- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
Brexit is here. While the first noticeable consequences in the form of long truck lines, high customs duties, and spoiled food is making the headlines, one important question still remains unanswered: How will Brexit affect cybersecurity and data protection?
So far, the EU's
cybersecurity strategy has focused on a transnational digital infrastructure,
the exchange of information between secret services, and coordinated actions by
law enforcement agencies. As of January 2021, Europol, the EU law
enforcement agency, and Eurojust, the judicial cooperation agency, have one
less member. The European Arrest Warrant (EAW) is no longer valid on the
island. And the exchange of important data also entails a huge number of
forms.
More Bureaucracy when Exchanging Information
However you turn it around: With Brexit, Great Britain will lose
immediate access to real-time data and thus an important weapon in the fight
against crime. This includes the exchange of DNA, fingerprints, vehicle
registrations, and passenger data. The British Home Office announced that
the Brexit Deal would give authorities more control over the disclosure of this
information and more freedom in implementing processes. Still, both the
National Crime Agency (NCA) and the National Police Chiefs Council (NPCC) have
raised concerns about post-Brexit security. The NCA, which is mainly
responsible for international cross-border cases, is expected to have to
reorganize hundreds of operations,
The media also confirmed that there was an agreement on the
extradition of criminal suspects and that the UK could still attend Europol
meetings. According to the reports, the cooperation is regulated in a
similar way to that with other third countries. Nevertheless, it is
foreseeable that it will take some time before the new agreements take effect
and the cooperation can continue with the same effectiveness and speed. There
will be no more inquiries via the short official channels anytime soon. Instead,
the processing time and the bureaucratic effort for official requests for
information have increased significantly - which borders on irony given
the main argument in favor of Brexit (“EU bureaucratic madness”).
No More Access to The Schengen Information System (SIS)
Perhaps most painful for the UK authorities is the loss of the
Schengen Information System (SIS). The database stores information on
unwanted, missing, or wanted persons, vehicles, identification documents,
weapons, and banknotes. The system is used both for border controls and for
investigative work by the police and security authorities. Europol and
Eurojust as well as the respective judicial and security authorities of the
Schengen countries are entitled to access.
Great Britain was also able to access the more than 90 million
data records (as of 2019). This access has been over since January. Now
the around 4.6 million searches fed in by Great Britain even have to be
eliminated. The exchange of information, which is regulated based on the Prüm Treaty between several European states (including Germany), is a
little better off. Great Britain left the contract in 2014 but later took
part in the decisions. Since the Prüm Treaty is not an EU agreement, it
remains to be seen how the situation develops here.
Cooperation with Europol Under New Conditions
As a member of the EU, Great Britain was able to send a so-called
“European Investigation Order (EIO)” to countries within the EU. The EEA
is a legally binding request to collect and surrender evidence against
suspected or accused persons within a certain period of time. That is also
the end of it now. Now a request for mutual legal assistance must first be
submitted on both sides, which is usually sent through diplomatic channels. Of
course, this is not the end of cross-border cooperation. However, the
bureaucratic effort will probably take up significantly more time - time that
is not only decisive for success in investigations in cyberspace.
This is particularly annoying because Europol has shown in recent
months how effective rapid cooperation can be in the fight against cybercrime. Be
it with the shutdown of DarkMarket, the largest trading platform in the
Darknet, or with the takeover of the Emotet infrastructure, which temporarily
put an end to one of the most dangerous ransomware variants. The
"DisrupTor" operation, which was successfully carried out in autumn
2020, represents, according to the authorities, "the end of the golden age
of marketplaces". The operation led to the arrest of a total of 179 people
and the confiscation of 6.5 million US dollars and 500 kg of illegal
substances.
Europol did not carry out these operations alone, but with the
support of various international authorities - including the UK. An end to
such cooperation at the international level will also be possible in principle
after Brexit. For example, the US and the EU have long had agreements
regulating the exchange of information and the appointment of liaison officers. The UK will likely conclude similar agreements. However, the
third countries do not have a general right of co-determination in strategic
and operational measures by Europol.
Data Protection and Network Security: GDPR & NIS
The General Data Protection Regulation (GDPR) is currently to be
transferred from Great Britain to a national law with minimal changes. The
"UK-DSGVO" (or UK GDPR) seems to have some special features that can
also be relevant for European companies. This includes, for example, the
appointment of a data protection officer. Affected are companies that
process and store personal data of British persons in the context of marketing
measures and customer management and that do not have a branch in Great
Britain. The data protection officer must be based in the UK, legally
represent the company, and be able to negotiate with data protection officers
from the Information Commissioner Office (ICO).
The NIS directive (network and information security) aims to
guarantee the security level of network and information systems in the European
Union. The measures include the EU-wide development of national cybersecurity capacities, the definition of minimum security requirements, and the
reporting obligation for critical infrastructures (KRITIS). The uniform
legal framework should continue to exist after Brexit, albeit with a few
changes. The focus is primarily on providers of digital services such as
cloud services and online marketplaces (digital service providers, RDSPs)
operating in Great Britain, who may have to appoint NIS representatives.
Shortage of Skilled Workers Also in Cyber Protection
The cybersecurity industry has been battling a shortage of
qualified security, threat intelligence, and IT experts for years. According
to the ISC2 study, the number of vacant cybersecurity positions fell for the
first time last year, but the deficit is still enormous with 3.1 million
workers missing. In Europe, there is a shortage of 168,000 skilled workers,
with Germany looking for a total of 61,525 experts in the security sector. There
are currently 27,408 cybercrime vacancies in the UK. In the next few
years, the situation is hardly expected to ease: 49% of the companies surveyed
plan to hire cybersecurity experts within the next 12 months. In a year
marked by COVID-19 and shrinking IT budgets, this discrepancy between
supply and demand is remarkable. Here too, Brexit could have far-reaching
effects on the labor market: while the talent pool in Europe is increasing due
to the return of ex-pats and the greater willingness of the British to work on
the continent, the shortage of skilled workers in Great Britain will worsen.
The Security Situation Continues to Be Tightened
The timing of Brexit is very bad. Not only because of the
ongoing global corona pandemic and the tense economic situation but also from
the point of view of cybersecurity. In the past year, the number of
ransomware attacks on companies exploded. Cybercriminals have made
enormous profits that provide enough capital to continue to terrorize the
digital space in the months to come. State-controlled cyber campaigns also
reached a new high at the end of the year with the successful attacks on
SolarWinds. The economic and political consequences cannot yet be assessed
here.
On the other hand, there is at least a small streak of light on
the horizon at the border controls between the EU and Great Britain. The
higher bureaucratic effort and the stricter rules mean that papers and
documents are checked more carefully and more frequently. After just a few
weeks, customs officials were able to confiscate an above-average number of
forged visas, passports, driver's licenses, proof of insurance, and green cards. No
doubt future relationships will also change over time. It is to be hoped
that cooperation between law enforcement authorities, in particular, will be expanded
and thus become faster and more effective. That would be more than
desirable for everyone in the fight against crime and cybercrime.
To prevent cybercriminals install total security.
- Get link
- X
- Other Apps
Comments
Post a Comment