Joint Committee on the National Security Strategy

Oral evidence: National security machinery

Monday 7 June 2021

4 pm


Watch the meeting

Members present: Margaret Beckett (The Chair); Lord Brennan; Mr Tobias Ellwood; Richard Graham; Baroness Healy of Primrose Hill; Baroness Henig; Baroness Hodgson of Abinger; Darren Jones; Lord King of Bridgwater; Sir Edward Leigh; Lord Laming; Baroness Neville-Jones; Lord Strasburger.

Evidence Session No. 4              Virtual Proceeding              Questions 83 - 96



I: Professor Sir David Omand, former UK Security and Intelligence Co-ordinator in the Cabinet Office (2002-05); Cat Tully, Managing Director, School of International Futures; Suzanne Raine, former Head of the Joint Terrorism Analysis Centre (2015-17).


Examination of Witnesses

Professor Sir David Omand, Cat Tully and Suzanne Raine.

Q83            The Chair: Sir David, Ms Raine and Ms Tully, thank you very much for coming to the meeting, and welcome. Can I begin by asking a bit about the role and remit of the National Security Council, which, as you know, we are scrutinising in this inquiry? Perhaps I could begin with you, Sir David. Once the National Security Council and the role of the National Security Adviser were set up in their present form, how big a change was that?

Professor Sir David Omand: It was very significant. When I retired from the Cabinet Office in 2005, I went public with Demos to argue for a National Security Council, national security staff and a National Security Adviser, because I had lived through the division between the domestic sphere and the overseas sphere, for example in the run-up to the war in Iraq, and it was extremely difficult to handle.

Our American friends found exactly the same. They had the Homeland Security Council as well as the National Security Council. When Hurricane Katrina struck New Orleans, they found it very difficult to co-ordinate through two separate overseeing bodies, so they brought them together, and I am delighted that the UK did the same.

I am sure that it is not perfect and that it keeps evolving. I have not had the opportunity to sit in on their meetings, having retired, but it is a thoroughly good thing and represents progress in thinking about crises, emergencies, preparatory action and the sorts of policies that should be adopted.

The Chair: There has been some criticism about an impression that existed that it tended to focus more on the operational than on the strategic. As you say, you have not been at the meetings, but what are the kinds of issues that a more strategic security council should cover?

Professor Sir David Omand: Gresham’s law says that short term drives out long term, and that will always be the case, partly because of the nature of the world, partly because of the nature of those who enter politics and who have to face day-to-day crises and media crises. What worries me is that we have some very significant longer-term developments that we can already see. Some stem from climate change and some from technology, such as the possibility of quantum computing at scale.

I asked myself, “What happens if China gets there first and produces a workable quantum computer?” Then the state security organisations in China will have access to global financial flows and to defence communications. As a natural conclusion, a good example of what a National Security Council can do is to meet, to be briefed on that possibility, and then to say, “We need to put some money into advanced mathematical research to develop quantum-resistant algorithms”. It may never happen. The technology is still unproven at scale. The Chinese might not be the first to get there, but we will rue the day if they are.

The Chair: Ms Raine and Ms Tully, would either of you like to comment on what we have just been discussing?

Suzanne Raine: I would like to make a couple of observations. Sir David wrote a book called How Spies Think, and I think the next book should be called How Government Thinks, because the critical issue at the heart of this is how the Government should do their strategic thinking, particularly on areas of national security. I am sure we will come on to how you define what those are. You cannot make a good strategy until you have a good understanding of the situation or of your opponents.

Just as important as the meeting itself is how the Government amass their understanding on an issue—we will come on, I am sure, to discuss the role of assessment and analysis in that—but also the process by which a decision is taken on what to put on the agenda of the National Security Council. That process is structurally unclear. Whenever something is structurally unclear, you have to ask, “Why is it unclear and how could it be clearer or improved?”

In my experience, one of the real difficulties was a reasonable desire upon the part of the secretariat to timetable the meetings and, therefore, to plan. You would say, “Over the next three months, we’re going to have discussions on counterterrorist strategy, intervention in Libya, and Chinese investment”. As a consequence of that, you would find that a discussion on intervention in Libya or counterterrorist strategy would be scheduled for two months in the future.

That is completely illogical, because if you are saying, “This issue is of sufficient importance that it will be discussed by the National Security Council, but it is not important enough that it cannot wait for two months before we have the meeting”, there is something wrong there. Either it is sufficiently important that it needs to be discussed now or you need to find another way to deal with it.

One of the real difficulties in the programming is that you could wait three months for the meeting on the issue that was really important and needed to be discussed, only to find that, on the day, something else had happened that meant that the meeting was going to be cut short and the poor civil servants behind were desperately trying to scramble around with that.

For me, there is a real decision about how you programme for it and whether you can find a way for it to do strategic thinking, or whether it ends up as, primarily, a crisis response body. In my perfect world, it should do two things: it should anticipate and it should decide. Anticipation requires linking to national security risks, which I know we will talk about; and decision requires really good corralling of the information in advance and preparation, so that it can decide. There were lots of things in there, but I am happy to discuss any of them in more detail.

Cat Tully: I very much agree with what has been said up to now. If I was going to give it a rate card, it would be like a glass half full. Where it is half full is with the steps forward in stitching the analysis together across ministries and bringing together domestic and foreign policy in particular. However, it is very much focused on risks rather than opportunities, and on response and reaction rather than on spotting the slow-moving trends and long-term questions that are arising, whether they are disruptions and unexpected, to a certain extent, or whether they are slow-moving, burning developments.

There is something about detecting the signal from the noise: building the capability around the council and the committee to detect what is happening. There is then something about building the capability to respond to it and holding the different ministries to account ond those responses. There is a good supply of signals out there across the different analytical communities within Whitehall and beyond, but what that means for policy and then holding the departments to account against that is an area on which we are less focused.

In terms of my observations, how do you really address the pressures for the short term that David mentioned? There is a need for some kind of intergenerational fairness assessment of big decisions, so that, when you are under pressure, you can quickly understand how a policy decision affects generations alive now and in the future, in a very quick and dirty way that brings the long term to the here and now, even under conditions of stress.

There has been a really interesting step forward with the integrated review and some opportunities to build on, but has it really made the hard choices and was it really consistent? Some of those questions cannot be resolved just at a political or technocratic Civil Service level; they require conversations among the wider public to address some of those thorny strategic questions over the next 10 to 20 years.

That is a space where the national security community lags behind the rest of the Civil Service in being open to other forms of what evidence is and can look like when you are working in an uncertain and volatile world, where the value of expertise based on what went on in the past is perhaps helpful but not the only indicator for making decisions.

Q84            Darren Jones: Good afternoon, everybody. I want to take us back to basics, in the hope that you might help me understand how this should or ought to work in practice. As far as I can see, we have the strategic horizon scanning, the decision-making and the operational delivery, as three different buckets of work. In terms of the tiers of government or the machinery around national security, we have Downing Street and the Cabinet, the National Security Council and its subcommittees, and the departments. I am keen to understand how, in practice, the different functions of horizon scanning, decision-making and operational delivery should be separated between the tiers of government. How does it work in practice today and should that change?

Professor Sir David Omand: There is a need for a warning function to provide strategic notice to government of future dangers, both near and long term. You were all told by Peter Ricketts, when he gave evidence, that, traditionally, near-term warning comes through the Joint Intelligence Committee chair, and he attends meetings of the National Security Council. That is fairly straightforward. It is complex and difficult to do the assessment that will generate such warnings, but, in principle, it is fairly straightforward.

The horizon-scanning part of it is much less clear. You already heard from Simon McDonald that we have tried horizon scanning in the past but that it has never worked very well, it is always the thing that is put to one side when real life takes over, and it has never really connected with the rest of the system. That is one of the reasons why I argue in the paper I have provided that you should look to the chair of the Joint Intelligence Committee not only to have the near-term warning function but to be able to integrate it with the longer-term strategic notice of things that you could imagine may not happen but that, if they did, would be very serious. You will recall Robin Butler’s strictures about the JIC chair from his review of intelligence on weapons of mass destruction after the Iraq invasion. You can rely on the JIC chair being impartial and being an extremely senior and experienced figure.

Building on that, you then have to create the horizon-scanning capability. It uses rather different techniques from those used for short-term inference by the analysts, and I am sure Suzanne will have something to add on that. In my paper, I say, “Let’s build that in parallel”, and you could then have the JIC chair overseeing the totality of that kind of advice being provided to the National Security Council.

In my view, it should certainly be focused on informing the NSC. That means informing the Prime Minister and Downing Street. It brings in the major departments. Dependent on the subject, you would then need to have the relevant Secretaries of State brought in for the sort of discussion that would emerge.

It is not too difficult to see how you could make all this hang together, but a point that I emphasised in the book that Suzanne mentioned, which I have just published, is that you need strategic notice to be provided of what is going on, on the ground or in cyberspace. You need genuine, sound explanations of what is going on and what our adversaries are up to. You need an estimation of where this might end up.

You then complete that circuit with the strategic notice that is obtained by imagining the future and then working up to the present: could we do anything to try to make it more likely that we end up in one of the futures that we like rather than a future that would cause extreme difficulty for us? The example I gave was quantum computing, but there are many others. I hope that helps give a sense of how the machinery can all fit together. The pieces are mostly there but not necessarily in the right place or connected by the right processes.

Darren Jones: Ms Raine and Ms Tully, what should we change to make that more effective?

Suzanne Raine: The input should not be just strategic horizon scanning. In my experience, as Sir David said, strategic horizon scanning has a role, but it does not help you in the management of national security risks that are real and present dangers, of which there are many.

The framework that you have is a set of national security risks. I have not seen the classified national risk register, but I assume that it is comprehensive and we have to work on that basis. That needs to include risks to the delivery of your strategy. Any organisation has a strategy and a risk register, which has owners of the risk, a clear monitoring system that includes mitigations of the risks and monitors those mitigations, and a clear idea of who is responsible for responding to the changes in the risks.

Very few of the risks that the national security community needs to deal with are new. A lot of the problems in the world are pretty constant: great power competition, global terrorism, war and conflict, and poverty and refugees. These do not go up and down in a short cycle. The argument that Sir David and I are making is that you need to have a really empowered and esteemed system of monitoring each of these risks.

In some instances, that system has already been set up and is functioning as optimally as it can. Terrorism is clearly a good example of that, but you have it as well on cybersecurity and on hazards such as floods and volcanos. You could easily broaden that out to include the whole range of national security risks, and you would then need to decide where to put the warning function. It could sit with the JIC. I would argue that, if you say that it does not sit with the JIC, you need to come up with an alternative that explains why you are setting up a slightly duplicatory body. Again, this is all about thinking about how it would work in practice.

I had a look at the integrated review and just typed “risk” into the search function. It is mentioned on 40 of the 114 pages of the integrated review. In quite a lot of instances, there are multiple uses of the word per page, but it is used completely randomly. It talks about “risk of conflict”, “national security risks”, “unacceptable risks”, “risks and opportunities”; it is very loose and unstructured. That reflects the fact that risk management across government is loose and unstructured, so the first thing that I would do is sort that out.

Just because I have not mentioned it clearly enough, that monitoring and assessment requires real expertise, because you are monitoring how things are changing over time. That requires investment in assessment and analysis. One of the Civil Service professions is professional analysts. You have them across professional analytical bodies that are independent bodies within the Civil Service. You have them within departments such as BEIS or the Treasury.

You could create an incredibly powerful government analytical machine by being wiser about how you use the Government’s professional analysts and by making sure that they fitted into a proper structure that then developed the understanding that feeds the National Security Council. You then form a virtuous circle on that. That is where I would start with that.

Horizon scanning augments that but does not help it. I did loads of horizon scanning on terrorism, and there is a limit to how much use a paper on what the threat will look like in 2030 is in helping you to decide what kind of warnings you need to make now. It can help you think about what kind of capabilities you might need in the future, but it does not help with really tricky risk-based decisions, which is what you need to be able to do across a whole range of threats.

Cat Tully: I could not agree more with Suzanne that, if you are thinking about the scanning function of your three hierarchies, that is absolutely a cross-government capability that could be used so much more effectively. In fact, if you look at the series of reports and reviews—including fusion, one HMG, the Jon Day review, the Wright report in 2007 and Bernard Jenkin’s various PASC reports in 2011 and 2012you come across the constant theme that there are atomised pockets of really interesting analytical capability for horizon scanning, but it is the translation into insight and action in the here and now that really fails.

I will plug some work that we did literally two weeks ago for the Government Office for Science, which has the duty and role of being the leader for horizon scanning and runs this excellent foresight network that could be really empowered. It looks at supporting and building the capability of that supply. Again, I am underlying the word “supply” there, because it is in that translation that Suzanne was talking about.

You think about 2030 and 2040, but by using those words, which is a different time horizon, you are giving people the mandate to challenge current assumptions. You are talking about stuff that is about today. You are putting in new possible ideas and challenging the status quo. The future is a fig leaf with which analysts can potentially question and put different alternatives on the table, so the value of having that is extremely high.

This absolutely needs to be fed through the JIC, but, with all the scanning work that the Department for Education, DHSC and DCMS are doing on social media and emerging technologies, who knows when that has a security angle? At the scanning level, you very often cannot say that it is a security or a risk issue. It needs to be done collectively, and it is that process towards the end of asking, “So what?”

I want to pay tribute to the agencies that are thinking about how emerging technology will affect our security. They are really thinking about what it means to bring a different kind of evidence into the room, because the evidence out to 2030 is very different from when you are looking at evidence for 2021. That requires quite a lot of education among policy leads to understand what is useful insight and plausible alternatives that we need to start preparing for and investing in. The DCDC, for example, with its work thinking about global strategic trends, also provides some fantastic scanning inputs that could be used so much more effectively across government.

I should probably say that I worked in the Foreign Office and in the Prime Minister’s Strategy Unit before leaving 10 years ago, and we do see a pendulum swing around. Lots of the analysts and the functions have the answer and know what good looks like. The question is whether there is the strategic push, leadership and commitment from the top of the departments and from the centre, meaning Cabinet Office and No. 10, to act on it.

I will leave you with one final thing. It is not just departments. The role of Parliament and Select Committees in scrutiny like this and encouraging people to look at the long term is very important, as are perhaps some of the more unexpected actors across government, such as the National Audit Office. The GAO in the US has had a really interesting role. Its strapline said, “We did oversight and then insight. Now we do foresight”. It encourages departments to think about the long-term context of the policies that those departments are making, because that is a value-for-money issue. Those investments need to be stress tested against alternative scenarios.

It also spots emerging issues. For example, it did a really interesting deep dive into how the justice system and AI will collide. It started pulling together some really interesting scenarios that were relevant to all departments: “This issue is really critical for citizens. Let’s get people thinking about it”. That is a risk security issue too, so there are lots of innovations that we can learn from elsewhere.

Darren Jones: On your last point, about the role of Select Committees, I chair the BEIS Select Committee. The National Security and Investment Act, which went through recently, has resulted in my committee holding BEIS to account for its use of its powers through the investment security unit. There was a big debate in the Commons and the Lords about that, because it is not usual for the BEIS Committee to have access to classified or secret information. This confluence of economic analysis and security information is relatively new, but, in the integrated review, the Government said that the distinction between economic and national security is increasingly redundant.

We are just working with the department on an MoU about how best to do that, but I would be interested in any short comments the witnesses may have about this new security and economic analysis function in the same vehicle in BEIS, as opposed to in the NSC, a subcommittee or somewhere else.

Professor Sir David Omand: If I can just inject a historical note, in the 1960s there were two joint intelligence committees: one for politico-military affairs; and one for economic affairs, chaired by the Treasury. As for the idea that, having brought together the domestic and the overseas, you then have to look at issues such as Chinese technology and inward investment from both angles, it is unarguable that you should be doing this. For that, you need some access to classified information. Almost none of the information that you will really need will be at the highest level of classification and, if it is, you and committee members can be taken to one side and you do not get the evidence in public.

You are exactly right in the approach that these issues have national security implications and have to be examined. The National Security Council can, of course, take the opposite point of view: what are our longer-term policies towards doing business with China? I am sure that it must have had those discussions.

Suzanne Raine: I conducted a review last year of the JIC, and one of the things that came out very clearly is that the existing standing membership was not the right one for the modern world. You have exactly the same issue with the membership of the JIC as you do with the membership of the NSC. In order to properly incorporate all these completely interwoven issues, you have to have representatives from a very wide range of departments.

You cannot get round that, although, if I may say it again, doing it through the analysis is a really good way to come at it, because you bring the subject matter experts from each of the departments together. That is what I saw in the Joint Terrorism Analysis Centre, because I had an analyst from the Department for Education, one from Border Force and one from the NCA. It is when you put the three of them together that they will say, “This is organised crime and it is impacting on schools”. That is the kind of relationship that you want to form across all the different aspects of things that concern us about national security.

The JIC is not just for secret intelligence; it is for all information. One of the witnesses in your last session said that it does not need to go in the secret space, but the JIC is an understanding space. You take it as a given that it has baselined what is available in open source, and then you put on top of it the information that is accessible to you only because you are in government. That is how it should work, and that should then feed that understanding up.

Cat Tully: I fully agree with Sir David that, once you are talking long term, the security clearance issues are much less important, and you are looking at alternatives rather than predictions. The All-Party Parliamentary Group for Future Generations looked at your piece of parliamentary legislation to see how you assess the intergenerational fairness of that particular piece of work and think through the complex issues. There is a pilot already going on to help support non-traditional security spaces to think about those interdependencies and the impact on the long term. As well as Parliament, there is also the critical link with the Treasury, which has always been underplayed. Perhaps we can return to that later.

Q85            Baroness Healy of Primrose Hill: Does the NSC’s current membership at both ministerial and official level skew its work towards threats and away from hazards? Ms Raine has already said that it probably has the wrong membership, but I would be really interested to know where we are going wrong here in terms of what we have to face in the future. Do you think that the NSC’s membership change in response to the integrated review should be effective?

Suzanne Raine: I have been struggling with how you would make a distinction between threats and hazards in reality. If you call them all risks, and if you have analytical bodies in different departments that are responsible for monitoring those risks and flag them when they are escalating to a certain level, as long as they are all national security risks you do not need to make a distinction between a threat and a hazard. It is a risk that is escalating and that requires action to be taken. The critical thing is that it requires action to be taken before it becomes a crisis. You would want to have really clear thresholds for when you were going to escalate the risk for discussion.

A lot falls from clarity about your national security strategy, your key risks, and who is monitoring and who is responsible for them. You could say, like you do in the JIC, “The standing membership is this, but, on these risks, it will be a different standing membership”. The meeting would be the same, but it could flex according to where you want to have the strategic discussion. I agree that it would be unwieldy and that, given the amount of time you have for the conversation in the meeting, it is not realistic to invite 16 departments, but you should work from the basis that all departments with a relevant angle should be represented.

Professor Sir David Omand: The distinction between threats and hazards, which is one that I have tried to popularise, was really intended for the analysts, because the distinction is that a threat is malign. It is coming from a malign person who observes how you are reacting, and they will then adjust, so you are continuously trying to think about how the threat will evolve, whereas the force of nature is the force of nature; it is the act of God. This is not a hard and fast distinction. You can see hazards particularly associated, for example, with climate change, such as desertification and population movements, and, very quickly, you may be in the security space. I would not make too much of the distinction; it is just that they all have to be covered somehow in analytical terms.

Cat Tully: Again, I fully agree with what Suzanne was saying about needing the people in the room who have insights into the issues. On most issues, that is a lot of people, but getting people collaborating and building collective, cross-government perspectives of what the operating environment looks like out to the next 20 to 25 years is really important, rather than doing it individually and then stitching it together with 15 people round a table. That is not how you get cohesive and strategic positions.

I also want to query the common use of the terms “risk” and “risk management”. In an environment where we are surrounded by volatile and really uncertain disruptive shifts and drivers of change, the intention behind risk management, which is to identify, put a number and then control it, is not a helpful way of talking about longer-term risks. For shorter-term risks—zero to five years—it is fair enough; beyond five years, it just reflects a view of the world that it is not the case.

It is much more helpful to work with policymakers and civil servants to think about embracing uncertainty and to understand what a shifting environment means for policy-making, with the need to review, develop contingency plans, wind-tunnel how they are in different scenarios, stress test and use the scanning to continually adjust, not just at the beginning of the policy development process but when you are implementing.

An example of that is climate change, which Sir David mentioned. Climate change will occur at the same time as us moving away from a carbon economy, which has a huge amount of benefits. For example, in Angola, Libya and a lot of these carbon rent-fuelled, authoritarian regimes, carbon rents will go down and there is a real opportunity to have a peace dividend. How that then intersects with climate change and the effect of losing sustainable livelihoods, with populations in rural areas moving to cities, particularly young people, we do not know.

That is both an opportunity and a potential threat, but we need to see the interdependencies of that, and to monitor and be ready with different responses, which will, by the way, be across a huge variety of policy fronts and departments. It is a really critical issue to think through and understand different scenarios.

Is that risk management or is it a much more complex way of understanding that our environment is changing in lots of different ways, not least generational attitudes, climate change, and the fundamental basis upon which our economies are running, from technology to energy? That creates all sorts of opportunities and hazards or threats that we need to embrace and navigate.

Professor Sir David Omand: As the economist Frank Knight wrote, without risk there can be no profit. Risks are not always bad things.

Suzanne Raine: I have been thinking a lot about the way we tie ourselves up in knots about risks. It is partly down to the fact that there are two kinds of risk as a threat or hazard. The first are bad things that you do not want to happen but that you accept will happen at some point—essentially, unpredictable bad things that you can do your damnedest to stop but you probably will not be able to stop, so you focus on monitoring, mitigating and preparing. That includes terrorism, floods, volcanos, weather events, pandemics, hostile activity and cyberattacks. These are unpredictable bad things that will happen, but you cannot say when, so you fall back on anticipation and warning, and we do not have all the warning structures that we need for those.

The second kind of risks are the bad things that you never, ever want to happen. These are extreme or existential risks such as mass extinction. You cannot deal with those through a risk register, because the whole point is that you never want them to happen. Instead, I would argue that you need to think of them completely differently and organise them through a plan. You say, across a whole range of things, “This is a bad thing that we never want to happen. What is our plan to stop it happening?” Then you monitor your progress against what you set out to do. We already have a whole set of goals as a nation and as a group of nations, and we should be monitoring our progress on those rather than seeking to monitor every week the effect of global warming, because that very quickly becomes a pointless exercise.

The Chair: Does any of what we have been saying lead to a change in the membership of the NSC as it is presently structured?

Professor Sir David Omand: I do not think that it does, provided we accept Suzanne’s point that you have to be ready to draft in the Ministers who will be best placed to take part in the discussion on their particular topic. The core membership—

The Chair: It need not change. That is helpful.

Q86            Baroness Neville-Jones: I wonder if we could talk about cross-government working. One of the points of the National Security Council was to reduce the silo behaviour and to make it more difficult for government departments to avoid co-operating with each other. I do not know whether you think that that got somewhere. We subsequently had the enunciation of the fusion doctrine, which implies that there is more to do on this agenda, and it has been said that the fusion doctrine really has not worked because senior officials and Ministers were still too territorial.

I would be interested in your comments on the existing functioning and where we ought to try to take cross-governmental working. Are we talking about just improving the machinery of government and making things such as the implementation groups more effective, or do you think, given the way in which national security, science and technology, and national prosperity are all part of the same picture these days and cannot be separated, that we need much more of a cultural change? If so, how would you go about creating it?

Professor Sir David Omand: For me, the fusion doctrine was simply putting a label on the behaviours that government departments should have been exhibiting anyway. If it gave that higher profile, that was well and good. You have to look very hard at why government departments sometimes find it hard to co-operate in ways that it might instinctively seem they ought to.

Part of it is a much-ignored factor, which is that government departments have day-to-day work to do serving the public: passports have to be issued, visa applications examined, prisoners kept in prison and so on. Policymakers in departments get swept into some new initiative, and the fear is that the day-to-day work that they are responsible for will suffer, so you get a slight defensiveness in response to initiatives, and you just have to ride over that and persuade people that this is important.

The second factor is that Ministers sometimes dislike each other, and sometimes quite viscerally. They do not always trust each other. They are competing, in the end, for media attention and for money. I do not know of an instance where those in ministerial control of a department all collectively agreed on something to be done and the money was made available. You will find 101% output from the officials driving that intergovernmental policy forward. Most of the problems come either because there are arguments over money, which could be settled and hammered out before announcements are made and initiatives launched, or because—I do not want to be pejorative about this; this is the media world we are in—there are obstacles to getting people round the table.

One of the approaches that I tried to push when I was a Permanent Secretary was the idea of a safe space. You have to start with a safe space, where the senior officials and Ministers of the relevant departments that are involved get together and expose what is really troubling them. We did this several times in the criminal justice system between the Home Office, what is now the Ministry of Justice and the Crown Prosecution Service. Once we had exposed what the blockers were, we could always find ways around them, including presenting a unified front to Parliament and saying, “We are the Permanent Secretaries of those three departments, jointly and severally accountable for getting this new cross-departmental initiative forward”.

It is possible to do very much better than we do today, but my plea would be to do so with eyes wide open about the drivers for a lack of co-operation between departments.

Baroness Neville-Jones: If one improved performance along conventional lines in government, broadly speaking, would it solve the problem of getting genuinely shared decisions that people are willing to put their back into implementing across government?

Professor Sir David Omand: This is one of the reasons why I was so enthusiastic about having a national security council. You have the relevant departments for a security issue around the table, and you have the Chancellor or Chief Secretary, so it is possible to hammer something out. Once you have done that, I am sure that you will not find government departments trying to work in a silo. They do that defensively, because they have fears about what the implications are if it has not all been settled.

Q87            Baroness Neville-Jones: Other witnesses have referred to the level of skills and education of civil servants and their grasp of issues that their departments are not necessarily dealing with, but which they need to understand. They have suggested that the absence of a more educated approach to modern knowledge of science and technology is a barrier to departments understanding what they are dealing with and seeing the shared interests between them. Some people have suggested that we have a national security college. Is the knowledge base and training of civil servants and Ministers an issue for the good functioning of government?

Professor Sir David Omand: It is an issue. I have not heard enough about the national security college idea to comment on it. I spent a lot of my working career in the Ministry of Defence, where you have three proud armed services traditionally defending their patch. When they are brought together for a mission, or in the staff college or defence academy, and they start to work together and build up their friendships and relationships, you have a very powerful fighting machine. It should not be impossible in the wider national security space to improve performance.

Baroness Neville-Jones: That is very helpful.

Suzanne Raine: On your first question about the fusion doctrine, I agree wholeheartedly with everything that Sir David said, and I would simply add two things. First, as we have discussed, our departments are great old established departments. Essentially, just by their existence, they reinforce silos between foreign and development policy and defence policy, which is not helpful in the modern world. You should be aspiring to do everything possible to break down departmental identity. That is difficult, as David said, for all the reasons that make departments competitive.

The Treasury has a role to play in reducing the scope for competition, insofar as it is possible, and the NSC has a significant role to play, partly through just being really clear about prioritisation. One of the accusations put to the integrated review is that it is a long list of things that are not prioritised. In my experience, that is the steady state: a long list of things that the Government want civil servants to do, but which they cannot possibly do because they are already exhausted and there is no money and no staff.

Brutal decision-making about how much money you have and what the priorities are, however hard that is, would significantly help to focus the minds of the departments that we are asking to work together more effectively. I would observe again that, in my experience, joint units, whatever they are, are almost always better than single departmental units, so they should be an aspiration for all departments to come to.

Secondly, on your point about data and understanding, and the college for national security, in the way the world has gone now everything is fragmented into tiny, minute bits of data. The real insights now come from people who can draw understanding out of that data. That has inverted a pyramid in which seniority equals understanding. It is no longer the case that, the more senior you are, the more you know or that senior diplomats are the best informed. It is often the exact opposite: in fact, the best informed on a particular issue will be the 22-year-old new entrant data analyst who has been sitting at a computer. Everybody is dependent on them giving the insight—“This cyber intrusion was Russian-backed”, or Chinese or North Korean—and then you build your strategy around that.

There is a really important psychological shift for government to make. How do you set up a system that enables you to hear from often the most junior people in the room? They are the ones with the insights. That does not mean automating everything, creating AI systems or just letting tech tell us the solution. In my experience, the best insights come from really intelligent human questioning of data. You need access to it, somebody who can question it and somebody who can draw strategic conclusions from it.

The risk is that people get excited about one bit of it—“Let’s have lots of data”—and they just acquire huge amounts of data but do not esteem the patient building up of understanding and communicating of it. Coming back to your question about the college for national security, if it can create a community of people who really understand that, that is a good thing. If it can be a means by which the traditional national security departments include more departments and, critically, industry and academic people with expertise, which I know they are considering, you create a place where you could really develop a national capability that is about better understanding, which should then lead to better strategic decisions.

Cat Tully: Building on that, our tendency is to go to wiring diagrams or solutions around units or institutions, and often to forget that the culture aspect is a very pertinent one. The GO-Science report that we did compared eight countries, including Malaysia, Singapore, the US, Finland and Canada, based on how effective those government ecosystems are at looking at the long term and being strategic. If we genuinely want a national security council that looks across national security, as well as national prosperity and science and tech, we need to learn from other governments that have innovated in that way.

There were four incentives that really mattered. As David and Suzanne just said, there are so many efforts to do that. There is so much encouragement verbally to do it. However, the incentives are not always there. There are a lot of barriers against that, one of which is the role of the Treasury in long-term thinking and connecting one-year and four-year spending rounds. How the Treasury’s spending review, as well as the Green Book and the Magenta Book, can enable collaborative, cross-departmental and long-term thinking is a really interesting area to look at. What the Treasury is doing with the Dasgupta review on biodiversity is just fantastic.

You see a real opportunity for monitoring and evaluation, which the implementation unit at the Cabinet Office and No. 10 can help to push, but what is then needed is an institutional body within the National Security Council or within the Cabinet Office that looks at translating horizon scanning into policy decisions and holds departments to account.

There is something about leaders. At the end of the day, when you are seeing a signal of change, you need to invest now in a possibility, which means changing things before the crisis has happened. Leaders find it very difficult. You can see the signal of change. Kodak saw that, as well as Konica Minolta, but does the senior leadership invest money and change investment decisions to prepare for the future before it is upon you? I would say that that is often where things fail. Training senior decisionmakers to understand the role of leadership in that uncertain environment is really important.

Q88            Lord King of Bridgwater: Sir David, you mentioned in your submission that the National Security Council must be able to bring together officials’ policy advice and combine it with ministerial political ambitions. Would you like to reflect on that and say how well the NSC machinery has properly served in meeting those two needs? If you would like to really risk yourself, could you give me one example of where that did not happen and one where it did?

Professor Sir David Omand: I am not sure I can answer that question, because I had not been part of the National Security Council structure. It was all set up after I retired. It is a commonplace observation I am making that, when any of us has an important decision to take, we have to hold in our mind two different kinds of thought: “What do I want to achieve? What do I fear? What values do I want to represent in this?” Then you have the cold, factual—I hope—analysis saying, “These are the limits of what is possible to do. These are the resources”, and so on.

In the end, it is in the Prime Minister’s head in the last resort to bring those together. But you can make the decision-maker’s life very much easier if you have that assessment and analysis, the policy options have been already been discussed between officials across all the relevant departments so that nobody is blindsided, and they have exposed to Ministers the differences. I am no great fan of having official meetings and this stitch-up: “There is only one solution. Here it is”. You have to expose the options.

From what I have heard second-hand, the National Security Council has been really rather good at that for tactical, shorter-term stuff. The Libyan crisis would have been much harder to handle if there had not been a series of pre-prepared National Security Council meetings, with the National Security Council officials getting together. It was being suggested to me, but I would need to be persuaded, that the longer-term issues, which still need to be grappled with now in order to make the precautionary investments, have had the same kind of analysis. That is probably as far as I can go within the limits of what I know.

Lord King of Bridgwater: Would either of our other two witnesses like to have a crack at deciding where it worked better and where it worked worse? Is anybody going to have a go? It is too difficult.

The Chair: It does not look like it.

Suzanne Raine: I have been thinking about this over the last couple of weeks and talking with Lord Ricketts. Who does the strategic thinking? Is it the politicians? Is it the civil servants?

Lord King of Bridgwater: I can give you the answer to that. It varies. I am sure it varies.

Suzanne Raine: In a perfect world, it is a really good, functioning partnership. Who decides what should be on the agenda of the National Security Council? If it is always the Prime Minister, who will suggest to him or her the things that he or she does not realise are really important but that desperately need to be discussed that week? It has to be a constant partnership, I would argue, between the National Security Adviser and the politicians. At some times that works better than others.

Lord King of Bridgwater: You are not going to tell me what they were. Thank you very much.

Professor Sir David Omand: I thought of something that I suspect the National Security Council does not yet do the way it should, which is after-action reports.

Baroness Neville-Jones: It is meant to.

Professor Sir David Omand: You set things in motion, but is there then the really hard-headed analysis? “Did we hit the target with that? Do we need to change course?” That can be very painful, because everyone is invested in the decisions, they have announced them to the media, and so on. If it is not working, you have to cut it off at the knees, change course and start something else.

Lord King of Bridgwater: That is a really serious charge. You are saying that there is no post-mortem analysis.

Professor Sir David Omand: I do not have that knowledge. If I were giving a hypothesis for you to test with witnesses, it would be this: is there enough hard-headed examination of whether policies are delivering what they are supposed to deliver?

The Chair: I must admit that it seems to me that, at the present time, there is no indication that there is an appetite for such a thing, although I share your view about how important it is.

Q89            Richard Graham: I am conscious that both Sir David and Suzanne Raine have, in a sense, said similar things in different ways. One of you differentiated between threats that are malign and hazards that are accidents. Suzanne, you concentrated on how we have to mitigate unpredictable bad accidents and have a plan for existential risks.

In today’s world, the chances of us being able to really deal with all the existential risks on our own as a single nation are increasingly remote. Therefore, partnership has to be the key to preparing for what we would do, and possibly communicating what we would do, effectively in advance in order to reduce that risk from happening. How effective is the NSC as a body not just for bringing together everybody nationally but for bringing together the right entities and peoples internationally to try to lay off that risk?

Suzanne Raine: It is not systematic, and that is the problem. You would need to be very clear about what those extreme risks were that you wanted to plan to deal with. We are clear in some senses, but it is not systematically thought of like that at National Security Council level. You could then easily say, “This will be delegated to this department, and this department will report back on its progress”. That is how it should work. In many instances, that is indeed how it is working, but I could not give you any insight now because obviously I am not in government.

Professor Sir David Omand: This is the promise of the integrated review. It runs through it, and it is self-evidently true, that we cannot deal with these risks on our own. If you take cybersecurity, not even the United States can deal with these risks on its own. That is why it reaches out. We have excellent partnerships, particularly with our close allies, on cybersecurity.

If you looked at one of the worst existential risks we could face, which is major war in Europe, we have for 70 years put our trust in a collective defence through NATO. That means that risk is very well managed. It is not impossible to envisage circumstances where it might all go wrong, but that risk is low because of the steps we have taken, our commitment, the commitment of the United States to Europe, and so on.

Richard Graham: If I could interrupt, Sir David, you could argue that that has required a different organisation, which is NATO. Were there to be consideration of a serious risk of war in another part of the world, is there machinery there for a similar type of partnership?

Professor Sir David Omand: It would have to be constructed. We would look to the United States as the principal protagonist were there to be a serious risk of armed confrontation, for example, with China. It could be assembled. Some of the ingredients are already there with the nations in the area, but it does not have the structure and doctrine that are embodied in the Washington treaty.

Q90            Baroness Hodgson of Abinger: I am turning to think about the future, managing risk and preparing for uncertainty. Is ensuring national security just about risk management? Are there other ways of thinking about it and preparing for future opportunities and risks?

Cat Tully: The area I work on is how policymakers, politicians and citizens can use strategic foresight. It is not about forecasting or projecting what happened in the past into the future. It is about using as much evidence and analytical input as you can get, not only from traditional experts but perhaps from young people or those involved in emerging technology, who are not traditional Civil Service go-to sources of information.

We do that, because we are not operating in a world in which we can predict a certain future. We need to look at alternatives. That means alternative scenarios. Sir David mentioned this earlier: of those alternative environments, what are the desirable ones that we want to achieve? What is the future that we want to achieve, whether that is the future of the NHS or what education looks like? What is the UK’s role in the world? What kind of relationships do we need?

You are seeing increasing interest across civil servants and politicians in different countries around the world in integrating strategic foresight, systems thinking and, in particular, user-led design, with insights from citizens into the process of how you do policy. I would just like to do a bit of a hat tip to the policy profession, which is beginning to really engage in that and think about how to marshal all those tools together in an applied way in order to make better decisions. There are a huge number of tools available: scenario planning, contingencies or very creative approaches such as red teaming. Very often, you are bringing new voices into the conversation and challenging assumptions about how things have gone until now. You are really bringing a perspective about the future to stress test the decisions you are making today and put new ideas and possibilities on the table.

You are getting three benefits as a result. You are building risk management effectively. You are strengthening your ability to respond proactively to scenarios that you cannot control, such as being prepared for climate risks, and all the things that Suzanne was talking about. You can then also bring citizens and civil servants from different departments together to think about what the desirable result is. Take proliferation for example. We are at a moment when there are great drivers towards proliferation because of technology. The micro quality of proliferation risks is really increasing. At the same time, there is some really interesting appetite for addressing that issue in a very different way using different communities.

I am feeling very optimistic about the appetite across government to do things differently, as long as there is a willingness at the top to then be prepared and do things differently. I will probably come back to this. Around the integrated review, we have brought about 500 young people together to ask, “What does it mean to think about the UK’s role in the world, looking out not just to 2030, but to 2045?” If you do it with non-traditional national security experts, do you get different insights and policy ideas? I can share some of the insights that we got from that, but the answer was yes. You are building a whole new generation of future national security communities that can work in government, but also a citizenry that is much more informed, when it goes into business, in addressing some of the risks and opportunities that we face.

Professor Sir David Omand: I listened with great interest to what Cat was saying. Without wanting to make it any more complicated than it already is, we should also bear in mind the distinction between risk and uncertainty. Risks appear on risk registers. You can, I hope, mitigate them. If you work hard enough, you might even be able to insure against them. For some, that is the definition of a risk.

Uncertainties are different. They are still very troubling. You can envisage all sorts of possible futures that might come about, but you cannot put on them the kinds of numbers, probability assessments and so on that you might be able to with risks. You need a rather different mindset to handle that. If you can turn your uncertainty into a risk, that is well and good; many companies successfully do that. You can now begin to get, for example, cyber insurance.

You need the capacity to hold in your mind the risks, the risk registers and so on, as well as these uncertainties. These futures may never appear. If they did, some of these would be very painful indeed for us. There is a duty on government to start thinking about preparatory measures it could take just in case this comes about.

Suzanne Raine: There is a real risk that all the policy individuals in government spend all their time horizon scanning and red teaming, and do not focus on doing what they are supposed to be doing right now. I am a little concerned that this has become so fashionable that it is all anyone is talking about. Notwithstanding its real purpose, some serious risk management needs to be done against a whole range of hostile or malign forces, as Sir David said. Government will be held to account if it has not been really rigorous in understanding what those threats or hazards are and dealing with them. Let us make sure that, at the very least, that is done properly.

What Cat is talking about is really interesting. It is the role of foresight and understanding in devising policy and helping us work out what we want to achieve as a country and a Government. That is the bit where you are essentially drawing up your strategy. At some point in that conversation, you are discussing what of these many things are your priorities to achieve.

The obstacles to your achieving that are the risk part of this. Any enterprise will have the strategy and the counterpart to the strategy, which are the things that will block you achieving it. That is a rigorous piece of thinking that you should obviously do before you start doing something. Sometimes, everybody is running around so much and trying to do things that they are not able to pause and think about exactly what would need not to happen in order for you to achieve the thing that you want to achieve. I do not see risks as a stale, negative thing. I see proper risk management as a means by which you achieve your ambitions. If you do not do it, you may find that your ambitions are not achieved.

Finally, one of the problems that I have with horizon scanning as a Philip Tetlock philosophy is that it does not give sufficient prominence to one’s own role as an actor in the future. I know this is idealistic, but if you manage your risks properly, have your strategy, get out there and focus on making sure that all the obstacles do not exist, the future can be close to what you want it to be.

You should not have a strategy and say, “We are never going to achieve any of this”. You should have a strategy and aim to achieve it. That means that you have a role in shaping the future, so the horizon scanning needs to include your actions. That is really hard because we are so used to asking, “What might the Iranians do?” or “What might the Chinese do?” You need to then think, “What might the Chinese do if we did this?” That is really complicated, but unless you do that it is a lesser exercise.

Cat Tully: One of the dangers of just doing scanning is that you are basically looking out there and never connecting it back into the decisions in the here and now. There is a plethora of toolkits for understanding the implications and the integration of that into policy-making. Just to underline what Suzanne said, there is no point in polishing the future. The danger of a lot of horizon scanning and foresight endeavours is that they just explore the future out there instead of bringing it back to the present. There is no point in investing in those activities unless you do that last point. That is really critical, but it challenges the status quo. That is why you need a strong Civil Service and leadership behind it.

Q91            Baroness Hodgson of Abinger: Ms Tully, to pick up on this, what might the challenges be for the Government in adopting different elements of futures thinking? You were talking about going out there to consult young people. It is a matter of consulting what I would call non-experts and then having that looked at by experts. Are the Government capable of doing so as such a large and complex bureaucracy? How do you get the Government to do something such as that and then tie in all the answers that you have to get a realistic picture?

Cat Tully: First, I was immensely happy to see that the integrated review talked about it being a process of engagement rather than a document. That reframing of national security and its endeavour as a dialogue that is consistently emergent and changing, which has different people in that process, is already fantastic. Secondly, the fact that they moved away from talking about a national security community to a national strategy community is extremely helpful indeed. That is already a big step forward.

The good news is that other Governments and parts of the UK, including devolved Administrations, are trying bits of this. Take the grand débat in France. Germany has just had a very interesting conversation about getting public input into the big strategic questions facing it. Again, you will see this in a lot in our reports, but Canada is interesting. If you have a governance with a big schism between francophone and anglophone, you need to make a lot of this conversation explicit. It has a habit and tradition of having these debates. Big set pieces seem to be possible. Singaporeans do a lot of it; the Spanish have just kicked off a similar process. The real value is doing it on different individual policy topics, such as looking at proliferation or elsewhere.

There are early adopters in government. There were at the end of the 2000s when I was in government and they have just increased in number. They want to bring in different alternative voices and see the value of that in reframing the options and ideas on the table. In particular, they recognise that you cannot do a lot of this stuff without them. These are the leaders of the future. If we are talking about Brexit being a once-in-a-generation opportunity and a reset, how dare we develop our vision for the future of the UK without those people who will inherit it in that generation’s time?

There is something very interesting about bringing us together. There is potential for doing that. It can be done in lots of different ways, whether it is engaging at a Select Committee level or engaging with Treasury. Some of the diversity and inclusion network attempts in Cabinet Office are great, and that is a real opportunity.

The prize is huge on this. The risk of failure is a massive national security risk in itself, which is a next generation that is unconnected to the processes of this institution of government. They have been involved in deliberative democracy events, such as citizens’ assemblies and Flatpack Democracy, and these processes have given them a voice. They then ask, “Where does that connect into representative democracy? Where does that then feed into the policy-making process or Parliament?”

My hope for the National Security Council is that it could be the space and at least create the principle that these deliberative conversations that are going on elsewhere have a home to be listened to in government. It is through this kind of process that we ask, “What is the future of the UK? How are we, in the UK, going to create the kind of world that we want to live in?”

That will motivate young people who are currently planning to go up to Glasgow for COP 26, who are thinking about what the G7 means for them and who are suffering from climate anxiety. They will be 40 in 2040. What does the world look like for them? On the positive side, if you ask them, they have loads of ideas. They are incredibly interested in feeding in. They have really good, interesting ideas as well. We need to pick up and bring them into a dialogue, not just suck ideas out and then leave them behind.

Q92            The Chair: Could I just touch on something very briefly, if you do not mind? We are running out of time now, but it is a quick, practical point. At the present time, and I suspect this is historical, the national risk assessment is owned by the Civil Contingencies Secretariat. Is that really the right place for it? Should we look at a new body that can bring in more of this longer-term thing? I know it does long-term planning, but it is in a very specific context.

Professor Sir David Omand: There are historical reasons for that. In my time, we started this process. I hope we think of the Civil Contingencies Secretariat as a key part of the National Security Secretariat supporting the National Security Council. If we do, what you are implying will come about. One of the problems, I have always felt, is that it is very difficult to know what to do with a list of risks. In business, I have sat on boards. You get presented with risk registers. It has been the same at museums where I have been a trustee.

My favourite technique for trying to get a genuine discussion going is to get the risks divided into three categories. The first contains the risks that may occur that you can do nothing about, such as bad weather or pandemics. This is the sort of questioning there: “Are we prepared and, if not, why not?”

The second category contains the things that are inherent in the nature of the business. If you are in government, you are paying out large sums of money in social security payments and you have a lot of criminals with cyber capability out there trying to defraud us. What are the systems of control? You could have a very good discussion about systems of control.

The final category contains the self-inflicted risks that the Government inflict on themselves because they quite rightly embark on huge change projects. They introduced universal credit. The sort of questioning would then be very different: “Who did we put in charge of this project? Have they done anything comparable? Are the resources there to do it? How are we going to know whether it will be ready to roll out?” You begin to get a really informed discussion. Just looking at a long list of really horrifying things is a bit stultifying.

The Chair: That is very illuminating. My instinctive reaction to your question about universal credit is that people who have no idea what it is like to live at the levels of income that those who are on benefits live on over a very long time were in charge of devising universal credit. I am sorry; I am interfering in the process.

Suzanne Raine: You are right to highlight this, because this points to the structural weakness. There is quite a small body responsible for listing the things that could go wrong, but not for monitoring them or for response. Indeed, when you look at what it says about the Civil Contingencies Secretariat, it says departments will be responsible for designing the response.

This is where Sir David and I both feel the strong need for a proper system of analysis, warning and response, particularly on the risks that could quite clearly happen at some time. I would be really clear who owned the responsibility for monitoring the risk. That could be an assessment body; I would have an assessment body listed as responsible for each of the risks in the civil contingencies risk register. I would have warning systems, which we have for some risks but not others. I would be really clear which department, and in particular which bit of which department, owned the response. Otherwise, when something bad happened, everyone would blame everybody and say, “I did not know it was my job”. You get blamed for the things that you do not do and you were supposed to have done. That is the bit that we need to fix.

The Chair: I did not mean to imply any criticism of the Civil Contingencies Secretariat. It just seems to me that it will evolve.

Q93            Baroness Henig: I am directing my questions specifically to Suzanne Raine, in view of the shortage of time. Several witnesses have suggested a three lines of defence model for dealing with extreme risks—in a way, you touched on this just now—where risks are managed by individual departments, then checked by a government-wide chief risk officer and audited by an external institute. I wonder how useful you thought that model might be and whether it could be applied to all national security risks.

Suzanne Raine: This is where it is really important to distinguish between extreme risks and national security risks. There are different categories. Having an external body would not help at all in the management of terrorism risks, the risks of malign state activity, or quite a lot of the really complicated, interconnected risks that we deal with on a daily basis in national security. You may well want a separate body to deal with risks that arise from climate change, but I would argue that it would work better if you asked, “Which department is responsible for the plan that will get us out of climate change problems?” You would then have a relationship between the centre and that department. If you create another department to do that, you are just going to have rows between that department and Defra, or whichever department it is.

There is then the issue of a chief risk officer. There must be a senior figure in the Cabinet Office who is responsible for overseeing all risks. We then need to properly work out whether they oversee separate national security risks versus all risks. I would not want to prescribe this at the moment, but there is a debate as to whether the JIC chair or the National Security Adviser themselves should hold that role or whether you should create a chief risk officer who does. That risk officer would relate to the Government’s analytical functions, which would hold the responsibility for analysing, monitoring and warning.

That is how I would do it. I would plumb in the analytical bodies to the centre through a formal risk and warning system such as we have for some areas, but not all. I would not have a separate body somewhere else.

Baroness Henig: We heard from Theresa May that civil servants find it difficult to translate the risk register into action. In a way, this was touched on just a minute ago. Why might this be? What can be done about it?

Suzanne Raine: Both Sir David and I have said this. A risk register is not in itself a useful thing. It has to become a risk management system, by which I mean that everybody lives and breathes the risks; somebody is monitoring them, and somebody is saying, “This risk has now gone above the threshold”. You turn it into your action plan and then it works. If you are in a situation where you are sitting down with a spreadsheet, especially as you get older and you cannot read anything on a spreadsheet, that is not where anybody should be. You should say, “This is the risk. Who is tracking this risk? Who responds on it?” That is the way you run it. You run it as a plan. You turn it into an active plan and be really clear who is responsible for the risks.

Baroness Henig: The Government’s goal is to create a broad and generic set of capabilities that are applicable, in their words, across multiple risk scenarios. What do you see as the pros and cons of that approach?

Suzanne Raine: This comes to the question of predicting the future as well. Take as a given that you can come up with some things that might happen, but you cannot really predict the future. You fall back on being able to be alert and build in flexibility to the capabilities. This is what we talk about when we say, “resilience and preparedness”.

The first thing is constant alertness and having the systems that are bringing in, reading and thinking about the information. It becomes quite a natural human response to ask, “What have we learned? What does this new information tell us? How do we then need to behave differently?” That needs to be across the whole Civil Service. It should constantly watch, listen to the analysts and ask, “What does this tell us? How should we be different?” You are then building in flexibility all the time.

I know the Ministry of Defence has lots of difficulties with this, but you should not say, “This is the fixed end state that we are aiming for and we will be like this”. You say, “The adversary could come at us in multiple ways. What do we need to be able to flex in order that we can respond to it?” We should think about that across all the different risks.

Professor Sir David Omand: You should not let the policymakers mark their own homework. You need the analytic and assessment capability that is capable of challenging the conventional wisdom that might come out of the policymakers or a self-satisfaction that they got decisions through, while failing to continue to assess whether it is working. I will just throw that thought in.

Cat Tully: I have a quick analogy. When you are using strategic foresight as a board, it is about thinking about the role of the board, or perhaps even the NSC. Is it about looking at historical data and seeing how well things have gone? Is it about strategically navigating the emerging future using the indicators that Suzanne has just talked about, which are drivers of change? Which are the ones that are important? What are the early warning indicators of the fact that it is going down this scenario rather than that? Have you done the collective thinking about the scenarios? Do you know at what point you want to bring out the contingency plan?

There is a whole reorientation of the idea of a board, a CEO and a C-suite, in ministries and at the top of government, to use future-facing data to navigate. That is the signal of success. It is not about predicting the right one; it is about having looked at the different alternatives and been enabled to activate them. That is quite a reframing of the role of a board, but that is quite powerful.

Q94            Mr Tobias Ellwood: It is good to see some of the witnesses, whom I have worked with in the past. It is really interesting to understand where the information comes from. I just want to turn the thing around on its head. How much training does any Minister get to be able to understand the data and the intelligence that puts into it? You are already laughing at that.

Cat Tully: My knowledge is out of date. Across the board, it feels like it is very low indeed just because the pressures of the present and the day to day drown out the longer term. The space where that feels as if it is possible is in opposition.

Professor Sir David Omand: There have been efforts in the past to organise what you might call education in these subjects for Ministers. They have not, in my experience, worked very well. That may have been the fault of presenting it too much as training. Elected politicians will, quite naturally, bridle at the thought that they will be trained. As the head of an intelligence agency, I certainly took great care to go around and personally see the relevant Ministers. I tried to describe to them what they were going to receive, the effect that it might have, the caveats that would surround it, and so on.

In a subtle, indirect way, it is a very good idea for Ministers to have an opportunity to talk face to face, or indeed Zoom in, about material that has been specifically prepared for them, to give them some background to the big data analysis, and so on, that Suzanne was talking about. Time is very short. I would not hold out a huge amount of hope that that will become common practice, but it is worth trying.

The Chair: As I recall, in a previous inquiry the Paymaster-General said that she believed strongly that Ministers should—I was going to say “be encouraged”; I think “forced to” was her intention—take part in a regular series of exercises as a means of building up this kind of experience. I may not be doing her any favours by drawing your attention to that.

Suzanne Raine: I very much agree with that. I have two quick points. First, exercises are incredibly important. I was in the counterterrorism part of government for a long time. We did at least two exercises a year. Ministers and the Home Secretary came to them and played their roles in them. It was invaluable, because it meant that when the crisis happened—terrorism is a risk that you know will happen sooner or later—all the civil servants, the military, the police and the Secretaries of State knew what their roles were, what each other’s roles were and what we each needed off each other. They knew us personally; they knew what to ask of whom. It made an enormous difference, when they were in the COBRA room having the crisis, that it was no different from the one they had rehearsed six months ago, except that it was horribly real this time. Nothing is perfect, but it would have been chaotic had we not done those exercises. In fact, we were able to support each other much better.

The second point flicks back to something I said earlier about where the knowledge is nowadays. A lot of it is often held in very junior civil servants’ brains as they are piecing it together. I would love to find a way to enable more proper engagement between the Ministers, who are important senior figures in departments, and some of the very junior staff who are, as Cat was saying, the future. They are sometimes the only ones who understand some of this stuff. To be able to break down rank and hierarchy such that everybody is learning from each other, if possible, would be a terrific thing.

Mr Tobias Ellwood: I will just pursue that very quickly. At the National Security Council meetings I went to, I was astonished by how quickly people who did not necessarily have any grasp of international matters were very fast to row in behind the direction of travel the Prime Minister alluded to in his very first sentence of the opening meeting. It happened to be on a subject matter that I was familiar with; it could have been anything else that I did not have knowledge on.

I dared to put my hand up and challenge the direction of travel. The head of MI5 came up to me afterwards, leaned over my shoulder and said, “Very brave, Minister”. It was before the Houthis had invaded Sanaa. I said that we should perhaps pursue a different tack rather than dialling back and waiting to see what happened. It really worried me that the voices around the table perhaps could have been more vocal. There could have been a proper debate. Instead, it seemed to be stifled because some just wanted to support the Prime Minister. I do not think others were very familiar with the subject matter, because it is rather specialist.

All this data and information that the professionals put together, which leads you to intelligence, wisdom, then action, is almost lost because of the decision-makers themselves. The grasp of the knowledge must be higher, given the decisions that we could end up taking.

The Chair: The use of exercises is perhaps a tactful way to pursue that kind of exchange of information and knowledge.

Cat Tully: It is not just about substance; it is about the mindset. It is about knowing that there is a counterfactual or that there are assumptions, being willing to explore them, having a safe space and a structured way of doing that, and having the language and vocabulary to enable that. This is all very generic, but those exercises are really powerful, because people internalise the very deep message that our view of the future is not likely to be the one that plays out. You can teach and communicate that, but you need to live and experience that in a war-gaming or red-teaming environment or exercise before that lesson is really learned. You then really feel empowered to say that. There is something important there.

Suzanne Raine: The example that you gave was a disappointing one. The National Security Council meeting is not working if it is choreographed with an outcome that everybody wants from the beginning. In a perfect world, it should not be a controlled discussion. That then puts the spotlight back on the prepared slide pack that is sitting on the table when you all get in. The role of the JIC chair as the independent assessment at the beginning is important there, because that assessment ought to lay out all these complexities in such a way that it opens up the discussion properly. I would hope that the National Security Adviser is supervising a system that produces a slide pack that genuinely sets out the complexity and options for discussion and decision such that people sitting at the table do not feel exposed when they have to raise points that are essentially points of challenge.

Q95            Baroness Neville-Jones: Could we talk about the Joint Intelligence Committee for a moment? It is an integral bit of the NSC machinery. I am interested in the panel’s view of how well the JIC supports the NSC these days. Does it have the right people on it? Does it have the right secretariat and backing? Does it have the right agenda and remit? It came on to supporting the NSC without any serious change. I just wonder whether, with the passage of time, its agenda is still the right one. Does it manage to keep policy and the assessments separate?

Professor Sir David Omand: I think it does successfully keep policy and its assessments separate. It does not get contaminated by the policy view. It has, in its history, succeeded in doing that. It is important that it is regarded as impartial. Its value rests on the processes underneath: the ability of the analytics staff who are pulling in the experts from departments, running current intelligence groups, beginning to put together what is going on, and constantly asking, “What is going on here?” It is very good at that.

Its unique characteristic, when you look around the world, is that the senior policymakers from relevant departments are around the table dipping their hands in the blood of the assessment. That is a huge advantage, particularly when it comes to warning, because the senior policy officials have heard the debate, not as representatives of their Secretary of State. In my seven and a half years on the JIC, I was never confronted by a Secretary of State asking me, “Why did you agree to this paper? I do not agree with it”. It was assumed that, as the senior policymaker in defence, I was there to give my own view of the robustness of the case. When it works well, it is extremely powerful.

It has suffered slightly from the very existence of the National Security Council. The heads of the agencies cannot really, every week, both prepare for an NSC meeting and turn up for what might be a very long Joint Intelligence Committee meeting. The level of representation has tended to drop a bit. It is better to have it that way round than not to have an NSC, but one should be aware that it is not necessarily what it was 10 years ago in terms of the hierarchical level. That may not matter that much. The fact that the deputies are there who have day-to-day responsibility for operational matters may encourage a more informed debate.

So I think it is fine. As I said earlier in my paper, now that the national security space is much broader than it was during the Cold War, the whole machinery has to be able to accommodate that and look at the national security implications of things that are, in themselves, not traditional national security events, such as the pandemic. That has had significant national security implications, as would many of the other hazards out there in the future. It has to broaden that remit and have the analytic staff who are capable of doing that.

Baroness Neville-Jones: Do you reckon it does? One of the questions I was interested in is whether the supporting assessment staff have the range of capabilities, knowledge and understanding of all the things that are included in the national security agenda these days.

Professor Sir David Omand: The answer to that is probably “not as much as it should”. There are some indications in the integrated review that that is one of the areas that will need to be looked at, including the training of those analysts. That is all to the good. There are more of them than there used to be, which is good, so we have rebuilt some of the capability that was lost. But this is not just a matter for the central analysts. It is for the analysts who are in the Foreign Office—the FCDO these days. Do they have the expertise that they need, and so on, around Whitehall?

Baroness Neville-Jones: In your submission, you identified emerging technologies needing specialist analytical capability. How central do you see that as being? Is it something that the JIC ought to be able to focus on? I would be inclined to think it was rather important, but I would be interested to know where you place it.

Professor Sir David Omand: Look, for example, at the Russian development of hypersonic weapons and directed energy weapons, and the matter we talked about earlier, which is in the cyber realm. The deep expertise will not, of course, be in the centre. The deep expertise in those cases will be in departments, GCHQ or the Ministry of Defence. But you need enough people in the centre, analysts, to be able to pull on that expertise and not be blindsided by the technology.

Suzanne Raine: There is a glaring structural issue at the heart of the question about analysis, which is how it is resourced. No department has lead responsibility for analysis. Whenever you have a spending review, analysis ends up, as it is in the integrated review, on page 108 of 114 pages. That means that it is constantly underresourced and deprioritised in spending terms.

To your question, does it have the resources or the capabilities that it needs to do the analysis? It has, in proportional terms, a tiny number of analysts compared to the size of policy department. It has a tiny budget compared to pretty much anything else, and yet it is the heart of the thinking about these incredibly complex issues that need, as Sir David has said, to be able to function as strategic warning for the Government. It is of critical importance to look at providing a stable resourcing model for all analyst bodies, but particularly the JIO at the centre of them, that means it has enough resources. When you say it will operate a strategic warning system, people should have the confidence that it can do it.

At the moment, you say, “We are not really sure it could do that”. You then have to ask yourself, “Why are you not really sure that it can do that? Is it because you do not think it has the capabilities?” At that point, you should pause and say, “We must invest in it until we know it does”. That is what I would say about the JIO.

Baroness Neville-Jones: I would slightly take issue with you, if you do not mind. It seems that the JIC is not there to duplicate the capabilities of the rest of the Government. It should have enough knowledge and understanding of issues to be able to draw on government and know when it needs to do that. That seems to me to be a perfectly possible and correct way of running an intelligence centre.

Suzanne Raine: We are differentiating between the JIO, which is the analytical body, and the JIC. The JIC is a committee. It has representatives from departments, but the committee depends on the papers that are written by the JIO. The JIO is staffed in a very complicated way and is very small. I am saying that, to meet the demands of today, it should be invested in.

Baroness Neville-Jones: Do you agree, David?

Professor Sir David Omand: Yes, I do.

The Chair: Yes, so do I. I have certainly come across examples where analysis has been run down and it shows.

Q96            Darren Jones: My quick final question is specifically to Ms Raine. Earlier in the session, you said that we should not get too excited by the prospect of AI and technology, and that we need humans. I agree that we need humans. But, in the context of open-source information and data, is it not a problem that there is so much of it? How do we process it in a way that the humans we do have can use it in an informed way? How on earth do we strike the right balance between those two points? If you have any insight, or if others on the panel do, what capacity are we missing in government at the moment that we need in order to use this open-source information and data more effectively?

Suzanne Raine: I do not disagree with you that there is an infinite amount of information. As a Government, we are currently spending a huge amount of money on collecting more information. Precisely as you say, the problem is about managing it. Every piece of information you hold, in security terms, becomes a risk. If a bad thing happened, and you were sitting on a fragment of information that might have allowed you to put it all together and prevent the bad thing happening, you would be held accountable for not acting on it.

I completely agree with you that there is a role for computer systems in essentially, in so far as it is possible, automating and sorting the data. Some feeds of information will still have to have a human eye on them in order for you essentially to decide whether they are useful. There is a point in the analytical process where a human needs to think about what the data is telling them. That has to happen before it goes anywhere, because in my experience—and David and I have discussed this—you can also get tied up in probabilities. The decision-makers need to know whether something is more likely to happen. It becomes, at a certain point, a yes or no. That has to go through a whole process of ingestion and thought.

At the end of the day, it is the skilled analyst who can take all that data, interpret it, and present it in such a way that it enables a decision to be made. That is what I would say. By all means, buy stuff, but have humans too.

Professor Sir David Omand: As Suzanne said, it is about sorting, filtering and selecting for attention. It is possible to drink the AI Kool-Aid and imagine that this will tell you what to do. Data is dumb. It is capable of multiple interpretations. It is the interpretation and understanding part of it that machines cannot do for us at the moment.

The Chair: Thank you very much indeed, everybody. I apologise to colleagues whose questions we did not quite reach. We will perhaps follow up in writing if they wish to pursue them with you after the meeting. Thank you very much indeed for giving such full evidence in what has been a long session, but I hope an illuminating one.