National Security Strategy and Strategic Defence and Security Review 2015 Contents

4Decision-making on national security

National Security Risk Assessment

97.The NSS & SDSR 2015 was informed by the classified National Security Risk Assessment (NSRA) 2015. The NSRA 2015 grouped domestic and overseas risks to the UK in three tiers. The methodology used to create the NSRA 2015 is set out in Annex A to the NSS & SDSR 2015. The process does not appear to have changed since 2010, when the first NSRA was produced.161 As in 2010, a range of risks over a five-to-20-year timeframe was analysed, expressed in a matrix of likelihood and plotted against impact. The NSC then placed these risks into three tiers, according to a judgment of the combination of both likelihood and impact. For example, tier one included those risks deemed the highest priority “based on high likelihood and/or high impact”.162

98.The NSS & SDSR 2015 stressed that “This is not a simple ranking of their [the risks’] importance”.163 It added:

The NSRA is intended to inform strategic judgement, not forecast every risk. Many of the risks are interdependent, or could materialise at the same time. Our approach to risk management will need to take this into account.164

The NSRA 2015 and the three tiers of risk are intended to guide policy prioritisation and resource allocation in conjunction with other assessments, such as the Global Strategic Trends series produced by the MOD’s Development, Concepts and Doctrine Centre, strategic intelligence assessments produced by the Joint Intelligence Committee and departmental analysis. Allies and external experts also provided input.165

99.In 2014, our predecessor Committee recommended that “as part of its planning for the next NSS, the National Security Secretariat should develop a methodology which enables the impact and likelihood of risks to be considered alongside the amount of government effort and resources that are being deployed to mitigate it.”166 In February 2016, the National Security Adviser told us that “the mitigation that is already in place” was a third factor considered as part of the NSRA 2015 process. He cited cyber as an example of a policy area which was deemed a serious and high-impact threat which was not yet subject to sufficient mitigation.167

100.Previous and ongoing efforts to mitigate risks to UK national security were considered as a factor alongside likelihood and impact in the production of the National Security Risk Assessment 2015. We welcome the adoption of this recommendation by our predecessor Committee in the 2010–15 Parliament.

A flawed approach?

101.Analysts have questioned whether a risk-based approach to security is appropriate. Dr Blagden listed the following constraints to the methodology underpinning the NSRA 2015:

The use of a matrix to assess the likelihood and potential impact of a particular risk relies on assigning qualitative values to variables for which there is inevitably little high-quality quantitative data;168
The categorisation of risks into broad types and tiers fails to recognise potential links between threat types—for example, between ‘Cyber’ and ‘International Military Conflict’ in tier one, or between ‘International Military Conflict’ and ‘CBRN Attack’ in tiers one and two respectively.169

102.We questioned the utility of the three tiers as a guide to policy prioritisation and resource allocation. In some cases, the magnitude of funding allocated to capabilities did not correspond with the categorisation of the threat type. A CBRN attack (an attack with chemical, biological, radiological or nuclear weapons), for instance, is categorised as a tier two risk in the NSRA 2015 and may be perceived by some as being of lesser importance as a result. Yet at £31 billion in escalating capital costs and in-service running costs of 6% of the annual defence budget,170 the UK’s programme to replace the Trident nuclear deterrent, which is a key part of Government efforts to mitigate the risk of a nuclear attack, is one of the Government’s largest investment programmes. The NSS & SDSR 2015 described the Successor programme as similar in scale to Crossrail or High Speed 2.171 That example demonstrated the lack of correlation between the categorisation of risk and resource priorities, as did Oliver Letwin’s oral evidence when it became apparent that he did not appreciate the scale of the budget.172

103.Oliver Letwin told us that there is a “much finer-grained [classified] analysis” that guides government decision-making on the allocation of finite resources in proportion to the threats posed.173 He pointed out that the prioritisation of risks and the relationship with funding can broadly be discerned from the NSS & SDSR 2015:

If you look at this document and ask yourself what it is prioritising and where we are putting the muscle, the effort and the money, you see that is, above all, on the four priorities sketched on page 15 [the increasing threat posed by terrorism, extremism and instability; the resurgence of state-based threats and intensifying wider state competition; the impact of technology, including cyber; and the erosion of the rules-based international order …] They tally, roughly speaking, with four of the six tier 1 concerns, which are the SDSR-specific ones174

104.The National Security Risk Assessment 2015 may have oversimplified the security risks facing the UK by presenting aggregated risks. We are, however, somewhat reassured by the existence of a finer-grained analysis that is classified but available to the Government when prioritising policy and resources. We could achieve certainty on this point if the Government were to share this analysis with us on a confidential basis.

105.The NSRA must be used as an aid to, not a substitute for, good judgment. This is especially important given that the model relies on an assessment of the likelihood and impact of risks to the UK, for which high-quality data are not always available. We therefore welcome the input from other government assessments and external experts into the risk assessment, categorisation and prioritisation processes.

106.The regular assessment of the NSRA, every two years, is not a substitute for continual horizon-scanning. For example, the NSRA 2010 categorised “An international military crisis between states, drawing in the UK, its allies as well as other states and non-state actors” as a tier one risk to the UK.175 However, the Russian annexation of Crimea in March 2014 and subsequent hostilities in eastern Ukraine were not foreseen by the UK Government. The establishment of a risk assessment with a five-to-20-year timeframe is not a substitute for continual horizon-scanning.

National Security Council

107.The National Security Council (NSC) and its dedicated secretariat were created in 2010 with the objective of co-ordinating cross-government policy on national security. We agree with the assessment of the National Security Adviser that in providing a regular forum for all relevant Ministers, including those not traditionally considered to have a voice in security affairs, the NSC has been a valuable addition to the machinery of government.176 We are, however, struck by the emphasis on the personal role of Prime Minister David Cameron in the current national security structures. Joe Devanny, Research Fellow at the International Centre for Security Analysis, King’s College London, adduced constant prime ministerial involvement as one of the reasons for the success of the NSC.177 The Prime Minister chairs the meetings of the NSC, which, in theory at least, meets once a week when Parliament is sitting, as well as the meetings of four of the six NSC Sub-committees.178 We asked Oliver Letwin about the demands on his time as a Cabinet Office Minister, member of the NSC and chair of the NSC Implementation Sub-committee. In his response, he referred to the role of the Prime Minister, whom he described as the “ultimate line of defence” in ensuring the full and proper implementation of the NSS & SDSR 2015.179

108.That Oliver Letwin has been tasked with ensuring the smooth implementation of the cross-government commitments set out in the NSS & SDSR 2015 suggests that there is a need for a Minister in the Cabinet Office with responsibility for national security.180 This would fit with other recent steps to establish stronger leadership on national security at the centre of government. For example, the 2015 review process was directed from the Cabinet Office, with input from relevant Departments and agencies. The MOD had led previous security reviews.

109.We commend Prime Minister David Cameron’s investment in the NSC structures set up by the then Coalition Government in 2010 and developed further under the current Government. However, the effectiveness of those structures depends on the Prime Minister’s personal commitment, leaving them vulnerable to decline under his successors should they choose not to invest similar energy in driving cross-government collaboration on national security. The Government should consider creating a ministerial post within the Cabinet Office with oversight of national security. This would strengthen the leadership on national security at the centre of government, a function which is currently fulfilled by the Prime Minister.

110.Both our predecessor Committee and the Defence Committee in the previous Parliament concluded that the NSC secretariat is under-resourced and under-powered.181 The National Security Adviser told us that the secretariat’s role of co-ordinating rather than developing and implementing policy reduces the number of staff required.182 The 200 staff in the secretariat can be scaled up temporarily when required, such as when the NSS & SDSR is being created. However, we agree with Professor Gearson that the NSS & SDSR “deserves an ongoing, active capacity [within the secretariat] to look at the world as it is, rather than the way that we hope it will be and have decided it is every five years.”183 This would provide the NSC secretariat with the capacity to conduct a strategic, whole-of-government assessment of UK national security on an ongoing basis, as a complement to the individual viewpoints of Departments. It would also enable the NSC secretariat to be more proactive in horizon-scanning. We were struck by the reactive approach described by the National Security Adviser, which is reliant on Departments drawing issues of concern to the attention of the secretariat.184

111.Excessive staff rotation may hinder the maintenance of institutional knowledge within the NSC secretariat. In April 2016, Oliver Letwin answered a Commons Written Question about how many staff have worked continuously in the secretariat since 2010:

Staff in the NSS [National Security Secretariat] are drawn from the Cabinet Office and across Government including the MOD, FCO, and Armed Forces. They are employed on a range of terms and conditions including formal and informal, short and long term secondments. They also regularly call on augmentees and expertise from across Government to work on particular projects or issues. Since 2010 the organisation has also undergone a number of organisational changes. Given the organisational changes and the flexible approach to resourcing we do not hold the data in the format requested.185

112.The NSC secretariat would benefit from a greater capacity to undertake horizon-scanning proactively and to conduct a strategic, whole-of-government assessment of UK national security on an ongoing basis, as a complement to the individual viewpoints of Departments. The benefits of actively generating institutional knowledge within the secretariat have been muted by excessive staff rotation. The Cabinet Office should track the turnover of staff in the NSC secretariat to ensure an appropriate mix of policy expertise, experience, fresh thinking and institutional memory.

Implementation

113.The National Security Adviser told us that for the NSS & SDSR 2015 to be seen as “credible”, each of the 89 commitments set out in the document must be “implemented, followed through and monitored”.186 To meet this objective, the NSS & SDSR 2015 created a new Sub-committee of the NSC dedicated to overseeing implementation. The Implementation Sub-committee is chaired by Oliver Letwin, who described the Sub-committee’s purpose and process:

The purpose of the sub-committee is to hold to account internally each of those of my colleagues who are responsible for line Departments that have commitments that they are responsible for fulfilling that are within the SDSR. … The committee is being serviced by the National Security Secretariat and the Implementation Unit [which tracks the Government’s manifesto commitments], and is creating a sort of monitoring apparatus, a tracker, so that we can check regularly where we are getting to on each of the commitments. Where there are problems between Departments … I will be convening meetings to try to unblock those problems. Where particular Departments seem to be falling behind, I will be having bilateral discussions with the Secretaries of State to try to work out what we can do to help accelerate progress. And every so often the committee will meet—roughly speaking, at six-monthly intervals—to go through, as we have done once so far, the whole of where we have got to in order to prepare ourselves for a report to … the Committee, and also to Parliament, which we have promised to do once a year to hold ourselves collectively to account in public.187

Although the new system for overseeing implementation of the NSS & SDSR 2015 still relies on officials to undertake day-to-day tracking of progress, it has also established “specific cross-departmental ministerial accountability within Whitehall” characterised by the formal, regular involvement of Cabinet Ministers.188 Previously, the six-monthly report on the implementation of the SDSR 2010 was created by officials and merely “blessed” by the NSC.189

114.We welcome the establishment of the Implementation Sub-committee of the National Security Council, which introduced ministerial responsibility for overseeing the implementation of the NSS & SDSR 2015. We will monitor the effects of this development on the Government’s implementation of the 89 commitments set out in the NSS & SDSR 2015. The Cabinet Office should publish the 89 commitments in the NSS & SDSR 2015 on its website and detail progress on each of them in the form of an online tracker.

161 The NSRA was refreshed in 2012.

162 HM Government, National Security Strategy and Strategic Defence and Security Review 2015: A Secure and Prosperous United Kingdom, Cm 9161, November 2015, Annex A, para 2

163 HM Government, National Security Strategy and Strategic Defence and Security Review 2015: A Secure and Prosperous United Kingdom, Cm 9161, November 2015, Annex A, para 2

164 HM Government, National Security Strategy and Strategic Defence and Security Review 2015: A Secure and Prosperous United Kingdom, Cm 9161, November 2015, Annex A, para 3

165 Oral evidence taken on 1 February 2016, HC (2015–16) 644, Q43

166 Joint Committee on the National Security Strategy, First Report of Session 2013–14, The Work of the Joint Committee on the National Security Strategy in 2013–14, HL Paper 169, HC 1257, para 29

167 Oral evidence taken on 1 February 2016, HC (2015–16) 644, Q46

168 David Blagden (NSS0004) para 9

169 David Blagden (NSS0004) para 9

170 Oliver Letwin’s letter to the Joint Committee clarified that: “The estimated acquisition cost of four new submarines, spread over 35 years, is £31 billion. The MOD is also setting a contingency of £10 billion. On average, that amounts to 0.2 per cent per year of government spending. … [The] in-service costs of the UK’s nuclear deterrent … will be similar to those of today—around 6% of the annual defence budget (0.13% of total government spending).” Letter from Oliver Letwin MP to the Chair of the Joint Committee on the National Security Strategy, submitted 24 June 2016, following an oral evidence session on 23 May 2016, Annex, A2.

171 HM Government, National Security Strategy and Strategic Defence and Security Review 2015: A Secure and Prosperous United Kingdom, Cm 9161, November 2015, para 4.73

172 Q63 ff

173 Q63

174 Q64

175 GOV.UK, “Fact Sheet 2: National Security Risk Assessment”, accessed 22 June 2016

176 Oral evidence taken on 1 February 2016, HC (2015–16) 644, Q19

177 Joe Devanny, “Co-ordinating UK foreign and security policy: The National Security Council”, RUSI Journal, vol 160, no 6 (2015), p 20

178 _The four NSC sub-committees chaired by Prime Minister David Cameron are Threats, Hazards, Resilience and Contingencies; Nuclear Deterrence and Security; Syria and Iraq; and Counter-Terrorism.

179 Q44

180 In 2010, the then Coalition Government placed a junior Minister in the Home Office with responsibility for national security.

181 Joint Committee on the National Security Strategy, First Report of Session 2010–12, First Review of the National Security Strategy 2010, HL Paper 265, HC 1384, para 72; Defence Committee, Eleventh Report of Session 2014–15, Decision-making in Defence Policy, HC 682, para 117

182 Oral evidence taken on 1 February 2016, HC (2015–16) 644, Q2

183 Q11 [Professor Gearson]

184 Oral evidence taken on 1 February 2016, HC (2015–16) 644, Q18

185 PQ 34581 [on the staffing of the National Security Secretariat], 26 April 2016

186 Oral evidence taken on 1 February 2016, HC (2015–16) 644, Q31

187 Q35

188 Q42

189 Q42

< Back

Next >

8 July 2016