Written evidence submitted by the Chancellor of the Duchy of Lancaster


I am writing to follow up on the evidence session I gave to your Committee on 5 July. I would like to thank the Committee for the opportunity to provide further answers to several questions raised at that session, which I will answer in turn.


The National Security Adviser told us in his letter of 11 June that the ‘tiers’ had been removed from the 2019 National Security Risk Assessment (NSRA). Why did you remove the tiers?


In previous iterations of the National Security Risk Assessment (NSRA), tiers were included to inform the Strategic Defence and Security Review (SDSR) and prioritise risks. Following a review of how the assessment is used by Ministers and senior officials to inform policy making and investment decisions, tiers were removed for the 2019 iteration of the NSRA. This decision was made to maintain the separation between the assessment of the risk and the prioritisation decisions and judgements that drive capability building; these discussions are informed by the NSRA but should happen separately to the assessment process.


In the absence of tiers in the 2019 NSRA, how are you now prioritising the Government’s efforts on national security risks, in terms of ministerial and departmental time, conducting exercises and allocating funding?


The National Security Council (NSC) routinely discusses national security risks and decides where to prioritise efforts. The Integrated Review (IR), which drew upon the NSRA as part of its evidence base, set out the government's priorities in national security and foreign policy, and the upcoming national resilience strategy will further set out HMG priorities in this area.


Lead Government Departments (LGDs) are responsible for planning and overseeing levels of preparedness for their risks, with ultimate accountability residing with the Secretary of State. LGDs work with relevant sectors and partners to improve their security and resilience to these risks, with the Cabinet Office (CO) supporting the development of LGD plans, setting expectations, coordinating training and exercising and capturing and monitoring lessons identified.


How, precisely, did you bring together the “risk-based analysis” that you referred to in the evidence session with the ‘grand strategy’ approach to create the Integrated

Review publication?


We combined our assessment of risks and threats with horizon-scanning of future trends and opportunities, as well as evidence-gathering, policy analysis, and a structured process of engagement across Government and with wider stakeholders including allies, partners, civil society organisations and business.


As the UK resets its relationship with the rest of the world, and at a time of very rapid global change, the Government judged that we needed to conduct a fuller exercise than had been the case with previous SDSRs.  We wanted to create a review set to last for the next decade and beyond.  We took a wide-ranging approach commensurate with this ambition.


What are the top-priority risks for the Government under the 2019 NSRA?


The NSRA does not prioritise risks for preparedness purposes. Instead it builds on fundamental risk management doctrine adhered to across government. For low to moderate impact and likelihood risks, risk-agnostic planning is developed based on the identified Planning Assumptions, (which set out the common consequences across the NSRA scenarios). For red risks (high impact and moderate to high likelihood), more specific planning is implemented that draws on both risk-agnostic and risk-specific capabilities. As set out in the IR, one of the government's priority actions for building national resilience is to consider threats and hazards in the round, including for low-probability, catastrophic-impact events.


Which is the Lead Government Department for each of the current top-priority risks?


The NSRA does not prioritise risks, and instead supports a balance of risk-agnostic and risk-specific capability building. The LGDs who own the highest impact - highest likelihood risks (the ‘red risks’ in the NSRA matrix) are the Home Office (HO), the Department for Business, Energy and Industrial Strategy (BEIS), the Department of Health and Social Care (DHSC), the Department for Environment Food and Rural Affairs (DEFRA) and the Ministry of Defence (MOD).


What system of monitoring and warning functions do you have in place for each of the top-priority risks?


LGDs are responsible for risk management, which includes: reviewing risk profiles routinely, horizon scanning, planning and preparedness work. This work is supported by the NSRA, which provides strategic awareness over a two-year timeframe of the main risks we face and the capabilities required to manage them effectively. The NSRA should be viewed as part of a suite of complementary HMG risk assessment and horizon scanning products that in totality consider both the short and long-term risk landscape.


For outlooks shorter than two-years, the NSRA is complemented by horizon scanning undertaken by the Civil Contingencies Secretariat (CCS). This draws on departments’ own assessments of civil emergency risks or potential disruptive challenges taking into account the circumstances at the time and the level of preparedness. As part of this work, CCS and LGDs regularly identify useful metrics to improve and innovate data and analytics for horizon scanning and crisis response.


There are a number of other systems within government that support risk monitoring and provide warning functions such as the Met Office's forecasting and weather warning systems or the suite of threat-specific and general products regularly produced by the intelligence community (e.g. JTAC threat assessments for terrorism and NCSC threat reports for cyber).


For several decades, the Cabinet Office kept a so-called ‘War Book’ of contingency plans for major domestic and international crises. Does this still exist? If not, why not?


The government maintains a wide range of plans for responding to major domestic and international crises, including those necessary to meet our commitments as a member of NATO. The NSRA is a planning tool for the most serious malicious and non-malicious risks facing the UK or its interests overseas. LDGs, Devolved Administrations (DAs) and Local Resilience Forums (LRFs) use it as an aid to develop their more detailed risk assessments and planning for major crises. While the NSRA is currently the only HMG risk assessment product that compiles all of the most significant risks (both hazards and threats) facing the UK, it should be viewed as part of a suite of complementary HMG risk assessment and horizon scanning products and activity.


Oversight of national security resilience and the Civil Contingencies Secretariat is just one of your many responsibilities as Chancellor of the Duchy of Lancaster. Would a dedicated Minister for resilience and risk – supported by a dedicated Deputy National Security Adviser – be a more appropriate arrangement?


Within the CO, Paymaster General is the Minister responsible for resilience and risk, and within this role oversees the delivery of the NSRA. Ministerial responsibility of the Resilience Strategy is currently being finalised. A DNSA for resilience already exists, and the appropriate arrangements are decided by the NSA and PM.


Why was the NSC sub-committee dedicated to risks and resilience not re-established after the last general election? What alternative governance arrangements have you put in its place?


The NSC is the collective decision making committee which considers matters related to resilience. The Threats, Hazards, Resilience and Contingencies Committee (THRC), a sub-Committee of the NSC, was disbanded in July 2019 as part of a wider consolidation of Cabinet sub-Committees. The NSA’s review took the decision on the reestablishment of a NSM, chaired by me. This will cover operational decisions, discuss strategy and deal with lower-level crises.


Beneath the NSC structures, the government is actively reviewing the governance arrangements for resilience, including the Civil Contingencies Act. The review will consider lessons learnt from the COVID-19 response and EU-Exit ‘No Deal’ preparations when it is assessed that operational responders and wider government stakeholders have greater capacity to engage.


The Intelligence and Security Committee of Parliament has statutory responsibility for oversight of the UK Intelligence Community, including the National Security Secretariat.


Why has the review of biosecurity governance arrangements been subject to such delay, and when will it be completed?


As mentioned in the Government’s response to the JCNSS “Biosecurity and National Security” report published in December, the Government is still in the midst of managing COVID-19 and it would be unwise to commit to a new biological security approach until we have learnt all of the lessons from the COVID-19 pandemic.


However, we do understand the importance of revising our strategic direction for biological security. In light of the JCNSS December report, the wider context of the IR, and the cross-cutting nature of biological security, the CO is establishing how the strategy will be overseen going forward. At an appropriate time, and in consultation with relevant experts and stakeholders, the UK Biological Security Strategy will be reviewed in light of lessons learnt from responding to the COVID-19 pandemic.


During yesterday’s session, you referred to many ministerial committees tasked with implementing elements of the Integrated Review, such as those chaired by the Foreign Secretary on China and cyber. Can you provide a list of all the ministerial committees – whether Cabinet committees or otherwise – that have a role in national security policy- making and the delivery of the Integrated Review?


The Prime Minister has considered plans for the NSC. He has concluded that he will chair NSCs once a month, and more frequently if circumstances dictate. Given the breadth and ambition of the agenda we have to deliver, Ministers will also meet as a sub-committee to the NSC as “National Security Ministers” (NSM), once a month with a senior minister in the chair on issues that the Prime Minister wishes to delegate. On matters of foreign policy, the Foreign Secretary will chair; on homeland security, the Home Secretary will chair; on resilience, I will chair; on economic security the Chancellor of the Exchequer will chair and if it is necessary for a NSM to discuss trade related issues or Europe, the Minister of State at the CO will chair. Other Ministers and senior officials will join the NSC and NSM as the agenda demands.


What are the ‘geographic and thematic IR sub-strategies’ mentioned in Sir Stephen’s letter of 29 June? How do these differ – in number and subject matter – to the set of sub- strategies that existed before the Integrated Review?


We are building a system for delivery designed around a set of geographic and thematic IR sub-strategies, which collectively deliver the strategic shift of the IR strategic framework, and will translate its objectives and goals into actionable programmes of work. These will be overseen by the new NSC and NSM structures. Some of these sub-strategies will be a continuation of pre-existing work - updated to reflect the IR; others are new programmes of work that properly reflect the full scope of this IR. We intend to integrate the sub-strategies and priority deliverables into the existing Government Planning and Performance Framework.


What consideration is being given to parliamentary oversight and scrutiny of the implementation of those sub-strategies (whether by this Joint Committee or in other ways)?


The Government will remain answerable to the usual range of Parliamentary committees on matters of security, defence, development and foreign policy.


Will you commit to sharing with the Committee the following – in confidence – as soon as they are available:


The set of priority deliverables for the IR, as described by Sir Stephen’s letter of 29 June;


NSC priorities change over time, which would bring forward different committees' involvement. While some of these are obvious and likely to be enduring, it would not be appropriate to provide a running public commentary on the changing priorities of the NSC, some of which could be sensitive at the time.


The outcomes of the biosecurity governance review;


The CO is currently establishing how the biosecurity strategy will be overseen going forward. Once established, we will update the committee on the outcomes of the review.


The findings of the review of the NSRA methodology, cited in Sir Stephen’s letter;


The NSRA methodology review is currently underway so findings are not yet available. Early recommendations from the Royal Academy of Engineering include considering how scenarios are generated and how to make the NSRA process more agile.  These emerging recommendations will be tested with stakeholders and refined ahead of the Royal Academy of Engineering finalising the review in late summer. In addition, recommendations from an internal HMG review, and the House of Lords review on Risk and Resilience, will be drawn together to form a revised NSRA methodology.


The list of exercises included in the Civil Contingencies Secretariat’s National Exercise Programme once established, also referred to in Sir Stephen’s letter.


Once established, we will update the committee on the exercise programme, including an outline of the main exercises within it.


The intelligence agencies’ output will inform policy-making under a whole range of new legislation related to the Integrated Review, such as the National Security and Investment Act, Telecoms (Security) Bill and the forthcoming Counter-State Threats legislation. How will you ensure that Select Committees, including the JCNSS, have access to all the information they need to perform their scrutiny function effectively?


HMG is committed to ensuring Select Committees have the information they need to fulfil their vital oversight roles.


The Osmotherly Rules, which govern how the Government should respond to requests from Parliamentary Select Committees, has specific reference with regards to the provision of material to Committees, including how SECRET and TOP SECRET material should be handled. The Government will have the utmost regard to those principles when considering requests for information to allow Select Committees to perform their scrutiny functions effectively. 


I remain very grateful to the Committee for its continued scrutiny of these issues.


Rt Hon Michael Gove MP

Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office


12 July 2021