Isolationism, Cybersecurity, and Privacy

By Phil Reitinger

A few days ago, I read a BBC story about how the United Kingdom’s potential failure to opt-in to new Europol regulations could force the UK out of the organization, limiting access to shared intelligence about crime. I won’t venture an opinion on that question, which I am sure involves a number of concerns, but it started me thinking about the rising tide of isolationism and parochialism, and what it means for cybersecurity and privacy.  In a word, it’s bad.

First, the barriers to collaboration introduced by isolationism hurt law enforcement and companies more than criminals.  The overarching paradigm of the Internet is that offense wins.  That’s true for a variety of reasons, one of which is that the information flows among the bad guys faster than among the good.  Information on vulnerabilities in software and systems, and tools for attack, move among attackers at Internet (or at least market) speed, while the sharing of information among defenders is slowed by concerns regarding security, liability, and privacy.

Isolationism exacerbates this condition.  If two distinct national police forces cannot work nearly as one in real-time, then defense against cybercrime is slower and weaker.  If threat intelligence cannot be shared at light speed between two companies in different regions, then the offense has an information advantage.

Second, isolation makes harmonization of law and policy more difficult.  Unlike issues where one must “balance” security and privacy, isolationism adversely affects both.  The burden of working to comply with diverse national, state, or sectoral requirements both decreases the likelihood of compliance (requirements are misunderstood or averaged) and uses resources that could better protect security and privacy.  Harmonization efforts like the Budapest Convention or the GDPR are important for this reason, among others, and isolation impair them.

Third, isolationism tends to be associated with elevated concerns about sovereignty and identity that impair collaboration even above what is the natural result of separate political and economic institutions.   Actions that could be taken to build a more secure, and privacy-protective, ecosystem are not in part because the actions were “not invented here.”

We have to stand against this.  Political eddies and national borders notwithstanding, we must continue to build global and cross-sectoral collaboration to protect and enhance cybersecurity and privacy.  The Global Cyber Alliance is committed to that.


The author, Phil Reitinger, is the President and CEO of the Global Cyber AllianceYou can follow him on Twitter @CarpeDiemCyber.