THE ROLE OF INDUSTRY IN THE NEW ANTI-TERRORISM ERA

  As the fight against terrorism takes central stage as a new globalised conflict paradigm emerges, there needs to be a careful re-assessment of how an effective division of effort between universities, national laboratories, industry and the military can be developed to deal with critical new challenges. What, for instance, are the real incentives for government, the science and technology community and private industry to co-operate, more than these different stakeholders have done in the past? How can these incentives be harmonised with dramatically differing strategic objectives for each of them, and how can any disincentives, for there must be some in any change in strategy, be overcome?

  From the industrial perspective, one of the key principles of a healthy business outlook, and the business plans that are triggered by it, is that there needs to be a vision of where future revenue streams will come from and the business stream's long-term viability. The aiming point needs to be a clear definition of what the "market space" is, and how it will develop. So far, in this shift in the threat paradigm since the mid 1990s, this has been a conundrum. The tactic of terrorism has been with modern Western societies for some considerable time, but not on the scale represented by the attack on the United States, or the more recent Madrid or London attacks and many others worldwide. Former terrorist attacks were also not brought to the public instantly, and in such dramatic style, by the ubiquitous 24-hour visual media.

  An important consideration is whether we have seen a strategic swing away from accepted modern forms of conflict and security on a scale which will force an overall change in the relations between society and security, and in which industry will be a key stakeholder. In the Counter Terrorism/Homeland Security environment, is there now a requirement to conduct a critical review of industry's strategic vision of the future, and of the capabilities it will be required to bring into being? The National Security Strategy is disappointingly "light" on the future trajectory of the industrial aspects of the anti-terrorism era and certainly does not provide a sufficient motive to catalyse an equivalent of the Defence Industrial Strategy. Such a review, if properly conducted with the right level of effort and the right safeguards, can perhaps initiate a debate on whether the new security threats present significant market opportunities to explore. If there is a market, then industry will surely address it.

  Even if there is no such review, it is important that there is an underpinning and generally held view on how the world has changed to act as the catalyst that will trigger a united response across the defence and security stakeholder spectrum. Although a trigger such as this may indeed be only a high-level vision, it can provide a framework which will give the stakeholder set a common idea of the required changes in responses to threats, and a picture of the overall effect. As a corollary, it is interesting to note that there is currently no accepted international definition of what a terrorist is, although everyone knows what a terrorist does.

  The nature of the new terrorist threat, and its new brand of terror, including its desire to obtain and use weapons of mass destruction, means that society is facing once again an example of asymmetrical warfare whereby the adversary ignores his enemy's strengths and instead targets his weaknesses. Interestingly, the 11 September terrorists seem to have chanced upon (or was this by design?) a way to combine, two "Western strengths" (procedure-free air travel, and a propensity to build very tall builds to convey success), to bring disaster of unanticipated style and proportion, using the catalyst of suicide tactics.

  Care has to be exercised when investigating the answer to the new anti-terrorist rebalancing conundrum, as a concept of Homeland Security, which tends to imply a "whole society" response (because the scene of action has moved away from battlefields, into the anonymity of a mass population), cannot be treated in isolation from other security related policies which accompany it. These may be military policies designed for traditional war, or the policies of law enforcement and other public safety communities, along with the legal frameworks that allow all of the responding communities to perform their duties. The NSS goes some way to reaching across the conflict spectrum (and probably further than any policy has gone before), and has sought to engender a big umbrella approach to national security using some sensible expedients, such as the sharing of the National Risk Register (in some variety) with the public.

  A conflict analysis to accompany the new strategy therefore needs to span the entire threat spectrum, of not only armed conflict but also address that part termed as public safety. Although not all of such threats to the citizen imply mortal danger, they are still threats, and are part of a wider environment of security that allows citizens to carry on with their lawful purposes. Once we have established society's current readiness to respond to these threats, we can look to how to increase readiness in a more coherent fashion against all threats, without the adoption of inappropriate processes, without undue risk of technological failure, or the use of human resource in an improper way.

  The requirement therefore is a capability model that (from one end of the scale) starts with pickpocketing, proceeds through serious crime, terrorism and insurgency, through traditional deployed military operations, to (at the other extreme of the scale) the recovery from a nuclear exchange, and a curve that shows how ready the nation is to respond to those threats.

  Figure 1 is a view of what a Utopian secure society may look like, with an x-axis that shows Threat—from pickpocketing through to a nuclear exchange between nation states—and a y-axis that shows society's readiness to combat those threats. With "perfect security" if a citizen was pickpocketed then the full weight of the law, and its criminal justice apparatus, would be levied against detecting and prosecuting the perpetrator. At the other end of the scale, we would have a society that was fully prepared for nuclear exchange.

  However, Figure 2 is a model that shows what a typical national threat/readiness posture might look like taking into account the resources required to combat the threats—figuratively in the post Cold War, pre al-Qaeda period.

  Public safety readiness, particularly law enforcement, can be seen to be peaking at serious offences against the person such as murder and kidnap (after all, is a full police response normally deployed after a pickpocketing incident?). Readiness declines at a point where combating the threat would be outside the capability of the civil agencies, or where generation of this capability would be too costly to contemplate taking into account its unlikely nature. There is an overlap here, where, under police/military arrangements, a military response might be deployed to assist the civilian agencies, classically in counter terrorism operations such as bomb disposal or specialist operations against terrorist current operations (as in Iranian Embassy at Princes Gate in London in 1980), or in the event of a crisis (floods, fuel tankers, fire strikes et al). Military readiness then has a corresponding curve where maximum capability is generated for counter insurgency, peace keeping or peace enforcement operations with reduction of capability as the threat heads towards high intensity conflict (where this diminution would be addressed by urgent operational requirements as a particular conflict approaches), tailing to a limited capability to survive a nuclear exchange where there would be a long warning period to re-generate capability—of course, at some financial cost.

  In Figure 3 we can observe the effects of the emergence of an asymmetric al-Qaeda type threat, based within a society, that is essentially "at peace". The readiness required curve from the public safety capability has to rise to cater for the new threat conditions, purely because the over-committed military has limited resource to bulge backwards—and anyway, in simple terms, the new order of terrorism is still viewed (certainly in UK eyes) as only a crime.

  This leads to two phenomena shown at Figure 4; the first being a pull-through of military technology and processes into the capability area now required from the public safety agencies. Examples of this could include gas masks, Chemical/Biological suits and specialist chemical agent detectors for the police and fire brigades. The second phenomena is seen in the area under the curve that has no previous "owner" which now represents the new capabilities required to increase capability against the new order of threat. Examples of the latter might include the amalgamation of responding agencies, introduction of better border controls, ID cards, integration of stove-piped intelligence data bases, an exponential growth of biometric-related identity projects, computer network defence initiatives, and recruitment of more security agency personnel (all combinations of people, processes and technologies). And, in the UK, to finance some Government initiatives there has been some extra funding for counter terrorism capability for the public safety agencies, supported by the formation of new organisations to make strategic response to the threat more coherent—such as the new Health Protection Agency and the Borders Agency to name but two—and the enactment of enabling legislative instruments (variously Terrorist and Civil Contingencies Acts).

  What is certain is that any resource will always be finite, so the question is how do we extend that national resilience/homeland security curve, either in real or virtual terms, to minimise the area where there is no current capability?

  There has to be a strategy for those in the preparation and response fields to make assessments on how to absorb the first blow, then recover from, those disasters (whether man-made or natural) that are either beyond normal comprehension, or are beyond the limits of resource to prepare against. What, for example, would be the key issues in the mass evacuation of an urban centre, such as London or Paris? What would the effects be of a terrorist smallpox "mule" targeting a travel hub, such as a city railway station at commuter time? In the latter, how does one assess the spread of the disease? How soon will supermarkets and chemists run out of analgesics? When will the first presentations be made to doctors' surgeries? How soon will patients self-present at Accident and Emergency rooms? When will these be overwhelmed? How soon will non-urgent patients in hospitals be returned home, and how, and who will care for them? When will the hospitals be overwhelmed, and which institutions could be used to offload the non-critical cases? How many casualties will die, and how will the bodies be disposed of? When will normality return, and how much will it all cost?

  Clearly the modelling required to make some of these calculations will need to be sophisticated, but the current growing sophistication in synthetic environments may soon provide the route, firstly to provide the preparatory analysis, but then to act as a decision support tool when a real emergency arises.

  Synthesis and modelling thus manages to help close the gap between the "peaks of capability" at the centre of the readiness vs threat graph, and directs us to a coordinated strategy to develop the response, as shown at Figure 5, in that:

  1.  In the capability that exists already, capability needs to be reviewed, gaps need to be identified and then repaired (for example within the dislocations in the UK police intelligence infrastructure highlighted by the Bichard Inquiry and the still evident symptom of retention of intelligence within stovepipes at Department level).

  2.  Within the resource limitations of the response, there needs to be a process of capability growth, and integration.

  3.  Where resource constraints impose themselves limitations on physical preparation of a response, then modelling and exploration provide the optimum, cost effective route to enhanced capability—through better readiness.

  With a coherent capability now defined, total resource available will now define the outer limits of the new response curve, as shown in Figure 6.

  This Figure also demonstrates the principle of addressing deficits in capability for immediate and specific theatres through urgent operational procurement. However, it also shows, critically, those capabilities which could now be considered to be superfluous to the Response in the light of the shift in conflict paradigm, and within a resource limited society.

  The requirement to get the greatest return on investment will determine how Government makes its cost/benefit judgements, but from the outset a few principles can be clearly identified:

  Firstly, there is no prospect of solving new capability requirements through brute force provided by manpower alone, as this would be prohibitively expensive. The penalties on resource budgets that would be required for the physical guarding of critical national infrastructure, or to "hire in" sufficient intelligence analysts to sift the volumes of data extracted from global intelligence sources would be simply too enormous. So physical security has to evolve from the Cold War structures of the defence of static sites, and take the established models of threat, vulnerability and risk forward to a wider environment of the security of the societal base that the likes of al-Qaeda seem to be targeting and within which it operates, and from where its people are recruited, that is, to raise resilience across society.

  So can process and technology be the cost effective force multipliers in the public safety arena to compensate for the lack of people? They can be, but only if accurately focused on helping provide what the public safety agencies need in terms of time. Characteristically, arrest or disruption of terrorist cells happens only shortly before their operations are planned to "go" or indeed have happened already. To give society a greater margin of safety, public safety agencies are forced to put in place the technologies and processes to help the right people lengthen this critical time, by providing the instruments to gain more certain intelligence—that is, evidence—that allows an arrest or interdiction operation to occur many days or weeks before the planned terrorist event. Deterrence needs to increase, in order to deflect the threat, by making life so uncomfortable for the terrorist that either he goes elsewhere, or is forced into procedural errors that will make him show his hand earlier that would have formerly been the case.

  Secondly, the new solutions in security need a systems-of-systems approach. There is no single programme that will solve all a nation's new security needs, but the scope of the challenge—the depth and breadth of the new terror threat—dictates that it is not a matter of buying the right bit of kit. Point solutions—single programmes or pieces of equipment, no matter how capable in isolation—will not annul those deficiencies in capability, or fill the gaps between various capabilities, that the terrorist will seek to exploit. A system-of-systems approach will also demand interoperability between responding agencies, in designing from the outset capability for people, processes and technologies that co-operate with each other, that allow the sharing of information, that deliver synergies in information acquisition and analysis, and coordinate decisive action based on what arises. And to do that any new capabilities need to be based on common standards in infrastructure, applications, process and people, so that they can be easily integrated to raise security across the piece without excessive time or financial penalties. This is where stronger central governance has a real role to play in demanding absolute standards to enable the long-term acquisition of coherent capability.

  And yet it is also the case that the pace of technology presents challenges as well as opportunities. If technology is to be harnessed as a tool against disruptive challenges it needs to be developed incrementally, so that today's solution is open to tomorrow's improvements. In other words, spiral development is a key in that coherence is needed to ensure that the terrorist organisation cannot find the weaknesses he needs to exploit to retain his only winning strategy, which is through asymmetry.

  And so the long-term nature of the current militant Islamic threat requires adequate capability now, but better capability later. Near term solutions obviously need to be effective, but still should be designed with the long-term solution in mind. Solutions will need to be compatible with two things; first, the trajectory of technological advances as we currently know them, and second, with the need to adapt or evolve if the threat makes an unexpected deviation from established assumptions. Security architectures need to be truly upgradeable, and based on open architectures that can rapidly cater for the unexpected. To complement this, we need ever more effective ways of scanning the threat horizon to be able to guide our decisions, on where to focus our research effort and develop our technological countermeasures to emerging disruptive challenges. In our Homeland Security capability graphs, as above, this is represented by the "model and explore" field, where in addition to using experts, academia and history (people and process), technology can provide a vehicle in this voyage of exploration. For example, "virtual" toolsets can help focus our thoughts and plans on how to address a variety of disasters, whether man-made or natural—and to investigate the possible outcomes, and even, during consequence management following a real incident, to act as a decision aid in developing appropriate responses.

  An example of such a tool could be a large-scale synthetic environment, that replicates the core functions of a nation, and that characterises the function of the Critical National Infrastructure, both in physical and virtual domains, that would help scope the boundaries of what must be protected to preserve life, the machinery of government and national infrastructure, which at the moment remain less than fully charted across society as a whole. By extension, it could also have an enabling role in better early warning, through systematic horizon scanning and the early identification of issues, key pillars of a capability-building programme and which the NSS seems sensibly to demand. The various technologies to achieve this are already in existence, but in piecemeal, although for specific natures of risk permit a role in the response (three infectivity models were used in the UK Foot and Mouth epidemic of 2001). On a national or even an international scale all that remains to be done is to carry out a programme of development and system integration to bind a number of models together (such as those that already exist in many individual components of the CNI).

  The real benefit of a synthetic approach to the unknown/unaffordable/incomprehensible is that no matter how far the response security agencies are funded to fill the strategic gap, the unaffordable void can still be filled with tools to allow decision makers to plan for, and react to, a wide variety of threats that simply cannot be exercised in a representative way, simply because of the scale of the event. The effects of a pandemic disease, of an improvised nuclear device, of a chemical attack on a mass transit system—how, apart from simulation, can these disasters be exercised on sufficient scale to replicate the challenges that a true life incident of this nature will present—particularly at strategic (eg COBR) decision making level?

  The need to get the counter terrorism capability balance right has now, in many nations' instance, been tackled by the highest echelons of Government, and the evidence needed by industry to confirm the emergence of a new commercial market (in Homeland Security capability) is now beginning to emerge. Primarily this evidence manifests itself by re-organisation of the security response, but also through the introduction of primary legislation that enables more fundamental changes to national security. This evidence is now the key for strategic industry to engage the machinery of business planning.

  Having identified the strategic capability gap, and associated with it a customer set, industry now has the vital headmark that allows it to make sense of the potential market, and to trigger off the drafting of the corresponding business case that will shape its long term approach to the security market. The capability gap is now scoped, and so whether through identification programmes, border control, computer network defence systems or whatever, it can anticipate the release of (particularly financial) resource by the top level customer set to bring new capabilities into existence. In some cases industry achieves increased confidence when it sees new primary legislation, or through organisational response by the formation of new instruments of State, such as, in the UK, the Serious and Organised Crime Agency, or perhaps by the brigading of a number of smaller agencies such as the Health Protection Agency, to bring greater operational efficiencies. The rebalancing of people (and their organisations) and process (and the business change required to address security issues) will inevitably be followed by the procurement of the third component in the triumvirate—technology. And the delivery of technology is where the interest of private sector industry primarily resides.

  So can industry lay down any rules, or preferences, on how it would like to see the development of the global and systemic response to the new threat paradigm—given that Governments are willing and able to accept that a new paradigm exists?

  Firstly, there should be a system-of-systems approach, conceived at the highest level. A scattergun approach, a project here and a bit of kit there, is an unattractive business environment for the larger scale commercial enterprises that inevitably command some of the richest intellectual capital (partly because of the wages it can afford to pay). This is because the cost of capturing business revenues (per dollar/euro/pound sterling) becomes higher, and therefore the return on sales-and-marketing investment decreases. This is a key factor in deciding whether to commit to the process of capturing business, which is an overhead, and industry tends to dislike disproportionate overhead. Identifiable large-scale end-to-end programmes, which have sensible milestones, which are led by governments with clear strategic and coherent intent makes good sense to industry. The certainty provided in this environment makes it easier to commit critical investments, such as research and development resources, that underpin the evolution of appropriate technologies in advance of the competition. The issue of fixed financial milestones is a much underrated key, as a commercial venture's chief financial concern is to generate the cash ("Cash is King!") which allows employees to be paid, allows re-investment to improve product and performance, and allows the servicing of debt. Unless cash rich already, a commercial organisation may find that the risks associated with an environment of poor cash flow is a prohibitive bar to market entry when it makes its assessment of a strategic business case.

  Secondly, intended capability needs to be compatible with the trajectory of technology as we know it, but with acknowledgement that the systems of tomorrow may well have to adapt to combat as yet unknown threats. In this early stage of this complex and multi-generational effort against pan-national terrorism, it is difficult to predict the course of events and how terrorist tactics will evolve. It is significant that, in the few years since 2001, al-Qaeda has transformed from a relatively tightly knit, closely controlled organisation into what is now an international brand name in terrorism, and whose tactics have become less centrally controlled, in which the movement's outrages are limited only by the imagination of the followers. So when an unexpected event or tactic is encountered at some time in the future (including the emergence of new globalised groups such as "eco-terrorists" and others), the need to develop a new response from a completely different technological departure point would involve time (society's enemy) and the waste of considerable invested resources. Therefore, there is a decision to be made to commit some investment, payable at the front end of a programme, to future-proof the systems and processes—by designing in truly open architectures that make them adaptable to future deviations from the anticipated.

  From an "old school" industrial perspective, this is not an optimum path. It is not in industry's basic financial interest to encourage this open systems approach because ultimately "there is less money in it", compared to a closed systems approach which involves severe penalties on the overall response, in time and materials, when new capability is needed from, or added to, existing systems and software. The nature of the development of the asymmetric threat is markedly different from the classical, and more ponderous, Cold War industrial/military philosophy, in which strategic military intelligence provides an assessment of enemy military capability, which industry is then tasked to provide the means to defeat. The old forms of procurement, of concept studies, scoping studies, feasibility studies, prototyping, and then production will be simply too slow to react to an adversary relatively unencumbered by bureaucracy. The former systems are simply "too slow to market". Within the asymmetric environment capability development has to move with speed, driven by a "can-do" attitude and where commercial risk is effectively underwritten by Government. The requirement to observe an opponent's, to then orientate, decide and then act (a Boyd Cycle of conflict) will now be measured in terms of weeks or months rather than in the years which was formerly the case.

  But there is a financial downside in this. Centres of excellence in technological developments, which will be needed to rapidly bring capability into the hands of the operational response, may have to be retained as discreet units, even in the absence of identified projects, as the mutations in terrorist modus operandi may be unpredictable in terms of an overall "programme timeline". The retention of these expert cadres of people, waiting, "on the books" for new terrorist tactics to suddenly and unpredictably emerge, will constitute higher overhead (bad news for the "bottom line") and either must be absorbed by industry or underwritten by the customer-in-waiting. If the financial resource is not found from somewhere, then there will be compelling financial reasons for companies to disperse these centres of excellence, which will probably have delivered brilliantly during a crisis. This dispersion will then lead to a diminution of cohesive technical expertise, to the detriment of the overall counter terrorist effort, as when a new threat emerges and teams are formed again into properly organised development entities, they will do this at the expense of all-important time.

  The possibility of higher overhead, and how to manage this, may only be one of a number of changes to previously strict financial regimes, and it is increasingly important that those in Government with limited experience in industrial imperatives have some view of the traditional motivators in commerce, which in their fundamental nature must remain, no matter the exterior catalysts.

INDUSTRY HAS THREE IMPORTANT STAKEHOLDERS TO BALANCE

  Firstly, there is the shareholder, who has invested in the company and wishes to see a return on that investment through growth in earnings per share. Industry will do this by identifying the market, by winning the business (probably against competition) and then will aim for increasing its reputation by superior programme execution. If it can achieve this, it will be reflected in good financial results in terms of profit, cash flow and backlog, and a growth in the future business pipeline. This is symptomatic of a well run, competitive and ambitious organisation which will be looked upon favourably by appropriate analysts on the financial markets, who will make good reports which in turn drive up the share price.

  Along with this there is that difficult area of profit, which has classically provided a bone of contention in any supplier/customer relationship. But a balance needs to be struck between realisation of short term profit, and the ability to generate profit over a number of years. Compare the following and make the business decision:

  1.  "We are in programme `x' for 20 years although the margins are a bit thin" against,

  2.  "We've got the business and the profit is good, but we have to re-compete after five years".

  Secondly, a commercial organisation needs to execute its responsibility to wider society in terms of legal, cultural, environmental and ethical norms, and make sound judgements on where it can provide sociological stimulus to create wider employment, attract investment to a geographical area leading to the creation of well-being within a community.

  And finally, a good industrial organisation bears a heavy responsibility to the employees in its care—its workforce—through development of its people, providing stable employment by fostering employees' welfare, and by apportioning due reward for performance. The uncertainties of asymmetric warfare demand that the brightest and most innovative responses are given the greatest opportunity to prosper, and be given the tools and environment to maximise their potential.

  So, as long as these relatively simple needs are taken into account, strategic industry will be able to fully commit, along with its partners in government and the Science and Technology (S&T) community, to any business stream, not least that of anti-terrorist capability development.

   However, in the new conflict model, there may be no need for a set-in-stone 15-year programme on the model of the aircraft carrier, new type of armoured fighting vehicle or new fighter-bomber. This is not good news for the traditional defence industrial construct favoured by the big Prime Systems Integrators that rely on the stability of long term revenues underpinned by commensurately long term defence programmes.

  Therefore, it can be argued, to de-risk the more uncertain nature of the long term market, that within a counter-terrorist capability development programme it will make better sense for government, with its industrial, scientific and technological communities to establish concomitantly longer term partnerships. These need to be managed on trust, rather than have the more formal (or even adversarial) customer/supplier arrangements in former models (in which a succession of projects are re-competed time after time). The growing together of the stakeholder community in an environment of common endeavour reduces the penalties, on all, of having to survive the difficult and disruptive process of forming new relationships and programme consortia at regular intervals. A repetitive bidding regime is expensive, and makes for less certain financial projections, although as a moderating influence, industry needs always to aver to competition and benchmarking where this really does make sense, or where it is demanded from customers or regulatory authorities driving for value for money.

  But this is not about the micro-management of that development. There will always be a plethora of Small to Medium Enterprises simply delighted to market their "kit" to resolve point deficiencies in capability, and this should not be discouraged. Many of these smaller enterprises will also be the very source of invention and innovation required to feed the systems integrators that lie above them in the industrial pecking order, assuming, of course, that the Big Hitters are still engaged with the market and have not diversified elsewhere, or demerged, because they cannot sense the long term revenue stream. Currently, this is a significant risk, and there is a case that the industrial response may be led, certainly in the early phases, by second tier industry, simply because the Prime Systems Integrators are finding it difficult to engage.

  The optimum path on the long and complicated road ahead needs engagement by the whole of the industrial stack, just as during previous disruptive challenges, such as the Second World War. Resolution of the conflict imbalance certainly needs to attract the interest of the big systems integration houses that can provide the critical top level programme management skills to make sure that there are no residual vulnerabilities when the capability is rolled out. If there are vulnerabilities, then the terrorist will find them, and exploit them.

  Overall, some critical enablers that will encourage the engagement of industrial capability can thus be identified:

  1.  The willingness of government to develop, commit to and foster long term relationships. Although there has been a movement towards this, such as through the Security and Resilience Industries Council, the path has not been easy. A chief failing has been the lack of an instinctive understanding of industry by government, and also of how to harness the development of capability with the need of an organisation that has commercial, social and human resource responsibilities.

  2.  Clarity in strategic vision, and the willingness of government to trust industry to help form part of that vision as part of an integrated team (that must also involve academia and the S&T community). It is interesting to note that industry is not specifically mentioned as a potential stakeholder in the proposed National Security Forum. With defence and security structures still in place that have actually changed little over the years, there has yet to be a true change to a blended spectrum of response which incorporates all elements of society addressing threats, from pickpockets through to a nuclear exchange of Cold War proportions. In this there is no doubt that government must take the lead and show an understanding of how the principle of security needs to be transformed, and the NSS is a good first step in broadening the security envelope.

  3.  The generation of relatively stable, coherent and adequately funded capability development programmes that allow industry to conduct strategic business planning, which will include self-funded research and development, with confidence. Although there will be cyclical periods of activity when a new terrorist tactic comes to light, and lulls as the threat reduces, ways need to be found to provide long term stability. This will inevitably require an element of central procurement, strategically managed by a singular agency that has its hands on the counter terrorism tiller.

  4.  The requirement for programmes to have fixed and identifiable milestones which can enable good cash flow. There is no avoiding this fundamental commercial enabler to successfully managed finance. "Cash is King" is the phrase heard often at business schools and every other school of finance that knows its subject.

  5.  A collective environment of gainshare, in which industry and other stakeholders can exploit technologies and processes into wider markets. This will reduce the financial burdens placed on the government customer and will make industry more willing to engage with the counter terrorism market. The promise of success in adjacent markets is yet another factor which can help underwrite a business plan.

  6.  Open and honest data sharing within the government/industrial/academic and scientific team, with a reduction in the privacy and secrecy barriers that have traditionally hindered the exchange of information between national security stakeholders.

  7.  The appropriate sharing of risk, where innovation is encouraged, and where superior performance is duly recognised.

  8.  The acknowledgement that, in terms of liability, industry cannot be expected to expose itself to punitive damages should, despite everyone's best efforts, "the bomber get through". It does not make sense for a commercial enterprise to risk suffering crippling damages, awarded through the courts, for the sake of financial rewards that could be relatively small.

  The solution to the emerging asymmetrical threat lies in the thrust of the security rapier, and not in the blow of the traditional defence axe, although counter insurgency campaigns designed to throttle the terrorist infrastructure overseas will be a continuing military and civic action requirement. The change in conflict paradigm from its last manifestation, that of the industrialisation of armaments, to that of global irregularity, demands a new behaviour from industry and the stakeholders allied to it, based on rapidity, flexibility and innovation. The challenge is new, complex, and multi generational, and demands change from the former days of relative industrial stability. Those industries that have the vision to respond by changing their mindsets are more likely to succeed than those that hark to the salad days of Cold War stability, and those changes in mindsets need to be fostered by the wider national security stakeholder set.

24 April 2008