October is European Cybersecurity Month, and as part of this initiative, the Cybersecurity team, alongside colleagues in the Computer Science department are raising awareness, promoting good cybersecurity practice, and promoting career opportunities in the field of cybersecurity.

The University one of only nine institutions in the UK which have both recognition for being an Academic Centre of Excellence in Cyber Security Education (ACE-CSE) by the National Cyber Security Centre (NCSC) and an Academic Centre of Excellence in Cyber Security Research (ACE-CSR).  

Notably, this year the University has also won the 2023 Cyber University of the Year at the National Cyber Awards. It is a recognition for our cutting-edge IT security measures, our dynamic regional collaborations, our education initiatives across various disciplines and outreach with national charities, our groundbreaking academic research in the realm of cyber security, and the collaboration between the Surrey Centre of Cyber Security and the University of Surrey’s IT Cyber Security team.

Recently the UK has seen a range of new and updated laws and regulations applied to cyberspace, for example, the Online Safety Bill and Investigatory Powers Act. We talked to Mikolaj Barczentewicz, Associate Professor in Law at University of Surrey and Research Director at the Surrey Law and Technology Hub (surreylawtech.org) and asked about how this new legislation and regulation was shaping the cyber security landscape.

Why do you think we should be more aware of the latest laws and regulations related to cyberspace as people who live in the UK?

Forthcoming changes in UK law (the Online Safety Bill) and those still being debated (like a revision of the Investigatory Powers Act) may have significant impact not only on how internet businesses operate internally, but also on what digital services UK residents will have access to. The debate about potential legal requirements to compromise end-to-end encryption illustrates this very well. At least two service providers, Signal and Apple, announced that they may remove their communication apps from the UK if they are forced to weaken the security protections that they currently offer their users.

Being aware of such planned legal changes is especially important for the academic cybersecurity community because technical voices can play very important roles in public debates about the desired shape of legal regulations. At least some of the key aspects of problems like that of end-to-end encryption are technical, and university researchers should contribute their expertise to help ensure that the laws are not based on flawed understanding of technology.

Are other countries going down similar paths to the UK in terms of legislation and regulations? Are there differences that we need to take account of?

The European Union is a good point of comparison, because – like the UK – it is now attempting to revise many aspects of its legal regulation of digital services. Broadly, the EU is trying to tackle similar issues, partially using similar legal tools. The key examples of new EU laws already adopted in this sphere are the Digital Services Act and the Digital Markets Act, both of which may have significant cybersecurity implications. For instance, EU law will now mandate some services to ‘interoperate’ with other services (e.g., messaging apps), which raises serious questions about how the current level of security that users are provided with can be preserved in a more complex, interoperable architecture. On the other hand, some of the new legal provisions could create new opportunities for innovative entrepreneurs and engineers, which is also a reason to keep track.

How can other researchers become involved in the Surrey Law and Technology Hub?

The Surrey Law and Technology Hub is a vibrant group of researchers working on a broad range of issues on the intersection of law and technology, so it is very likely that many in the cybersecurity community will find at least some of our work interesting.

We research issues from cybercrime, through algorithmic fairness and autonomous weapons systems, to legal aspects of blockchain security. The best way to learn about what is going on at the Hub is to visit our website (https://surreylawtech.org) and then contact the researchers working on specific issues.