UK immigration and the national cyber security strategy

null

The Department for Digital, Culture, Media & Sport (“DCMS”) is consulting on a national cyber security strategy to make the UK a world leader in cyber security. The strategy, which comes on the back of a notable increase in cyber-attacks in recent years (including the traumatic WannaCry attacks which affected 48 NHS trusts and countless other organisations) will see the government plough £1.9 billion into UK cyber security from 2016 to 2021. At the core of the policy is the belief that the cyber security space should have strong leadership, centralised and clear qualifications, and diversity.

Diversity comes up time and again within the DCMS consultation paper, perhaps because this particular industry, far more than most, requires the ability of being able to look at the same problem in as many ways as possible. When ensuring the absolute impenetrable security of a system, it isn’t the same as building one from scratch. If you’re creating a new system, you can be content that there are many ways to get to the same goal and, if at the end of the day you have achieved that goal, you have succeeded. In the business immigration world, you could say that lots of people can get you the necessary visa but the consumer’s choice is in how you enjoy the journey and partner with your service provider. 

However, if your goal is to ensure that you have created a fortress, impenetrable to the world, you need to consider the myriad of ways in which security could be breached. Neuroscience is fast establishing that we train our brains to think in certain ways through our environments and even the way that our language forms our perception of the world. For example, how an English speaker understands the number 12 is very different to how a Japanese speaker understands it because in Japanese it is a simplified “10 plus 2” in effect. It is possible that there are approaches to breaching security that a typical British person would never consider, but that someone with a different language and different background would find obvious. 

Fundamentally, you need diversity in the best cyber security teams. Which means you require foreign talent and an immigration system which encourages, attracts and retains such talent. The advantages bringing increased diversity and fresh ways is just one of the ways in which UK cyber security could benefit from foreign talent.

It is curious that both this cyber security policy and the White Paper for Brexit have put the tech industry into sharp focus, highlighting its importance for the future of the British economy. Both documents have also recognised the need for immigration to support the goal of creating world leading tech and cyber security industries. This is at odds with the other Conservative government policy of reducing net migration to the tens of thousands and deterring employers from hiring foreign talent by making it exorbitantly expensive to do so (try £7,500 in government fees for a 5-year visa for just one migrant). 

Given the need for diversity as well as the clear tech skills shortage that exists in the UK, it is crucial for the consultation and recommendations to include a supportive immigration system in the UK. Brexit looms large on the horizon and there is a growing possibility that the current Tier 2 Sponsorship system is adjusted and expanded to encompass EEA nationals (who do not require any sort of visa at present with EU free movement of labour rules). This would inevitably lead to considerably greater expenses for tech and IT businesses in the UK both in terms of visa applications, and as they need to spend more time and resources, ensuring compliance.

The House of Commons Science and Technology Committee published a paper in July with recommendations for changes to the UK immigration system and many of these would be of great assistance to the cyber security industry as well. One of the measures proposed by the report, the enabling of short term visits for work, could be hugely beneficial when dealing with a security crisis. The idea that short term visitors should also be able to work temporarily in the UK, was one of a list of eminently sensible suggestions that DCMS would do well to note and include in their cyber security strategy.

If DCMS really want to make the UK a leader in cyber security and recognised internationally as such, they will urgently need to address the issue of immigration. Adding a formal, national qualification system akin to legal practice, will lead to foreign talent thinking long and hard about the costs and long term returns of moving to the UK to forge their career. Ensuring the quality and regulation of professionals is obviously required in certain careers but it is important that when that challenge is combined with a long winded, pernickety and expensive visa process, this does not deter both individual talent and businesses from setting up and growing within this environment.

Measures to upskill British workers are to be welcomed even though narrowing the skills gap will not eliminate the need for skilled, immigrant professionals. It is a well-established fact that many of the UK’s brightest tech specialists leave the UK to work in Silicon Valley, and whilst the tech and cyber security industries ought to do what they can to retain such homegrown talent, they also ought to be able to hire the best talent available in the global labour market place.

There is another, perhaps less obvious reason, to encourage foreign talent in UK cyber security. One of the stated aims of the national strategy is to make the industry world leading and therefore a significant exporter of cyber security services (Liam Fox MP has even launched a cyber security export strategy). By hiring international talent, UK businesses will be in a stronger position to foster relationships and networks with business communities across the world, helping to enhance export potential and provide further benefits to the industry.

A combined strategic approach with UK immigration law is crucial to enabling ambitious cyber security and tech policies to be realised. By both fostering homegrown, skilled professionals and opening the UK economy up to international talent, the government and the cyber security industry can go a long way in achieving their objectives. 

Naomi Hanrahan-Soar, Managing Associate at Lewis Silkin 

Image Credit: Kirill Wright / Shutterstock