BACKGROUND

  The current national security and resilience (NSR) situation is complex in that it covers resilience both in response to terrorist action and civil disaster or contingency. The recent publication of the National Security Strategy (NSS) provides a useful opportunity for taking stock.

  The UK has had a counter-terrorist strategy (known as CONTEST) for some years. It is based on a framework of four P's:

—  preventing things happening by dealing with the underlying causes;

—  pursuing those intending violence to reduce the threat;

—  protecting the UK by reducing physical and electronic vulnerability; and

—  Preparing for attacks should they nevertheless happen.

  The CONTEST strategy was made public in 2006—in itself a sign of changing times and a recognition of how much information is now in the public domain about the activities and capabilities of the police as well as, intelligence and security agencies.

  The latest advance was the publication by the government in March 2008 of the National Security Strategy for the UK. It is important because it acknowledges and captures the nature of the changes that are occurring, and sets out the government's aspirations for the way things should develop further.

  The NSS, for the first time, puts terrorism formally in the wider context of other threats to the nation and its people. It carries forward the logic of the Resilience agenda in recognising that responses to threats and catastrophes may have common features independent of their origins. It broadens the scope of national security to look at the risks to the UK from terrorist, criminal, man-made and natural disasters.

  The Strategy also notes that the pervasiveness of the internet and mobile communications, and their familiarity and accessibility to those active in crime and terrorism, means that a great deal of the recruiting, planning, preparing and organisation of criminal and terrorist activity now takes place in the electronic space. Increasingly, this is the battle space within which government needs to be effective if it is to detect and prevent malicious activity. At the same time, our electronic dependency also provides opportunities for criminals and, potentially, for terrorists.

  The NSS recognises explicitly that measures to reduce vulnerability, and to increase preparedness to deal with disaster, build resilience against a range of threats, and are consistent with a more all- hazards and all-embracing "comprehensive approach".

"Because of the scale and speed of the risk they [pandemic, epidemic, flooding, extreme weather] pose, those phenomena have similar potential to other security challenges to threaten our normal way of life... Moreover our approach to them... is similar to our approach to other national security challenges, including terrorism... as economies and societies grow increasingly dependent on national and global electronic information systems, it becomes even more important to manage the risk of disruption to their integrity and availability through cyber-attack whether terrorist, criminal or state-led."

National Security Strategy for the UK March 2008

  In summary, the government's intention is to encourage a broader and more connected view of National Security that links more closely the integrity of the state and the safety of the individual. It seeks a more effective coalition of central and local government, security and intelligence agencies, law enforcement, business and commerce, as well as non-profit organisations and individuals. In effect, both a globalisation process and a multi agency approach is required if a coherent and effective response to NSR is to be achieved, and if critical national infrastructure (CNI) is to be protected.

  The government has a leadership role to play and has made some major changes to address the multi agency approach with:

—  The creation of the National Security, International Relations and Development Committee (NSID) formed from the Cabinet, chaired nominally by the Prime Minister.

—  The reorganisation of the Home Office. This includes the creation of the Office for Security and Counter-Terrorism (OSCT), a unified Borders Agency and extensions to e-Borders, continued (for the moment) commitment to the National Identity Scheme (NIS) and new Police Counter-Terrorism structures.

—  The last spending round that favoured security, intelligence and counter-terrorism (and constraints on defence spending).

—  Reviews of intercept as evidence and data security, new asset freezing proposals, new court rooms and judicial arrangements for terrorist trials, and proposals for detention beyond 28 days.

  In the future, consideration is being given to:

—  Consultation on ideas for a joint Parliamentary National Security Committee.

—  Strengthening of horizon-scanning and forward planning capability.

—  Creation of an (advisory) National Security Forum with representation from government, the wider political scene, voluntary sector,, academia and others to discuss strategy and exchange ideas.

  The NSS also seeks to balance terrorism against other threats to civil society, with for instance "flooding and flu" seen as a greater immediate threat to our way of life than terrorist incidents. The response level will be the same however with the focus on operating within a complex multi agency environment

PROBLEMS AND ISSUES

  There is a distinction between responding to a large scale crisis, which so far the UK has not suffered, and a point attack, such as 7/7. In a large scale crisis, there will almost certainly be features that distinguish it from a more straightforward situation. Specifically, a complex multi agency environment, significant military engagement and a requirement for interoperability between all agencies, particularly the first responders (police, fire service, paramedics, NHS etc), local and central government, the security services and military. Key to establishing the required levels of interoperability, is the ability for each of those agencies to be working from a common operational picture and able to communicate by voice and data with all other agencies.

  The main issue is the need to effect a more `joined up` approach to any response in the face of this multi agency environment. This involves not only technology but also doctrine and process. This approach needs to be implemented in harmony across all organisations involved so that they may be exercised to a high standard of delivery ahead of any crisis. If not the danger exists that in a crisis, organisations and individuals will revert to what they know best and ignore newer technologies. The widespread use of commercial mobile phones by the emergency services in 7/7 is a case in point.

  There is, therefore, a growing "cross-over" area in which many of the approaches, disciplines, capabilities and skills developed to meet the needs of traditional defence and security clients are equally needed in the UK civil government sector. This cross-over area does not have the degree of coherence, predictability or procurement doctrine familiar in individual departments such as the MOD. The government aspires to something more coherent and joined up. There are some good examples of effective partnership but there appears to be no clear plan to achieve it. For instance, substantial obstacles exist in the range and nature of accountabilities of different parts of the sector, their enabling legislation, and the way budgets are allocated.

  There may be plans for a "single budget" for counter-terrorism and security, but this is likely to be at best, the sum of the parts rather than an accountability mechanism. In effect there is a real risk that the nation will remain so compartmentalised that it will find it impossible to identify and procure the systems up front that would enable it to "join up" across organisational boundaries when faced with a multi agency crisis, and thereby allowing the first responders and the security services to react to crises efficiently and comprehensively.

  The consequences of different agencies not being all informed results in confusion and delay when time is likely to cost lives. If the situational awareness of different agencies during a complex emergency is not the same, responses are likely to be both slow and uncoordinated. Relatively simple solutions, either adapting legacy systems or using Commercial off the Shelf (COTS) solutions, can plug these holes quickly and efficiently.

THE FUJITSU APPROACH

  Information and Communications Technology (ICT) has a major role to play in enabling this more joined up approach and delivering interoperability. Fujitsu is one of the largest suppliers of IT systems to both government and the private sector; with installations in the Home Office, Cabinet Office, MOD, HMRC and Security Agencies. It is in a pre-eminent position to assist government departments to work more effectively both singly and also with other organisations. Fujitsu Defence and Security, as one of the UK's leading IT Systems Integrators, is well placed to manage this process. As well as helping to enlarge a market for ICT and our services in particular, we are also very aware (in common with much of industry) of the capabilities and technologies available which are not being utilised and could make a real difference to all our lives and security.

  There are two distinct areas where Fujitsu can bring its defence and government expertise in ICT systems to bear:

—  At one level, it is a matter of integrating information across a secure government infrastructure, which is already available in silo systems, to provide the authorities with the right secure information to enable them to manage the crisis at a strategic level.

—  At another it is bringing new advanced capabilities together to generate interoperability at the operational level—as a key systems integrator. This would include capabilities such as the Crisis Communications Service—integrating incompatible comms networks, and the OpenJop system providing situational awareness for operational commanders at Gold or Silver level.

WHAT WE ARE DOING AND KEY RECOMMENDATIONS

  To date Fujitsu has been promoting awareness of the issues around large scale resilience crises, as opposed to the single point attack, which we believe have not been fully evaluated in respect of their impact on any multi agency response. We believe more could be done in the areas of interoperability and the ability of technology (with the associated changes in doctrine and process) to deliver increased capability "on the ground". In many respects there is technology available which is not costly or complex, which could be implemented relatively quickly and which would make a real difference. Part of the problem appears to be the lack of a pan government process of evaluation and procurement that can determine which technologies would deliver effect quickly and cost effectively across the agencies—in some ways analogous to the UOR principle in the MoD. However the multiplicity of agencies including 43 police services etc, makes the implementation of a single UOR process in the civil sector much more difficult to realise—although the appearance of OSCT and similar cross government agencies may make a difference in the future.

  To assist recognition of these issues, we have for the past two years been raising awareness in a number of public events. We sponsored a Chatham House seminar in May 2007, for invited leaders of a range of agencies that could be involved in a large scale crisis. This included the police, fire service, government departments, regional resilience forum, utilities, environment agency etc. It was chaired by Sir David Omand, and as far as we are aware, was the first attempt outside government, to collect representatives of all the agencies that might be involved within a large scale crisis (whether prompted by natural disaster of terrorist attack) in a single place—to debate the issues around interoperability and response. There was a follow up event on HMS Belfast in July 2007, which Lord West and Dame (at the time) Pauline Neville Jones attended. We have also spoken at other conferences such as RUSI and CityForum alongside other NSR speakers, as well as promoting more directly our capabilities at Fujitsu open days and major exhibitions such as DSEI last September.

KEY RECOMMENDATIONS FOR THE COMMITTEE

  The questions that might be useful to explore would include:

—  What are the capabilities that are available now and which could provide increased performance across the agencies especially in delivering operational interoperability.

—  Assuming we have the technologies to improve interoperability, how do we establish the processes, legislation and budget alignment to make effective multi agency working happen.

—  What is the relative risk, impact and likelihood of a large scale crisis happening as a result of terrorist action, rather than another point attack.

  While less likely it is we believe very possible (and becoming more of a threat), and the impact if it occurs could be devastating. The ability of the country to work as a whole, at local as well as national level, would depend to large extent on the ability to improve levels of interoperability on the ground. We need to have this in place, trained, exercised and embedded within the culture of the various organisations, but particularly the emergency services, before the next crisis hits us. Attempting to implement increased levels of interoperability at the same time as managing the crisis, would be extremely hard if not impossible.

11 June 2008