The UK's national security machinery Contents

3What does the NSC need to fulfil its role effectively?

Building the NSC’s understanding

78.If the NSC’s role is “to anticipate and to decide”, as Suzanne Raine described, it needs access to high-quality and timely information that enables it to do both in relation to risks and opportunities.115 Professor Omand told us that, while it is for Ministers, and ultimately for the Prime Minister, to strike the balance between what is desirable and what is possible, officials can

make the decision-maker’s life very much easier if you have that assessment and analysis, the policy options have […] already been discussed between officials across all the relevant departments so that nobody is blindsided, and they have exposed to Ministers the differences. I am no great fan of having official meetings and this stitch-up: “There is only one solution. Here it is”. You have to expose the options.116

79.Professor Omand told us that the Government needs the capacity to address both the more immediate risks (which are broadly quantifiable within a five-year timeframe) and the longer-term uncertainties. Suzanne Raine, by contrast, said the Government’s priority should be the rigorous understanding and management of risks that are “real and present dangers”.117

80.Professor Omand suggested the NSC should be serviced with four types of information that cross these timelines, to aid its understanding and inform its decision-making:

He said that while the Government has capabilities that could provide the NSC with this information, they are not “necessarily in the right place or connected by the right processes”.118

81.During our inquiry, we asked whether the NSC has access to the range of information it needs, supported by capabilities across Government. We have focused in particular on the Government’s:

Long-term thinking and testing assumptions

82.The machinery underpinning the NSC was criticised by witnesses for its weakness in supporting long-term, strategic thinking and decision-making.119 They described a range of tools and techniques, such as the creation of alternative scenarios and horizon-scanning, that might provide the Government with ‘strategic foresight’ when making decisions on national security today—that is, helping the Government to think about, understand and prepare for an inherently uncertain and unpredictable future.

83.We heard that engaging in this type of ‘futures thinking’ enables the Government to anticipate and be more proactive in its work,120 by helping it to:

84.It is unclear whether the new “central strategy development and delivery function” in the National Security Secretariat will engage in longer-term futures thinking or whether it will provide a central point of ‘ownership’ for such efforts across Government.122 However, Cat Tully told us that the cross-government “foresight network”, led by the Government Office for Science, could “be really empowered” and that the existing “atomised pockets” of horizon-scanning capabilities could be used much more effectively. Turning futures thinking into “insight and action in the here and now”, she said, will require educating policy-makers on “what is useful insight and plausible alternatives that we need to start preparing for and investing in.”123

Analytical capabilities and warning functions

85.Suzanne Raine has written previously that assessment and analysis should be prioritised in an “era of discord” and flux, because it can provide an early warning system and enable the Government to “keep its poise”—knowing when to act and “when to ignore”.124 She told us that

You could create an incredibly powerful government analytical machine by being wiser about how you use the Government’s professional analysts and by making sure that they fitted into a proper structure that then developed the understanding that feeds the National Security Council.125

86.We heard that the cross-government analytical capability might be strengthened in several ways. Witnesses told us that it should:

87.Professor Omand suggested that the Joint Intelligence Committee (JIC)—and the team of analysts in the Cabinet Office that supports it, the Joint Intelligence Organisation (JIO)—should be tasked with drawing together analysis and assessment of both threats and hazards from across government, for use by the NSC. He further called for the Chair of the JIC to be given responsibility for providing the NSC with both near-term warnings about impending risks and longer-term ‘strategic notice’ of “things that you could imagine may not happen but that, if they did, would be very serious”. This is in contrast to the JIC’s current role, which is focused primarily on providing assessments of, and near-term warnings on, threats and events overseas (see Box 2). The approach suggested by Professor Omand would provide a single central analytical and assessment capability that would span all national security risks and provide a warning function for both the short and longer term. Under this proposal, the JIC Chair would be responsible for providing the NSC with “the totality of that kind of advice”.129

Box 2: The Joint Intelligence Committee and the Joint Intelligence Organisation

The Joint Intelligence Committee (JIC) is an inter-agency body based in the Cabinet Office. Its membership comprises senior officials from the Cabinet Office, including the JIC Chair, the Chief of the Assessments Staff and the National Security Adviser; senior representatives from the FCDO, MoD, the Home Office and HM Treasury; and the Heads of the Secret Intelligence Service, MI5 and GCHQ. Its formal role is to bring to the attention of Ministers and departments “assessments that appear to require operational, planning or policy action”, including by keeping under review threats to security in the UK and overseas. It has a wide remit, requiring it to assess events and situations relating to “external affairs, defence, terrorism, major international criminal activity, scientific, technical and international economic matters” and “other transnational issues”, drawing on secret intelligence, diplomatic reporting and open-source material. The Chair of the JIC provides “all-source assessment briefings” to the NSC, informed by JIO briefing materials.

The Joint Intelligence Organisation (JIO) is an assessment function within the Cabinet Office. Its analysts take raw intelligence gathered by the intelligence agencies and produce briefings and assessments that consider tactical and strategic national security issues, providing warnings of threats to UK interests and monitoring countries at risk of instability. Its remit has recently been expanded to cover additional risks, such as health security. There were approximately 80 JIO analysts in 2018.

The JIO is not formally part of the National Security Secretariat, even though its workflow is shaped by the NSC. This separation between teams is intended to help maintain the division between intelligence analysis and assessment and policy-making—one of the key lessons of the Iraq War.

Source: “Joint Intelligence Committee”, GCHQ, accessed 18 August 2021; “Joint Intelligence Committee”, accessed 18 August 2021; Cabinet Office (NSM0032); “National Intelligence Machinery”, MI5, accessed 18 August 2021; Sir David Omand (Professor at War Studies Department, King’s College London) (NSM0002); Intelligence and Security Committee, Annual Report 2018–2019, HC 633, p. 19; Dr Joe Devanny and Josh Harris, “The National Security Council: National security at the centre of government”, IfG, 2014, p. 14

88.Witnesses had differing views on the desirability of expanding the JIC’s (and therefore the JIO’s) focus and role. Lord Ricketts agreed there should be clear responsibility for the warning function within Government, and that the warning function is “inherent in the JIC’s process”. However, he questioned whether the JIO “has the expertise to give that kind of strategic notice of issues such as pandemics and climate emergencies.”130 Lord McDonald argued that although the capability on natural hazards was needed, the wealth of open-source information available on such risks meant it “should not be located in the secret space”.131

89.Suzanne Raine, however, argued that setting up an alternative body to provide a central warning function on natural hazards and any threats not covered by the JIC would lead to some duplication. She further clarified that the JIC “is not just for secret intelligence; it is for all information”, including open source as its ‘baseline’.132 This suggests there is some confusion about the extent to which the JIC and JIO utilise open-source information in their assessments.

90.Ms Raine also drew our attention to the relative lack of resources allocated to analysis across Government, describing it as “underresourced and deprioritised”. Noting that “monitoring and assessment requires real expertise, because you are monitoring how things are changing over time”, she called on the Government to provide “a stable resourcing model for all analyst bodies”, especially for the JIO at the centre of Government.133

Use of open-source information

91.During our inquiry, we have heard about the potential of open-source information to improve the Government’s understanding of the national security landscape, and to track risks and opportunities. Professor Omand and Suzanne Raine pointed to the work of online investigator Bellingcat in attributing the 2018 poisoning of Sergei Skripal to Russian military agents, for example.134 Lt Gen (retd) HR McMaster told us that

If there is an area where the intelligence community should focus reform efforts, it is accessing more routinely unclassified sources of information. […] We need more open-source intelligence—skimming of social media, for example. If you want to learn about the Syrian civil war and what is going on inside Syria, probably the best source is social media skimming these days.135

92.However, the existence of what Suzanne Raine described as an “infinite amount of information” presents a significant challenge: how best to manage the vast amounts of available data—through storing, sorting, analysing and distributing information to decision-makers in an accessible and timely manner.136 Written evidence provided by Dr Filippa Lentzos and Professor Michael Goodman of King’s College London stated:

increased data does not necessarily equate to increased insight, knowledge or wisdom. While in the recent past, having power meant having access to data, in today’s world, with overwhelming amounts of data available, having power means knowing what to ignore, what to prioritise and how to analyse it.137138

93.According to the former Chief Scientific Adviser for National Security, Professor Anthony Finkelstein, Government decision-making is “increasingly conducted at lower classification, remotely, and with much greater emphasis on data to underpin decision-making”.139 Yet Lord McDonald told us that Whitehall struggles in synthesising open-source information with secret intelligence, even though the unclassified space is now “bigger” and “maybe more important” than the classified space. He also noted that the JIC Chair speaks first at NSC meetings, thereby framing the discussion in a way that—in his assessment—is focused primarily on secret intelligence.140

94.Lt Gen McMaster said that technologies such as artificial intelligence (AI), big data and geotagging were “immensely important” in enabling the “routine use of unclassified sources of information”.141 However, Professor Omand cautioned against drinking “the AI Kool-Aid”, noting that while AI can sort “dumb” data, skilled analysts are still needed to interpret and understand it.142 In written evidence, Rebellion Defence, an AI software company, similarly stressed the importance of technological and organisational changes that would “bring together human expertise with technology to make better decisions from data”.143

95.As a result, Professor Omand and Suzanne Raine called for the creation of a joint centre of expertise on open-source information to drive its use in the intelligence community and across Whitehall, and to ensure that “there is proper training available in the access to and safe use of open sources.” They consequently welcomed the launch of INDEX (the Information and Data Exchange) by the Professional Head of Intelligence Analysis in the Cabinet Office144—the purpose of which is to improve the sharing of information (analysis, assessment and reporting) and data across government.145

Counteracting groupthink: diversity of thought and use of challenge

96.The 2004 Butler report on the use of intelligence in making the case for the Iraq War highlighted the dangers of ‘groupthink’—the development of a “prevailing wisdom”. It consequently identified the need for Government policy-making to be exposed to ‘structural challenge’ through established methods and procedures such as red-teaming.146, 147 Even within the context of the early 2000s, the report stated:

The more diffuse range of security challenges of the 21st century means that it will not be possible to accumulate the breadth and depth of understanding which intelligence collectors, analysts and users built up over the years about the single subject of the Soviet Union. […] Well developed imagination at all stages of the intelligence process is required to overcome preconceptions.148

97.Several witnesses argued that the problem of groupthink persists within the NSC system.149 They highlighted two broad solutions, the first of which is to open up NSC policy-making processes to greater diversity of thought both within and beyond Government.

98.Lack of diversity within Whitehall’s national security community has been recognised as an issue that must be addressed for some time: for example, in 2017, then-NSA Lord Sedwill described diversity and inclusion as ‘Mission Critical’.150 Lord McDonald observed that at least some tendencies towards groupthink within national security stems from the fact that the departments represented around the NSC and NSC(O) table were themselves “pretty un-diverse”. Bronwen Maddox described progress in this regard as “painfully slow”.151

99.Diversity of thought might also be improved by increased engagement with external experts—something which David Cameron said he wished the NSC had done more, given that “there are a lot of people outside government who know a hell of a lot more than the people inside government”.152 Lord Ricketts further observed that the “broadening” of national security risks—“moving away from the military security area”—means that “we ought to be tapping into wider expertise in the country for risks that are outside the perimeter of classified information.”153 However, we heard that the Government’s engagement with academics continues to be “sporadic and irregular”, while much more could be done in relation to civil society, for example.154

100.The second solution highlighted by witnesses was the greater use of systematic or ‘structural’ challenge—using techniques and tools such as horizon-scanning, scenario-planning and exploring alternative contingencies and red-teaming155—as part of Government policy-making processes to test policy options and decisions, and to put “new ideas and possibilities on the table”.156

101.Cat Tully told us that such techniques were not just about testing policy substance, but about creating a “mindset” which internalises the “very deep message that our view of the future is not likely to be the one that plays out”.157 Ms Tully welcomed the fact that the civil service is “beginning to really engage” with such tools and techniques. However, other witnesses sounded a note of caution about such tools if they are not used well: for example, UK Computing Research Committee (UKCRC) warned that red-teaming can “reinforce complacency and unwarranted optimism” if it is not sufficiently independent of the policy-making teams, while Dr Daniel Lomas from the University of Salford observed that the effectiveness of red-teaming exercises depends on the diversity of the participants.158

102.The NSA told us that new Strategic Advantage Cell in the National Security Secretariat is “tasked explicitly with bringing sustained and rigorous challenge to our grand strategy”.159

103.The NSC needs high-quality information and analysis to make its decisions. All information provided to the NSC should draw on the best possible sources for the topic under discussion—which, in many instances, will be open-source information and data analysis, supplemented as necessary by diplomatic reporting and secret intelligence. The Government must make the necessary organisational and technological changes that would enable it to bring insight from data together with human expertise.

104.Diversity of thought and exposure to challenge are critical to better decision-making on national security, sharpening policy analysis and guarding against groupthink. The NSC structure should be in regular and constructive contact with external experts, including with academia, think tanks and those potentially involved in the delivery of the national security strategy—for example, relating to cyber security and biosecurity. In light of previous, unfulfilled commitments to improve external engagement and challenge, we recommend that the Government updates us on progress against this recommendation in six months’ time, and then on an annual basis.

105.It is vital that the NSC is exposed not only to near-term assessments of risks, but also to longer-term ‘futures thinking’, using a range of tools and techniques such as strategic foresight and horizon-scanning. Such practice is not about predicting the future. Instead, it recognises the reality that the future will not play out as we expect, and so we must be prepared to respond to many possible contingencies. The civil service is already undertaking this work in isolated pockets of best practice, but the Government should consider strengthening this function within the Cabinet Office and giving it a more prominent, routine role in informing NSC discussions. This will better enable Ministers to stress-test their decisions, challenge their underlying assumptions and identify which additional capabilities might best protect the UK’s national security in the long term.

106.We recommend strengthening the Joint Intelligence Organisation at the centre of Government, ensuring that its remit incorporates providing assessments of the full range of threats and hazards. The Government should also consider tasking it with providing the formal warning function for all national security risks, in the near and longer term. It is essential that the JIO has the capacity to perform this function well and the Treasury should prioritise funding accordingly. The JIO should also ensure that its reporting maximises the volume of open-source information available.

Robust risk management processes

107.The Government uses risk management to “compare, assess and prioritise all major disruptive risks to our national security”, including man-made threats and natural or accidental hazards.160 The most serious risks to UK national security are captured in the classified National Security Risk Assessment (see Box 3), the most recent iteration of which was completed in 2019. The Government has previously published high-level summaries of the NSRA in 2010 and 2015, alongside the national security strategies. However, in 2020 the Government combined it with the public National Risk Register instead, without setting out its prioritisation of risks.161

Box 3: The National Security Risk Assessment

The NSRA is intended to identify and assess future security risks, generate actions, and offer evidence to enable central and local government to undertake contingency planning. This includes highlighting the common consequences arising from a range of risks, both domestic and international. The NSRA formerly organised risks into three ‘tiers’, based on a matrix assessment of their likelihood plotted against their impact. Previous Tier 1 risks have included a major accident or natural hazard, such as a severe flooding, and a hostile attack on UK cyber space by a state or non-state actor.

The NSRA process is led by the Civil Contingencies Secretariat (CCS) in the Cabinet Office and is informed by intelligence and information from across Government, as well as contributions from external experts. It is updated roughly every two years.

The CCS will use the next NSRA in 2022 to establish a National Exercise Programme, with cross-government exercises having focused primarily on EU exit and covid-19 risks since 2019.

Source: JCNSS, First Report of Session 2019–21, Biosecurity and national security, HL 195, HC 611; HM Government, “National Risk Register: 2020 edition”, December 2020; Cabinet Office (NSM0019)

108.In our scrutiny of the national security machinery, we have sought to build on the findings of our biosecurity inquiry last year, in which we used the Government’s handling of UK biological security and coivd-19 as a ‘test case’ for its management of Tier 1 (highest-priority) national security risks.162 We were also mindful of the work being undertaken in parallel by the House of Lords Select Committee on Risk Assessment and Risk Planning. As such, we have focused our attention on:

Utility of the National Security Risk Assessment

109.The Integrated Review explicitly recognised the need to review the Government’s approach to risk assessment.163 We have heard similar concerns to those raised during our biosecurity inquiry about how the NSRA is drawn up, and how it is turned into action by the Civil Contingencies Secretariat (CCS) and departments. These concerns included:

110.Sir Stephen Lovegrove told us that the NSRA methodology is currently under routine review in preparation for the 2022 iteration. Undertaken with support from the Royal Academy of Engineering, the review will consider lessons identified from covid-19 as well as how to improve the use of independent challenge and communication of risk.175 Sir Stephen would not commit to publishing the next NSRA, stating that decisions “have not yet been taken”.176

Using the NSRA to prioritise risks: no more tiers

111.NSRAs have previously categorised national security risks in three tiers, based on an assessment of their likelihood and potential impact. In the closing stages of our inquiry, the Government told us that the tiers were removed for the 2019 iteration of the NSRA.177 Michael Gove explained that the decision to do so

was made to maintain the separation between the assessment of the risk and the prioritisation decisions and judgements that drive capability building; these discussions are informed by the NSRA but should happen separately to the assessment process.178

112.We asked the Minister how the Government was now prioritising its efforts on national security risks in terms of ministerial and departmental time, exercises and funding. He said that: the NSC “routinely discusses national security risks and decides where to prioritise efforts”; the Integrated Review “set out the government’s priorities in national security and foreign policy”, using the NSRA as “part of its evidence base”; and that the “upcoming national resilience strategy will further set out HMG priorities in this area”. He added that “Lead Government Departments (LGDs) are responsible for planning and overseeing levels of preparedness for their risks, with ultimate accountability residing with the Secretary of State.”179

113.We received a confusing answer to our question as to the Government’s highest-priority risks under the 2019 NSRA. Mr Gove said: “The NSRA does not prioritise risks for preparedness purposes.” He then described a differentiated approach to the Government’s treatment of national security risks, saying:

For low to moderate impact and likelihood risks, risk-agnostic planning is developed based on the identified Planning Assumptions, (which set out the common consequences across the NSRA scenarios). For red risks (high impact and moderate to high likelihood), more specific planning is implemented that draws on both risk-agnostic and risk-specific capabilities.180

It is unclear how the new traffic-light system of risk categorisation maps onto the previous tiers approach. The more detailed preparation for ‘red risks’ suggests they are considered a priority. We are unsure why the Government will not tell us what these red risks are, when previous Governments were content to publish such information.

114.This belated revelation about the removal of the tiers in NSRAs only adds to our concerns about the seriousness and consistency of the Government’s approach to risk management. In particular, it is unclear what weight the Government put upon the NSRA in setting its goals and allocating funding under the Integrated Review.181 Ms Raine drew our attention to the “loose and unstructured” way in which the word ‘risk’ is used throughout the Integrated Review publication. It remains unclear how the Government is connecting the risk management and policy-making processes via the NSC and its supporting structures.182

115.We also note that the Government failed to tell us during our biosecurity inquiry last year that it was no longer using numbered tiers in the NSRA, even though our inquiry—and many of our conclusions and recommendations—explicitly considered pandemics as an example of a Tier 1 risk. The Government had many opportunities to inform us of this change, including a private briefing by officials, written and oral evidence, and its formal response to our report. As such, it is difficult to find reassurance in the NSA’s statement that the Government has “not jettisoned the risk assessment, and a sense of which risks are more critical, more catastrophic and more likely”.183

116.The Government should have informed Parliament that it had removed the tiers from the 2019 National Security Risk Assessment during our biosecurity inquiry in 2020 or in its response to our Biosecurity report.

Central governance and oversight: three lines of defence model

117.Michael Gove said that the NSC “is the collective decision making committee which considers matters related to resilience.” He explained that

Within the CO [Cabinet Office], Paymaster General is the Minister responsible for resilience and risk, and within this role oversees the delivery of the NSRA. Ministerial responsibility of the Resilience Strategy is currently being finalised.

Mr Gove also confirmed that—as the then Chancellor of the Duchy of Lancaster—he would chair any NSM meetings on resilience, even though he was not the Minister responsible. These meetings would “cover operational decisions, discuss strategy and deal with lower-level crises.”184

118.Beneath the level of the NSC, the Government is continuing its review of cross-department governance arrangements for resilience, including the Civil Contingencies Act 2004. According to Mr Gove, the review will consider the lessons from the covid-19 response and EU exit ‘No Deal’ preparations “when it is assessed that operational responders and wider government stakeholders have greater capacity to engage.”185

119.Witnesses reinforced the findings of our biosecurity inquiry that there is a lack of cross-government leadership—at ministerial and official level—on national security risk management, leading to an inconsistent approach across Government.186 We heard that:

120.Risk experts called for the Government to adopt the ‘three lines of defence’ approach to risk management (see Box 4). For Dr Toby Ord, an Oxford academic, this would be a timely change, given the experience of the covid-19 pandemic, the publication of the Integrated Review and wider efforts to reform the civil service, and one that would allow the Government to “become a world leader in this field”.195

Box 4: The ‘three lines of defence’ model of risk management

The ‘three lines of defence’ model of risk management has long been common in the private sector, particularly since the global financial crisis of 2007–08. Its aim is to ensure a coordinated and cohesive approach to risk management, by organising essential roles and responsibilities into three ‘lines of defence’:

    i)Day-to-day risk management and control, spread across a business or organisation, with individuals responsible for corrective actions and direct management of risks;

    ii)Functions that oversee risk (such as a Chief Risk Officer), with limited independence from the rest of the organisation; and

    iii)An independent assurance process (for example, an external audit), typically reporting to the governing body for the organisation.

The Basel Committee on Banking Supervision, a standard-setting body of central banks from 28 jurisdictions, noted in 2011 that a “strong risk culture and good communication among the three lines” are also important characteristics.

Source: Deloitte, “Project Risk Management: Applying the Three Lines of Defence Model to Project Risk Management”; Mr Sam Hilton (Research Affiliate at Centre for the Study of Existential Risk, Cambridge University) (NSM0011); Basel Committee on Banking Supervision, Principles for the Sound Management of Operational Risk, June 2011

121.Witnesses suggested different ways this model might be put into practice by the Government.196 Sam Hilton called for the Government to appoint an independent government Chief Risk Officer (CRO) as the second line of defence, supported by a dedicated unit to oversee the process of national security risk management. Dr Ord alternatively argued that this new model should focus more narrowly on extreme or existential risks, pointing to the findings of his research that: “There is very roughly a one in six chance of existential catastrophe in the next 100 years from extreme risks including pandemics, extreme climate change scenarios, nuclear conflicts and the creation of unaligned artificial general intelligence”.197

122.Commenting on the proposed model, Suzanne Raine said that the CRO should be a senior figure within the Cabinet Office—whether the JIC Chair, the NSA or a new appointment. She also stressed the importance of connecting the CRO to cross-government analytical, monitoring and warning functions. However, she doubted whether it would be helpful to create an external auditing and expertise body for “a lot of the really complicated, interconnected risks that we deal with on a daily basis in national security”, such as terrorism and state threats.198 Doing so would also require mechanisms for sharing potentially sensitive information securely and in confidence.

123.We are seriously concerned by the apparent downgrading of risk management in central Government. There is still not an NSC sub-committee dedicated to the management of risks. Central oversight and governance of risk management across departments remains under review. It is also unclear how the Government is prioritising its efforts and funding now that it no longer uses tiers to categorise risks in the National Security Risk Assessment.

124.Risk management across government is loose, unstructured, and lacking in central oversight and accountability at both the ministerial and official level. The centre of Government continues to maintain a relatively hands-off approach, rather than actively holding ‘lead departments’ to account for preparedness. In the wake of the covid-19 pandemic and the weaknesses it has exposed, this approach is demonstrably inadequate in managing the nature and scale of the threats and hazards we face today.

125.We recommend that the Government:

The Government should also consider establishing an external audit function for the assessment and management of risks where appropriate. The Government should update us on its progress against this recommendation when it informs us of the outcomes of its review of the NSRA methodology and/or the biosecurity governance review.

A national security profession

126.The Integrated Review stated that its delivery “will depend on the availability of people with the right skills, experience and security clearances to form flexible, diverse and multidisciplinary teams.” It acknowledged that “faster progress is needed” in building such capabilities.199 As part of our inquiry, we have considered the more fundamental need to establish a cross-government national security profession—that is, a recognisable community of civil servants with a shared sense of mission, doctrine and knowledge base.200 One option for doing so is the establishment of a cross-government College for National Security (CfNS) as part of the Government’s new Curriculum and Campus for Government Skills201—a proposal that was made in the Integrated Review.202

127.Former Chief Scientific Adviser for National Security Professor Anthony Finkelstein observed that the UK is “unusual amongst its allies in having no government-sponsored institution capable of driving the learning necessary to the formulation and execution of a modern national security doctrine.” He told us that a CfNS could play a key role in equipping national security professionals for the “changed environment” by:

In particular, he said, all national security professionals will need a “significantly enhanced understanding of accelerating technological and societal developments”, which will have a “potentially game-changing impact on our security and way of life.”203

128.Responses to the CfNS proposal have been mixed, and we note that similar initiatives have previously failed due to a lack of “traction” within Whitehall.204 Sir Ian Andrews, Vice-Chair of the National Preparedness Commission and former Second Permanent Secretary at the MoD, described it as potentially “invaluable” and “overdue”, given its potential to “develop a depth of mutual understanding and trust between all those entities likely to be involved in a response to a future crisis”, including beyond Whitehall.205 By contrast, Theresa May questioned the need for a College for National Security, comparing existing “relationships in the security field” favourably with those within the police, for example.206 It is also not yet clear how the CfNS would avoid duplicating existing analogous offerings, such as the FCDO’s Diplomatic Academy, and the MoD’s Defence Academy and Royal College of Defence Studies,207 as well as the higher-education opportunities available to some civil servants.208

129.We welcome the Government’s plans for a College for National Security in principle. It is essential to create a shared mission, language and understanding of threats and opportunities. It is also critical that Whitehall develops new skills and policy knowledge relevant to the digital age: the use of data in policy-making and understanding of the impact of technological change should be instinctive among civil servants—rather than being the preserve of the expert few within Government. A College could also build networks and relationships between key stakeholders within and outside Government, helping to diversify the voices contributing to our national security. However, its ability to succeed depends on the clarity of its relationship with existing bodies such as the Diplomatic Academy and the Royal College of Defence Studies; commitment from senior leaders from across the sector; and sufficient resources to deliver the level of technical capabilities required for current and future national security challenges.

Training for Ministers

130.Providing oral evidence to our biosecurity inquiry, the then Paymaster General, Rt Hon Penny Mordaunt MP, said: “you can have all sorts of structures in place [… but] what matters more is attitude” among Ministers.209 The everyday pressures on Ministers can make it difficult to find time for training. We also heard that some elected politicians “naturally bridle” at the suggestion it is needed.210 Nevertheless, Ms Mordaunt called for all Ministers—not just Secretaries of State—to be “trained to deal with situations and in the best shape possible to make the right decisions.” She suggested establishing a training programme for MPs before they become Ministers. She also noted the importance of exercises in making sure that Ministers are “drilled”.211

131.The NSA told us that national resilience exercising has been focused principally on EU Exit and covid-19 risks since 2019, including a series of cross-Whitehall exercises at both official and ministerial level. From 2022, Sir Stephen said, the Civil Contingencies Secretariat will re-establish a comprehensive National Exercise Programme to reflect NSRA priorities.212

132.It is vital that the NSC receives intelligence and policy options informed by a high-performing civil service with advanced capabilities, but there must be a willing and reliable customer at the end of the national security ‘supply chain’. We agree with the former Paymaster General, Rt Hon Penny Mordaunt MP, that the attitude and experience of Ministers are essential factors in effective policy- and decision-making, and that some form of ‘training’ is indispensable. We therefore welcome the Government’s plans for a National Exercise Programme in 2022 and look forward to hearing more details, including which Ministers will participate.

Transparency and accountability

133.The Integrated Review places significant emphasis on the role of non-government actors in meeting the security challenges facing the UK in the coming years—referring, for example, to a ‘whole-of-UK effort’ in delivering the UK’s goal of sustaining strategic advantage through science and technology, a ‘whole-of-nation’ approach to cyber, and a ‘whole-of-society’ approach to building national resilience.

134.Lord Hammond expressed scepticism about this ambition, especially given the nature of today’s security threats. Although he was in favour of opening up government processes to a group of people “outside the ministerial and official circle” who are vetted in some way, he cautioned:

It would be a huge mistake to sacrifice security for transparency in a world where we know that most of our adversaries have extremely non-transparent systems. Non-transparency delivers some advantages to our potential opponents.

He added:

It is far easier for a country like China to look at the whole of its society and think about how it would mobilise it to provide national resilience than it is for us, in a liberal democracy, where we are naturally wary of government seeking to direct private actors, except in times of dire national emergency.213

135.In contrast, Cat Tully strongly welcomed the Integrated Review’s approach as “a process of engagement rather than a document”, noting the public-engagement initiatives on “big strategic questions” in France, Germany, Spain, Canada and Singapore. She said:

The prize is huge on this. The risk of failure is a massive national security risk in itself, which is a next generation that is unconnected to the processes of this institution of government.

Ms Tully said that building intergenerational consensus on the UK’s role in the world can happen in many ways, “whether it is engaging at a Select Committee level or engaging with Treasury”.214 We also note the work of the non-profit Open Data Institute in encouraging and enabling a more open philosophy in policy-making through open data, open protocols and open-source tools.215

136.Other witnesses were not quite so ambitious and instead simply called for greater transparency of the NSC’s objectives so that UK civil society, academia and the private sector can better contribute to the UK’s national security goals. The NGO Saferworld urged the Government to release unclassified versions of the NSC’s sub-strategies, noting the commitment of previous Governments to do so.216 UKCRC said that the lack of visibility of NSC priorities was hampering world-leading scientists from knowing how best to contribute to the Government’s integrated approach, and it called on the Government to break down “silos” between the NSC, lead departments and UK Research and Innovation.217

The role of the UK Parliament and parliamentary scrutiny

137.Ms Tully described how Parliament’s efforts to hold the Government to account can encourage it to think about, and plan for, the long term.218 As Saferworld pointed out,219 Professor John Bew—the Prime Minister’s Foreign Policy Adviser who led the Integrated Review for the Prime Minister’s Office—has also previously highlighted the value of parliamentary scrutiny for national security. In a 2017 Policy Exchange paper, he and his co-author Gabriel Elefteriu pointed to the “important contribution” of the JCNSS and other Select Committees. They added: “Both in terms of bringing foreign policy issues before the public, and as a forum of strategic debate, parliament has a crucial role to play”.220

138.It is difficult for us to fulfil this role without access to the information we need.221 As Lord Hammond observed, there are good reasons why the Government is less transparent on national security than other policy areas. Nevertheless, our predecessor Committees have enjoyed a more open relationship with Government. For example, previous administrations have shared with us in confidence:

This is basic information which greatly assisted our scrutiny of the Government’s activities and our ability to hold Ministers to account for their commitments to the public. In the early days of the Cameron administration, the Government also delivered press briefings on select NSC meetings.222

139.We also note the findings of the Foreign Affairs Select Committee that Parliament’s challenge in scrutinising national security matters will only increase “as the Government continues to implement the fused approach to security that it outlined in the Integrated Review.”223 This is evident from the debates in both Houses on the role of Select Committees in scrutinising the work of the Investment Security Unit.224 The BEIS Select Committee will be responsible for overseeing the work of the ISU but sensitive information will only be provided to the Committee Chair in private, on privy council terms.225

140.In correspondence, Michael Gove assured us that the Government is “committed to ensuring Select Committees have the information they need to fulfil their vital oversight roles”.226 In addition, the NSA referred to the new ‘Strategic Advantage Cell’ within the National Security Secretariat, which will be tasked with improving relationships with academia, think tanks and parliamentarians. He further advised us that the Government would “try” to bring the first annual report for the Integrated Review before Parliament “before recess next year”—by late July 2022.227

141.However, we received a mixed response from the Government to our subsequent requests for further information. We asked that the Government share, in confidence, the NSC’s priority deliverables for the Integrated Review each year; but Michael Gove told us it would “not be appropriate to provide a running public commentary on the changing priorities of the NSC, some of which could be sensitive at the time”. He committed to providing future updates on the biosecurity review and the National Exercise Programme that will be established in 2022. However, Mr Gove was non-committal on sharing the findings of the review of NSRA methodology, saying simply that the “findings are not yet available”.228

142.Transparency and accountability are key building blocks of effective decision-making and implementation in national security, increasing opportunities for challenge and connecting the public to national security decision-makers. Inevitably, there will be some issues that require discussions to take place behind closed doors. However, greater openness is essential in an environment in which citizens are subject to national security threats on a daily basis and, as such, are central actors in building national resilience. There is no reason why the NSC and its machinery should not aspire to be part of the wider open-data movement within Government, using open protocols and the best open-source tools available. However, integrating these effectively into policy-making will require a shift in culture and skills.

143.We agree with Professor John Bew, who led the Integrated Review for the Prime Minister’s Office, that Parliament has a crucial role to play as a forum for strategic debate on national security. To that end, we recommend that the Government commits to an annual report to Parliament on national security and the Integrated Review, including notable updates to the trends outlined in the document, an update on the overall threat and opportunity picture, and progress against the Government’s national security objectives. Recognising the Committee’s proper role in scrutinising the NSC and its products, we also call on the Government to return to a more open relationship. To support our vital scrutiny work, we ask that the Government submits to us annually (in confidence, if needed):

a)Priority Integrated Review deliverables and progress against them;

b)NSC and NSM agendas, showing agenda items, paper titles and the name of the department or agency submitting them;

c)Attendees at each NSC and NSM meeting;

d)Reasons for any meeting cancellation or delays;

e)An update on external engagement (e.g. with policy experts) throughout the year, to inform NSC and NSM papers; and

f)An update on the work of the College for National Security, if it is established, detailing the training provided and the numbers of participants, broken down by department, agency and type of external organisation.

115 Q83 [Suzanne Raine]

116 Q88 [Professor Sir David Omand]

118 Sir David Omand (Professor at War Studies Department, King’s College London) (NSM0002); Q84 [Professor Sir David Omand]

119 Henry Jackson Society (NSM0018)

120 There is a lack of clarity in the use of these terms across Government and the private sector. In this report, we use the definitions provided by the Government Office for Science (GO Science) as follows.
‘Futures thinking’ refers to “different approaches to thinking about the future and exploring factors that could give rise to possible and probable future characteristics, events and behaviours.”
‘Foresight’ (or ‘strategic foresight’) refers to “the tools/methods for conducting futures work, for example, horizon scanning (gathering intelligence about the future) and scenarios (describing what the future might be like).”
‘Horizon-scanning’ is “a systematic examination of information to identify potential threats, risks, emerging issues and opportunities, beyond the Parliamentary term, allowing for better preparedness and the incorporation of mitigation and exploitation into the policy making process.”
See GO Science, “A brief guide to thinking about futures thinking and foresight”, 2021, p. 3

122 Sir Stephen Lovegrove (National Security Adviser at Cabinet Office) (NSM0036). The Civil Contingencies Secretariat does engage in horizon-scanning on a shorter timescale in support of the NSRA. Cabinet Office (NSM0035)

123 Q84 [Cat Tully]

124 Suzanne Raine, “The Integrated Review Should Prioritise Understanding”, RUSI, 28 September 2020

125 Q84 [Suzanne Raine]

126 Q27; Sir David Omand (Professor at War Studies Department, King’s College London) (NSM0002); Q95 [Professor Sir David Omand]

127 According to Suzanne Raine, the monitoring and warning function works well in some areas such as terrorism and cyber security—both of which benefit from a dedicated cross-government analysis and assessment body which also owns the monitoring system, in the form of the Joint Terrorism Analysis Centre (JTAC) and the National Cyber Security Centre, respectively. Qq84, 85, 92 [Suzanne Raine]

128 Suzanne Raine, “Half of the National Risk Register is Missing”, RUSI Newsbrief (Vol. 41, No. 1, January/February 2021)

129 Q84 [Professor Sir David Omand]

132 Qq84–85 [Suzanne Raine]

133 Qq84, 95 [Suzanne Raine]

134 Professor Sir David Omand, former UK Security and Intelligence Coordinator in the Cabinet Office (2002–05) and Suzanne Raine, former Head of the Joint Terrorism Analysis Centre (2015–2017) (NSM0031)

136 Q96 [Suzanne Raine]

137 Dr Lentzos and Professor Goodman noted the range of challenges this involves, from information overload, to disinformation, information security vulnerabilities and poorly understood biases in data collection and analysis. See Dr Filippa Lentzos (Senior Research Fellow at King’s College London) and Professor Michael Goodman (Professor of Intelligence and International Affairs at King’s College London) (NSM0009)

139 Office of the Chief Scientific Adviser for National Security, Cabinet Office (NSM0030)

140 Qq69–70 [Lord McDonald]

142 Q96 [Professor Sir David Omand]

143 Rebellion Defence Limited (NSM0005)

144 Professor Sir David Omand, former UK Security and Intelligence Coordinator in the Cabinet Office (2002–05) and Suzanne Raine, former Head of the Joint Terrorism Analysis Centre (2015–2017) (NSM0031)

145 According to the Government, INDEX will be a “trusted and secure digital service for government”, focusing on “solving the most pressing information and data-related problems”. It will include an accredited cloud that allows centralised access: to OFFICIAL-SENSITIVE material; to the best platforms and tools within government; and to a stream of curated information and data from the public domain. This core capability will be further improved by innovations in technology including machine learning and advanced analytics. The platform is still in the proof-of-concept phase. Email correspondence between the Professional Head of Intelligence Analysis (Cabinet Office) and Committee staff, 24 August 2021

146 Report of a Committee of Privy Counsellors, Review of Intelligence on Weapons of Mass Destruction, HC 898, para 57

148 Report of a Committee of Privy Counsellors, Review of Intelligence on Weapons of Mass Destruction, HC 898, paras 56–57

149 Celia G. Parker (PhD candidate at King’s College London) (NSM0008); Dr Filippa Lentzos (Senior Research Fellow at King’s College London) and Professor Michael Goodman (Professor of Intelligence and International Affairs at King’s College London) (NSM0009)

150 Cabinet Office, Mission Critical – Why Inclusion is a National Security Issue and what You Can Do to Help, July 2017

154 Dr Filippa Lentzos (Senior Research Fellow at King’s College London) and Professor Michael Goodman (Professor of Intelligence and International Affairs at King’s College London) (NSM0009); Saferworld (NSM0016)

155 See footnote 147 for a definition of red-teaming. See also Mariam Elgabry (PhD Researcher in Cyber-biosecurity and a founding Director of Enteromics Ltd. at UCL/Enteromics), Dr. Darren Nesbeth (Associate Professor for Biochemical Engineering at Advanced Centre for Biochemical Engineering, UCL), and Prof Shane Johnson (Director of the Dawes Centre for Future Crime at Jill Dando Institute, UCL) (NSM0026)

156 Q90 [Cat Tully]

157 Qq90, 94 [Cat Tully]

158 UK Computing Research Committee (UKCRC) (NSM0023); Dr Daniel Lomas (Lecturer in International History at University of Salford) (NSM0021). UKCRC is an expert panel of the Institution of Engineering and Technology and the BCS, The Chartered Institute for Information Technology.

159 Sir Stephen Lovegrove (National Security Adviser at Cabinet Office) (NSM0036)

161 Cabinet Office (NSM0019); JCNSS, First Special Report of Session 2019–21, Biosecurity and national security: Government Response to the Committee’s First Report of Session 2019–21, HC 1279

162 JCNSS, First Report of Session 2019–21, Biosecurity and national security, HL 195, HC 611

163 HM Government, Global Britain in a Competitive Age: The Integrated Review of Security, Defence, Development and Foreign Policy, CP 403, March 2021, p. 89

164 Dr Toby Ord, an Oxford academic and existential risk expert, said: “An existential catastrophe would destroy the UK’s present and the future—affecting both present citizens and all future citizens. They therefore have uniquely high stakes—because the UK would by definition be unable to recover from one single such disaster.” Dr Toby Ord (Senior Research Fellow at Future of Humanity Institute, Oxford University) (NSM0013)

165 For instance, the covid-19 pandemic has demonstrated how a crisis in one part of the world can quickly become global, and how a health crisis can quickly become an economic and trade crisis.

166 Mr Sam Hilton (Research Affiliate at Centre for the Study of Existential Risk, Cambridge University) (NSM0011). See also Dr Toby Ord (Senior Research Fellow at Future of Humanity Institute, Oxford University) (NSM0013)

167 Suzanne Raine, “Half of the National Risk Register is Missing”, RUSI Newsbrief (Vol. 41, No. 1, January/February 2021)

168 Q47; Q92 [Professor Sir David Omand]; Mr Ed Arnold (Director at The D Group) (NSM0014)

169 Rethinking Security (NSM0017). Our predecessor Committee also commented on the mismatch between the categorisation of a nuclear attack as a Tier 2 risk and the scale of Government spending on the nuclear deterrent, which far outstrips spending on Tier 1 risks. See JCNSS, First Report of Session 2016–17, National Security Strategy and Strategic Defence and Security Review, HL 18, HC 153, para 102

172 Cabinet Office (NSM0032)

173 Reform think tank (NSM0027)

174 Mr Sam Hilton (Research Affiliate at Centre for the Study of Existential Risk, Cambridge University) (NSM0011)

175 Cabinet Office (NSM0032); HM Government, Global Britain in a Competitive Age: The Integrated Review of Security, Defence, Development and Foreign Policy, CP 403, March 2021, p. 89

176 National Security Adviser (NSM0024)

177 Cabinet Office (NSM0032)

178 Cabinet Office (NSM0035)

179 Cabinet Office (NSM0035)

180 Cabinet Office (NSM0035)

181 Cabinet Office (NSM0035)

182 Q84 [Suzanne Raine]

183 Q137 [Sir Stephen Lovegrove]

184 Cabinet Office (NSM0035)

185 Cabinet Office (NSM0035)

186 Q84 [Suzanne Raine]; Mr Sam Hilton (Research Affiliate at Centre for the Study of Existential Risk, Cambridge University) (NSM0011)

187 Mr Sam Hilton (Research Affiliate at Centre for the Study of Existential Risk, Cambridge University) (NSM0011)

188 Mr Sam Hilton (Research Affiliate at Centre for the Study of Existential Risk, Cambridge University) (NSM0011); Cambridge University’s Centre for the Study of Existential Risk (NSM0029)

189 Under this model, responsibility for resourcing and overseeing levels of preparedness to the potential consequences of each risk is assigned to a single department, which is tasked with coordinating across Government as necessary.

190 Reform think tank (NSM0027)

191 Reform think tank (NSM0027); Suzanne Raine, “Half of the National Risk Register is Missing”, RUSI Newsbrief (Vol. 41, No. 1, January/February 2021)

192 Cabinet Office (NSM0035)

193 Dr Rowena Hill (Associate Professor of Disasters and Emergencies at Nottingham Trent University); Rich Pickford (Knowledge Exchange and Impact Officer at Nottingham Civic Exchange); Adam Potter (Research Assistant at Nottingham Trent University) (NSM0010)

194 Q110 [Joe Griffin]

195 Dr Toby Ord (Senior Research Fellow at Future of Humanity Institute, Oxford University) (NSM0013)

196 For example, Mr Sam Hilton (Research Affiliate at Centre for the Study of Existential Risk, Cambridge University) (NSM0011); Dr Toby Ord (Senior Research Fellow at Future of Humanity Institute, Oxford University) (NSM0013); Cambridge University’s Centre for the Study of Existential Risk (NSM0029)

197 Dr Toby Ord (Senior Research Fellow at Future of Humanity Institute, Oxford University) (NSM0013)

198 Q93 [Suzanne Raine]

199 HM Government, Global Britain in a Competitive Age: The Integrated Review of Security, Defence, Development and Foreign Policy, CP 403, p. 99

200 We use ‘doctrine’ here to refer to a fundamental set of principles that guide all those working in national security across Government as they pursue its national security objectives. The definition is that used by RAND Corporation, “Military Doctrine”, accessed 23 August 2021

201 The curriculum and training campus was elaborated upon in the Declaration on Government Reform, which committed to “a new digital way to access learning, a mandatory induction package, and a data masterclass for the SCS [Senior Civil Service]”. The Government also plans to “bolster traditional skills such as drafting written advice, understanding statistical concepts, and appreciating how Parliament works, as well as developing expertise in areas including digital, data, science, and project and commercial delivery”. Cabinet Office, “Policy paper: Declaration on Government Reform”, 15 June 2021

202 HM Government, Global Britain in a Competitive Age: The Integrated Review of Security, Defence, Development and Foreign Policy, CP 403, p. 99

203 Professor Finkelstein listed data, analytics, novel sensors, commercialised space, artificial intelligence (AI) and machine learning, behavioural sciences, bioengineering, and global technologically mediated platforms as examples of technological developments that all national security professionals will need to understand. Office of the Chief Scientific Adviser for National Security, Cabinet Office (NSM0030)

204 Sir Ian Andrews, “A College for National Security (and Resilience)?”, National Preparedness Commission, 15 June 2021

205 Sir Ian Andrews, “A College for National Security (and Resilience)?”, National Preparedness Commission, 15 June 2021; Professor Sir David Omand, former UK Security and Intelligence Coordinator in the Cabinet Office (2002–05) and Suzanne Raine, former Head of the Joint Terrorism Analysis Centre (2015–2017) (NSM0031); Q87

207 Foreign and Commonwealth Office, “Diplomatic Academy”, accessed 23 August 2021; Defence Academy of the United Kingdom, “RCDS programme”, accessed 23 August 2021

208 Office of the Chief Scientific Adviser for National Security, Cabinet Office (NSM0030)

209 Oral evidence taken before JCNSS on 9 November 2021, HC (2019–21) 611, Q64 [Rt Hon Penny Mordaunt MP]

211 Oral evidence taken before JCNSS on 9 November 2021, HC (2019–21) 611, Q64 [Rt Hon Penny Mordaunt MP]

212 Cabinet Office (NSM0032)

214 Q91; see also School of International Futures, “A National Strategy for Next Generations: Pilot Programme Report”, October 2020, Executive Summary

215 “Projects and Services”, Open Data Institute, accessed 14 September 2021

216 Saferworld (NSM0016)

217 UK Computing Research Committee (UKCRC) (NSM0023)

219 Saferworld (NSM0016)

220 John Bew and Gabriel Elefteriu, “Foreign Policy and National Security in the New Parliament”, Policy Exchange, 2017, pp. 2, 6

221 Saferworld (NSM0016); Rethinking Security (NSM0017)

222 For example, see Prime Minister’s Office, “Number 10 Press Briefing—Morning, from 27 September 2010” and Prime Minister’s Office, “Press briefing: afternoon 25 June 2013

223 Foreign Affairs Committee, Third Report of Session 2021–22, Sovereignty for sale: the FCDO’s role in protecting British strategic assets, HC 197, para 63

224 HC Deb, 20 January 2021, col 988ff; HC Deb, 26 April 2021, col 151ff; HL Deb, 4 February 2021, col 2333ff; HL Deb, 2 March 2021, col 312GCff; HL Deb, 16 March 2021, col 195ff; HL Deb, 15 April 2021, col 1453ff

226 Cabinet Office (NSM0035)

227 Q125 [Sir Stephen Lovegrove]; Q139 [Sir Stephen Lovegrove]

228 Cabinet Office (NSM0035)




Published: 19 September 2021 Site information    Accessibility statement