As the Scottish independence debate heats up, much attention has been focused on defence and how an independent Scotland could defend itself in the modern world.
This discussion has been largely limited to the military hardware, bases and personnel that would be needed, as well as the risks and opportunities linked to the move from UK armed forces to a Scottish defence force.
Less attention has been focused on the security of an independent Scotland's national IT infrastructure. This is a critical aspect of a modern nation's defences. What could an independent Scotland's cyber security strategy look like? Who would deal with cyber security in the event of independence?
The Scottish Government's White Paper says a single security and intelligence agency would have responsibility for cyber security functions. This new agency would, through necessity, maintain a close relationship with the existing UK intelligence agencies. In the short term, any Scottish Intelligence Agency would co-operate closely with GCHQ.
The first step with any security strategy is figuring out what can and should be defended and the threats that apply to assets. In the Scottish context, the principal resource to be defended would be Scottish commercial and economic interests such as intellectual property and energy systems.
This is in contrast with the rest of the UK, which has a clear focus on foreign and domestic counter-terrorism and counter-insurgency activity. Clearly, the move to an independent government would lead to a change in priorities for the security services, which could include:
l Moving away from mass surveillance and a dragnet approach to intelligence gathering.
l Concentrating cyber security defences on critical economic and commercial interests, building on the experience of other European countries such as Estonia. Estonia is considered to be the world leader in national cyber defence after a co-ordinated Russian cyber attack in 2007.
l Making domestic counter-insurgency and counter-terrorism work, such as that undertaken by GCHQ and MI5, less of a priority.
l Supervision of the intelligence service becoming open and democratically accountable.
There are significant caveats around a Scottish Intelligence Agency's room for manoeuvre on some of these points. The physical network layout throughout Scotland and the UK means that very few connections from other countries land in Scotland, with most landing in Cornwall near GCHQ's listening post at Bude. This means that, at least in the medium term, internet and corporate network traffic would be subject to UK Government surveillance, regardless of the wishes of the Scottish Government. It is likely that a condition of support from allied intelligence agencies would be co-operation in sharing signals intelligence with other agencies.
Should Scotland reject independence, it is unlikely that much will change in terms of the existing cyber security apparatus. GCHQ is home to some of the most brilliant minds in IT security who are a considerable asset to the UK. By remaining in the Union, it could be argued that Scotland would continue to gain access to top-quality security services with, collectively, a great deal of experience in national cyber defence.
There are, of course, risks associated with remaining under the present security regime. Principally, this is around the concentration on counter-terrorism. While there is little doubt that the UK as a whole is a significant target for traditional and electronic terrorism, it is not at all clear that Scotland also faces the same level of threat. With the concentration of cyber security resources in the South of England, Scottish commercial and economic assets could be exposed to greater threat under the present regime than in a more focused framework.
Whichever way the vote goes, it is clear that there are opportunities and risks for Scotland on both sides.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereComments are closed on this article