Richard Burge Speaks at Chatham House on Cybersecurity in the Commonwealth

The Commonwealth Cyber Declaration was signed during the Commonwealth Heads of Government Meeting in April 2018; a landmark declaration, it is world’s largest and most geographically diverse inter-governmental commitment on cybersecurity cooperation to date. The Declaration has a special relevance for Commonwealth trade and investment, with many of its key elements pertaining to improving the security of goods and services trade within the Commonwealth.

On Thursday 4 October, CWEIC Chief Executive spoke at Chatham House on the topic of cybersecurity in the Commonwealth, discussing the implications the Cyber Declaration has for Commonwealth trade. In his opening remarks, Richard framed the Commonwealth as an excellent test bed for an agreed set of cybersecurity principles.

Transnational threats require a transnational response. This was the statement at the heart of our discussion of the digital economy at the Commonwealth Business Forum in April. Baroness Scotland introduced the Commonwealth Cyber Declaration at CHOGM claiming “There is immense fresh potential for the multiple layers of Commonwealth connection to be used for the common good.” And indeed, an organisation as diverse as the Commonwealth could be the ideal proving ground for internationally uniform cybersecurity regulation.

Key elements of the Cyber Declaration have a definitive connection with trade – as shown by the below exerts from the Declaration text itself:

i) Recognize and support cyberspace as an enabling environment to promote investment and intra-Commonwealth trade in goods and services.
ii) Commit to promote interoperable and global technical standards.
iii) Highlight the importance of common standards and the strengthening of data protection and security frameworks.
iiii) Commit to limit the circumstances in which communication networks may be intentionally disrupted.

Richard introduced these points, before expanding on how the above has the potential to improve four central trade facilitators; consumer confidence, efficiency, opportunity, and standardisation. Each of these have defined real-world applications, and if properly capitalised on, could be of great relevance to intra-Commonwealth trade.

 

Stricter regulation increases consumer confidence; In supporting common practices across Commonwealth member countries, cybersecurity initiatives can foster pan-Commonwealth confidence in the appropriateness and acceptability of Commonwealth laws, regulatory provisions and institutions for the purposes of bilateral trade.

In the 2018 study “Strengthening the Commonwealth Advantage: Trade, Technology, Governance”, research indicated that increased predictability and efficiency in governance in trade within the Commonwealth had the greatest positive impact on trade between Commonwealth countries of all other factors examined in the gravity model, including logistics, trade agreements, and foreign direct investment. While this covers governance as a whole, the implication remains that better and more uniform governance when it comes to cybersecurity has the potential to make a significant positive impact on Commonwealth trade.

Increasing efficiency; In a similar vein, by investing in increased cybersecurity across the Commonwealth, money and time that would otherwise be lost to putting out fires following cyber attacks could be saved and put to better use.

The risks posed by cybercrime are even higher for emerging markets relying on technology from developed economies, leaving them vulnerable to hidden malwares in their imported hardware and software. Especially as many emerging economies leapfrog tech development, their infrastructures and economies increasingly relying on digital services, and thus cybersecurity needs to be a primary focus for the Commonwealth in ensuring economic progress. By making pre-emptive, strategic investments in cybersecurity measures across the Commonwealth, as the UK has pledged to do this year, we can shift the struggle against cybercrime from firefighting to active prevention that adapts as quickly as those conducting cyberattacks.

New challenges present new opportunities; Restrictions engender innovation. By holding businesses to stricter standards, new solutions and opportunities will be found to facilitate trade. New software, technology, services, training, accreditation, etc. are all avenues businesses can take to adapt to and benefit from regulation. Providing investment in cybersecurity will in turn encourage investment in domestic innovation, providing local solutions to global problems.

Blockchain, for example, is a fantastic example of security as a growth industry, with opportunities for companies of all sizes from all backgrounds. It is vital that unified regulatory policy should not necessitate a single provider, but should inspire entrepreneurship and innovation in all quarters, providing the same standard of regulation and security to meet the needs of individual countries and regions.

Standardisation facilitates easier trade across the Commonwealth: A rapidly expanding sector within intra-Commonwealth trade is the trade of financial services.

Cybersecurity plays an important role in the financial services trade, and a good example of this in practices are multi-national accountancy firms which have head offices in the UK. Such firms often outsource elements of work to partner offices in Asia. A crucial point of consideration when working in a border-less fashion like this however is the security and use of data and information held by the partner office. When working internationally, more and more companies within the finance sector are outspoken about the importance of cyber security in such scenarios, as companies need to know that they can expect similar cyber security protocol at both ends of the work steam.

The theme of consistent cross-border regulation also has increasing relevance when considered in the context of developing countries. Cyber security is a foundational pillar of trust in international financial service trade, and thus those developing countries which lack a rigid cyber regulatory framework have the potential to be overlooked in place of other more secure and established locations as the international financial services trade expands.

 

However, behind the obvious benefits of new regulatory cybersecurity legislation lie challenges that need to be overcome. Richard noted the importance of understanding the needs and conditions that exist in both the public and the private sectors, and of all stakeholders in their capacity as both users and citizens. A lack of trust, ineffective legislation, and differing interests between the various sectors could severely limit our ability to collaborate within the Commonwealth.

Does holding nations with lesser developed digital economies to the same standards, incurring the same costs and requiring the same resources to implement, put unfair strain and restrictions on them? Indeed, placing restrictions on an economy already struggling in the expectation that they ought to keep pace with larger developed economies could be interpreted as unfair. However, the alternative, i.e. to effectively allow a free-for-all, risking cybersecurity frameworks falling behind, ultimately poses a far greater threat to their economies, and to our global economic security.

Concluding the speech, Richard said:

The Commonwealth, as an organisation that unites OECD nations with some of the most economically vulnerable countries in the world, can make great strides in setting unified global standards that work across geographic and socio-political boundaries. As we have covered, cybersecurity presents opportunities for growth, for collaboration, for new perspectives and new and better ways of getting things done. The Cyber Declaration should really only be the start; we are in a unique position to set policy in motion in the right direction in every corner of the Commonwealth, potentially influencing national policies for the better for decades to come.