Brexit ‘will not impact’ UK-EU co-operation on cybersecurity

Head of UK National Cyber Security Centre to meet with Irish authorities in Dublin

Brexit will not have an impact on the levels of co-operation between the UK and the EU on cybersecurity, according to the head of Britain's National Cyber Security Centre.

"This is the ultimate global issue, this is an issue that transcends borders," said the centre's chief executive, Ciaran Martin, speaking on Thursday morning.

"In terms of post an EU exit, we've clear instruction from the cabinet to cooperate unconditionally on European security. We're leading the way on things like electoral security in Europe following the very concerning events across the West in the last few years, and if you look pragmatically at cybersecurity as an issue very little of what we can do at the National Cyber Security centre is dependent on EU competences and EU law," he told RTÉ's Morning Ireland.

“That’s just a matter of fact, it’s not a value judgement, I look at relationships with other EU member states, for example the very productive relationship we have with French counterparts, that’s neither been enhanced nor hindered by EU membership over the last four or five years, so it follows that the type of cooperation that we’re building can continue.”


Mr Martin is in Dublin to meet with the Irish National Cyber Security Centre, the gardaí and the Defence Forces.

“The sorts of things we’re agreeing will be things like, that whatever the future shape of the relationship between the UK and the EU takes, we’ll be able to continue that next year and beyond,” he said.

He said that the sort of strategy achieved is just as important as the way it is organised. "So, are we getting after the attackers? What things are we doing to make it easier for everybody in the UK and Ireland to upgrade the security on the devices in their pockets, the laptops at home, the hardware that they work on in businesses? That's the stuff that really matters."

Mr Martin said there are three different types of threats: to critical services, such as the attack on health services in England and Scotland last year; the threat to businesses; the theft of commercial intellectual property; the theft of data and the threat "to the device in your pocket, the threat to your own money, to your online banking, to personal data, the sorts of things we see people worrying about".

He said: “In each of those cases they may not affect national security, but add them all up together and they add up to a real national and international priority to keep the digital economy safe.

“These are the sort of threats we should worry about.

Mr Martin said it is vital that services are resilient to attack. He said you could not protect against all attacks, but the question is “ how do you minimise the ability of attackers to cause disruption, how do you make the attacker’s job much harder, so if you look at those critical systems in transport or in energy or so forth, the absolutely key thing that we’re trying to do in the UK is to make the new systems resilient”.

He said: “If you look at smart meters where we have internet connected measurements of the energy consumption of every home and business, we’ve worked and published details of how we’ve made that automatically safer, how we’ve made it resilient to attack, to the point where you more or less have to do such an aggressive hostile act it would be almost tantamount to an act of war, to disrupt that system and we’re looking at other critical systems to do that.

“There’s huge scope given the infrastructure across the UK and Ireland and elsewhere in this part of the world there’s huge scope for international co-operation which is one of the reasons I’m in Dublin to talk to counterparts about that.”

Mr Martin said it was important to “deglamourise” cybersecurity and that “sometimes Hollywood tends to make it sound like a constant war between hackers over which we have no control”.

“We’ve got plenty of control over this as individuals, as companies and as governments. If we make these little incremental improvements,” he said.

He said taking simple actions such as using two factor authentication for logging into user accounts makes it far harder for hackers and reduces damage to the consumer.