Preparation for the UK’s Integrated Review (IR) of Foreign Policy, Defence, Security and International Development continues at pace. Concurrently, the Intelligence and Security Committee of Parliament (ISC) has published a report into the threat from Russia, making clear the shortcomings in the UK’s response.
The integrated review is a singular opportunity for UK national security leaders to propel us forward and break the impasse that has limited progress for the UK’s Fusion Approach. The opportunity requires a new collective response with participation welcomed from the broadest range of partners; a reimagining of the use of information; and critically, a new model for security leadership as too often the UK defaults to organisational responses to help manage increased complexity. For instance, the establishment of Computer Emergency Response Team-UK (CERT-UK) in 2014, closed down with accountabilities folded into the National Cyber Security Centre (NCSC) just 2 years later.
Establishing new organisations and headquarters can be costly, politically charged and slow, especially as the number of partners rises. As the Russia report rightly highlights, leadership of a cross-department issue like cyber is a “complex landscape” – but the threats and challenges extend way beyond the cyber domain.
Departments need to resist the traditional tendency to add complexity through additional leadership and governance structures. Instead we should simplify and empower - orchestrating partnerships through a wider range of appropriate collaboration models that engender initiative-taking and pace in response to a fast-changing world.
Before the moment and momentum is lost, leaders should seize the opportunity to shape and lead through common purpose, taking these four actions:
1. Nudge, don’t tell
There is no room in national security for a ‘hot potato’. Every national-level security threat and opportunity, from State and non-State threats to pandemics and environmental emergencies, requires a single, empowered Pan-Government Lead (PGL) with accountability for capturing the contribution of the breadth of the security ecosystem.
Their leadership role is not to solve the problem themselves, nor to tell others how to do so. No one organisation has all the levers required or the necessary expertise to enact whole system change. Instead, leadership means the effective ‘nudging’ of the ecosystem, setting the conditions for success, building a shared understanding of the risk and the opportunity for others to assume responsibility and contribute safely. This requires continual communication, common access to accurate information and absolute clarity on national objectives.
One non-traditional organisation that has excelled at influencing a broad ecosystem is NCSC. Their goal to help “make the UK the safest place to work and do business online” is unfathomably broad. Through relationships with schools and universities; technology incubators; Girl Guides; accreditation schemes and numerous other bodies, they have slowly encouraged each organisation to pull together through alignment of self-interest to exponentially scale the development of UK cyber skills.
2. Reward all high value activity
Given the amorphous nature of the challenges we face, there is no hard boundary to the security ecosystem. Every challenge will call a revolving cast of respondents to the table. The PGLs need to understand the motivation of all players and put in place incentives and rewards that align with that motivation.
This means we need to embed a much more flexible approach to channelling public money. Too often the assumption is that demand and volume of services (and hence budgets and headcount) can only go up, rarely down. This wrongly incentives public sector ‘empire building’, leading to bloated, slow-moving organisations. Instead, we need to develop leaders that are able to move money at pace to where the impact is greatest – be that public sector, private sector, or even the individual citizen.
A future leadership model should include the rapid mobilisation of Special Purpose Vehicles to exploit shorter term opportunity before disbanding; the establishment of platform business models that automate the matching of supply and demand (for instance cyber victims with incident response companies); and a greater government role in seeding and incubating innovation and open source communities.
3. Smash through the barriers to collaboration
Incremental adjustments to our national security posture aren’t enough to keep pace with fast-changing threats. It calls for boldness and pace an order of magnitude greater than we’ve seen this century. A key leadership trait will be the unapologetic removal of barriers to progress and reward of collaborative behaviours.
The barriers are many. For example, between organisations that operate under different legal frameworks (defence, national security, law enforcement) the constraints on information sharing can bring effective collaboration to a standstill. So, at the macro-level, pan-Government Leads need to begin pushing now for the legal and policy frameworks they need to be effective. Locally, individual agendas and departmental politics sap the energy from great ideas.
The answer is a relentless push to build the strongest possible sense of purpose, combined with putting in place more adaptive ways of working based on openness, modularisation and local empowerment. The COVID-19 experience to date has shown that barriers to progress are largely self-imposed. When the operational imperative is clear, rapid change is almost always possible and it is essential for government departments to trust each other and work in concert to achieve outcomes at pace. There has been no better example than the VentilatorChallengeUK, where the UK Government asked us to lead one of the largest mobilisations of innovation, science and engineering since the Second World War. Against all odds, the UK Ventilator Challenge made sure that everyone in the UK who needed a ventilator got one.
4. Be honest about what works and what doesn’t
A large and often virtual team, moving at pace in an environment of extreme breadth, complexity and ambiguity will make mistakes and experience failure. That’s ok provided we have built in an ability to learn and adapt. The role of the PGLs is to ensure that these feedback loops are in place and that we cycle through them regularly and rapidly.
What is important is that looking back is done in the true spirit of learning. As well as a ‘do-learn-do-adapt’ mindset in individual leaders themselves, it requires an enterprise culture focused on expertise and evidence, not groupthink or opinion. Leaders need to put in place appropriate frameworks to track operational impact rather than just inputs, reviewing progress regularly and after every significant experiment or change.
This might feel uncomfortable - surfacing problems always does. But learning is the fuel of adaptation, enabling organisations to improve their operations, their approach to collaboration and the four elements of the fresh leadership approach outlined above.
The Integrated Review is a singular opportunity for UK national security leaders to propel us forward and prepare for the world ahead. Leading through a sense of purpose is essential to achieve pace. It’s time to seize this renewed imperative to become more purpose-led, adaptive and collaborative.