Risk Assessment and Risk Planning Committee
Uncorrected oral evidence: Risk assessment and risk planning
Wednesday 23 June 2021
Watch the meeting
Members present: Lord Arbuthnot of Edrom (The Chair); Lord Browne of Ladyton; Lord Clement-Jones; Lord Mair; Baroness McGregor-Smith; Lord O’Shaughnessy; Lord Rees of Ludlow; Lord Robertson of Port Ellen; Baroness Symons of Vernham Dean; Viscount Thurso; Lord Triesman; Lord Willetts.
Evidence Session No. 29 Virtual Proceeding Questions 281 - 288
I: Sir Patrick Vallance, Government Chief Scientific Adviser; Professor Gideon Henderson, Chief Scientific Adviser, Department for Environment, Food and Rural Affairs; Professor Charlotte Watts, Chief Scientific Adviser, Foreign, Commonwealth and Development Office.
USE OF THE TRANSCRIPT
Sir Patrick Vallance, Professor Gideon Henderson and Professor Charlotte Watts.
Q281 The Chair: Welcome to the second panel of our evidence session on risk assessment and risk planning. In this panel, we will take evidence from Sir Patrick Vallance, the Government Chief Scientific Adviser, Professor Gideon Henderson, chief scientific adviser at Defra, and Professor Charlotte Watts, chief scientific adviser at the Foreign, Commonwealth and Development Office.
Welcome to you all. We hope to get through this by about 12.15 pm. If there is a question that has already been answered and you do not feel you need to add to it, there is no need to do so. We would like snappy, short answers and snappy, short questions from the Committee, please.
I will begin, if I may. What are the risks that you are most concerned about? Sir Patrick, you have been heavily engaged on the Covid response, but is Covid your biggest concern? Are there other things that you are more concerned about?
Sir Patrick Vallance: There are a number of risks that are red on the risk register. Pandemic flu and emerging infectious diseases are two of those that remain red and remain a concern. We know that future pandemics are not only likely; they are inevitable. Of course, we do not know when they will occur. That remains always very high up on the risk register.
In addition, a nuclear incident of some sort always remains a high risk, as does electricity blackout. The so‑called black start, where you get a complete electrical shutdown, is one that we should be very concerned about. It is the sort of thing that has lots of knock‑on consequences as well. In more chronic terms, we still need to think about things like antimicrobial resistance as an ongoing chronic risk.
Those are some of the ones that are high up the risk register. There is a very long list of things with more intermediate risk, which we need to keep an eye on.
Professor Gideon Henderson: From Defra’s perspective, there are nine risks on which we lead and 13 on which we have a recovery responsibility. Of the nine risks that we lead on, the two that are the largest and most prevalent in my thinking are risk of flooding, which happens very frequently but at differing levels, and risk of attack or some sort of damage to the water supply, which could involve much more of an emergency response. That is less common, but we have to be very concerned about it.
On the recovery aspects—these are risks that are more generally worrying—Defra’s role is particularly around CBRN: chemical, biological, radiological or nuclear. The acronym tells you the nature of those risks. Of those, the ones that cause me personally the biggest concern are the biological because of the evolution of the risk in that area. We have much more awareness of the disease aspect of biological risk, because of the pandemic. That is not only from a human perspective but animal and plant health risk as well, with diseases such as foot and mouth, and zoonotic diseases such as Covid, being relevant. There is also biological risk around new genetic technologies and the possibility that things might be used maliciously, in the biological space, that previously could not be used. That is an evolving risk, which makes it more worrying, but we need to keep a close eye on all the CBRN risks. Many of the 13 are rated red.
The Chair: Can I come back to you on something Sir Patrick mentioned, namely the risk of blackout, which would have knock‑on consequences for all government departments? Do you exercise in relation to that? Do you consider it a major risk for you as well, even though it is not your primary responsibility?
Professor Gideon Henderson: Yes, we do exercise; yes, we are concerned. I have been CSA in Defra for 18 months. In that time, shortly before Covid, we did a SAGE game scenario around a blackout incident. We thought about how that would impact across multiple departments. From a Defra point of view, one of the big issues is around water supply. Some of it is gravity‑fed and some of it is pumped. Without electricity, you cannot keep the water on. That becomes an issue that then feeds into us directly. That is an area where I agree with Sir Patrick: that is a significant risk and it spreads across multiple departments.
Professor Charlotte Watts: In terms of the national risk register, one of the two areas where FCDO leads is on outbreaks of high‑consequence infectious diseases. Covid is the infectious disease that we are largely focused on now, but it also includes Ebola, for example. With the recent outbreaks in Guinea and DRC, we were looking at how we support the response and understand what is going on, both from a development perspective in supporting those countries but also linking up with CCS and colleagues at PHE to constantly monitor what that means for the UK’s risk of exposure to those outbreaks. Similarly, when we see other infections internationally, we have an internal mechanism where we try to assess whether the systems are responding effectively, and we can feed that information back up to CCS.
Our other area in our mandate is around extreme weather events. That is particularly focused on overseas territories, but we regularly scan, working with GO‑Science, a range of areas, including earthquakes and other natural events.
In the FCDO’s own risk assessments, there are two areas where I have been particularly involved. The first is the international Covid response. We have just produced, for example, some scenarios to help us think through how the pandemic might play out in different geographies. In that case, it was because of the uncertainty in thinking about worst‑case, best‑case and plausible scenarios, but it also fed into a range of questions from the viability of our overseas network through to what it means for trends in mortality, development and so on.
The other area is on safeguarding and exploitation linked to the use of aid. That is on the FCDO register, and we are trying to use evidence to inform how we respond to it.
The Chair: That is very interesting and very helpful, too.
Q282 Lord Willetts: Good morning and thank you for coming to give evidence to this Committee. This is a question particularly for Sir Patrick. It was announced on Monday that you will be heading up a new office for science and technology strategy to strengthen the Government’s insight into cross‑cutting technologies and research. The government announcement went on to say that one of the roles of the new office was “keeping our citizens safe at home and abroad”. As part of that, will the office feed into the national security risk assessment, both on specific risks and more widely on what is happening in research and technology?
Sir Patrick Vallance: The office has just been announced, as you say. What is key is that it is a package of things that are about putting science and technology at the heart of government decision‑making. At the pinnacle of that is a national S&T council chaired by the Prime Minister, which will provide ministerial oversight of big strategic choices around science and technology. Then there is the office for science and technology strategy, which would service that from within Cabinet Office.
Importantly and in relation to your question, we are putting together an insights function that would give information on emerging technologies, horizon scanning and the ability to objectively understand, as a nation, where we are in different areas of science. In other words, it is quite common for people to say, “We’re very good at this”, and the question is what that really means. Where are we in terms of academic strength, business strength, start‑up investment and so on? In this way, we can have an objective view of areas and a comparative view in relation to what others have, as well as a horizon‑scanning function. That is being established now.
All that will be helpful to feed into assessments of where there are risks in terms of gaps for UK domestic capability or international partnerships, as well as where there are emerging technologies that might be a threat if others use them in the wrong way. It is very early days for this, but that unit is there to provide an objective insight that will then allow the office for science and technology strategy to look at strategies across government and the council to make ministerial and Prime Ministerial direction on that.
Lord Willetts: Will you plug into the NSRA?
Sir Patrick Vallance: It is more likely that the NSRA will stay within departments, because most of the experts in the areas and the policy owners sit in departments. There are the CSAs in the departments who support them. In my role as GCSA, I will continue to pull the CSAs together to look at that. That is more likely to be where that side of things occurs, rather than centrally in the OSTS.
Q283 Lord Clement-Jones: Sir Patrick, recognising that it is still early days in that sense, you are now designated as the national technology adviser. As a follow‑up to Lord Willetts’s question, I wonder whether you feel that the low‑probability, high‑impact risks posed by emerging technologies such as AI are adequately accounted for by the current risk assessment process. I wonder whether you have taken a view yet on that area.
Sir Patrick Vallance: We have been building up emerging technology scanning capabilities over the past 18 months or so across GO‑Science. That was somewhat interrupted by events, but we have a team that has been working that up and has started to produce some emerging technology papers, which are closely linked to the national security side of things as well.
The bulk of the emerging technology approach is to try to understand and horizon scan where things are and where they might be going. It is an aggregate of work that comes from across government. Not everything is driven internally from within GO‑Science; it is pulling in from outside government and from other departments. It is presented in a way that allows government to understand not only the emerging opportunities from technology, but where threats may arise and therefore what may need to be done. That has started, and we will continue to build that functionality.
Lord Clement-Jones: Is that a more centralised process than the one you were describing earlier to Lord Willetts?
Sir Patrick Vallance: It is centralised in the sense that we are trying to produce a government‑wide view on specific emerging technologies. It is not centralised in the sense that it is all done centrally. It is built up from expertise across government and from external inputs. The output is a summary of emerging technologies focused on opportunities but also, of course, encompassing threats.
Lord Clement-Jones: That will be rather separate from, if you like, the other risk assessment process within government.
Sir Patrick Vallance: Yes. This is primarily about trying to get horizon scanning on technologies in a formal way so that people can use it. It is focused largely on opportunities, but of course it also encompasses threats and has a national security element to it. It will no doubt feed into national security risk assessment processes, but that is not its primary function.
Q284 Lord O'Shaughnessy: Good morning to our witnesses. Sir Patrick, when you gave evidence last year to the Joint Committee on the National Security Strategy inquiry on biosecurity and national security, you described your role and that of your fellow CSAs as follows. “The role of the Government Chief Scientific Adviser and the Government Office for Science is to comment on, help and probe methodology”. You went on to say, “The chief scientific advisers across departments will look at the risks that are coming up through departments and try to be part of commenting, challenging and making sure that they have the right external input”.
Could you give us a bit more of an explanation of the unique role of the Government Chief Scientific Adviser and the departmental CSAs within the national risk assessment process? How have you been able to help and probe the NSRA methodology and to challenge departments? On the specific point about access to external input, do government departments have enough of that as they go about this risk assessment process? Perhaps I could ask you to respond first, followed by the other witnesses.
Sir Patrick Vallance: Yes, it will be important to hear from the others in terms of departmental process. As I said, the national risk register and the NSRA are owned by CCS. They are the people who pull it together. In departments, there are policy leads who own what happens there. The role of the chief scientific advisers, and my role, is to provide challenge on the methodology and on the assessments. Within GO‑Science, we have looked at methodological aspects of the NSRA. Indeed, we had an external academic doing some work on it in 2018, which provided quite a technical report. In 2019, we suggested that the Royal Academy of Engineering should take a formal look at it.
As a group of CSAs, we had identified a number of areas that we thought needed a closer look and an assessment of whether they could be improved. There were two areas that we pulled out as being of particular focus. One was interdependencies, so where risks cascade. I have given one example, total electricity failure, where you start to get a cascade of risks. How is that covered in the risk assessment process? The second was on the risk matrix, where we felt that there are some complications that need to be disentangled a bit to make these optimal. For example, a combination of malicious and non‑malicious threats creates something of a problem in terms of ranking and complexity. Acute versus chronic risks get scored somewhat differently; that is the way people do it. There are some risks that are instantaneous, such as a total loss of electricity, and others that grow as time goes on, such as a pandemic.
There are complexities in the way that risk assessment occurs and the way that is then visualised, which we thought needed more attention. The areas that we thought need to be worked up are around scenario planning, to try to get clarity on the definition of a reasonable worst‑case scenario and whether more than one scenario is needed to cover that in the right way, and the visualisation and presentation of the risk. The Winton Centre in Cambridge was involved in giving some advice around that, and continues to be involved and linked in with the Royal Academy of Engineering project. So methodological challenge and input is one of the things we do.
The second big area is that, of course, risks are built up departmentally. We feel strongly that there is a need to look right across risks. One of the advantages of the CSA network is that we have somebody from every department, and we can look across. Where risks may overlap or cause unintended consequences for one another, the CSAs can flag that up, but the ability to look across and understand interdependencies is an area that needs more looking at. Again, we hope that the Royal Academy of Engineering report will give some suggestions as to how that might be dealt with.
Lord O'Shaughnessy: You will be pleased to know that we are having a round table with the Royal Academy of Engineering this afternoon. You have done that work and you have made those suggestions. Are they generally well received? Do you find the CCS to be receptive to this advice?
The Chair: We will have to translate “CCS”.
Lord O'Shaughnessy: I am sorry: the Civil Contingencies Secretariat.
Sir Patrick Vallance: It owns the NSRA and the risk register. We work closely with it. We have people who attend its meetings on a regular basis. As you will be aware, Lord O’Shaughnessy, this is all fine, but, when it comes to crunch time and reports are coming out, the more input you give late in the process, the more difficult it is for people to take it. Some of this is pretty complicated stuff. We raised some concerns and areas that we thought needed to be focused on in 2019. That was too late to influence the one that had already happened. It will influence the next one, and that is why the Royal Academy of Engineering’s input has been so important.
That speaks to the other part of your question about external inputs. Gideon and Charlotte may want to say more about what happens at the departmental level, but that is where a lot of the external input comes from when it is being developed inside departments.
Lord O'Shaughnessy: I would love to get the perspective from the departments. Perhaps Professor Watts could lead us off.
Professor Charlotte Watts: The Royal Academy report is very sensible. I particularly like the pragmatic approach around, “You need to think about how you communicate and understand the risks in a way that is appropriate for the risk you are considering”. Going back to the Covid‑19 example, we would think about the international nature of that and the risks associated with the strengths and challenges of the international response.
We used a scenario approach. That is one of the recommendations of the Royal Academy of Engineering: to use scenarios where there is a lot of interrelated uncertainty. That work was led by me and members of my team, drawing on insights from SAGE. As part of that process, it was very clear that we needed to think about the plausible best, the plausible worst and what the range of middle‑type outcomes might be, because there is so much uncertainty, and to have different conclusions potentially in different geographies and particularly by different income groups.
As part of that, we were able to engage quite heavily, drawing on the expertise from SAGE and others working internationally, to sense-check the way we were framing things and to test some of our assumptions. Ultimately, we got feedback on the final scenarios to ensure that people felt confident with the way we were boiling down an ocean of possibilities to a few limited scenarios. That external engagement was incredibly useful for us to have confidence in what we were taking across Whitehall.
On Patrick’s point about the importance of CSAs from every department, I want to give you example of that related to the chronic risk element. For example, it could be a biosecurity threat such as wheat rust, which is a significant threat internationally to food supplies but also an ongoing threat to UK wheat production. It is a real value of the CSA network that I can call up Gideon and members in his team are sighted on what we understand about the spread of a particular type of rust. We can share what we are learning about the science of how to tackle that internationally and how that might inform future planning. We can then think about a domestic response if that particular disease spread to the UK. It is the informal networks as well as the formal networks that facilitate that rapid spread of information.
Lord O'Shaughnessy: I am conscious of time, but perhaps I could give Professor Henderson an opportunity for a brief comment.
Professor Gideon Henderson: The Defra teams themselves are quite heavily involved in the process of doing scenario development, such as reasonable worst‑case scenario development. There are a number of embedded in‑house experts in relevant teams, and a lot of that work is done in those teams. This is in areas including the flood and water team, the animal and plant health team—which is probably the one that would interact with Charlotte’s example—the resources and waste team, and the CBRN team. All those teams report what they are doing to me, and I can challenge them as the CSA.
I do not know whether you count this as external, but we also rely on the public sector research establishments for significant advice here. Defra’s include the Animal and Plant Health Agency and the Environment Agency. We make use of others such as Dstl, the defence lab in the MoD. We also tap into external advice explicitly through some of our external advisory bodies such as our Science Advisory Council, where we think that is necessary for new and emerging risks.
There is a CSA challenge function in all this. I find that the network of CSAs helps me identify where I should challenge. Some of the game playing and some of the SAGE activity that we do makes me realise the areas where I ought to go back to the department and ask, “Have we thought about this or that sufficiently?” That is an aspect of join‑up that is important.
In terms of NSRA, we had some concerns, which Patrick has raised, about the use of the matrix and the chronic-versus-acute last time. There are risks, such as those from the climate change risk assessment published last week, that are not in the risk register but are clearly known chronic risks. We need to think about how we deal with chronic and acute risks separately from each other or in complement with each other. We are also engaged in the NSRA methodological review, which you are engaging with this afternoon. Both I and the CSA at the Home Office are formally involved in its review board, and we have suggested genuine external experts to that group to inform the Royal Academy of Engineering in its work. I believe we are bringing a lot of external advice to bear.
Q285 Lord Triesman: I thank the witnesses for another extraordinary session. I appreciate it a lot. Can I ask a question about the extent of challenge? When we have heard from people who are involved in the process of government, they have tended to say, rather as has been said this morning, that each of you has a challenge function and that that challenge function is very significant. When we talk to academics who are specialists in this area, they say that they find it very hard to get in and challenge anything.
I wonder whether I could start with you, Sir Patrick. I am quite intrigued by how you see the balance. Is there enough of that kind of challenge? Could it be enhanced? How can we avoid groupthink? I have heard it said in academic circles in relation to Covid that the prevailing view of the London School of Hygiene and Tropical Medicine, for example, would tend to produce a groupthink view that was towards herd immunity. How is that challenged? How do you avoid that?
The final question is on the NSRA methodology. If there is challenge and wider discussion, would it be helpful if the public themselves had greater scrutiny of these issues?
Sir Patrick Vallance: These are really important areas. If I may, I will divide your question into two parts: challenge of the NSRA and challenge during an event. In terms of the construction of the NSRA, as I say, that is largely around expert inputs in departments, which Gideon and Charlotte can speak to, and then methodological input, which we provide from GO‑Science. That involves external people as well, including, as we said, the Royal Academy of Engineering.
There is a separate question there about challenge to policy and operational responses, which we would not cover, but it is a legitimate question as to whether there is appropriate challenge of the operational consequences of the NSRA. There are several academic departments that specialise in operational research. That is not an area we would cover but is one that is legitimate.
In terms of the response mechanism, SAGE is put together in a crisis. Traditionally, the way it works is that, if COBRA is called and there is a science element, SAGE will be called. That is the stand‑up mechanism for SAGE. SAGE is constructed from a series of databases and sources to try to pull together experts from academia, industry and around government. It is constructed to try to provide diversity of thought and expertise in the group. Since I have been Government Chief Scientific Adviser, we have had SAGEs around the events in Salisbury and Amesbury; we have had a SAGE around the Toddbrook dam event a couple of years ago; and of course we have had Covid.
Is it true that in any group you can get groupthink? Of course, that is always a risk. There is an extraordinary diversity of people who contribute. For example, in the current crisis, there are hundreds and hundreds of scientists who feed in, and parallel groups have been set up that have been incredibly valuable, such as the Royal Society groups that have fed into that. I do not think there are specific dominant voices on any particular thing that feed into that.
Can you always get better at this? I am sure you can. I am sure there are cases where other voices need to come in. It is a rather long answer to your question, Lord Triesman, but I am saying that, on the process of running the emergency, we get quite a lot of academic and other input. That is a formal mechanism, which is what SAGE exists to do. I am trying to make sure that we have enough industry voices. Very often, there is great expertise in industry that is more difficult to get in. That was definitely needed with Toddbrook dam, when we needed civil engineers and others to come and help.
The input of academics into the NSRA and the risk register largely occurs in departments, and I will defer to the other two. There may well be opportunities, not just on the science side but on the operational and policy side. That is a different area, which we would not cover.
Lord Triesman: Professor Watts, I wonder what your observations would be.
Professor Charlotte Watts: In the example I gave about our scenarios for Covid, we were able very easily to draw on academics. I was very thankful to the breadth of academics who engaged in that process as well as engaging in SAGE and supporting other responses. That is a critical part of what departments need to try to do. Just like Gideon, I will turn to our scientific advisory group where needed. In some cases, we will also rely on the science advice that we get from the bodies Gideon mentioned. For us, that includes the Geological Society, if we are thinking about earthquake and other risks.
On groupthink, my observation on SPI‑M is about how diverse the range of modellers is who think through scenarios. I have been hugely impressed by how, across a range of scenarios, there is a process that recognises that you might get slightly different conclusions. Based on that, what can you agree on and what can you not agree on? The process of working through the different modelling analyses is really helpful to get clarity on where we can feel quite confident and where might we have less agreement. The SAGE process supports that.
The other element that Sir Patrick did not mention is pre SAGE. Occasionally in some areas, where there is something bubbling up, we have brought together that expertise to get an early take on what we think the level of risk is. For example, since I became CSA, we have had a pre-SAGE on Zika, Ebola and others. In a way, using those formal structures but kicking it in early is a useful part of the process, to sense-check our thinking and our assessment of risk by bringing in the relevant voices from different experts.
Sir Patrick Vallance: That is exactly right. The pre‑SAGEs have been helpful. The SAGE process was established to bring in external expertise and breadth of expertise from within government, the PSREs and external. Prior to the SAGE mechanism, some of the advice systems were individually driven. You can see examples where Government Chief Scientific Advisers have given personal advice on certain things. It is very unclear how the external voices have come into that advice and decision. The SAGE mechanism, which came 10 years ago or so, provides an in‑built system to make sure there is external input and challenge right the way across the disciplines.
Lord Triesman: Can I push this a tiny bit further perhaps with you, Professor Henderson? You are identifying significant levels and points in a process where there are challenging voices from academia or elsewhere. Let us leave the business bit on one side, because I recognise exactly what you are saying about that. I wonder why perhaps quite significant leading academics feel that they do not get into it. What is it that makes them apprehensive?
Professor Gideon Henderson: I do not know. That is the blunt answer to that. Briefly, to support what others have said, there are multiple mechanisms by which they could feed in. As part of the SAGE process, we identified risks that we did not think were being adequately looked at, such as transmission in water, both drinking and swimming water, and a few other environmental risks. We brought together a group of external experts from academia to help us and to challenge us about how significant those risks were. That fed directly into the SAGE process.
We have external groups that have looked at the Covid transmission risk in animals, for instance in ferrets, rodents and pets. In a SAGE‑like way, that combines internal government expertise and explicitly external expertise. We use our Science Advisory Council sub-committee on exotic diseases, which is chaired by a Cambridge academic, to help on that issue.
The third area that I would flag is that CSAs are known publicly. We are not secret. We have networks, but our names are also known quite widely. I get people emailing me asking, “Have you thought about this or that?” I am sure other CSAs get the equivalent. There are very informal but quite effective ways of getting in touch with CSAs that can inform us of the challenges we should be raising through our internal mechanisms.
Q286 Lord Mair: My question is for Sir Patrick first. In response to Lord O’Shaughnessy’s question, you raised the issue of the risk matrix, and you talked about the complications and ranking complexities. Of course, it is constructed all around impact and likelihood. Broadly speaking, impact is probably easier to assess than likelihood. In fact, in many cases there is considerable uncertainty in estimating the likelihood.
What confidence can really be placed in the risk matrix? Can it be used meaningfully in how you prioritise and how you plan, thinking about strategic direction? Of what value is the risk matrix in reality?
Sir Patrick Vallance: I alluded to this in an earlier answer, when I said that I thought a future pandemic is certain. In that sense, its likelihood is extremely high; it is inevitable. The question is when. That is completely unknown. If you take a chronic risk such as flooding, it is inevitable, and you can be pretty clear over roughly what period that is going to occur. These create complexities. While the matrix is useful to try to bring these out, it can certainly draw the eye in the wrong place.
That is one of the things that the Royal Academy of Engineering is going to look at with us, and the Winton Centre has also advised us. How do we get a more sophisticated way of making sure that this does not draw your eye to the wrong place and allows people to develop scenarios that take into account the uncertainty? There is a lot of uncertainty around all this.
The answer to your question, Lord Mair, is this. If somebody just looks at the coloured boxes and says, “That’s it; it’s in box whatever and I’m not going to pay much attention to it”, that is completely the wrong way to think about at the risk register. It should not be used in that way.
Lord Mair: Do you feel it is currently being used in that way?
Sir Patrick Vallance: We definitely had a concern as CSAs that there would be a direct read‑across from the risk register for funding purposes. “It isn’t in box whatever, and therefore the funding priority is lower”. We made it clear that it should not be used in this way. I do not think it has been, but it is a concern. It comes back to the grading of malicious and non‑malicious risks. They tend to get graded somewhat differently, and then you end up with a potentially skewed planning and funding system.
My view is that the risk register should not be used to determine funding. There are all sorts of other things that need to play into it. My experience is that the discussions that take place among members of the National Security Council and others would do exactly that: they would not just look at it and say, “It’s in box X and therefore it gets more money”. There is a sophisticated understanding, but it is none the less a risk that people look at these matrices and draw an immediate conclusion from the colour of the box it is in.
Lord Mair: That is very much the impression that we have had: that the risk matrix is seen in that way. Something has a particular colour or is in a particular part on the plot, and it is rather taken as gospel. Is that fair?
Sir Patrick Vallance: I do not know of any examples of that, but we have expressed concern that it is a risk, yes. It should not be taken as saying, “Look at the matrix and you have the answer”.
Lord Mair: What is your view of the two‑year outlook of the NSRA in this context? There is an emphasis on the two years.
Sir Patrick Vallance: Clearly, it goes back to the point that I have just raised about pandemics. If you take a two‑year outlook, you get the wrong answer.
Lord Mair: Professor Watts, what is your view of the risk matrix?
Professor Charlotte Watts: I am not sure I have much to add to what Sir Patrick said. It is clearly a very simplistic representation of a complex combination of different types of impacts. It gives us much more of a qualitative insight than any quantitative insight. The value of it is that it helps us not to forget the unlikely but extreme events. If you did not have it, the risk is that you would put much more focus on the things in the here and now, and not prepare for low‑probability, high‑impact events. The challenge is about trying to get the right balance.
To reflect, when I look at my own department’s risk register, there are some that relate to the national risk register and others that are very much on broader operations. In practice, in our departmental decision‑making, a consideration of the national elements is clearly important, but there are a number of other factors that will ultimately shape decision‑making priorities and where resources flow at a departmental level.
Lord Mair: Professor Henderson, what is your view of the risk matrix and how useful it is?
Professor Gideon Henderson: I agree with my two fellow speakers. There is a danger in the RAG—red, amber, green—rating. It can lead to an overfocus on the red ones, but that point has been covered well by Patrick and Charlotte.
I would reiterate the point that it is not only differentiating malicious versus non‑malicious risks; it is differentiating acute and chronic. I note that, in its early considerations, the Royal Academy of Engineering is suggesting that acute and chronic are dealt with quite distinctly, in terms of whether you put them on a matrix at all and how they are dealt with on that matrix. That is definitely an interesting idea.
On the two‑year timeline, you need both. You need a continuous assessment of what risks look like and how they are evolving, but, if you do not have some sort of regular repeat, it does not force action; it does not make you draw a line under things and look at things on paper. Some sort of deadline in the process is quite a useful component, but it is no surrogate for continually inspecting the risks.
Q287 Baroness McGregor-Smith: Good morning to all our witnesses. My question is for Sir Patrick. It is about how crucial data is to many risks on the risk register, which I know you have certainly talked about before. We are interested in your assessment of how data is currently used in the risk assessment process and how it could be improved. That would go all the way from challenges through to interpretation and how you present it to wider audiences.
Sir Patrick Vallance: This is an area that I feel quite strongly about and one that has been exposed very clearly over the past 18 months. At the beginning of the pandemic, we had enormous difficulty in getting the data required in order to understand exactly what was going on. As a result of that, I was concerned, and I wrote to the deputy National Security Adviser to say, “We need to look across the risk register and ask a number of questions”.
The first is to define, for any given risk, what data you think you are going to need during an emergency, so that we understand what we think the data requirements are. The second is to be clear on who the data owners are. One of the problems in an emergency situation is finding out who actually has control over these data and owns them. The third is to work out the flow of the data. How will that data flow into the places it needs to flow? The fourth is interoperability, because very often you need data from multiple sources that need to come together in order to create a picture. The fifth is the analytics required in order to turn those data into information and to present that in a way that is accessible to decision‑makers and can inform responses.
There is a really rather important need, right across the risk register, to have a data plan for each risk, understanding all those points and no doubt more as well. This is being taken forward. It is a really important part of how we manage risk going forward.
The Chair: The final set of questions goes appropriately to Lord Rees.
Q288 Lord Rees of Ludlow: This is a question mainly to Sir Patrick. We all read your recent FT article about how the world should prepare for the next pandemic. You emphasised the importance of trying to identify an incipient pandemic as early as possible. This cannot be done by the UK alone. It is an international concern, which presumably involves the WHO et cetera, but we could use our influence in order to ensure there is the maximum chance of identifying these pandemics early.
I would like to ask you to comment on that and on the related concern that there are about 50 level 4 labs around the world working in this area. How can we ensure that they are obeying the rules in order to minimise what seems to me the growing likelihood of bio‑error or bioterror events? This is an area in which the UK has to use its influence and expertise to make the world care more.
Sir Patrick Vallance: The editorial arose out of work that I have been asked to do for the G7 presidency, looking at how we might accelerate the production of vaccines, therapeutics and diagnostics. Step one is to make sure that you have a good surveillance system. It has to be global. There is no point having a surveillance system just among your friends; it has to be across the world, everywhere. It needs to have regular sampling frames for human, animal and environmental sampling. There will need to be a clear system for data sharing and analytical hubs that can turn the data into information that is of value.
This has been laid out in a number of papers, including one that Jeremy Farrar wrote for the G7. The WHO would be the lead organisation for this. A very clear statement came out of the G7 about the need for such a surveillance system, which the WHO is progressing. That is crucial and requires long‑term sustained funding. One of the dangers that you will recognise is that we will all get very excited about what needs to happen now, and in 10 years’ time people will be less excited and funding will dry up. The lesson is that this needs to be continuous funding.
There were other recommendations on vaccines, therapeutics and diagnostics published in a paper called the 100 Days Mission, which lays out things that need to happen. All this is completely dependent on good healthcare systems and good public health systems. It is worth reflecting that it is very difficult to have surge capacity in systems that run at 99% capacity or higher.
In terms of labs, you are quite right. The issue in biosecurity in general is that many amendments to organisms are quite easy these days. It is not difficult to do things in labs. There is a real need to make sure that we understand what is going on. You have highlighted level 4 labs. There is also concern about what is happening not in level 4 labs, because some of these things are really quite straightforward to do. There is a rather important need for the world to think about what the systems are to keep an eye on this and to make sure the level 4 labs are appropriately regulated and looked after. Most of them we know about. Some of them we do not know about, I suspect. There is a need to understand the risks of things happening not exactly in garden sheds, but in places that are less well regulated. That is a real area of future concern. It is still the case that the biggest risk by far is natural infection spreading from animals into humans, but these labs need to be looked at in terms of their security.
Lord Rees of Ludlow: Yes, but what can we actually do to ensure they are monitored and reduce the growing annual likelihood of the bad actor or malicious release?
Sir Patrick Vallance: That is a question for multinational political bodies to deal with. We can give the advice on the risk and the potential. I would highlight both the ones that you have mentioned. Yes, we need to make sure that there are rules and regulations around level 4 labs. There is also the fact that this is easy to do outside those labs. Both of those need attention, but it is for multinational political bodies to decide how they would like to lead on that.
Lord Rees of Ludlow: As a science superpower, we could try to influence this as much as we can.
Sir Patrick Vallance: We will, for sure. This has already been raised as an issue that needs to be thought about.
The Chair: This has been an excellent session with which to end our Select Committee’s evidence taking. I am most grateful to all our witnesses, not only today in this session and earlier today but throughout the process of this Select Committee. I am most grateful to our staff, who have produced fantastic work and briefings for us, and I am very grateful to the Committee members, who have handled this in an extremely professional and inquisitive way.