New National Security Strategy Launched ... What does it mean for BCM and EP

The UK government has published its revised National Security Strategy entitled “a strong Britain in an age of uncertainty" and within its pages are a number of interesting details that point towards an evolving future for Business Continuity.

The new strategy delivers the coalition governments view on the emerging and current threats to the UK. Closely linked to the recently announced spending review affecting the Armed Forces the national strategy document and other dimensions that are highly relevant to us all and positions the thinking on both risks and importantly responsibilities for them.

BBC Interview 

The military aspects arising from Afghanistan and Iraq, along with an evolving international political landscape where nuclear proliferation is a growing danger all feature strongly, but it also points to other vulnerabilities such as, climate change and its potential impact on food and water supply. Throughout the strategy document the historical context for national security is challenged and instead a more flexible and adaptive approach proposed. In the words of the Prime Minister, David Cameron, “... All of this calls for a radical transformation in the way we think about national security and organise ourselves to protect it. We are entering an age of uncertainty."

The strategy has sought to establish clear priorities – counter-terrorism, cyber attack, international military crises and disasters, whilst at the same time making the point that just because something is a priority it does not mean that it will get most resources. This reference to the need to control costs is repeated time and again throughout the strategy stressing the importance of maintaining proper spending control at all times. This connection to the financial crisis and the forthcoming Public Spending Review demonstrates a firm commitment to manage costs and investment and proposes increased cooperation and efficiency as the way to balance the books.

Whilst much of the focus is on the military and intelligence aspects of our national security this has been thoroughly covered by the mainstream media. Our primary interest is focused in commentary that explores the need to develop a much closer relationship between government, the private sector and the public when it comes to national security.

While recognising the role government has the strategy makes it clear that we all have a part to play in keeping the country safe. The clearest example of this is in the area of cyber attack where an effective strategy absolutely requires businesses and governments to work much more closely together. There is also a reference to placing more emphasis on identifying emerging risks and dealing with them before they become crises.  The strategy states that the government intends to draw together and use, all of the instruments of national power to achieve this goal. It will be interesting to see what this means over the coming months, but by making clear there is a shared responsibility it is quite possible that there will be an increasing focus on private sector resilience.

The new National Security Council (NSC) will be responsible for implementing the new strategy with ministers having specific responsibility for coordinating priority areas of work across government. There will be an annual report published by the Joint Parliamentary Committee on the National Security Strategy and a commitment to review every five years.

In the strategic context chapter we are pleased to see that there is no loss of focus on the range of risks identified as affecting the UK. Interestingly, cyber attack is particularly prominent with 37 attacks on national security targets this year being commented on, a rise of nearly 70%. Further, the risks of commercial espionage are also highlighted as threats to British interests. In a broader context developments in the biological sciences and issues surrounding energy security are also highlighted as areas that require careful monitoring and follow on action.

The strategy predicts a future where the risk picture is likely to become increasingly diverse with no single risk dominating. The report does understandably commit to the "strategic objective" of ensuring a secure and resilient UK protecting our people, economy and infrastructure from all major risks that can affect us directly as it must, but it is lacking in detail on how the new structures will operate. 

Part three of the report “Risks to our Security" makes it clear that we have to promote resilience, both locally and nationally and to achieve this a truly strategic approach requires us to go significantly further than just assessing domestic civil emergencies. This points to the new National Security Risk Assessment that included contributions from subject matter experts, analysts and other specialists on the full range of existing and potential risks to our security that might emerge over the next two decades. The goal of the NSRA is to inform strategic judgement; it can never be deemed a forecast.

By helping to prioritise the risks the NSRA helps prioritise the actions and resources needed to deliver our responses. These are categorised into three tiers:

Tier One details those considered to be the highest priority for UK national security based on likelihood and impact. These include terrorist attacks on the UK or its interests (chemical, biological, radiological or even, nuclear are al included here), criminal or state sponsored cyber attack and major accidents or natural hazards that require a national response (widespread regional flooding or an influenza pandemic).

Tier Two covers a range of other threats from disruption to information flow from damage or failure of satellites through to serious levels of organised crime activity, as well as the potential of insurgency or attack by another state.

The Third Tier addresses other risks covering food disruption, conventional attack, disruption to oil or gas supplies and major releases of radioactive material from a nuclear site in the UK.

The report makes it clear that all these risks are important and just represent the highest priorities among a much broader set of risks considered. The National Security Strategy makes it clear that these are not new risks, but ones that have been realities for many years and in future, unless action is taken, could become far worse. This is much of the reasoning behind the much higher priority and profile given to cyber security. 

The National Security Strategy documents does also reaffirm that the high risk from pandemic disease remains. The severity of Swine Flu seen that last year and which resulted in 457 deaths in the UK, did not match the severity of the worst scenarios and  reiterates that future outbreaks could be much more serious, affecting up to 50% of the UK population and causing the deaths of many tens of thousands.

Flooding also features prominently and the report highlights the importance of local preparation. In 2007 the summer floods affected nearly 50,000 homes and over 7000 businesses and in Cumbria in 2009 communities were isolated as the road network was severed as the result of bridge collapses. The report referenced 1953 and the widespread coastal flooding when flood defences were breached and almost 1000 km² of land was flooded. 307 people died and more than 32,000 had to be evacuated. The estimate of the cost today of a similar event would be over £5 billion.

The impact of other disruption is also mentioned with lessons learned from the explosion at the oil storage terminal at Buncefield near Hemel Hempstead and consideration given to widespread disruption to key critical UK utility services such as telecoms, water supply or energy supplies. In the

The National Security Strategy closes by defining the tasks ahead. Those most relevant to those working in the emergency planning and business continuity fields are statements that focus the on the need to work together to exploit the opportunities to manage risks. The strategy appears to be placing at its heart far stronger importance to alliances and partnerships to enable greater resilience in the face of local and national threats.

There is a final emphasis on the need to develop a “whole-of-government" approach to implementation with all departments and agencies needing to work flexibly together to ensure they give the agreed priority to national security risks. The strategy promises support to deliver these priorities through a leaner better and coordinated structure under the auspices of the National Security Council.

To download the National Security Strategy please click here

CONTINUITY FORUM COMMENT

Without a doubt economies around the world are struggling to address a new financial reality, public spending is being reduced across all G20 countries and nearly all are facing severe “austerity" measures.

Against this background it is right to consider this in detailing the U.K.'s national security needs, but our concern would be just how far we can stretch resources that have already shown themselves to be under severe pressure. In our general dealings with the public sector most of us will have come across instances of waste, but when speaking specifically around emergency planning and business continuity, the story is quite different.

Access to resources, training and even, serious executive level support is scarce. Those working in the field appear to face a constant struggle to meet the obligations they have and deliver the services and response their communities need.

Over the past few years in the public enquiries surrounding numerous events (Pitt at Al), all showed that there were significant improvements that were needed to both the systems and resources available to deal with the events in question. The lesson would would urge be taken away from these public examinations of our our national and regional capabilities  should not be lost. They clearly inform us that whilst we are in many ways very capable of reacting to emergencies and disruptions, all too often we are lack the resources and as a result many suffer both personal and financial loss that could have been avoided.

It is our firm belief that more widespread and better-embedded business continuity is an incredibly powerful tool to achieve the “Resilient Nation" that is the aim of the security review. To do this requires not just money, it requires an attitude of engagement and support that bridges between private business and the public sector and willingness to insist on improvements from both.  This has been the backbone of our work for more than a decade.

Across the country, public sector bodies will be coming under massive pressure to reduce costs and in many town halls and other government buildings executives will be looking at structures with a view of cutting out unnecessary costs.

This is a somewhat subjective process with much of the work we undertake in the emergency planning and business continuity sphere not commanding much political weight, until that is the event strikes. By then, of course, the damage is done if the red pen has cut out the capability of local and regional government to manage their local responsibilities properly.

A little under a year ago UK roads were suffering severe shortages of salt and yet we have reports from a number of authorities that these supplies haven't been topped up.

“Austerity" measures or not, it is not just prudent, it is essential to maintain, develop and improve our capability nationally to both mitigate and recover from a wide range of events we are exposed to and we will need to increase investment in many areas to achieve this.

We can only hope that the new coalition government will have both the appreciation of the situations we face and commitment to maintain focus on improving the resilience of the nation by encouraging and importantly, investing appropriately in the development of business continuity skills and capabilities.

End