Chief information security officers (CISOs) must prepare for the ending of intel and law enforcement agreements with the EU post-Brexit, a report from Forrester has warned.
The key concern for CISOs is the future cooperation on cyber security, said the report. Current arrangements will continue until the end of the transition, and a new security treaty will need to be effective on January 1, 2021.
It went on to outline three specific issues at stake because of Brexit.
- Uncertainty around the continued cyber threat intel exchange was one key area highlighted, with the possibility Blighty will lose much of its access to EU institutions, operational capabilities, and cyber threat intelligence.
- It also warned law enforcement cooperation with Europol could be threatened. The inter-European agency provides operational support for complex cybercrime investigations across the EU. In a no-deal scenario, law enforcement cooperation will stop, which "will substantially weaken the tools" to identify adversaries, said the report.
- Brexit could also disrupt the UK’s adoption of EU cyber and data privacy legislation, namely the EU’s General Data Privacy Regulation (GDPR) and the Network Information Security (NIS) directive.
CISOs consequently need to bang the drum on these issues and get policy makers listening.
"First, assess what you currently gain from intelligence sharing and security cooperation efforts, then explain their value to lawmakers. In the UK, you can submit for consultations to the stakeholder engagement capability within the Department for Exiting the European Union," advised the report.
Meanwhile it cautioned on diversifying intelligence sources. "In addition to government feeds (eg, threat intelligence from National CERTs) you can collect open source feeds using manual methods, aggregation software available for free on GitHub, or a commercial product."
On GDPR and NIS directives the advice was, unsurprisingly, to keep calm and carry on. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks