Select Committee on International Relations
Corrected oral evidence: UK foreign policy in changed world conditions
Wednesday 12 September 2018
10.40 am
Members present: Lord Howell of Guildford (Chairman); Baroness Anelay of St Johns; Baroness Coussins; Lord Grocott; Lord Hannay of Chiswick; Baroness Helic; Baroness Hilton of Eggardon; Lord Jopling; Lord Purvis of Tweed; Lord Reid of Cardowan; Baroness Smith of Newnham; Lord Wood of Anfield.
Evidence Session No. 18 Heard in Public Questions 204 - 218
Witnesses
I: Mr Robert Hannigan CMG, former Director, GCHQ; Sir Mark Lyall Grant KCMG, former National Security Adviser.
USE OF THE TRANSCRIPT
Robert Hannigan and Sir Mark Lyall Grant.
Q204 The Chairman: Mr Hannigan and Sir Mark, thank you very much for coming to share your thoughts with our Committee this morning. I will begin with the formalities, which are that this session is on the record and that there will be a transcript afterwards which can be adjusted as you wish if it does not reflect your views and what you said. I also remind my colleagues to declare any relevant interests when asking their questions.
Gentlemen, you have been at the centre of our national security machinery in its various forms and we are extremely grateful to you for letting us ask you some questions. This Committee is not concerned with the current work programmes of the NSC, GCHQ, the Joint Intelligence Committee or anything else. There are other committees of Parliament that do that, not us. Our concern is about how, over the past eight years of the existence of the NSC particularly, and in the formation of our national security machinery, what adjustments the digital age has caused to be made to our machinery and, as the digital age roars on, with new technologies appearing almost every week, what necessary adjustments we need to make and have made to the machinery we now have in order to support our diplomats and an effective foreign policy.
I shall begin with a general summary question, using the words of Andrew Parker: what is the new threat landscape that has emerged? In this digital age, what priorities does it force on us? I am sorry if that sounds a little general, but later we will come to the structure of the NSC and its work, the cybersecurity threat and all the other dark goings on that come from APT28,[1] the GRU[2] and all the rest. It is the digital impact that we are interested in. I hope that is clear enough. I shall repeat my question: what is the new threat landscape? Will you start, Sir Mark, as you have been very close to this?
Sir Mark Lyall Grant: Thank you, Chairman. It is true that a lot of new threats have emerged over the past few years, but they have not come completely out of the blue. When I oversaw the 2015 Strategic Defence And Security Review, it identified four major security threats to this country. They were: state-based threats, primarily from Russia; terrorism and instability, particularly Islamist terrorism; technology and the cyberthreat; and the erosion of the rules-based international order.
Despite all the upheavals of the past three years, both domestic and international, when my successor did a national capability review this year, it endorsed those four threats, and I think rightly so, and added serious organised crime and natural hazards. Those four threats have not only been consistent over the past three years, they have been exacerbated over those years in different ways, and I am sure all members of the Committee will be aware of the implications of that, so I do not need to go into detail. To my mind, those are still the four main security threats facing the country, and that will continue to be the case post Brexit.
The Chairman: “Exacerbation” is the key word. Ongoing threats are being magnified and amplified by the digital revolution.
Robert Hannigan: Yes, Chairman. I agree with everything that Mark has said. If I think back 10 or 11 years to the first UK National Security Strategy which I oversaw under Gordon Brown, the big difference, which underlines Mark’s response, is that we took as read a rules-based international order that looks a lot more fragile and chaotic now. That is the biggest change for me. I agree on the basic threats.
On the digital side, we have seen in almost every area that the good things the digital world does enable also amplify and speed up activity in the threat landscape as well as the good side of society. In terrorism, this has shrunk the timeline of an attack plan from what used to be sometimes years, certainly months, to days. It just makes everything faster, and it enables communities of extreme people as well as communities of good people to be created very quickly and on a huge global scale, as well as all the propaganda.
Q205 The Chairman: I will ask one more general question before we get on to the specifics. Most of us have been brought up in a world where the link with the United States as our chief partner on intelligence and all security and military issues was pivotal and central. You mentioned the rules-based order now being in question in a way that it was not. What is also in question is our relationship with the United States. Two things have happened: one, it now has a President who is putting the inward concerns of America to the fore, and that has created a wobbly feeling about the Atlantic alliance; and, secondly we read that real power and technology—hard power and soft power and influence—are moving to the economic centre of gravity of the world, which is Asia. So we have the prospect of old allies looking a bit more difficult and possibly the need for new alliances and associations at every level, including intelligence. Am I parodying that, or is that the picture we are now all having to face?
Sir Mark Lyall Grant: I would certainly agree that of the four threats that I mentioned the most strategic and dangerous for the United Kingdom is the last one—the erosion of the rules-based international order. That is because we, as an open, trading, island nation, depend heavily on a stable international environment with rules and regulations. There is no question that, as Robert said, one trend in recent years is that that order is now under threat in a way that it has not been for the 70 years since the end of the Second World War. Whereas the Washington Consensus—the institutions that were built, largely by us and other western countries after the war, and the regulations that were set up—established a liberal-based order, an order based on human rights, democracy and free trade, it is now severely called into question to such an extent that for the first time in my lifetime we have to question whether the ultimate triumph of economic liberalism and democracy—the end of history, as Fukuyama put it—is the reality of where we now stand.
If one looks at why that is the case, there are lots of different reasons—geopolitical shifts, some of the blatant attacks, the sort of push-back on some of the liberal Responsibility to Protect, international intervention, and the humanitarian intervention doctrines of the 1990s and 2000s—but you are right, Chairman, when you say that one problem in tackling that shift is that the traditional champion of the rules-based international order, the President of the United States, does not currently believe in it. That is certainly a challenge. I would argue—Robert will probably be able to speak in more detail about this—that the underlying relationship with the United States is still fundamental to this country’s security and foreign policy. In my experience, it does not depend on personalities or relationships at the top. It is like an iceberg: the massive majority of what binds the United Kingdom and the United States goes on below that higher political level. It is underpinned by extremely close relationships on intelligence, security and defence, and also on values et cetera, that I do not think have been severely damaged in recent years.
The Chairman: That is an extremely important statement. Do you agree?
Robert Hannigan: I strongly agree. As Mark says, at the core of the security relationship is intelligence sharing and the nuclear part of the military relationship. Those two areas are unique to the two countries for long reasons of history and they are not shared with any other country. It is the only area, in my experience in government, where it is hard to see where one team starts and the other stops. It would take a very deliberate political decision to unpick that. It is an iceberg, as Mark says. It would need both sides to want to undo it, and I do not detect any sense that it is weakening, but I agree with Mark on the lack of commitment to the rules-based order. I do not detect any sense that that is weakening. But I agree with Mark on the lack of commitment to the rules-based order.
On your second point about Asia, the real challenge, which there is not enough focus on because we are so distracted with other things, is the rise of China in technology. I spend quite a lot of time looking at the Far East, and the most interesting thing for me is that China is becoming a world leader in so many technologies and will increasingly be one. The challenge for us is to find a way of living with that, of not seeing it purely as a threat but finding a way of accommodating that rise of China and using it to our advantage in the next 50 years.
Q206 Lord Hannay of Chiswick: Following on from that point about China, I noticed that you said that the latest iteration of the security threats to us continues to be the four you mentioned plus a new one and that the state-based one continues to be Russia. The absence of China from that latest iteration is interesting, and it is, of course, in contrast with the United States, whose latest equivalent stated that China and Russia were the United States’ adversaries or competitors—I cannot remember the exact word. Could you comment on that? Is the absence of China from our state-based threat simply a function of geography or a function of timing—that is, it could be but it is not yet—or is it that it does not come into the same category as Russia and is not irredeemably hostile to our interests across the board?
Sir Mark Lyall Grant: I think there is a little of all of that, but I would emphasise your last point. The difference I see between President Putin’s Russia and President Xi’s China is that Russia is deliberately trying to undermine our system of governance, our democracy and our institutions. Let us not forget that Russia has an economy one-tenth the size of China and about two-thirds the size of the United Kingdom, so for President Putin to ‘make Russia great again’, to coin a phrase, in his mind he can do that only by weakening his enemies, and he identifies his enemies as the United States, NATO, the European Union and the United Kingdom. That is a fundamental trend of a declining power that has very strong hard power but virtually no allies around the world and no soft power. That is why we are seeing the destabilisation of Russia’s neighbours, the cyberattacks, the misinformation campaigns and the assassination of people who disagree with the Kremlin overseas. I see all that as part of a pattern of President Putin trying to push back against Russia’s relative decline, particularly vis-à-vis China.
China is obviously a rising power and does not, in my view, pose a direct threat to our system of government or way of life. It is not looking to undermine those fundamental institutions of the United Kingdom. Of course it is heavily involved in espionage and cyberactivity, but it is doing so for its own economic and commercial benefit rather than to undermine our democracy. I think there is a qualitative difference between the direct threat that the two countries pose.
Having said that, if one looks at the erosion of the rules-based international order, both countries pose a threat to it: Russia by what it has been doing—the annexation of Crimea and so on—and China through the militarisation of the South China Sea and by ignoring the arbitration panel on the Law of the Sea on that issue. That certainly works to undermine it. Perhaps because China feels that it has not been given a fair share of current economic international governance systems, it has started to establish some rival organisations. One can point to the Shanghai Co-operation Organisation, One Belt, One Road and the Asian Infrastructure Investment Bank. All those organisations have been set up since the establishment of the post-War structures and the one thing that they have in common is that they do not include the United States. In future that poses a threat to the current international governance system, but it is more of a potential threat rather than a direct national security threat to the United Kingdom as posed by Russia.
Robert Hannigan: I entirely agree. With Russia, there is not much opportunity. It is really about managing and containing its relative decline over the next 50 years, or maybe sooner, as it thrashes out and tries to displace internal problems by overseas adventures, as we have seen. That is a challenge but it is a tactical, secondary one.
China is of an entirely different order. There is a huge opportunity there, if we get it right. There will inevitably be some conflict, as Mark says. There are difficulties in persuading China to align fully with international rules and to feel part of them, but there have been steps in that direction. I see it as being as much of an opportunity as a threat. We just need to get that management right. It is a difficult one for policymakers. I think we have veered between threat and opportunity over the past 10 years on China and do not quite know, but that is the big challenge for this century, not Russia.
Q207 Lord Grocott: I shall make two observations and I will be interested in your response. There is always a tendency for any Select Committee to write a report in terms of “this is a seminal moment” and “we are experiencing a watershed”. Am I right in concluding from the remarks of both of you, particularly Sir Mark, that while there are lots of important challenges and some, particularly in the cybersphere, are new, in the main problems facing our foreign, security and defence policies you can see a clear thread going back years if not decades?
My other observation is perhaps slightly more fundamental. It might be a misapprehension or a sign of age on my part, but the idea of the end of the rules-based international order rather suggests that there was once a golden age when everyone understood what it meant and abided by it. I would like to know when that period was. When I was growing up, which was at the same time as a number of people around the table, there were wars all over the place and there were horrors in eastern Europe, Vietnam, Korea and Malaya. Where was the relationship between east and west? It was routine that Russia was interfering in large numbers of countries, but so were Britain and the United States. Our hands were not completely clean in the process of democracy in Iraq and as for the United States in Central and South America, we could spend the whole day talking about the extent of its intervention in the internal politics of those countries. When was the golden age? What is hugely, fundamentally different about now and then?
Sir Mark Lyall Grant: I will try to answer that. The golden age was from 1989 to 2009; it was only a 20-year golden age. It is true that after the Second World War there was opposition to this liberal rules-based international order and that Russia never bought into it properly, preferred to do bilateral arrangements on nuclear disarmament et cetera with the United States and stood a little bit aloof from it, but it never challenged it and undermined it. At the end of the Cold War, which is why I mentioned 1989, there was a golden era of that rules-based international order. We suddenly saw the UN Security Council unblocked, a number of new UN peacekeeping missions, particularly to tackle conflicts, the International Criminal Court, the Human Rights Council, a flourishing of women’s rights and LGBT rights, a whole series of new institutions and new normative developments, particularly at the United Nations. What is striking about those developments is that they all went in a liberal direction. I had a very privileged seat to look at some of this as I was ambassador to the United Nations from 2009, and during my time, in particular from 2013 onwards, I noticed the intermittent resistance to this liberal order becoming more systematic.
During my time, in particular from 2013 onwards, I noticed the intermittent resistance to this liberal order becoming more systematic. We began to see an unholy coalition between Russia, some conservative Muslim countries, some of the hard-line non-aligned countries, right-wing NGOs and the Vatican City, in some cases, push back in a systemic way against this liberal international order. The sharp edge of the spear was LGBT rights, but that soon spread into women’s rights and then into political and civil rights. This was brought home to me most clearly in 2015 when we wanted to celebrate the 20th anniversary of the Beijing Platform for Action, which was a base consensus document agreed 20 years earlier in Beijing on women’s rights worldwide. It was agreed by everybody. It became clear in 2015 that not only could we not effectively celebrate that achievement 20 years later but it would not have been possible to agree in 2015 the document that had been agreed in 1995 in China. That was the extent of the pushback against the liberal order.
There were a number of reasons for that. You could argue that tactically some of the Western countries, including ourselves, pushed a little too hard on LGBT rights, capital punishment and things such as that which brought in more conservative African and Caribbean countries on the wrong side of the argument, but you have also to point to the impact of the interventions in Libya, Syria and Iraq, which some people felt had pushed concepts such as responsibility to protect and humanitarian intervention too far and had led to a push-back, and you have the geopolitical shifts as well.
To go back to your first question about whether we are at a crucial moment, I do not think that this year is the critical moment. This is a trend that has been coming and has been identified for some time, but it is undoubtedly a worrying trend for a country such as the United Kingdom which depends so heavily on that rules-based international order.
The Chairman: Mr Hannigan, is it also about the rise of non-state actors and the fragmentation of nations?
Robert Hannigan: The only thing I would add is that we have seen a trend of states behaving in a way that suggests that they simply do not care about things they cared about 10 or 15 years ago. Russia is the most obvious example, both in cyberspace and on the streets of Salisbury, not minding that people know it did it and sticking two fingers up to any sense of international rules. It is not the only state doing that. That has emboldened a lot of bad behaviour that we did not see before. I agree that the past century was perhaps not a golden age, but there was a degree of predictability about it, and there were certain red lines which most states stuck to in their own interests. That has been eroded. I agree with Mark that we are not necessarily at some great tipping point, but there is fragmentation and fraying of that system. Where it will go next is really interesting.
Q208 Lord Jopling: We will come to cyber threats in a moment, but I shall ask a question about the second of your threats: terrorism. We are faced with CBRN[3] threats, which you will both be only too well aware of. They could have a devastating effect and could become milestones in history in a very big way. Do you think there are glaring holes in our preparedness for those sorts of threats? Of course, you can always spend more and devote more resources to trying to prepare for, for instance, a dirty bomb, which is at the rough end of the thing. Do you think there are some aspects of preparedness that are super-urgent and where there are now shocking inadequacies with regard to our preparedness? This is the only opportunity in our inquiry to have people of your distinction and experience who can talk about these things. I would be grateful for your comments.
Sir Mark Lyall Grant: I am by no means an expert in this area. The short answer to your question is that I am not aware of any blatant gaps in our defences in this area. A huge amount of work goes into it. The National Security Council has a sub-committee that deals with nuclear threats and hazards looking precisely at our defences and how we would react to those sorts of attacks. Obviously the intelligence agencies are very focused on them. A lot of the work that we do in the Five Eyes community with our international partners is also in this space, but I would not claim to be an expert on the detail.
Robert Hannigan: We have a history in the West over the past 30 years of underestimating what terrorists will do. The summary of the 9/11 inquiry is really that no rational, intellectual, Western assessor of terrorism imagined that somebody would fly a plane full of civilians into an office block. I do not think that we ever imagined that ISIS would stage-manage and film executions and use them as propaganda in the way they did or advance as quickly as they did on Mosul, for that matter. We tend to be a little behind, but to be fair, in the past 10 years, we have done a lot of work on those extreme scenarios, particularly CBRN and cyber, and we know from intelligence that terrorists aspire to do those things, partly because they have watched the Hollywood films and like the idea of catastrophic cyberattacks and CBRN attacks. They are a long way from having the capability, and we have to do everything possible to disrupt their attempts to get the capability. The worry for me is that, given that they have the intent, the thing that is likely to accelerate the capability is assistance from states, so it goes back to the rules-based order. How far will some malign states go in helping terrorism? If they go too far, we could be in a very serious situation.
The other thing is that, particularly in the case of cyber, but to some extent in chem and bio, some of this is available in the criminal world, and if states are allowing criminal organisations to flourish, it is possible to buy some of this assistance, so that could accelerate their capability. Mark is right that Western Governments in general are pretty focused on this and there is a lot of good joint work going on. You could spend a limitless amount on this, but I think they have got it about right at the moment.
Q209 Baroness Anelay of St Johns: I return to the fragility of the international rules-based order and I shall ask a “what next?” question. Sir Mark, I saw you when you were in place as our ambassador in New York. I was able to stay there as a Minister and saw the work that was being done day by day. You have also said how the impact of that fragility on us is extremely detrimental and is very dangerous to our economic and democratic survival. What next? What should the UK now focus on to try to at least ameliorate some of that fragility, if not reverse to those 20 golden years? How can we try to address that?
Sir Mark Lyall Grant: It is important for us to recognise that international governance structures need to change and adapt to the new geopolitical realities. Obviously, at the forefront of that is the membership of the UN Security Council. Discussions have been going on for 20 years—Lord Hannay will remember them from his time at the UN—but nothing has happened. Ironically, one of the biggest obstacles to UN Security Council reform is China because it does not want to share its permanent membership limelight with its Asian neighbours Japan and India, and under any realistic scheme both of them would aspire to a permanent seat on the Security Council. None the less, we need to find ways of binding some of the emerging powers, not just China, into the governance structure in a way that makes them feel ownership of it so they will take more responsibility for maintaining and upholding it. That is one thing.
Secondly, if a rival governance system is established around China, for instance, it will not be based on our value system. That is what is very damaging for us. We therefore need to stand up and very loudly defend our values, whether they are democracy, the rule of law, human rights et cetera, but at the same time, we perhaps need to be a little more sensitive, as I hinted at before, in not pushing some of our beliefs down the throats of countries that are not ready for them. Sometimes we have been a little too assertive in insisting that everyone follows our value system when clearly they do not. If it is to become a battle between the Chinese system based on Marxist-Leninist ideology, which is President Xi’s background, or the Western one, we need to make sure that the middle ground, which is the vast majority of countries in the world, is attracted by our system rather than the Chinese one.
The Chairman: Mr Hannigan, do you want to add to that?
Robert Hannigan: I have nothing to add.
Lord Purvis of Tweed: In many respects, this question is supplementary to that. I was in Qingdao last month and the detritus from the Shanghai Cooperation Organisation summit earlier in the year was still there, including the banners with the Confucian slogans. The issue will perhaps be driven on a Confucian model rather than a Marxist model. Sir Mark, I was very interested in your comparison between that kind of threat and the alternative hard power threat that President Putin provides. Are we better equipped to respond to the hard power threat rather than the soft power threat when it comes to things like the SCO and China’s moves? We were able to mobilise very successfully and impressively in response to the attack in Salisbury, but I am not sure that we have been able to have an equivalent response to a soft power threat. I have not been able to determine any major activity from the British Government on Malaysia and Pakistan pushing back on what is effectively a very dominant One Belt, One Road push. We need an equivalent response for our Commonwealth partners on soft power, but I have not been able to discern any response to take advantage of Malaysia and Pakistan, who could become key allies in the area, and to build on what we have. Do both of you have a response to that? Are we better equipped to respond to the more traditional threats than to soft power?
Sir Mark Lyall Grant: I think there is probably some truth in that, but I would not underestimate the Government’s ambition to engage with those sorts of things. I am speaking as a previous High Commissioner to Pakistan. Certainly at that time we worked extremely hard to bind Pakistan into our value system. It has been a very bumpy road, for obvious reasons that I will not go into, and American policy has not always helped with respect to Pakistan, but in those countries this Government and the previous coalition Government have made a deliberate effort to reach out to create those linkages, whether through the Commonwealth or bilaterally. Yes, I agree that we need to do more, but this country has a very strong reservoir of soft power in a way that Russia perhaps does not. We are very fortunate and we need to mobilise it to its fullest extent. That will be particularly the case after Brexit.
Robert Hannigan: I agree. All I would add is that in hard power geography obviously makes a difference and we are not a Pacific power. If you are in south-east Asia or the Pacific it is pretty rare to see a Royal Navy ship, or an aircraft for that matter. There are not many visits. That will not change, realistically, and that is noted. I agree with Mark that we still have huge soft power in that region. We have great relationships which we can build on. You mentioned One Belt, One Road. That goes back to our ambivalence about whether the rise of China is a threat or an opportunity. The truth is that it is both. We have not quite worked it out. We have seemed at times to lurch from one extreme to the other. It is genuinely difficult to work out how to handle it, so I am not minimising the challenge. That reflects some of our ambivalence about what to do when confronted with behaviour in the South China Sea, for example.
The Chairman: Lord Reid?
Lord Reid of Cardowan: I think I have pre-empted. We are going to come on to the question of the narrative on the next question, so let us leave it until then.
Q210 The Chairman: I have just one final question, on the general feel. Sir Mark, you said that there is a challenge to the liberal rules-based order from the Chinese model or from rogue nations. Is there not a third challenge, the one we are trying to analyse in this Committee, which is to Governments generally, to the governmental authority and legitimacy which has preserved what remains of the liberal rules-based order today? Books have been written by many commentators, mostly Americans, who say that now, the street is empowered. Now everyone has a mobile telephone and an iPad, and, as Madeleine Albright said when this Committee interviewed her, the trouble with the technological age is that every individual has their own echo chamber. Is this not a challenge to the authority of Governments everywhere? Can we point to a Government today who really feel secure? Perhaps Xi Jinping or Shinzo Abe do, but every other Government on earth—in the Middle East, Europe, Russia and America—are under challenge. Is that not the bigger problem for governmental security and national safety that we have to face?
Sir Mark Lyall Grant: It is a big problem. You are opening up a new field here. I am struck by a relatively new development, which is that the Government can no longer keep their citizens safe from cyber or terrorism. I put that very starkly, but if you take the first duty of Government, to keep their citizens safe, over recent years the Government have increasingly relied on companies and individuals in order to help them keep the people safe. The Government can do a lot but, particularly in terrorism and cyber, they rely very heavily on individuals and companies: whether that is vigilance on the Underground with the slogans ‘See it, Say it, Sorted’, the Prevent programme trying to encourage doctors and teachers to identify people who might be at risk of radicalisation, or getting the big communication service providers and the big tech companies to clean up their act and help the Government stop terrorists using their websites, they need other people. Of course on cyber—Robert can speak to this—government structures are a target, but they are relatively well protected compared to individuals and companies. Last week we saw with British Airways that companies now have to spend hundreds of millions of pounds on their cybersecurity. The Government can help by setting up the National Cybersecurity Centre, but responsibility lies with companies and individuals. Who on your Committee, Lord Chairman, has not received scam emails from someone trying to get their bank details? The Government cannot help with that. Individuals have to look after their passwords and be vigilant. This is a relatively new development and it has led to a greater sense of personal insecurity in this country, which is not necessarily consistent with the overall strategic threat, but people feel more vulnerable because they feel the Government cannot solve all their problems. That is part of what you suggest. There is an even wider point, which I do not want to go into now, but there is an argument that we are coming to the end of the post-Westphalian nation state structure. I have a theory on that, but I will not bore you with it.
Lord Grocott: I would like to hear about that.
The Chairman: Sorry, we have to try to contain our subject, but these are the issues nibbling at the edge of it all, they really are.
Robert Hannigan: I do not regard this as an entirely bad thing. To answer your broad question, the creation of the internet, the way it has developed and the way the world wide web has developed on top of it have challenged every Government in different ways. We see Parliaments around the world, including this Parliament, struggling with a new order in which they cannot pass legislation that solves the problems they see—the ones Mark has referred to—because the internet infrastructure does not respect borders. A great deal of it is run from the United States, but that is changing and more of it will move to the east. That is very destabilising for people who are used to being able to legislate for whatever goes on within their own borders. I do not think that is entirely bad—there is a liberating side of it—but it is a challenge for everybody and the law is not keeping up. It is one of the big policy issues for the next 20 years. Of course, it looks very different to the actors we have been talking about. Russia essentially sees the internet as a giant US conspiracy owned by the US. China has taken a different approach, which is effectively to create its own internet. It is large enough to be able to do that. These are still the early days of the internet. Seeing how it develops will be fascinating.
The Chairman: I feel irresponsible as Chairman as I have unleashed a series of new questions. There are three more questions on the general theme, but I ask members to hold off while we move on to the machinery of the National Security Council, in particular.
Lord Reid of Cardowan: May I suggest, as a minority of one at the moment, that we do not do that because we are looking at the changes to international relations, diplomacy and so on in the digital world and I suggest, with respect, Lord Chairman, that we unleash Mark. The post-Westphalian world is precisely at the centre of what our considerations should be with the old borders of the nation state being overrun. If he could be allowed to encapsulate his theories as briefly as possible it would be very important.
The Chairman: I am not going to give permission because I want to come back to those questions in the last question, if we ever get to it, and we will not unless we press on with one or two things first. So, yes to all that, but we will come back to that in Question 4 and now go to Lord Hannay and the National Security Council.
Q211 Lord Hannay of Chiswick: There are three questions on the National Security Council, without wishing to drill down into the subcommittees and all that sort of thing. The first is, do you think that the National Security Council in its six, seven, eight years of existence has effectively strengthened the co-ordination of our international policies or is it it a kind of chapeau—a hat—that has been put on top of centuries of turf-fighting and siloisation, with which we are all pretty familiar? The second question is, to what extent do you feel that the fact that the National Security Council does not have any responsibility for economic policy, even international economic policy, is a handicap? Should its remit be a bit wider, to include economic issues?
Thirdly—and this is on the public presentation of foreign and international policy—do you think there is a gap in which we have no one who leads the national narrative on the basis of policies agreed in the National Security Council, in the way that anyone who watches US television any weekend will see is being done by various senior members of the United States National Security Council? I do not want to get into who should do it, but is there a gap that needs to be filled? Just to take your own example about the rules-based international order, no doubt within this room we could do reasonably respectably in a ‘Mastermind’ test on what it consists of, but most of the punters out there do not have a clue about what it consists of and nobody is telling them. Nobody is explaining what trade problems, security problems and cyber problems consist of and how they are interrelated. Could you possibly handle those three aspects of the National Security Council without getting into nitty-gritty about who does what to whom?
Sir Mark Lyall Grant: Certainly, the National Security Council is more than just a chapeau over warring departments. It has fundamentally and strikingly changed the way of working in government over the past eight years because it brings together quite a wide range of actors—Ministers, officials, the Chief of the Defence Staff, the National Crime Agency, the Metropolitan Police et cetera—around the table in a formal way every week to discuss strategic security issues. That allows—this goes partly to your second question about economics—prioritisation and the discussion of trade-offs. In my experience as secretary to the National Security Council, the best discussions were when there was a certain tension between prosperity, security and values. When we discussed strategic relations with China, for instance, as Robert says, there would be Ministers arguing the security case, Ministers arguing the prosperity case and Ministers arguing the values case. The Committee as a whole was in a position to say that there was a balance to be struck and that on an issue or more strategically, they were going to prioritise prosperity and slightly downplay the security risk or downplay the values concerns we have about China. That allows that to happen in the National Security Council. Although it is true that economic issues per se do not appear in the remit, the Chancellor of the Exchequer and the Business Secretary are prominent members of the National Security Council and will always bring those issues to bear on any discussion.
The second thing that has happened is that it has fostered joint working. Robert will know much better than me that one of the most dramatic changes is that the three intelligence agencies now have a single departmental plan. That sort of joint working did not always happen before, but it is now driven underneath the national security umbrella. There are now more than 20 joint units between different government departments within the national security space to deal with certain specific issues. There are cross-government programmes, such as the Conflict, Security And Stability Fund and the Prosperity Fund, which are overseen by the National Security Council. I do not think it would be untrue to say now—I think it is fair to say—that there is a national security community in a way that there was not before the establishment of the National Security Council. It has been more fundamental than just a wraparound or a chapeau.
Your last question about who should lead the National Security Council is much more difficult to answer. The reality is that it is a sub-committee of Cabinet and it is chaired by the Prime Minister. It is therefore a creature of the Prime Minister. I had the privilege to serve under two Prime Ministers and I think it is fair to say that they chaired the Council in very different ways. I think they would see themselves as the main spokesperson for national security. In America, it is true that the National Security Adviser has a higher profile, a more political profile, than the National Security Adviser in the UK. The United Kingdom National Security Adviser is a civil servant who obviously works very closely with the Prime Minister but is not a politician and therefore does not have a public role. There may be a weakness in some of that. Partly because of the secrecy of some of the material that is discussed in the National Security Council, agendas are not made public, so there is no press statement after each National Security Council meeting. There is a parliamentary committee that looks at the National Security Council and its work and it has access to the agendas in arrears, but not in advance. There may be scope to be a little more open about the discussions and what is done, and perhaps a spokesperson could go out afterwards and say that the National Security Council has discussed X, but that is not the way either of the two Prime Ministers I served wished to run it.
Robert Hannigan: I will be brief. I agree. Having experienced the predecessor Cabinet committee and then the NSC, I think that it has made a difference. I would not underestimate the impact of the same people meeting every week and discussing these issues. It matters. I agree that, in a very British way, we found a way for influence and power to flow down from the Prime Minister through the National Security Adviser. It can get things done. It does not have the executive power of the US system, but to give it that you would have to re-engineer the entire system and give the National Security Council a much larger staff with power over departments, and that would be a huge change for the UK. This goes to your final point about public presentation. Our counterparts in the agencies and our National Security Adviser are political appointees. They are expected to go out and speak publicly. Ministers here would be pretty reluctant to allow civil servants—even if they were not reluctant—to go out to speak in that way. You could go for the US-style, but it would be major re-engineering of the whole system of government.
Lord Hannay of Chiswick: You have partly answered whether there is a gap, not how it should be filled, and we are not asking how it should be filled because it is not our task to say that, but the question is, is there a gap? Are the public aware of how the British foreign policy narrative is gradually evolving, and if they are not, should they be?
Sir Mark Lyall Grant: I think there is something of a gap.
The Chairman: It is the question we were on a moment ago. There are now millions of people opening their iPads every morning, blogging and entering into discussions on a scale that did not exist 10 years ago. If there is a vacuum of information, it is filled by a lot of extraordinary statements and nonsense, and that is the danger. It is very hard to answer, but that is the new situation we face.
Q212 Lord Wood of Anfield: I want to pick up something that Lord Hannay mentioned in passing about the economic dimension of security. It struck me when I worked in government that there was a division between the economic analysis part of government and the security part of government. Even though we know that huge international developments, such as the rise of populism, the emergence of the Arab Spring in the Middle East, the rise of China, Brexit and Trump have economic developments at their core—even if they are not the main driver—our security analysis capacity, brilliant and impressive as it is, struck me as quite detached from economic analysis within government. It seems to me that that is as much the fault of the Treasury as it is of the Foreign Office. This division struck me as a problem, given the nature of the security threats and the inextricability of security and economic factors. Do you think that is still true, or do you disagree that it was ever true? Do you think this is a problem given the intertwining of those two things?
Robert Hannigan: I think it is still true. It is a feature of our system, which is a problem. The difficulties over clear direction on China policy are a perfect example of that. It is both sides. The bits of the Treasury that do security tend to be about the funding of the security part of government and the security world sees economics as something else. They meet to some extent in the Joint Intelligence Committee, but in a very small capacity. I agree. In the US model, the US Treasury is much more sophisticated in this way and it would be a good development if we could bring the two together.
The Chairman: Lord Reid, the floor is yours again. I know you want to talk about Westphalia, but we also want to talk a bit about cyber. I leave it to you to choose which.
Q213 Lord Reid of Cardowan: My assumption is that cyber and post-Westphalia are inextricably linked. Robert, you stressed the nature of the cyber threats and of our relationship with the United States, the special relationship, which was initially formed on signals intelligence and then cyber. It is crucial, but it is not the only issue. To what extent do you think that we have adapted to the cybersecurity threat and if you were in reflective, self-critical mode, what more do you think, if not should have been done, should be done now?
Then I ask Sir Mark the simple question: how have cyber and the digital revolution undermined or changed the assumptions behind the Westphalian concept of nation states and their relationship to each other in international relations?
Robert Hannigan: On your first question, because of the close relationship with the United States within the Five Eyes, we have been good at protecting government from cyber threats over the past 30 years. The key insight, which we probably came to late but more quickly than most others, was that Governments cannot do this. As Mark said, this is really about the private sector. This is about the economy. The attacks are on the economy. The data is in the economy. We have to find ways of stepping outside the secret world and making that available to and in partnership with the United Kingdom economy. Then we very quickly realised that you cannot hive off the UK economy in cyberspace. That demands good relationships with other countries.
Ultimately cracking the long-term strategic cybersecurity problem will demand new agreements between countries about what is acceptable, what is not and what the ‘rules of the road’ are. A lot of that will be down to the tech companies, those who own the infrastructure of the internet and those who manufacture it—the supply chain. There is a huge amount of work to be done, and the difficulty at the moment is that we are all racing to catch up with the criminal and, to some extent, the state threat, which is racing ahead. Now is not a particularly good time, for all the reasons we have been discussing, to get global or international agreement on cyberspace. I do not think there is any chance of that in the next 10 years, frankly, but that is what we need to do: to pick some of the long-term infrastructure problems in the internet which, as everybody knows, was not created with safety and security in mind. It was a brilliant piece of engineering and a great vision, but nobody thought or calculated that it would be used on the scale that it has been. I think we have done pretty well, without sounding complacent, but against the threat and the global nature of the challenge, we have a very long way to go.
Lord Reid of Cardowan: Can I just ask a supplementary on that? You said 10 years possibly. Is that not hopelessly optimistic for an international agreement?
Robert Hannigan: Yes, it is. The international treaty on the law of the sea took 30 years, I think, to negotiate, and it was a lot more straightforward than anything in cyberspace. It will be down to political will and vested interests. Trying to get an arms control-style global treaty on cyberspace is worth discussing, but it is not going to go anywhere. It is better to try to get smaller industry-based or sector-based agreements which people will stick to and which we can in some way monitor. Some of the big tech companies—Microsoft, for example—have suggested some sort of tech accord along those lines. There is lot of work to be done and a lot of discussion going on, but I agree that there will not be an international treaty any time soon.
The Chairman: Sir Mark, do you want to add to that? It is still a wild west, is it not?
Sir Mark Lyall Grant: I was going to leap through this door that Lord Reid opened up for me on my theory with a focus on digital. What is striking is that the number of sovereign independent countries has increased very substantially in the past 70 years. Seventy years ago, there were about 60 countries; there are now 193 countries. That is a sign of the weakness of the nation state rather than of its strength because all the new nations, such as East Timor, Montenegro and South Sudan, are due to the break-up of existing countries. If one looks at the threats to the nation state—we have mentioned some of them already—there is regionalism, of which the European Union is the most developed example and, despite Brexit, is still being followed by a number of other regions around the world. All countries around the world have their own regional groupings that are becoming more powerful and taking sovereignty away from the nation state. There is localism with people pushing for more decisions to be taken at the local level, leading to independence movements in Scotland, Catalonia and lots of other places as well.
There are multinationals: three of the top 20 entities in the world now are multinationals not companies. Our Government knows how difficult it is to tax some of these multinationals because they do not respect borders and they move their capital around very easily. The internet by definition does not respect any borders, and those countries that are trying to control the internet—Turkey, China and others—are finding it very difficult to do so. There are some religions—Islam, by definition, does not respect national borders and is focused on a Muslim umma—and terrorism, migration and other pressures. In some areas, Governments are losing the monopoly of things that are fundamental to a state. They are losing the monopoly of force in places such as Lebanon where the militias are much stronger than the Lebanese armed forces, and they are losing the monopoly of money as cryptocurrencies—going back to the digital theme—are a rival to states printing money. All these are pressures, some of which are very new, on the nation state. I like to think of the nation state as an egg. If you put symmetrical pressure on an egg, it is quite a powerful structure, but if you put asymmetrical pressure on an egg, it collapses very quickly. The only question in my mind is whether these pressures will exert such asymmetrical pressure on the nation state that that the system will collapse. The Westphalian system is less than 400 years old. There is no reason to think that it will last indefinitely. I can speculate—but I will not—about what comes next, but that may be for another day.
The Chairman: That was a fascinating answer. Baroness Coussins wants to speak. Lord Reid, do you want to add anything?
Lord Reid of Cardowan: No. I agree with your prejudices or your preconceptions.
Q214 Baroness Coussins: I want to go back to the cyber issues. I was struck by something you, Mr Hannigan, said near the beginning about the shrinking of the timetable of attack plans. That chimed with what we heard earlier in our inquiry from witnesses from tech companies and NATO about the speed of decision-making as a critical factor that has changed the security landscape altogether. Will you comment on what can be done to address the need for much speedier decision-making in the light of what you have said and say whether that is just to do with technical developments—algorithms thinking and adjusting instantly—or is something on which the UK might offer leadership in identifying more human, intellectual, analytical investigative skills and activity that might be needed to respond to the new speed of decision-making that is required to respond to our security threats?
Robert Hannigan: It is a very interesting area because the digital world is enabling all our traditional processes in a way that is exhilarating and rather worrying. There was a time when the Government were the first to know things, especially critical or dangerous things. That went quite a long time ago with 24-hour news, I think, but it has certainly gone now. Our traditional structures struggle a bit to keep up with that, but it will get worse. There will be far more data in the next 20 years, and there will be far more processing capacity out there to do incredible things with the data. Artificial Intelligence will enable really exciting things to be done with that data which have so far hardly been imagined. I saw an article the other day about a Chinese company, I think, that is suggesting that there are algorithms that would help Chinese diplomats make decisions in foreign policy. In China, they thought that was serious, but it is an interesting indication of the way that people are thinking about decision-making even in government. I do not think artificial intelligence is going to be able to do all the decision-making that policymakers have done up to now, but it will be able to do some of it. We will have to explore how best to win public confidence. The big challenge here will be that the algorithms that are being used by government and the private sector need to inspire confidence in the public that they are ethically based. That is a particular challenge for the Artificial Intelligence sector at the moment. There is a danger that we will reject the technology because we do not trust the ethics. That is probably the biggest challenge for the AI sector here, where we are particularly strong at the moment and we need to stay strong.
Q215 Lord Reid of Cardowan: Following on from that point, some of the countries that are advancing most rapidly in cyber—China, America, Israel and so on—are able to draw upon a reservoir of skills from their military. They have large militaries and people come into the civil sector, or sometimes ride two horses, as in China. We do not have that reservoir. Is that part of the reason that we struggle to get the number of skilled people in cyber?
Robert Hannigan: I would draw a distinction between technology more generally and artificial intelligence and cyberskills as such. In technology more generally, China is doing incredibly well not because of the military but because it has a very clear, ambitious and hugely well-funded strategic plan to be a world leader, as President Xi has said, in AI and other associated technologies by 2030, I think it is, but it may be even earlier, and it will get there. It is already getting there. That is not really military-driven, it is centralised control backed by huge investment, very impressive people and a great education system where it is needed. That is one answer to your question. We are still well regarded on AI, but we need to make sure that we can still attract the right people because it is largely about bringing people in as well as developing our own talent, and I worry a little about that.
On cyber skills particularly, Israel is a really interesting case. We have shamelessly copied some of its schemes. It is national service-based, which we do not have. Israel takes people from primary school upwards and takes the cream to go into its cyberarmy in national service and then they all go off and aspire to set up companies or create an app and make a lot of money. There is that entrepreneurial spirit right through the school system which we do not have here. We are trying to foster that. The past couple of Governments have put a lot of effort and money into this. I think we are doing okay, but it is a race and there is a huge shortage of cyberskills not only in this country but right across the Western world. Everybody is struggling with this. To finish, the UK military recognises that it needs to find ways of creating a career path in the military about cyber. At the moment, you cannot really spend your whole military career in cyber, unless you are in GCHQ. You might do it for a few years and then you go off and do something else, and that is not sustainable. The US has cracked this, pretty much, but we have not yet. I know the Chiefs realise this, but it is a difficult thing to re-engineer. It cannot be entirely down to the military, but military is part of the answer.
Q216 Lord Grocott: I am carefully trying to avoid us turning into a seminar on the nation state, but I have to say that my perception is almost the entire opposite of the one that Sir Mark has described. He used the fact, and it is, of course, a fact, that the number of states has risen from—it will be in the record if you need to know—70 to 193 as an example of the decline of the nation state. To me, it is the absolute reverse of that. It is national groups deciding that they want their group to form an independent state. I know a lot of it was in the post-colonial period and a lot of those new states were former colonies, but it has happened in other parts of the world. The one we were most recently in as a Committee was the Balkans. There was a supranational state there, Yugoslavia—the south Slavs—but that has now broken up into a number of new states. The states do not perfectly correspond with nations but there is a number of new states. That has happened in other parts of the world as well.
We have to understand that the supranational organisations, which we all love to see in many respects, are now challenged, particularly in Europe. I do not want to be value-laden in this, but there are pretty nasty national movements developing in a number of states of the European Union which in some people’s judgment—not that of everyone here, I know—are in part, at least, due to the fact that a supranational organisation is telling individual states what they can and cannot do without any recourse for citizens to change that. That is surely something that needs addressing. Again, within Europe, when states feel threatened in any way by terrorism and all the new developments we have talked about, almost the first reaction of a country—as when bombs went off in the centre of France and there were vicious attacks there by people who had driven from Belgium that morning and went back in the evening—is to say, ‘We need to take control of our frontiers and be more careful about who is coming and out’. My basic question is, is it really the case that 100 new states, not all coincident with nations, are a sign of the decline of the nation state? If we accept that theory, we would have to say that when Austria-Hungary broke up it was a sign of the decline of the nation state—but surely it released a large number of new states that would describe themselves as nation states. I am sorry for the seminar.
The Chairman: We are talking about a paradox and we could argue about it for hours, but it is a perfectly valid questioning of the other point of view.
Sir Mark Lyall Grant: The only point I would make is that Lord Grocott makes a valid point, but it relates to only one of the threats that I mentioned. The point is that the nation state becomes smaller because of the pressures. If we take European nations, there are probably 20 devolution or independence movements within current states. Eventually, you get down to the city state process. Italy was a conglomeration of city states. Moving to a system of city state government is one possible future for international governance if the nation state breaks down. Yes, you have an intermediate phase where the big empires break up into nation states, and that looks good for the nation state—but once the nation state breaks up into little regions and city states, that is not the Westphalian system of government.
The Chairman: This is a huge debate and I would love to go on, but we are way over time. This has been a most fascinating session and we have one final area which is on—assuming we are nation state—how we co-ordinate with other nation states.
Q217 Lord Purvis of Tweed: This is looking forward. I shall ask a question in two parts. The first is directed towards Mr Hannigan. It is a supplementary to Baroness Coussins’ question. I have a vested interest as I fly with British Airways every week. While it is a nuisance to have to change my cards and have the Lords authorities change cards et cetera, and I am sure that British Airways has been in contact with the centre that has been established, which the Committee visited, and given that you said that this is likely to be a pattern going forward and Sir Mark said that it is an element in us as a population feeling more individually vulnerable because we are not sure, as consumers in this world, how we would have confidence, going forward, what is the role of the state and our allies? How do I know that it was a criminal gang wanting to steal credit cards, which is okay, and not the vulnerability of our flag carrier, which you could potentially see as a major part of our national infrastructure? Since the banking crisis, I can go online and find out how my bank fares in stress testing, because the Government’s response to the banking crisis was to say that they would no longer rely on banks self-reporting but that banks had to demonstrate their resilience to likely threats. What is the equivalent going forward if we simply say that it is down to the private sector and that government has no role? That is linked to the second part of my question. If this is now, as you said, the way that the world will be going forward in many respects, are there new allies, different countries and different Governments in this area where we need to build new relationships to have a similar situation? Sir Mark, from recollection, the 2015 security review indicated the USA, France, Germany and the European Union in order as our key strategic allies for security. Is that the same now, and is there likely to be the same profile of allies in that order, given the different technology and cybersecurity and the way technology is operating in the future? Should India not be in there with some of the work that it is doing?
Robert Hannigan: I think you identified the core of the problem with cyber, which is that, however good your own security and your own behaviour, you are totally reliant on others—in this case, on your airline and its security—and on all sorts of other parts of the supply chain that you probably do not even know about: the security of your broadband provider and of the people it uses.
There is this vast global IT supply chain, which relies on trust, and it is quite easy for criminals or nation states to undermine that trust and abuse it. What can you do about it? It demands everybody doing things. There are things that government can do to protect at national scale. Where the UK has led the world is in pioneering what we have called active cyberdefence, which involves working with telephone companies and broadband providers to experiment—it is still an experiment—with building in protections that filter out a lot of the rubbish, not all the attacks, but a large amount of stuff that really should not be there, by putting right the infrastructure, if you like. That is going well. It has been trialled on government and the idea is to roll it out and make it available to the public in the next couple of years. That is one way that Governments can go. If you can do that with other Governments you can expand that security even further, but it still means that it is up to companies—I know the NSC has gone today to talk to the CBI and advise boards on what they do—and individuals to do the right thing. However, in the UK we have realised that a security strategy that depends on everybody doing the right thing all the time is bound to fail, so governments and companies should take things take off the individual in the way that they would with any kind of safety or security. You would not expect somebody driving their car to decide how many airbags they need or what level of steel they need around the chassis. So a lot of this is regulation or part of the insurance industry. I think that over the next few years you will see governments and the EU regulating more on basic security standards and you will see the insurance industry insisting on them. We are already seeing big companies insisting on their supply chain adopting particular security standards.
On Lord Purvis’s point about whether it is criminal or state, in the attack he mentioned it is hard to know which is worse. In some ways, if it is a state that is not interested in your money, that is okay, that may be better.
Lord Purvis of Tweed: Not when I am 30,000 feet above Scotland.
Robert Hannigan: It depends on what it is doing. If it is simply taking your credit card data, that may be all right. Unfortunately it is not that simple because increasingly we overlap between state and crime, particularly in the case of Russia, but not just in Russia, where individuals may work for the government during the day and then at night they may, at the same computer in the same building, work for a criminal gang. A rather unhealthy funding mechanism has developed for some Russian agencies that effectively allows them to moonlight. On your final point, you see the Russian government—this was publicised by the US and the UK last year—targeting, for example, the energy sector because if you want to tweak the tail of your adversary, attacking a national airline or national energy supplier is a very good way of doing it. It is what you would have done on the ground 50 years ago, so why would we not do it in cyberspace? I think I will stop there.
The Chairman: I know we have kept you far longer than we should have done. Baroness Helic has one final question. There are dozens of others that we would like to ask, but I think you have an appointment and we are probably making you late. I apologise for that.
Q218 Baroness Helic: I shall be quick. I have been told on so many occasions that it is not possible to have a cybertreaty that would regulate international cyberspace, but is it possible to have, and should we be aiming to have, norms of acceptable behaviour that certain countries would accept as a model that we would hope would bring others in?
Robert Hannigan: Yes, I agree. That is why it is worth discussing. It goes back to the rules-based order. There has to be some kind of agreement about what is acceptable in cyberspace. We have already had some very sensible proposals from William Hague when he was Foreign Secretary about what those norms might look like. The UN and all sorts of different bodies have discussed them. The two obvious difficulties are that it is not a particularly good time to get anybody to sign up to any sort of norm and it is very difficult to verify. With arms control, it is pretty easy to measure what has happened. With cyber, first, it is much more difficult to measure who is responsible and what they are doing, and secondly, you may well not want to reveal how you know that. It is relatively easy in traditional arms control because you can see the explosion and measure it and you can see roughly who has done it, but cyber is more complex, but that does not mean we should not try. As Mark says, the tech companies have a larger turnover than many of those 100 and whatever it is countries. They need to be at the heart of this and take responsibility with Governments for the infrastructure they are providing.
The Chairman: Sir Mark, Mr Hannigan, this has been one of the most fascinating sessions of the 30 or 40 sessions we have had on this inquiry so far. We are extremely grateful to you. There are lots more questions that we would like to ask. I can feel the committee bursting with demand for more information, but we must let you go. Thank you very much indeed. We have asked you a series of, in some cases, quite impossible questions and others where the answer is always yes and no on almost all the complicated new issues. I thank you very warmly on behalf of the Committee for your patience and kindness in giving us your answers. Thank you very much indeed.
[1] A Russian hacking group
[2] The intelligence arm of Russia's armed forces.
[3] Chemical, Biological, Radiological and Nuclear threats