybersecurity implications of Brexit has stirred much discussion and many visceral reactions. Analysts Frost and Sullivan surmised that “fundamentally, the UK could lose its footing as a technology powerhouse; said earlier this week that the UK’s role as a digital hub, acting as a gateway to US firms, could be under threat. Other reputable analysts have echoed the same theme. [i]
Michela Menting , Research Director of ABI Research concludes that “The stakes are high for the UK overall. As regards cybersecurity policy and law, the UK will likely align with the EU vision going forward. Cybersecurity is too important, and cybercrime too pervasive, for the UK to take an isolationist approach to the matter. It is highly possible that Brexit may have a negative impact on the UK cybersecurity industry however in the short term, pending successful negotiations for favorable market conditions with the EU.” [ii]
The perspectives on the implications vary in perspectives and implications of Brexit. From a macro (and personal) viewpoint, I do not believe that there is a compelling reason to panic. Much like the quick recoveries of the market exchanges to the unexpected Brexit news, the Information security community will also quickly recover from erosion of confidence and uncertainty. There are still 2 years to go before Brexit is formalized and there is still a lot of runway to accommodate data exchange and research related issues with the EU and around the globe. Many information security professionals seem to concur with this assessment.
Tripwire recently conducted a poll of information security professionals at InfoSecurity Europe 2016. The questions asked was what are the implications for information security and assurance, the fight against cyber-crime and the development of the cyber-security tech industry in the UK? Of 278 people questioned, 64 percent said that there would basically be no change as a result of an exit vote. [iii]
The heading of a recent article in Computer Weekly by senior editor Warwick Ashford aptly summarizes the reaction of many in the information security community on both sides of the pond. Mr. Ashford stated: “Brexit will present some cyber security challenges – but it will be largely business as usual, say information security professionals.” [iv]
Mr. Ashford’s analysis that was backed up in his article by noted experts. He cites Adrian Davis, European managing director at security certification body (ISC)2, who said “information security is well-recognized as an international concern that has motivated levels of co-operation that already transcend national boundaries and politics.” And Larry Clinton, president and CEO of the Internet Security Alliance who said In the same article that, “while the Brexit vote is unlikely to have much impact on information security operations in the short term … the vote underlines the need for the private sector to develop strong partnerships to secure the cyber systems they own and operate independent from government structures.” [iv]
Mr. Clinton’s quote really captures the essence of why Brexit will not be much of a factor in undermining UK/US cybersecurity relations. There are already many strong bilateral private sector partnerships shaping the alliance outside of the frameworks. Moreover, there are also several bilateral UK/US cooperative cybersecurity programs and projects and those relationships are robust and growing. It is a special relationship.
Much of the kudos for the cybersecurity partnerships between the countries can be attributed to the very successful Security Innovation Exchanges and US mission, of the UK Trade & Investment (UKTI) and UKTI Defense & Security Organization (DSO) that promote cooperation and outreach between UK and US markets from Washington, DC. The relationships extend to industry, government ; US Homeland Security, DOD, State & Federal Law Enforcement Agencies and other agencies, academia, think-tanks, and at conferences and events. As an American involved in cyber and emerging technology issues I have attended several UKTI events in Washington, DC. I can personally attest to the success of the very well run and informative UKTI programs.
Also, the recent appointment of a British cyber envoy to the United States, Andy Williams has had a positive impact on bilateral relationship building. Williams noted in an interview in Federal Computer Week that, “On cyber, the relationship is incredibly strong, as you’d expect – because of the [shared] heritage but also because of the scale of the threat” Williams also said there was plenty of cyber-related learning to flow in both directions across the Atlantic. “We’re pretty good at producing scientists and innovators,” he said. “We’re not as good at commercializing the capability, and that’s where we can learn from the U.S.”. [v]
I agree, Cyber Envoy Williams, the back and forth flow between UK and the US across all cyber verticals and industries is a meaningful force in itself. There is recognition from a policy perspective for both countries of the benefits of jointly combating cybersecurity threats. The shared vision extends to commerce, and although there may be some impediments derived from Brexit, they will be overcome and the UK/US cybersecurity relationship will continue to flourish.
Charles (Chuck) Brooks serves as the Vice President for Government Relations & Marketing for Sutherland Global Services. Chuck is also an Advisor to the Bill and Melinda Gates Technology Partner network, as Chairman of CompTIA’s New and Emerging Technology Committee, as a Fellow at The National Cybersecurity Institute, and serves on Boards to several prominent public and private companies and organizations.