Written evidence submitted by Professor Sir David Omand GCB


  1.                This note is submitted in response to the Committee’s recent call for evidence on the UK’s national security machinery[1]. It comments briefly on three topics relevant to the Committee inquiry: the widening coverage of the field of national security with which the UK National Security Council (NSC) should be concerned; the wide scope of professional advice that the NSC will therefore need and the training and doctrine requirements of those who provide it; and the system for giving Ministers warning of potential threatening situations.


The scope of the national security mission


  1.                There has already been a shift in the meaning of national security from that associated with the Cold War Secret State facing Soviet communism to that of today’s Protecting State, managing the multiple threats from violent jihadist terrorism, hostile States operating in the “Grey Zone” below the threshold of armed conflict, and transnational criminal groups. To the continuing core national security duties[2] has had to be added managing the direct risks to the safety and security of the public from major threats.


  1.                The UK has led the way internationally in taking a carefully prioritised risk management approach, based on a strategic objective of normality. That shift has given national security a prominent psychological dimension. The effective management of the threats from terrorism, cyberattacks, online subversive activities and serious criminality rests on maintaining public confidence in the authorities’ ability to reduce those risks so that normal life can continue freely and with confidence[3] within the rule of law. The COVID-19 pandemic has reminded us what a state of national insecurity and abnormality looks like, when for a time confidence in government to take optimum decisions in a timely manner was shaken on both sides of the Atlantic. COVID-19 brought to the surface the dangers to the public from social media misinformation and information manipulation[4]. The dimension of public understanding of risk has to be a central consideration for the National Security Adviser and staff.


  1.                The pandemic has resulted in the premature deaths of more people, and more economic damage and social dislocation, than any hostile terrorist or cyber-attack could have. COVID-19 brought problems for traditional national security, not least keeping the armed forces operationally effective and coping with disrupted global supply chains. Major natural hazards as well as malign threats must both be treated by the NSC as important classes of national security challenge.


  1.                In saying that, care will be needed not to be seen as ‘securitising’ many essentially civil issues, forcing them into military patterns of response. The reality is that all major national security issues need to be viewed today through many different lenses, and tackled by whole of nation efforts, some naturally falling to defence leadership, but others not. What is important is that the NSC be seized of all these potential national challenges and be advised by the National Security Adviser and his staff on them. Getting the supporting structure right and in place is everything - and the Cabinet Secretary must ensure there is a clear chain of command.  Things have failed in the past when the structure was not clear. In particular, the National Security Adviser must be given the authority to integrate the necessary UK efforts to manage specific risks at national, devolved, local, business and international levels.


Ensuring proper professional advice


  1.                Since 1936 the Joint Intelligence Committee has provided Ministers with strategic threat assessments. The Joint Intelligence Organisation in the Cabinet Office continues to play a central role in supporting the National Security Council, and has recently expanded its remit to cover non-traditional risks such as health security.


  1.                And in the last 20 years, additional bodies have been created to help in the identification, analysis and assessment of threats including the Joint Terrorism Analysis Centre (JTAC), the Joint State Threats Assessment Team (JSTAT) and the Extremism Analysis Unit. Policy and operational units have also been set up to mitigate threats including the Office for Security and Counter-Terrorism in the Home Office, and the police National Counter-Terrorism Security Office.


  1.                Whitehall Departments and the UK Intelligence Community have also evolved during this period to tackle specific threats. For example, the threat from cyberattacks has led to the establishment of the National Cyber Security Centre (NCSC) now a central part of GCHQ. In defence, a Strategic Command has recently been formed, responsible for Special Forces and the Joint Cyber Force (with GCHQ).


  1.                The COVID-19 experience has prompted the setting up of the UK Joint Biosecurity Centre, modelled on JTAC, and a promise of a new independent health body that will have the remit of pandemics. There has, for the management of disruptive challenges, been some updating investment in the Cabinet Office Briefing Rooms (COBR) and a new National Situation Centre[5]. There are other potential major risks ahead, including those arising from the rapid development of new technologies, that may well need their own specialist analytic capability.


  1.            That is a lot to coordinate, with the system already being tested by the fall-out from BREXIT, Covid-19, flooding and hostile Grey Zone activity and with no doubt other challenges to come. Existing coordinating machinery across this diverse field will need strengthening to ensure the identification and analysis of all classes of potential threats and hazards. There needs to be a consistent warning system across all categories of threats and hazards that links the professional analytic effort effectively to policymakers. Robust processes are then needed to encourage timely and informed choices to be made, not just to manage events well when they occur but also to decide where best to invest in precautionary measures that will meet with public supportThe doctrine for this should be taught at the existing Assessment Academy[6] and the future National Security Academy if it is set up.  All concerned will for the future need training and regular exercising in a representative range of threat and hazard scenarios.


What the NSC needs to know in order to arrive at sound decisions


  1.            When faced with hard decisions, the NSC has to have the support to be able to bring together two different qualities of thought. On the one hand, the NSC has to consider the appropriate impartial official advice, including military, intelligence, scientific and other professional expertise, on the situation that may be facing the NSC and how that has arisen with clear policy analysis of the options open.  On the other hand, Ministers will want to be clear collectively about their ambitions for what they want to achieve by their policy choices in line with their political mandate (or what outcomes are feared and that they wish to avoid through their decisions).  Both kinds of thought, the dispassionate and the impassioned, the “what is” and the values driven “what ought to be”, need to be understood on all sides and a rational process in place to integrate them if sound decisions are to be made. That has always been hard.  The danger of magical thinking is ever-present, deciding upon (and announcing) the ends of policy and targets to be met without thinking through the ways and means needed to deliver themBut it is getting harder in the frenetic world of social media with public exposure to emotionally manipulative, contradictory, and sometimes deliberately false information - from more sources than ever.


  1.            The national security machinery must be tested against its ability to deliver four outputs to the NSC: Situational awareness, Explanation; Estimation and Strategic notice. Together they form what I have called the SEES model[7]


  1.            Situational awareness has to be the starting point for any NSC consideration of an issue to answers the sort of factual questions that start with “what, when, and where?” It comes from accessing data about what is happening on the ground or in cyberspace. The NSC needs reliable, consistent situational awareness, before arguing about what it is all about and what policy choices they may have over what to do. The British intelligence community has put significant effort into building systems to provide information on the activity of malign actors –hostile autocrats, terrorists, narcotics and human traffickers, cyber and other international criminal gangs, all intent on doing things that will harm us and going to great lengths to prevent us knowing what they are up to. But knowledge of the world is always fragmentary, incomplete and is sometimes wrong.  The choice of where to look for evidence can distort the picture and a hard enough search will always turn up some evidence that appears to confirm a prejudice (or a conspiracy). National security threats can also involve deliberate deception. Maintaining a strong, well trained and experienced Joint Intelligence Organisation is essential to avoid the pitfalls; now parallel arrangements must be built to provide situational awareness relating to the full range of major risks including natural hazards, to the standards and protocols laid down by the PHIA.


  1.            But even if there is confidence in the information picture the data is capable of multiple interpretations. Explanation is therefore the crucial second output the NSC needs, answering objectively questions about “how and why and who was responsible?” and “Is this a coincidence in the data or a sign of a wider design?” Providing a sound explanation is hard. It involves methodically testing alternative explanations against the data, seeking the one that has least evidence against it, not necessarily the one with most in its favour and avoiding all the cognitive traps such as confirmation bias and mirror imaging of the adversary. Explanations must be understood by the NSC to be provisional, expressed as a ‘degree of belief’ and open to revision in the light of new evidence. Analytic expertise to do this must be maintained, and where necessary built up, including the language skills, and background knowledge of the history, culture, geography, anthropology relevant to the classes of risk being examined and the motivations of those involved.


  1.            With a sound evidence-based explanation, however, analysts can generate Estimates of how events may unfold (a better word than ‘predict’ – there are no crystal balls), including modelling how others might respond to possible NSC policy choices. Estimates can answer vital NSC questions about “what is likely to happen next if we do - or do not - adopt a particular policy or act in a particular way?” and provide the NSC with likely outcomes modelled on different (explicit) assumptions. Disagreements between professionals often boil down to disagreement about assumptions to use in modelling.


  1.            A few crises blow up out of a clear sky. But there is usually then found to have been some prior identification of the possibility that was dismissed or overlooked. To complete the analytic outputs needed by the NSC, Strategic Notice is needed of major possible future challenges. Strategic notice can trigger contingency planning prompting important NSC questions of the “how could we best prepare for whatever might appear next?” type, or even “how could we pre-empt this risk so that it never comes to test us?” If effort is put in to acquiring strategic notice, and using it, we do not have to be so surprised by surprise itself.


  1.            Most of the information needed to provide strategic notice, given the time horizon, can be provided from open sources, although sometimes underpinned by sensitive secret intelligence. It is more important than ever to have a centre of professional expertise on open-source information accessible to all involved in analytical work in support of the NSC[8]


The warning function and warning failures

  1.            There must be a defined intelligence responsibility placed on the JIC to warn of threatening developments overseas – preferably before they impact UK interests. The JIC had a well-established warning function during the Cold War based on a system of indicators and warnings. Today, there are many different types of threats and no single methodology will suffice. But the function is an essential one to provide advance notice of approaching danger to British interests. We will need to get much smarter at using our intelligence advantages to ensure, for example, the NSC is abreast of what is happening across the grey zone in particular and to provide assessments of how our adversaries are reacting to our operations under the integrated operating concept, including persistent engagement in cyberspace.  The JIC should be given by the Prime Minister an updated remit to provide the NSC with a warning of developments of concern. The JIO multi-disciplinary ‘warning’ team in the Cabinet Office can then pivot when needed to contribute to the situational awareness, explanation and modelling capabilities supporting Ministers in the COBR crisis management system.


  1.            There needs to be developed a culture of giving warnings and having them taken seriously. Issuing an intelligence assessment is not the same as issuing a warning to Ministers.  Effective warnings have


20.              The British tradition is to keep professional advice (military, intelligence, scientific, medical, economic) identifiably separate from policy making, to avoid the perception of the advice being politicised (a point made by the Butler and Chilcot inquiries in the context of Iraq). That is the rationale for the Joint Terrorism Analysis Centre setting terrorism threat levels based on their professional analysis. The same logic goes today for the scientists and doctors on SAGE and its groups. It is important to think of the professionals and policymakers as being in adjoining and connecting rooms (with thin partition walls)[9]The British tradition of having senior departmental policymakers as members of the JIC is a strength in ensuring that intelligence warning to NSC Ministers is backed up with rapid identification of the policy options that will need to be worked up. Strategic notice, as described earlier, represents a different kind of warning needed by policymakers. The distinction is akin to that between secrets, which can in principle be uncovered given good sources and tradecraft, and mysteries surrounding worrying long term possibilities (and opportunities) that can be envisaged but for which the evidence does not yet exist.


21                The NSC must be briefed regularly on potential developments, including in the far future, that have not yet happened, and that may never happen, but if they did would seriously affect British interests[10]. Strategic notice can lead to setting intelligence requirements to watch for the first signs of the risk crystallising, the commissioning of research and development, and investment in building resilience. Even if tactical warning is not likely, taking precautionary action on receipt of strategic notice can mitigate future risk.


22                In addition to the warning function advocated in para. 17 above it may be time to refresh the JIC by giving it an overarching role in overseeing the long-term strategic notice function for the NSC covering hazards as well as threats, supported by a much stronger multi-disciplinary capability in the Cabinet Office adapting existing Whitehall science-based horizon scanning and civil contingencies effort. The JIC should consider whether it should be supported by specialist external advisory groups (as SAGE has). Such a strategic notice role is distinct from the intelligence derived warning function referred to earlier which is just a logical extension of the intelligence analysis process.


Professor Sir David Omand GCB

Visiting Professor, Department of War Studies, King’s College London.


9 February 2021










[1] This note represents my personal views not those of the War Studies Department of King’s College London where I have been a visiting Professor since my retirement in 2005 from the Civil Service. The note draws on my earlier experiences as Cabinet Office Security and Intelligence Coordinator 2002-2005 (responsibilities now exercised by the National Security Adviser), PUS Home Office, Director GCHQ and MOD Deputy Under Secretary of State for Policy, as well as seven years as a member of the JIC.

[2] Maintaining territorial integrity, the deterrence of armed aggression against the UK and its interests exercised through the NATO Alliance and the protection of our democratic institutions from external subversion.

[3] Drawing here on the strategic aim of CONTEST, the UK counter-terrorism strategy, an approach mirrored in the UK strategies for countering serious and organised crime and for securing cyberspace.

[4] See https://www.kcl.ac.uk/news/how-covid-19-is-revealing-the-impact-of-disinformation-on-society.

[5] To judge from the advertisement for staff, https://cabinetofficejobs.tal.net/vx/lang-en-GB/mobile-0/appcentre-1/brand-2/candidate/so/pm/1/pl/16/opp/6096-6096-Administration-Support/en-GB.

[6] A recent and welcome initiative of the Professional Head of the Analytic Profession (PHIA) in the Cabinet Office to improve analyst training across the intelligence community. I understand that there is consideration being given in Whitehall to setting up a wider National Security Academy.

[7] As explained in David Omand, How Spies Think: 10 Lessons in Intelligence, London: Penguin Viking, 2020.

[8] I am aware that the PHIA in Cabinet Office has already set up an open-source forecasting initiative COSMIC BAZAAR and INDEX, an initiative to improve the use of Open Source in government.

[9] To paraphrase the wise advice of former chair of the JIC, Sir Percy Cradock.

[10] There are many examples that could be cited, from global warming leading to malaria-bearing mosquitoes becoming endemic across the UK to quantum computing at scale that imperils the security of all internet- based financial transaction.