Mind the Brexit gap in cyber security
.jpg)
There has long been a strong partnership between the UK and Europe in cyber security. With the outcome of Brexit still uncertain, there is much debate about how these links will be maintained in the future.
There will clearly be changes, not least that the UK is set to lose its seat on Europol’s management board and will no longer be able to shape European Union (EU) cyber security policy and regulation. However, there are many areas where it is still unclear what will change, so organisations will need to make sure they are aware of new developments, understand the implications for their business and respond quickly.
Cyber security standards
One area in doubt is the level to which EU cyber-related standards will continue to apply in the UK. For example, while the Network and Information Systems Regulations (NIS), which is based on an EU directive, has now been put into law in the UK, some aspects of it require cross-EU cooperation, such as the participation in a Computer Security Incident Response (CSIR) team network. The nature of this cooperation will depend on the final deal between the UK and the EU.
The E-Privacy Regulation, which replaces the Privacy and Electronic Communications Regulations (PECR), has yet to come into force, but may do so later this year and will have a one-year implementation period. Whether it will be implemented is likely to depend on a Brexit deal.
The EU has also proposed a new Cyber Security Act, but it is unlikely to be implemented before any transition period, although not being part of it could affect future information sharing between the UK and the EU. The real challenge is that if there is no deal, the UK may become a so-called third country, and this could raise concerns about UK standards which could have implications for UK organisations holding EU-related data.
Flow of personal data
The UK government has taken some action to address these uncertainties, including the recent ratification of Convention 108+, an agreement on robust data protection principles and rules signed by 25 other countries – 19 from Europe and six from the rest of the world.
This convention lets the signatory states share data, providing they implement its principles, which are aligned to the General Data Protection Regulation (GDPR). Although this does not remove the Brexit uncertainty, it will lessen the impact of a no-deal scenario and help to enable the continued flow of personal data.
Despite this move, organisations, especially those that trade in information between the UK and the EU, will need to take action to minimise any cyber security issues when trading with the EU and other countries.
That should include continued monitoring of new cyber-related laws and regulations in other countries and a process for assessing whether there is a business need to meet these new requirements, rather than just the local UK-based ones, such as Cyber Essentials.
This should be supplemented by a review of the organisation’s cyber security standards to ensure that it is not locked out of important markets. This may well mean adopting even more stringent or different controls relating to cyber security than we have today or in the future to ensure the business can continue to trade.
Good cyber security practice should remain a priority, including deploying an adequate proactive threat intelligence service to monitor the potential for increased cyber attacks. It is possible that malicious actors could look to exploit a disorderly exit and look for loopholes in current systems or use uncertainty and inconsistency in the cyber security laws between the UK and Europe to find new ways to attack systems.
International rules
Good relationships with regulators and government bodies, such as the National Cyber Security Centre (NCSC), will also be more important than ever. It will be vital for all those involved to work together to understand how UK-based regulations can be aligned and recognised under other international cyber security standards.
Finally, there are some practical steps that organisations need to take in relation to data transfers. They should review which third-country data transfer safeguard mechanisms can be used for personal data transfers to the EU, such as standard contractual clauses and binding corporate rules.
They also need to review their privacy notices, information and internal documentation to identify any details that will need updating when the UK leaves the EU. In addition, they should liaise with data protection authorities in all the EU countries of operation to ensure they comply with their local specifications.
Of course, all of this is no guarantee that the rest of the world will be happy to continue to share information with UK organisations, but careful monitoring and proactive adoption of cyber security standards is the best way to navigate through the uncertainties of the post-Brexit world.
source computerweekly
Industry: Cyber Security News
Latest Jobs
-
- Infrastructure (Network / Security) Engineer | West London commutable | Permanent
- London
- Apply today
-
Infrastructure (Network / Security) Engineer | West London commutable | Permanent This is an in house opportunity. Looking for someone that has on prem / data center experience MUST be a currently hands on config, Install, upgrade, troubleshooting experience Routing, Switching, Network Security (firewall, IDS etc), Microsoft Active Directory / 365. VMWare Scripting / automation experience wanted. Python, Powershell etc Must be commutable to West London twice a week. Visa sponsorship not available. Apply today for more information Book a call via this link https://calendly.com/d/crqf-t28-7tb
-
- Identity & Access Management Architect
- Edinburgh
- Upto £95000 plus bonus and benefits
-
Location: Edinburgh | Hybrid Working | Permanent Are you an experienced Identity & Access Management professional with a passion for designing and implementing cutting-edge security solutions? We are looking for a Lead Architect, where you’ll play a key role in helping clients enhance their IAM capabilities, protect critical data, and navigate complex security challenges. About the Role As a Lead Architect, you will be responsible for shaping and delivering IAM strategies, designing robust security solutions, and driving long-term digital transformation. You’ll leverage your expertise to provide strategic guidance on areas such as: Identity Governance & Administration (IGA) Privileged Access Management (PAM) Access Management (AM) Entitlement Management Directories & Authentication Solutions You will have the opportunity to work with innovative technologies and frameworks, ensuring that businesses can securely manage access to critical assets while enabling growth. What You’ll Be Doing Providing subject matter expertise in IAM and leading transformation projects for clients Developing IAM roadmaps, operating models, and governance frameworks Driving innovation by integrating IAM capabilities into wider digital transformation strategies Building and maintaining strong relationships with clients and stakeholders Designing and implementing scalable IAM solutions to meet business needs What We’re Looking For Proven experience in IAM strategy, solution architecture, or assurance Strong leadership skills with experience guiding technical teams Ability to work in a client-facing role, delivering clear communication and insights A technology-focused, innovative mindset with strong business acumen Willingness to work from our Edinburgh office 2-3 days per week
-
- Security Architect - Cloud - Consultancy London
- London
- N/A
-
Security Architect with a focus into Cloud (AWS, Azure or Google Cloud Platform) needed. You must have client facing consultancy experience. This mean you must have experience working with clients helping them to meet their security design needs. That could include working with existing internal teams to understand, review and mitigate / uplift existing Cloud Security designs, or perhaps helping clients set out / understand their current needs and deliver their cloud security strategy. (Or anything in between) Technical knowledge is of course essential but working with clients to understand and solve their Cloud Security design challenges is vital. You must obviously have a current history working as a cloud security architect. You will need to be commutable to London. Whilst a hybrid role the expectation is 3 days a week in the office / meeting clients. International relocation or Visa sponsorship isn’t available for this role. Apply on this page and arrange a call here https://calendly.com/d/crpz-m7j-wyx