The SNP have set themselves major challenges to make Scotland secure
Scottish security and intelligence community would look like: what it would do; how it would be directed and regulated; what it would cost; and what the timeframe would be for start-up and delivery.
In a global environment where old distinctions between foreign and domestic are breaking down, the capacity to address security or criminal threats at source, and influence external partners, is at a premium. Scottish ministers have spoken of shared arrangements with the continuing UK (cUK). But the detail of an intelligence relationship between Edinburgh and London is not a given: it would depend on the effectiveness of the Scottish agencies, mutual trust, and the wider political context.
Of course, nobody is suggesting that, if a cUK agency were to produce intelligence on a terrorist plot threatening Scotland, it would not share it. But the cUK agencies would be funded to protect the cUK and its citizens. An independent Scotland could not expect others to be pro-active on its behalf. And it would cease to be part of the near-seamless arrangements that join up the Counter-Terrorism work of the police services with the resources of MI5 and the upstream operations of MI6 and GCHQ. In my experience, no liaison relationship could replicate that level of professional intimacy and immediacy. The Scottish people would lose the absolute assurance that they benefit from the same level of protection, at home and abroad, as everyone else in Britain.
Certainly, Police Scotland’s experience of counter terrorism would be available to a new security agency; and European police-aligned services have rightly been cited as possible models. Yet those services have had decades of experience in other threat-domains, including against some predatory foreign intelligence services;. Also, military counterparts had the benefit of Cold War Signals Intelligence experience in dealing with the threat from cyber espionage.
The Scottish authorities would need to put together robust defences from scratch and, in my experience, that would take years. So the risk is that, while the new government was getting its act together, the level of overall protection might decline, with damaging consequences on both sides of the border. The cyber threat is invisible until a company working in, say, renewable energy or software design finds its computers talking to strange foreign computers, its intellectual property siphoned off, and a cheaper version of its products on a competitor’s website. Business cyber hygiene, deploying commercially available solutions, will feature in any national cyber strategy.
What helps give the UK its competitive edge in shaping a secure cyberspace (and a benign business and financial environment) is GCHQ’s capacity to spot what’s coming at us and to take action. that capacity that Scotland, notwithstanding its commercial and academic strengths in the field, would struggle to replace. It’s for that reason the cyber threat and its implications for prosperity must be unpacked in the referendum debate.
We await the Scottish Government’s proposals. That will show whether ministers have taken on board the scale, costs and urgency of the task they have set themselves.
It’s