Select Committee on Defence Minutes of Evidence

Supplementary memorandum from the Ministry of Defence (12 February 2002) (continued)

What steps, if any, have been taken by List X companies to enhance their security post 11 September?

  MoD has no responsibility for security arrangements in List X companies. These companies are required to comply with Cabinet Office security regulations laid out in the Manual of Protective Security. Government Security Advisers provided by the Security Service give List X companies advice on both the threat and security countermeasures and monitor List X compliance with regulations for the secure handling and storage of protectively marked Government information. The Committee may wish to refer this question direct to the Home Office for an authoritative response.

Has extra funding been made available for extra security measures needed since 11 September, and if so, is it coming from MOD central funds or from the Treasury Contingency Fund?

  None of the TLBs has received additional funding for security. The only area where significant additional costs have so far been incurred is overtime costs for MDP and civilian guards, and these costs have generally been found from within existing budgets. There have as yet been no recorded bids for central funding, but some £600K has been accrued in extra costs by the MDP, who will log this against the Op VERITAS contingency fund (ultimately recoverable from the Treasury). £100K spent on procuring masks and gloves against a potential threat from anthrax in mail will be similarly logged. Otherwise there has been no significant additional expenditure on security directly attributable to the 11 September events.

What is the size of the Defence Estate in terms of hectares and numbers of buildings and what numbers (Service, MDP, MGS and Commercial Guard Force) are employed in guarding it?

  The Defence Estate in the United Kingdom covers some 242,000 hectares(ha), of which approximately 160,000ha are rural training land. Where it is compatible with public safety and military training requirements, the MoD actively encourages public access to its land and operates a presumption in favour of access. The built estate consists of more than 45,000 buildings, including barracks, offices, workshops, storage facilities, garages, and community and recreational facilities. It also includes privately owned, but MoD-managed, accommodation for over 100,000 Service personnel and their dependants.

  Guarding of the MoD Estate is conducted by a mix of MDP, civilian guards and Regular Service personnel. Each type of guard has specific competences and skills: MDP officers are employed where there is a requirement for constabulary powers, or for armed security in situations where it would not be appropriate to employ Service personnel—for instance at civilian establishments. Only MDP officers and Service personnel are authorised to carry out armed guarding; unarmed guarding can be carried out by either the MoD Guard Service (MGS) or private guard companies. Often mixed forces of contract guards or MGS, and Service personnel or MDP officers are employed at the same site. The exact mix will be determined by the Head Of Establishment's own assessment of the threat and the resources available to manage the risk, including the contribution made by other physical security measures inhibiting unauthorised access to the site/sensitive area concerned.

  It is difficult to be precise about the numbers employed on guarding duties in Great Britain, mainly because of the difficulty of making a clear distinction between MDP officers employed purely on armed security, as opposed to policing duties, and because Regular Service personnel, unlike Military Provost Guard Service (MPGS), are not recruited and employed primarily to carry out guarding duties, but are detailed for guard duties as a secondary task.

  Our best estimate is that, under the present BIKINI Alert State of BLACK SPECIAL, at any one time 530 MDP officers, 810 members of the Regular Services, and 100 MPGS personnel are posted on armed guarding duties across the Defence Estate. Sustaining this guarding commitment requires some 2,500 MDP officers, 2,380 Regular Service personnel and 500 MPGS.

  In the unarmed guarding role, guarding of the Defence Estate is at any one time being carried out by 770 MGS officers and 140 commercial guards. Sustaining this commitment requires a total of some 3,500 MGS and 350 commercial guards.

What sites, including non-MOD sites, have been identified as national Key Points?

  As explained in evidence on 30 January, the list is owned and managed by the Cabinet Office, whom we have consulted about its release to the Committee. They have informed us that they are unable to release the complete list owing to its high classification. To help the Committee in establishing how sites are designated as key points, the following paragraphs describe the factors used in the determination and give specific examples of some of the military key points.





What lessons have the MDP learned from their deployment to Kosovo in terms of the kind of policing they are engaged in, and can any of the lessons be transferred back to the UK?

  Conditions in Kosovo are so different from those prevailing at home that experiences of policing there do not translate easily to the UK. What the deployment has proved is the ability of the MDP to provide a policing service abroad in support of peacekeeping operations, and to adapt its operation to different and challenging circumstances. This has been recognised in the continuation of the Kosovo commitment, and in proposals for additional deployments that have been put forward subsequently. We have learned, additionally, that such experience can be good for developing officers by giving them the opportunity to exercise initiative in an unfamiliar environment with much less supervision than would be usual at home.

What additional costs have the MDP incurred in guarding US assets in the UK since 11 September and how are these being met?


What ROE are used by US military personnel deployed on guarding duties at US bases in the UK ?

  The MoD is unable to provide details of the ROE used by our Allies. The Committee may wish to refer the question direct to the US Embassy.

The HCDC asked for a copy of the MDP Complementing Review (CR) for AWE when it is available.

  The Aldermaston complementing review is still under way, although the groundwork has been completed. The next steps are: endorsement by HQ MDP; comment by the customer; then consultation with the Defence Police Federation (DPF). A note summarizing the outcome of the process will be provided to the Committee once the consultation period with the DPF has completed.

What are the guarding arrangements on sites shared by Dstl and QinetiQ?

  Guarding arrangements on shared sites fall into three categories: those sites for which Dstl is responsible for providing the guarding arrangements; those sites for which QinetiQ is responsible; and those sites for which a third party is responsible. The decision as to which organisation leads on security is based largely on which organisation directly controls, and has overall responsibility for, the site, and has been negotiated in each case.

  On the two sites for which Dstl has the lead security responsibility, Portsdown West and Fort Halstead, the guarding arrangements are identical to those at any other MoD site, working to MoD security regulations. The guard forces are found from the MGS and/or the MDP.***

  Where QinetiQ has the lead for security, the standards for the protection of MoD material are those mandated in QinetiQ's own security policy, which is approved by the Government Security Adviser. The guards are found from the QinetiQ in-house force, augmented where necessary by commercial contract guards. Home Department Police Forces respond to emergency calls, the MDP being called for incidents involving Dstl lodger units where appropriate. These sites are: Farnborough, Malvern, Chertsey, Bincleaves, Bedford, Defford, Alverstoke and Portsdown Main.

  In one case, at Winfrith Technology Park, a third party is host to a number of organisations, including Dstl and QinetiQ. This is controlled and guarded by the UK Atomic Energy Authority Constabulary. Within the UKAEA secure perimeter, the individual organisations are responsible for providing their own guarding arrangements in accordance with their own security policies. The UKAEA constabulary would provide the initial response to an incident involving either organisation, primacy resting with the local Home Department Police Force.

What equipment redundancy is there to support the military flight safety arrangements at Swanwick and what measures are being taken to provide for the security of RAF personnel deployed at the site? (requested by Mr Howarth)


The US General Accounting Office recently criticised the DoD and other US agencies for not using "risk management" methods to prioritise security measures. How has risk assessment featured in regard to the security of MoD sites?

    —  In deciding whether to strengthen security at particular sites, how do you balance: risk, the consequences of a successful attack, and the practicality of putting effective defences in place?

    —  Have you identified any cases within the MoD where there are significant threats but, because there is a lack of feasible or realistic defensive measures available, you have been left in a vulnerable position?

How has risk assessment featured in regard to the security of MoD sites?

  In the security context before the Security Structures Review (SSR), risk assessment was based on the precepts of: residual risk (taking into account current mitigation and reduction strategies), cost (financial or constrained output) and practicability.

  Post-SSR a more formal risk management process has been developed. This derives from Joint Service Publication (JSP) 525—Corporate Governance and Risk Management—which draws on HM Treasury's "Orange Book", published in September 2000. As was covered during the 30 January hearing, although responsibility for the implementation of security policy and standards always resided with local line managers, this has now been formalised, together with other delegated responsibilities, in a single letter of delegation from the Permanent Under Secretary to TLB Holders/Chief Executives of Defence Agencies and Trading Funds. More detailed advice has been issued by DGS&S on the application of risk management to security risks.

How do you balance risk, the consequences of a successful attack and the practicality of putting effective defences in place?

  The key element in the exercise of security risk management is the compilation of a Risk Register that links the probability and impact of a risk occurring to the effect it would have on the delivery of corporate objectives. Having identified the hazards or threats to key outputs, the probability of their occurrence, and the impact if they do occur (the risk assessment process), a judgement is made on the cost-effectiveness and practicability of the control measures available to reduce the probability of the risk and/or to mitigate its impact.

  Responsibility for risk assessments may vary. In some cases, like armed guarding, we set the security policy centrally (and some measures are mandatory). But the risk assessment is conducted locally, and counter-measures applied accordingly, taking account of both mandatory measures and local conditions. Responsibility rests with Heads of Establishments, helped by their security advisers, and their higher authorities/chain of command.

Examples of vulnerabilities caused by lack of feasible or realistic defensive measures?

  We have to accept that guaranteed security against all forms of threat is not achievable. It would not, for instance, be realistic to attempt to secure the outer perimeters of any MoD site to a level that would guarantee that it could never be penetrated, or to exclude the possibility of material damage in a non-sensitive area. We rely on defence in depth, priority being given to the protection of life and to those assets critical to the delivery of defence capability. We cannot, for example, ensure that anti-nuclear protestors will not succeed in penetrating the perimeter of the Clyde Naval Base, but we can ensure that proportionate and lawful means are in place to prevent them from disrupting the operation of the nuclear deterrent.

  There are no instances where we consider that the risk to life or to key defence information or materiel is unacceptably high as a result of financial constraints or the impracticability of available counter-measures.

What extra measures have you taken to deal with chemical or biological attack on MoD sites? How many NBC protective suits are available? Are these pre-positioned at MoD sites?

    —  What role would Porton Down play in the event of a chemical or biological attack on MoD sites?

  The precautionary measures taken in the light of the anthrax incidents in USA were included in the Initial Memorandum (para 46). Guidance was widely disseminated through MoD, taking account of the guidance issued by the Cabinet Office after consultation with the Security Service on the threat and Dstl Porton Down on the efficacy of counter-measures. The guidance concentrated on action to be taken on finding a suspect device and was aimed particularly at those staff who routinely handle public mail, including those working in Ministers' offices and other high profile areas. The main advice given was that, wherever possible, establishments should re-engineer their processes so as to isolate mail opening as far as possible. Some have done this. Following a risk assessment conducted centrally in MoD, we have also, as a precautionary measure, issued masks and gloves to people who open mail. ***


  Apart from the issue of guidance on incident response and provision of masks and gloves to selected staff handling public mail, establishment contingency plans covering the response to terrorist attacks have been reviewed to take account of the possibility of the use of chemical, biological or radiological material. As was covered during the 30 January hearing, physical security measures have also been reviewed with a view to improving separation between vulnerable site access points and the sensitive areas of establishments where lives are at risk or key activities conducted.

  Internally, MoD is examining the threat posed by a wide range of means, including Chemical, Biological, Radiological & Nuclear (CBRN) devices, to all bases and sites whether in the UK, overseas bases such as Cyprus, or deployed operations. This work, which was in hand before 11 September, has been given new impetus. It is tied in closely with SDR New Chapter studies and work conducted by CCS.

  In the event of an attack on an MoD establishment, the lead responsibility for dealing with it would lie with the civil authorities—in the same way as for an incident off the MoD estate. Action to counter this threat is co-ordinated and led by the Home Office. The response would involve mobilising a wide range of services (including the police, fire and ambulance services, local authorities and health services).

  NBC suits (Individual Protection Equipment) are kept by the Services for use in deployed operations, and there are enough stocks for this purpose. Clearly, this equipment could be used by the armed forces in the UK if Service personnel were called upon to support the civil authorities, or it could be made available for use by the civil emergency services. But this is not the primary purpose for which the equipment was procured.***


  Dstl Porton Down would not necessarily be involved in the response to an attack involving an MoD establishment. Their possible involvement would be essentially the same as they have carried out in support of civil contingency planning and emergency response: namely, the provision of scientific advice on protective measures and post-incident action and the scientific examination of suspect materials in their laboratories.

Is the dividing line between MoD and civil responsibilities clear and unambiguous, when a security incident starting on MoD land then spills over into neighbouring areas "beyond the wire"? We have heard how this has been exercised at Aldermaston, but have such "spill-over" exercises been undertaken at other defence locations, such as the naval dockyards? Have civil emergency authorities complained to the MoD about a lack of clarity about how responsibilities would transfer to them when events spill out of defence sites?

  The dividing line between MoD and civil responsibilities is clear: MoD takes lead responsibility for all security measures within the limits of the Defence Estate, and each site has contingency plans to cover a wide range of possible incidents. In the event of an attack on a MoD establishment, the lead responsibility for dealing with it lies with the civil police, in conjunction with the other emergency services, and with support from MoD personnel on site. Where there is a risk, at MoD nuclear establishments and elsewhere, of an on-site incident "spilling over" into the local civil community, contingency planning with the emergency services and with local government Emergency Planning staffs takes account of the need for liaison and joint action with the civil authorities. For example, at locations where it is conceivable that a radiation "spill" could spread outside the site, Nuclear Accident Response exercises are conducted regularly and in conjunction with the local authorities.

  We are not aware of any instance in which the civil emergency authorities have complained to MoD about a lack of clarity on the division of responsibilities, or about how a transfer of lead authority would be effected.

previous page contents

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2002
Prepared 7 March 2002