National Security Capability Review: A changing security environment Contents

3Improving cross-government responses to national security challenges

72.Despite the limited scope of the National Security Capability Review, we heard that it does offer a further opportunity to improve coordination between Departments.168 The National Security Council was set up in 2010 specifically to improve the coordination of a ‘whole-of-government’ approach to national security, and to implement cross-government policies in response to threats to the UK. But the NSA, Sir Mark Sedwill, told us that the Government can still “do a great deal to achieve a greater impact with the inputs we have available to us, particularly if we pull them together and use them in a coherent way.”169 During our inquiry, we heard about three policy areas where it is argued that a joined-up approach across the Government is essential in countering new and changing threats effectively.


73.Experiences in Afghanistan, Iraq, Libya and Syria have fed debate about whether, when and how the UK should intervene overseas in response to instability, violence and conflict. Key questions in this debate include:

74.The 2015 NSS & SDSR makes clear the Government’s view that “Instability, conflict and state failure overseas pose an increasingly direct threat to the UK. […] It is firmly in our national security interests to tackle the causes and to mitigate the effects of conflict.” It states that the Government will use all tools available to it—diplomatic, development, military and law enforcement—to tackle conflict and build stability overseas. And it makes two commitments in relation to this policy area:

75.However, Rethinking Security—a network of organisations and academics—states in written evidence to this inquiry that the 2015 NSS & SDSR gives “insufficient attention” to the underlying drivers of insecurity, despite these twin commitments.177 Conciliation Resources and International Alert also argue that the 2015 NSS & SDSR “struggles to translate the importance of these issues into clear guidance and activities.”178 Perhaps most strikingly, Dr Andrew Rathmell told us he questions whether building structural stability, conflict prevention and conflict management are still a priority for the Government, despite what he argues has been a relatively positive track record in contributing to the stabilisation of countries such as Iraq, Afghanistan and Somalia in the past few years.179 180

76.Stabilisation is not one of the 12 principal strands of the NSCR, although it will likely be addressed in relation to the CSSF under the ‘Cross-Government Funds’ strand. It may also be addressed by the MDP in relation to defence engagement (the deployment of military teams to provide mentoring and training to partners overseas). Providing oral evidence to the Committee, Dr Rathmell said that if the NSCR were to go beyond “tactical tweaking”—that is, small realignments in budgets and resources—it would need to take account of the ways in which the level of stability has “worsened” over the past few years in regions of importance to the UK—specifically, the Middle East, North Africa and sub-Saharan Africa.181 Dr Rathmell said that these include:

77.Dr Rathmell also said that ideally, the NSCR would take a longer-term view of stability and other issues such as migration. However, he concluded that there is currently a contradiction between “the fairly small capabilities that the UK has been building” and its desire to have a “fundamental ability to address these issues”.183 General Sir Richard Barrons agreed that migration is a policy area that needs “a more sophisticated response”, which uses all the levers available to the Government and is addressed in coordination with allies. But he added: “I do not think we have grasped that.”184

78.The NSC’s decision to limit the scope of the NSCR means it is unlikely to address such fundamental issues. Nevertheless, Dr Rathmell identified two smaller actions that would improve the Government’s wider approach to stabilisation:

a)ensuring that the 50% of DFID’s budget spent in fragile and conflict-affected states more directly targets the causes of conflict and instability;185

b)incorporating new thinking on stabilisation by adopting DFID’s internal guidance, the Building Stability Framework (written in 2016), across Government—a suggestion also made by Saferworld, Conciliation Resources and International Alert in their written evidence.186 187

79.The National Security Capability Review is an opportunity for the Government to demonstrate that tackling instability overseas remains a priority. The Government should at least consider limited options for improving its current approach. These include implementing DFID’s up-to-date policy guidance on stabilisation across Government, and ensuring that money spent in fragile states more directly targets the causes of conflict and instability.

Modern deterrence

80.The NSA told us in December that ‘modern deterrence’ is under consideration as part of the NSCR, presumably under the ‘Our National Security Doctrine’ strand. He described modern deterrence as “being able to deploy a range of different capabilities that exploit our adversaries’ vulnerabilities, not necessarily to respond in an area where they have sought to exploit ours.” Referring to Sun Tzu, he added: “you fight on the ground of your choosing, if you can, rather than the opponent’s.”188

81.We asked our witnesses what a policy of ‘modern deterrence’ should cover, and how this might differ from the well-established concept of deterrence associated with the Cold War. Lord Ricketts explained in supplementary written evidence that he understands “the term to apply to the whole spectrum of deterrence and the need to keep deterrence policy up-to-date in the light of changes in the threats to our national security.” Specifically, he thought this would cover:

He noted that the policy of deterrence would need to be “elaborated in consultation with the US and other NATO allies”.189

82.Robert Hannigan said that in his view, the term ‘modern deterrence’ is not “particularly useful”. In supplementary evidence he wrote: “deterrence is deterrence, whatever the domain. Logic suggests that one should work out what needs deterring before defining the capabilities necessary”. Nevertheless, he expected cyber deterrence to be prioritised under the NSCR, given that the other aspects of deterrence policy are “well-rehearsed”.190 Providing oral evidence, General Sir Richard Barrons told us that modern deterrence is “not rocket science”. However, he also warned that “At the minute, we tend to fixate on little bits of that [full-spectrum deterrence policy], which is never going to be good enough.”191

Deterring unconventional threats

83.We also asked our witnesses whether there are practical differences between deterring military and nuclear threats and deterring threats in the ‘grey area’ between peace and war—for example, a deniable cyber attack on critical national infrastructure or attempts to undermine trust in democracy and institutions using ‘fake news’. Sir Richard said that “we struggle to play in that space” where states such as Russia try to “keep us on our heels”. He explained:

[…] we are quite good at calling this out, but we seem not to have worked out what we are then going to do in applying sanctions, deterring it or rebutting it, or doing it back. I know that democracies struggle with this more than monolithic states do, but it is absolutely a feature of our time … 192

84.Robert Hannigan explained that the “UK system”, including parliamentary committees and the Electoral Commission, had been slow to respond to the fact that the internet and digitalisation enables states such as Russia to undermine the UK’s institutions more cheaply and at larger scale than in the past—a view also expressed in written evidence submitted by Manchester Metropolitan University.193 However, more importantly, he also said that “it is not really clear whose job it is to look at social media subversion or the sowing of distrust” in the UK. He observed that “MI5 has the job of countering subversion in its most extreme form” but “Unless it is a crime, it is quite difficult to know who in our system is responsible”.194

85.It seems likely that the new National Security Communications Unit—announced by the Government in January as one of the first outcomes of the NSCR—is intended to address this apparent gap in policy ownership within the Government. Making the announcement, a spokesman for No. 10 said that the unit, which will build on existing capabilities, is intended to tackle disinformation and “competing narratives” spread by “state actors and others”. He added that it would “more systematically deter our adversaries”.195 However, the Government has yet to provide detailed information about this new unit.196

86.We expect the National Security Capability Review to outline an updated policy of deterrence that covers the full range of threats to the UK—from nuclear and military threats, to unconventional threats such as cyber attacks and subversion. This should include any new tools available to the Government under the policy of modern deterrence, and how it plans to utilise them. In updating its policy on deterrence, the Government should focus on how it can deter threats that fall short of an act of war, but which are nevertheless damaging to the health of the UK’s political system, economy and society. It should also provide more detail about the new National Security Communications Unit when it publishes the NSCR. This includes information about:

Building national resilience

87.The importance of improving the resilience of the UK’s infrastructure, institutions and population has been demonstrated by a series of events since the publication of the 2015 NSS & SDSR. These have included: several terror attacks in the UK; a global cyber attack that affected large parts of the National Health Service for days; attempts to undermine the national elections of the US and France; and the use of a military-grade nerve agent to poison a Russian former intelligence officer on UK soil.197 Providing oral evidence in December, the NSA acknowledged the importance of strengthening resilience to cyber attack and propaganda, for example. But he also said that “we should also have considerable confidence in our resilience against those threats”, as so far, “They have not really worked”.198 In contrast, General Sir Richard Barrons was far less positive in his assessment, and warned that the UK remains acutely vulnerable because:

88.We heard that the UK could look to other countries such as Norway and Denmark for lessons in how to build resilience across society. Elisabeth Braw, non-resident Senior Fellow at the Atlantic Council, told us that these countries’ experiences suggest that the population should not be treated as a “fragile flower”. Instead, she described it as a largely untapped “resource” that can be mobilised in support of the armed forces and law enforcement agencies, in guarding sports events, critical infrastructure and military installations, for instance.200 Although a direct comparison with Denmark and Norway is not possible, as they have systems of selective conscription, the UK does already have professionally trained groups such as special constables and military reservists who can be called upon to perform such tasks. Ms Braw suggested that a “core of empowered citizens” in this mould also acts as a deterrent to potential attackers, by making it harder for them to achieve their objectives.201 In its written evidence, UNA-UK, a charity dedicated to building support for the United Nations, looks beyond professionally-trained volunteer groups to the potential role of the public at large, stating that “an informed and engaged public” is a “security asset”.202

89.Elisabeth Braw also highlighted the importance of regular crisis management exercises that involve the Government, businesses and society. She said that Scandinavian countries hold such exercises regularly to test responses to mass-casualty events—for example, attacks on critical national infrastructure—and are “a way of cheaply and effectively plugging the gaps” in resilience. However, we are concerned by Ms Braw’s statement that “the highest-ranking officials [in the UK] have been reluctant to have crisis management exercises in the way it is done as a matter of course in Denmark, simply because it would be embarrassing for gaps to be discovered.”203

90.We welcome the Government’s apparent focus on building national resilience as part of the National Security Capability Review. The Government must do all it can to inform the British public about the threats we face as a country, and to empower them to contribute to the Government’s response when appropriate. The Government should set out its plans to develop community and societal resilience to the range of threats that may arise. It should also set out in its response to this report its plans for future crisis management exercises, as well as information about the types of scenarios being tested and the participants involved.

Improving cross-government policy implementation and accountability

91.All the former senior officials who gave evidence to our inquiry were positive about the role of the NSC in coordinating the Government’s response to intensifying national security threats, agreeing that it was an advance on previous practice.204 However, providing oral evidence to the Committee in December, the NSA spoke of the constant challenge of implementing the NSC’s decisions on national security policy, especially as this might involve “half a dozen departments or more”.205 James de Waal also questioned what “more joint funding, more joint organisations and reorganisation of Whitehall structures to deal with hybrid threats” means for “accountability and funding, which are still based on Ministers and departments and service level agreements with the Treasury”.206 207

92.Our predecessor Committee repeatedly raised concerns about how cross-government policy is implemented in practice during its inquiries into the 2015 NSS & SDSR, the CSSF and cyber security.208 Specifically, it questioned which Ministers and officials were responsible for cross-government policy in these areas (and therefore who should be held accountable), which Department had oversight of the relevant cross-government budgets, and what this meant for parliamentary scrutiny of these policy areas. As our predecessor Committee stated in relation to the CSSF, unless there is a single, and clearly identified, owner of cross-government policy, “There is the danger that collective responsibility will degenerate into no responsibility.”209

93.The NSA told us in December that the implementation of cross-government national security policy is now under review, in a separate process from the NSCR. He said that:

[…] the Prime Minister was particularly concerned that we had a rigorous implementation process in place so that the [NSC’s] decisions were then driven through government. […] Essentially, we need to bring that concept [of joined-up government] alive in the national security area and ensure that each department and individual area is clear about what is expected of it and what the ministerial direction and guidance means.210

94.The nature of today’s security threats mean that they require a much more closely coordinated response by Departments to be effective. We therefore welcome the news that the National Security Adviser has been tasked with reforming how National Security Council decisions are implemented across the Government. We look forward to seeing his proposals for improving the implementation of cross-government national security policy, and for ensuring a strong line of accountability within Government, and of ministerial accountability in particular.

168 Q40 [Professor Sir Lawrence Freedman]

169 Oral evidence taken on 18 December 2017, HC (2017–19) 625, Q27

171 Jo Cox MP, Tom Tugendhat MP and Alison McGovern MP, The Cost of Doing Nothing: the price of inaction in the face of mass atrocities (London: Policy Exchange, 2017)

172 Professor Paul Rogers (CSE0008) paras 2.2–2.6

173 In written evidence, Campaign Against Arms Trade states that “A major component to the UK’s security policy should be a commitment not to make a situation worse. Overseas military interventions, as seen in Iraq, Afghanistan, Libya and Syria, have caused devastation and instability with dire consequences for people living in those areas and, to a lesser extent, the world more generally.” Campaign Against Arms Trade (CSE0004) para 7

174 In written evidence to this inquiry, peacebuilding organisations Saferworld, Conciliation Resources, International Alert and Rethinking Security, as well as Professor Paul Rogers of Bradford University, argue that the UK should focus more on addressing the underlying drivers of conflict and instability. They point to the link between instability overseas—driven by grievances over poor governance, corruption, lack of opportunity and so on—and the security challenges facing the UK, such as terrorism, extremism and disorderly mass migration. Rethinking Security (CSE0002) paras 1, 4.2, 5.1, 5.3, 5.4; Professor Paul Rogers (CSE0008) para 5.2; Saferworld (CSE0011) paras 15, 26; Conciliation Resources and International Alert (CSE0012) paras 4, 5, 10

175 “Conflict, Stability and Security Fund: an overview”, GOV.UK, accessed 12 March 2018. The Annual Report for the CSSF in FY2016/17 states that CSSF funding was used to support activity in the following areas: protecting the UK and Overseas Territories; combating extremism and terrorism; countering serious and organised crime; crisis response and resilience; building influence with allies and partners; strengthening the rules-based order and international institutions; tackling conflict and building stability overseas. See HM Government, “Conflict, Stability and Security Fund: Annual Report 2016/17”, July 2017, p. 4

176 Our predecessor Committee undertook an inquiry into, and published a report on, the CSSF. Joint Committee on the National Security Strategy, Second Report of Session 2016–17, “Conflict, Stability and Security Fund”, HL Paper 105, HC 208

177 The 2015 NSS & SDSR announced the Government’s intention to deliver an “even more ambitious approach” to tackling conflict and instability overseas, which it states is “firmly in our national interests”. HM Government, National Security Strategy and Strategic Defence and Security Review 2015: A Secure and Prosperous United Kingdom, Cm 9161, November 2015, paras 5.116–5.118

178 Conciliation Resources and International Alert (CSE0012) para 7

179 Qq21–22 [Dr Andrew Rathmell]

180 Aktis Strategy Ltd. is a CSSF Framework Supplier.

181 Q21 [Dr Andrew Rathmell]

182 Q21 [Dr Andrew Rathmell]

183 Q22 [Dr Andrew Rathmell]

184 Q22 [General Sir Richard Barrons]

185 Q22 [Dr Andrew Rathmell]

186 Q21 [Dr Andrew Rathmell]; Saferworld (CSE0011) para 15; Conciliation Resources and International Alert (CSE0012) para 14

187 This would replace the widely regarded but now outdated cross-government Building Stability Overseas Strategy, which was published by DFID, the FCO and MOD in 2011.

188 Oral evidence taken on 18 December 2017, HC (2017–19) 625, Q20

189 Lord Peter Ricketts (CSE0015) para 1

190 Robert Hannigan (CSE0014) para 1

191 Q29 [General Sir Richard Barrons]

192 Q29 [General Sir Richard Barrons]

193 Manchester Metropolitan University (CSE0005) para 2.4

194 Q20 [Robert Hannigan]

197 Our predecessor Committee, in its July 2016 report, observed that the “unprecedented emphasis” on domestic resilience within the 2015 NSS & SDSR was not translated into specific actions. Joint Committee on the National Security Strategy, First Report of Session 2016–17, “National Security Strategy and Strategic Defence and Security Review 2015, HL Paper 18, HC 153, paras 11, 13

198 Oral evidence taken on 18 December 2017, HC (2017–19) 625, Q22

199 Q32 [General Sir Richard Barrons]

200 Qq29–31 [Elisabeth Braw]

201 Qq30–32 [Elisabeth Braw]

202 United Nations Association – UK (CSE0006) para 9

203 Q32 [Elisabeth Braw]

204 Qq12–13

205 Oral evidence taken on 18 December 2017, HC (2017–19) 625, Q2

206 Q40 [James de Waal]

207 There were three cross-government funds relevant to security before the NSCR began: the Conflict, Stability and Security Fund (CSSF); the Prosperity Fund; and the Empowerment Fund. These funds were the subject of the Cross-Government Funds strand of the NSCR. There are also a number of joint units working on national security issues. For example, the 2015 NSS & SDSR established six new units. HM Government, National Security Strategy and Strategic Defence and Security Review 2015: A Secure and Prosperous United Kingdom, Cm 9161, November 2015, para 7.17

208 Joint Committee on the National Security Strategy, First Report of Session 2016–17, “National Security Strategy and Strategic Defence and Security Review 2015”, HL Paper 18, HC 153; Joint Committee on the National Security Strategy, Second Report of Session 2016–17, “Conflict, Stability and Security Fund”, HL Paper 105, HC 208; oral evidence taken on 6 March 2017, HC (2016–17) 153

209 Joint Committee on the National Security Strategy, Second Report of Session 2016–17, “Conflict, Stability and Security Fund”, HL Paper 105, HC 208, Summary

210 Oral evidence taken on 18 December 2017, HC (2017–19) 625, Qq1–2

Published: 23 March 2018