An innovative pairing of government and tech are working together to protect human rights abroad.
The UK government has published its first ever cyber security guidance that provides advice on how to manage export risks, thus leading the way in ethical business export practices.
‘Assessing Cyber Security Export Risks’ is the first tech sector guidance of its kind in the world. It provides cyber security companies of all sizes with actionable advice, to help identify and manage the risks of exporting their products and services. It gives detailed background information and a framework to help companies develop their due diligence processes, manage human rights risks and identify national security risks. This reduces the likelihood of a buyer being able to use their technology to help perpetrate human rights abuses. It also reduces the likelihood of reputational damage to British companies.
Sounds a bit too UK-orientated. Why should I be interested in this?
On the face of it the guidance is catering for a suitably British audience, but let’s not downplay the importance of this publication. Guidance of this kind is truly a watershed moment – hopefully providing impetus, inspiration, and paving the way for similar initiatives.
Cyber security capabilities are used around the world to strengthen the integrity of critical national infrastructures, prevent the theft of corporate and personal data, and tackle fraud. Their export presents the UK with a significant economic opportunity. HM Government has recognised this and is working with industry through the Cyber Growth Partnership to help companies realise this growth, with the aim of increasing UK cyber security exports to £2bn by 2016.
Most often cyber security capabilities are used only to defend networks or disrupt criminal activity. However, some cyber products and services can enable surveillance and espionage or disrupt, deny and degrade online services. If used inappropriately, they may pose a risk to human rights, to UK national security and to the reputation and legal standing of the exporter.
Ruth Davis, Head of Cyber, Justice and Emergency Services, techUK said: “The advice in this document is designed to help companies reduce reputational risk and to have confidence in the deals they make. We believe that ethical business practice is key; human rights and a vibrant British cyber sector are two sides of the same coin.”
The Guidance sets out a risk assessment process that helps companies to:
- Look at the capabilities of the product or service they want to export and how it could be used by purchasers.
- Examine the places where they are exporting to including their political and legal frameworks, the state’s respect for human rights and potentially vulnerable people.
- Assess who the end purchaser of the product is and how they intend to use it.
- Evaluate potential business partners and re-sellers.
- It also provides advice on how to mitigate and build risk management clauses into the contract.
Dibble Clark, Cyber Lead at 3SDL, a Malvern Cluster cyber security company commented: “Recent events have put the human rights responsibilities of cyber export companies in the spotlight and there is particular scrutiny on our sector, both from governments and NGOs. The responsibility to respect human rights is something no company can ignore, whether large or small.
Rt. Hon Baroness Anelay, Minister of State for Foreign and Commonwealth Affairs said: “This groundbreaking guidance will help cyber security businesses manage human rights risk by adopting effective due diligence policies and enable them to respect human rights wherever they operate.”