From WAR ROOM—Online Journal of the U.S. Army War College
Cybersecurity experts have long focused on protecting the information and networks of individuals and organizations. Now in addition to that never-ending task, they must also devote attention to organizational arrangements threatened by the political trend of multi-national rejectionism, such as the British exit—“Brexit”—from the European Union (EU). This broad push for regaining national sovereignty poses problems for cybersecurity because the internet is inherently transnational. Fortunately, there are models for preserving cybersecurity cooperation even as international ties weaken.
At present, cybersecurity matters within the United Kingdom (UK) are addressed by an array of national and EU institutions, which are largely able to cooperate successfully among themselves. The EU has the European Union Agency for Network and Information Security (ENISA), the principal agency and the only centre within Europe equipped to counter cyber threats. It coordinates and cooperates with national security initiatives and the private sector providing both timely information and real-time threat assessment. Within the EU, intelligence exchange occurs mainly through Europol which assists member nations in countering threats emanating across the border.
The UK has its National Cyber Security Centre (NCSC), whose functions are similar to those of ENISA. The NCSC is responsible for protecting critical institutions from cyber-attacks and coordinates with sister agencies within the UK government (e.g., Government Communications Headquarters or GCHQ, Britain’s intelligence agency). In order to further strengthen the UK’s defensive capabilities, the NCSC’s Active Cyber Defence programme will update necessary security protocols and enhance coordination with relevant stakeholders. The implementation of cybersecurity policies and legal mechanisms in EU are primarily undertaken by the National Data Protection Authorities and the Computer Security Incident Response Teams that operates under the European Cybercrime Centre. Whereas in the UK, this responsibility is mostly undertaken by the National Crime Agency, supported by GCHQ and other designated cybercrime centres operating at the regional level. However, EU’s Network and Information Security Directive (NISD)’s intelligence exchange with foreign and member states are restricted in nature, and only countries having NISD can access its services. Incidentally, U.K has already implemented NISD this year.
Continue reading here.