An interrelated threat landscape calls for an ecosystem response
While the last few years have felt tumultuous, very few of the most severe national security threats facing the UK were entirely unexpected. In fact, the threats facing the UK have remained largely consistent for years, with a pandemic event flagged as one of four risks in the highest tier in the National Security Strategy and Strategic Defence and Security Review 2015.
What has changed is the complexity and amorphous nature of these threats. No single agency can plan to tackle threats to global security alone. This calls for an evolution in the way UK security leaders respond; for an ecosystem approach where a unified whole greater than the sum of its parts can maximise interoperability, adaptability and the delivery of value-adding work. Three steps are needed to make this happen:
1. Disrupt the established order
UK national security organisations have each developed their own cultures over the course of decades or, in some cases, hundreds of years. While these cultures have their benefits, they can stifle working outside of the organisation’s boundaries. Senior staff are often under pressure to protect organisational interests. They choose to expand their remit rather than partnering with wider experts. This impedes system-wide interoperability and dilutes each organisation’s unique, value-adding capabilities.
These ways of working are problematic when threats call for close working with new partners that have different cultures and areas of focus. For instance, experts in cyber defence are more likely to work for technology and software providers. And as we’ve seen over the past year, a pandemic response means civil service, military and law enforcement working closely with academics and health care professionals.
One way of bridging the gaps between the remits of existing organisations would be to establish focused task forces or temporary organisations to concentrate on specific issues. Precedents can be found in the 2012 Olympics and the recently established Joint Biosecurity Centre. However, any new organisations cannot be created haphazardly and expect to be effective. The right mix of skills needs to be brought together, with clear accountability from the start, and supplemented by an inclusive and continual learning culture to ensure the organisation grows and thrives.
Any national security organisation – be it temporary or permanent – needs to be able to draw on capabilities from different areas. This is only possible if the UK Government is clear about the specialisms it needs to draw on and nurture to maximise effectiveness in different fields. Organisations need to be incentivised to build and retain the skills needed, foster a pride in delivering excellence, and avoid the default ‘specialism equals time served’ dynamic that plagues so many organisations.
2. Build a strong strategic centre to lead the national security ecosystem
UK state actors often excel in operational crises, where the imperative to deliver at pace brings out the best in most parts of the ecosystem. However, too often a triumph of reaction isn’t recognised as a failure of planning.
Any strategic centre needs to establish the bandwidth and the underlying capability required to lead cross-system scenario planning. This doesn’t mean that the Cabinet Office’s National Security Secretariat needs to employ a small army of planners. Instead, it needs to be able to leverage experts and operational practitioners from across the ecosystem to shape, refine and test plans to respond to a range of threats. This needs to be a dynamic process, with the strategic centre driving other organisations to be constantly adaptive.
Effective performance measurement is a critical underpinning of any strategic centre, but is contingent on the availability of accurate and timely data. This can provide the situational awareness that ministers and other decision-makers need to make effective assessments about which threats are most pressing, triggering interventions based on bandwidth and resources. This doesn’t call for the creation of a vast central data hub. Instead, the strategic centre needs to commission and pull together objective, evidence-based analysis from across the system to establish up-to-date insight about performance, acting on evidence rather than established wisdoms.
For their part, leaders need to create space to consider data-based insight both inside and outside of decision-making forums – and, crucially, be open to having their wisdom challenged by it. Data will only make a difference when it’s used to genuinely affect decision-making. Otherwise it’s just an expensive luxury used to reinforce subjective opinions.
3. Take active measures to capture information-sharing benefits
The UK has globally renowned national security and law enforcement organisations with strong track records of threat identification and disruption. However, existing approaches to sharing information across the national security ecosystem are increasingly untenable against the adversarial agility of the threat landscape.
Embedding information-sharing in processes and policies allows reliable sharing at scale but is inflexible and slow to react. On the other hand, relying on people making sharing judgements based on their networks and relationships is more responsive and flexible, but doesn’t provide any specific, systemic solutions to the structural barriers that have arisen.
The closer the ecosystem can get to adopting shared standards for technology and data, the easier it will be for people and processes to adapt rapidly. This requires a strategic, cross-organisational approach to planning and policy formulation. A carefully cultivated programme of work to drive this could be run out of the Cabinet Office. It could be established as a temporary organisation with a specific, bounded remit, minimising the friction of resourcing and governance issues that emerge when co-ordinating dozens of departments. To retain momentum, the UK should build on the many local initiatives among clusters of organisations who recognise the value of sharing. At the same time, a comprehensive programme of work with dedicated resource is critical to aligning efforts across the ecosystem and optimising the benefits to all.
New and different approaches across the national security ecosystem are needed to tackle the challenges ahead.
By creating the structures and cultures to enable a more integrated approach, developing strong situational awareness of all national security threats through a capable strategic centre, and by making information sharing systematic through a common approach, the UK’s national security community can truly become stronger than the sum of its parts.