According to a recent survey by Tech London Advocates, London’s tech experts and cyber security professionals are ‘overwhelmingly opposed’ to the UK’s recent decision to leave the EU. Mainland Europe represents an essential source of talent for the UK, which suffers an ‘alarming lack of digital skills’, and Brexit will likely raise barriers to Europeans’ freedom to work and travel in the UK. In fact, there are concerns that a potential dip in Britain’s economy may result in a technological brain drain, with British cyber professionals seeking higher pay in countries such as the US. Negotiating the split will involve establishing whether British law enforcement will continue to benefit from the information sharing arrangements of Europol’s European Cybercrime Centre (EC3), and whether it will continue to reflect the privacy and data protection legislation of the EU or develop its own regulation standards. The attractive benefits of the EU’s ‘digital single market’ means it’s likely Britain will continue to adhere to the data standards of its continental counterparts in order to facilitate the flow of data across the Channel.
Staying with European data debates, the final changes to the US–EU data sharing agreement, Privacy Shield, have been agreed upon this week. The new arrangement will regulate the transatlantic transfer of EU data by US companies, replacing the ‘Safe Harbour’ model that was struck down last October by the European Court of Justice. The scheme features ‘a number of additional clarifications and improvements’ in response to concerns of US mass surveillance of European citizens. The new data transfer pact includes stronger restrictions and establishes the role of a US ombudsman to handle complaints over American misuse of EU data. The final version of Privacy Shield was sent to European member states for review this week, and the vote is expected to be held early next month.
Russia’s new mass surveillance bill will require all messaging services operating in Russia—such as WhatsApp, Telegram and Viber—to provide the Federal Security Service with backdoor access to citizens’ personal communications. Pitched as a counterterrorism bill, the legislation will also necessitate ISPs to hold customers’ metadata for three years and real communication records for up to six months. The legislation has been dubbed ‘the big brother law’ and companies that fail to comply will be subject to fines of up to one million Rubles (AU$20,000). Russia’s lower house, the Duma, passed the bill last week and it’s now expected to move quickly through Russia’s Federal Council and the Kremlin, into law.
China is also clamping down on data management, holding a second reading of controversial new draft rules this week. The cybersecurity law will require Chinese citizens’ personal data be stored domestically, with any request to transfer the data overseas requiring a government security evaluation. Importantly, the legislation will force network operators to ‘comply with social morals and accept the supervision of the government’. While Chinese media outlets state that these measures as designed to ‘protect the information infrastructure’, the bill is seen internationally as ‘internet censorship enshrined in legislation’.
The US recently held its fifth annual military network defence test, Cyber Guard, in Virginia with nearly 1,000 participants from the military, government, private sector, academia and allied countries. The exercise, led by the US Cyber Command, the FBI and the Department of Homeland Security, required participants to respond to a simulated network attack on US infrastructure. Over a week, participants were challenged by an active expert ‘red team’ to practice inter-agency coordination, private sector cooperation and Five Eyes interoperability. Cyber Command is also working to establish a ‘Persistent Training Environment’—a year-round cyber facility capable of simulating multiple scenarios simultaneously—which is expected to reach initial operating capability in 2019.
Closer to home, the Australian Department of Defence has announced a $12 million contribution to the Australian National University’s new innovation centre for high performance computing, data analytics and cybersecurity. The $45 million research facility will house 70 students, academics and staff from the Australian Signals Directorate. The initiative is part of efforts to boost the study of STEM subjects and address Australia’s cyber skills shortage.
For some in-depth reading, check out the Global Commission on Internet Governance: One Internet report released by the Centre for International Governance Innovation and Chatham House this week. Notably, it proposes three potential outcomes for the internet: ‘a dangerous and broken cyberspace’, ‘unequal gains’ or ‘broad unprecedented progress’. Microsoft has also published a new report this week, proposing a cybersecurity norm development model for both nation states and ICT industry. The paper addresses offensive, defensive and industry norms, as part of Microsoft’s ongoing work to ‘advance trust in global ICT ecosystems’.