Paul Cornish, a senior associate fellow at RUSI, and Andrew Dorman, professor of international security at King’s College London, suggested that the UK has argued about and attempted most conceivable types of national strategy and defence reviews. These include threat oriented (e.g. the 1957 Sandys Review); capabilities driven (e.g. the 1981 Nott Review); Treasury constrained (e.g. the 1975 Mason Review) and foreign policy led (e.g. the 1998 Strategic Defence Review). Most recently, both the 2010 and 2015 Strategic Defence and Security Reviews (SDSR) have been risk-based. The Integrated Review, however, appears to be eschewing risk terminology and instead concentrating on threats. But will focussing on threats versus risks really make a difference to the outcome of the review?
Use of Risk Methodology in National Security Strategy Development
Since its inception in 2008, four iterations of the UK’s National Security Strategy (NSS) have been produced. The first three were all standalone documents (2008 – Security in an Interdependent World, 2009 – Security for the Next Generation, and 2010 – A Strong Britain in an Age of Uncertainty), the fourth was included as part of the 2015 SDSR report. All versions were constructed around a risk management methodology, which, since 2010, has relied on a classified National Security Risk Assessment (NSRA) that prioritises “all major disruptive risks to our national interest, which are of sufficient scale or impact so as to require action from government and/or which have an ideological, international or political dimension.” The government is committed to reviewing the NSRA every two years.
The NSRA drives three tiers of priority risks included in the 2015 SDSR. Based on a simple, likelihood and impact, judgement the current Tier One risks are:
– Terrorism.
– Cyber.
– International Military Conflict.
– Instability Overseas.
– Public Health.
– Major Natural Hazards.
In addition, the NSRA directs the National Risk Register of Civil Emergencies, a document that provides an overview of the key risks that have the potential to cause significant disruption in the UK. This register was last updated in September 2017.
Language of the Integrated Review
Although risk methodology has been the cornerstone of UK NSS for over a decade, the government’s approach to the Integrated Review appears to be more threat oriented. Even before the review had begun, General Sir Nick Carter, the Chief of Defence Staff, argued in his 2019 Annual RUSI Lecture that “the starting point for a review should be a proper assessment of the threat and this should take the form of a net assessment that determines where our current trajectory will take us in 2030 relative to those of our competitors.” He also reinforced the importance of an accurate threat assessment during a more recent oral evidence session to the House of Commons Defence Committee.
But it isn’t just the military who are focusing on threats instead of risks. Following a meeting of the service chiefs and MOD leadership in June, Secretary of State for Defence Ben Wallace (Conservative MP for Wyre and Preston North) spoke about the need to “deliver a modern, capable and strong armed forces” in response to “the threats we face [that] come in many forms across many continents.” More recently, in response to a question in the House of Commons regarding armed forces capability, he confirmed “the key is to ensure that our review is driven by threat. The threat defines what we do to keep us safe at home, and the ambition defines how far we wish to go.”
Threats versus Risks
It does, therefore, appear that the language around the Integrated Review is defaulting to threats instead of risks. But does that matter? Risk management methodology has been used to support all four NSS produced since 2008. It is widely used across government and aligns with industry best practise. It provides a recognisable and credible framework within which to manage the over-increasing complexity within defence and security today. However, it is not without its problems. For example, as Trevor Taylor and Andrew Curtis have argued in a recent RUSI Occasional Paper, the extant six Tier One risk categories are so broad that almost any eventuality could reasonably find a home within them. This offers defence planners very little guidance on how to prioritise the development and maintenance of military capability.
On the other hand, current threat-based language is quite nebulous. In his study of ‘the risk society at war’, Mikkel Vedby Rasmussen, a political science professor, defined a threat as “a specific danger which can be precisely identified and measured on the basis of the capabilities an enemy has to realise a hostile event.” In his opinion, a threat is measurable and finite and, therefore, can be defeated to achieve security. Yet many of the threats being discussed within the Integrated Review, for example a resurgent Russia or the continuing proliferation of terrorism are, arguably, undefeatable, at least not by the UK alone. Furthermore, focusing on threats might imply more of a leaning towards solutions that are defence-oriented, which flies in the face of a whole-of-government approach to national security.
Conclusion
A cynical commentator might suggest that, although episodically produced government documents need to have a fresh look and feel, there are only a finite number of frameworks that can be used, and what goes around inevitably comes around. In that context, arguments over threats versus risks may not be overly relevant. Ultimately, as @onUKDefence has previously pointed out, whatever decisions are taken in the Integrated Review, it is clear they will be taken against a severely resource-constrained backdrop and, therefore, must be prioritised. Whatever terminology is used, it needs to be capable of facilitating the prioritisation necessary to underpin the inevitable difficult choices. After all, that’s what strategy is all about.