The National Security Strategy, Threats & Risk Analysis

In October the Government published its National Security Strategy. The foreword to the Strategy summarises the UK’s place in the world: “Geographically Britain is an island, but economically and politically it is a vital link in the global network”. Discussing the UK’s interests, both at home and around the world, it points out the huge advantages that result from “the global force of our language; the ingenuity of our people; the intercontinental reach of our time zone, allowing us to trade with Asia in the morning and with the Americas in the evening”; in short, “we are a country whose political, economic and cultural authority far exceeds our size”.

With this huge Global presence, and in an age of uncertainty where technological growth is moving at an unprecedented rate, organisations (both public and private sector) must be able to understand and identify emerging risks and prioritise resources to deal with them before a perceived threat becomes a crisis.

Having carried out the first ever National Security Risk Assessment (NSRA), the National Security Strategy identifies 15 generic risk types and categorises each of them under one of 3 Tiers, based on likelihood and impact. Although it is impossible to identify or predict every risk that may occur, the Govt. tasked subject matter experts, analysts and intelligence specialists to identify a full range of potential risks to national security which could materialise over a 5 and 20-year horizon. They then positioned these risks across the 3 Tiers; it is acknowledged that placing a risk in Tier 3 (as opposed to Tier 1) does not make it in any way irrelevant, or something to be discounted or ignored because all are significant in their own right and place.

However, as a measure of priority and importance:

“Specifically, the National Security Council judges that currently – and for the next five years – the four highest priority risks are those arising from:

• international terrorism, including through the use of chemical, biological, radiological or nuclear (CBRN) materials; and of terrorism related to Northern Ireland.
• cyber attack, including by other states, and by organised crime and terrorists
• international military crises and
• major accidents or natural hazards.”

The Strategy justifies these highest priorities by saying:

“…we face a real and pressing threat from international terrorism, particularly that inspired by Al Qaeda and its affiliates… Al Qaeda remains the most potent terrorist threat to the UK. The current national threat level is Severe, which means an attack is highly likely…

… organised crime affects our interests and the lives of our people at home and abroad. At present there are around 38,000 individuals involved in organised crime affecting the UK, costing our economy and society between £20 billion and £40 billion per annum…

… traditional espionage continues to pose a threat to British interests, with the commercial sector under threat alongside our diplomatic and defence interests. The revolution in global communications and increased movement of people, goods and ideas has also enabled the use of cyberspace as a means of espionage…

…we must also be ready at any time to deal with the possibility of major natural hazards or accidents and be resilient in handling and recovering from their effects… environmental factors will grow in importance. The physical effects of climate change are likely to become increasingly significant as a ‘risk multiplier’, exacerbating existing tensions around the world… 2007 floods in Britain highlighted the impact that natural disasters can have, even on fully developed networked societies… the risk of human pandemic disease remains one of the highest we face…

…globalisation in all its forms has made the world more interconnected both through technology, travel and migration and through the global trade in goods, services and capital… through technological developments, social networking and twenty four hour news media, there is a mass of connections between individuals, civil society, business, pressure groups and charitable organisations. Today, in the UK alone, over 30 million adults access the internet almost every day. Globally there are more than 500 million active users of social networking sites, one person for every fourteen in the world. These diffuse networks enable groups and individuals to coalesce around specific issues and exert influence over international governments and organisations…”

Whether Public or Private Sector, organisations must ensure, through pragmatic threat and risk analysis, that they work together to do all they can to predict, prevent and mitigate risks. It has been recognised that there is a growing need to form closer relationships between all sectors, including the general public, to strengthen defences against attack – especially in the face of the growing threat from cyber attack and environmental incidents.

The prevention of Cyber attack (Cyber Security) has been assessed as one of the highest priorities for the UK. Technology spans and connects the planet, ranging from complex interconnected systems to cars, mobile phones, home PC’s and home appliances; the Strategy states that “by 2015 there will be more interconnected devices than humans”. Pandemic disease has hit the UK 4 times in the last century, resulting in major staff shortages and travel restrictions. Flooding across England in 2007 affected 48,000 households and 7,300 businesses and had both direct and indirect impacts on organisations, which were often not realised until after the event. The 2009 floods severed road networks and cut off communities. The Buncefield Oil disaster resulted in businesses and homes being evacuated, causing long-term disruption to organisations and to elements of the UK’s Critical National Infrastructure.

Do you understand the threats?

Have you analysed the risks?

Are you prepared for future threats?

Could your organisation sustain such disruptions?

Regency ITC comprises some of the industry’s most experienced security consultants and is one of the largest independent employer of CLAS consultants. We have developed our ‘in-house’ threat assessment methodology to deliver Public and Private Sector tailored threat assessments, including technical threats derived from Govt. guidelines and environmental threats from Local Resilience Forums. We also include information from the Cabinet Office (National Risk Register) and the Centre for the Protection of the National Infrastructure (CPNI). After delivering your tailored threat assessment, we can conduct risk assessments, assist in risk prioritisation, advise on appropriate controls and countermeasures and help you to develop your Business Continuity and Disaster Recovery Plans.

For more information on our services, please visit us at www-test.regencyitc.co.uk or call 01242 225 699