Time for Action: Meeting the Challenge of WCE
The Post-Cold War Challenge
The end of the Cold War seemed like such a bright dawn. I never believed in 'the end of history', the notion that we had witnessed the definitive triumph of the West and that all that was left to do was some kind of mopping-up operation of the consequences. That always seemed so wildly optimistic, not to say naïve. But it seemed equally implausible that, only a little more than a decade later, we would contemplate facing threats to our societies that could be described as potentially catastrophic in their consequences. How dark the day following the dawn now seems.
Broadly speaking, I accept Garth Whitty's definition of weapons of catastrophic effect (WCE): 'the category or method of use of a weapon system that results in a significant negative impact on a nation's physical, psychological or economic well being, thereby causing modification of the routine activity'. Clearly, the emphasis here is on the effect caused by the weapon rather than on its precise nature. The definition self-evidently includes weapons of mass destruction, but it is not limited to them: using an aeroplane, which is not in itself a weapons system, can quite clearly have catastrophic effects. Where I depart somewhat from the definition is the implication that we have a catastrophe on our hands if routine activity is modified. Let us not devalue the meaning of the word catastrophe. I think the degree of modification of routine activity has to be of a high order to qualify as a catastrophe.
Had the 9/11 hijackers succeeded in getting the White House and/or Congress as well as a wing of the Pentagon and the Twin Towers, we would indeed have had a catastrophe since the government could well have ground to a halt. The Twin Towers was horrific, but not actually a catastrophe in the sense of prolonged or permanent modification of the daily life of Americans. The sinews of American society survived intact: the loss of the capacity to govern or organize, not necessarily accompanied by great physical destruction would indeed have been catastrophic.
So we are now talking about the threat, its nature and extent, and our response to it. What we face now is different from the IRA. These are not terrorists interested in a political deal but are terrorists who are prepared to face death themselves. As seen from our point of view, this adds a worrying element of irrationality to their behaviour. As for the sheer extent of the threat, it is broader and more variable in the forms it can take than anything we have previously faced. It is also capable of being very extensive and dangerous in its effects. Strong point defence, Cold War style, is not irrelevant but in societies that depend on the functioning of systems for the effective conduct of daily life, the protection of strong points is no longer the key to successful countermeasures.
The communications revolution of the 1980s and 1990s, which underpinned globalization and had its origins in the financial service industry, has been turned to evil purpose: our own technology has been turned against us. Our own systems can be disrupted in a number of ways including by the application against them of the technology on which they are based. Moreover, the enemy, which does not necessarily need to manifest itself visibly at the time of the incident, also has a reach not seen before: as Americans have discovered, there are now no sanctuaries anywhere on the globe. We cannot rely on assessing the likelihood and on the deterrence. The test has to be the effect and the answer countermeasures against such effects irrespective of the likelihood of their occurrence. Defence and countermeasures cannot be just of one kind because in order to be effective and block off all the possible points of penetration, countermeasures have to take the form of a web which monitors the movement of people, goods, electronic communications and of transactions purported to be associated with legitimate trade. This web should also safeguard people, physical structures and infrastructures as well as the electronic information systems that underpin our daily lives. Vulnerability analysis has to be raised to a new level of thoroughness and sophistication. So that is the bad news. We are once again faced by the big task and by the challenge of the unknown. Against the background of the stultifying certainties of the later Cold War, most people alive today do not remember or do not know how frightening the early Cold War seemed at the time. Ignorance of what we face instils fear, as does the feeling that our countermeasures may be far from complete.
The Right Posture
So what should the government's posture be on this point? 2003 is a different world from the 1950s. Government knows best, working behind a veil of secrecy, professing to have everything under control would not, I suggest, be the right posture today. It would not be the right posture for several reasons: it is not credible because 'everything under control' is not a correct representation of the situation. The population of this country is quite intelligent enough to know it and accept it. Secondly, populations increasingly demand, as a matter of right from elected officials, reliable, relevant and timely information about their situation. They do not demand complete information since they know this could damage the very security that the government is trying to preserve; but the government should not shelter behind the need for confidentiality as a reason for not treating the electorate like adults. Unnecessary secretiveness on the part of officialdom is a peculiarly British sin.
This time it could also be actively harmful - and this is the third reason - because the very nature of the threat and the damage it can wreak requires the active participation of the citizenry both to mitigate it and, in the event of an incident, to manage it. To take one example, many of the critical networks in this country are in private sector hands. Something that threatens a whole society needs a response from the whole of it. This is a political and management challenge, but one we are perfectly capable of coming to terms with and mastering provided that people know where to go for information and, in a crisis, know what is expected of them. Government would find it much easier in individual crisis situations to avoid sending out confusing signals if it were speaking to a generally informed public. Finally, the cynicism of some of the reactions to the continually issued security alerts shows that the bond of trust between the government and the people is nothing short of indispensable.
Practical Steps
So much for philosophy. Let us get practical for the moment. What should we be looking for in public policy? I am not going to discuss departmental structures here or the comparative merits of one approach over another. To my mind the issue now is that those structures should be outward looking and given the necessary authority in relation to spending departments as well as bodies outside government to make policy effective. That - big issue - aside, I would plead for the following on the information side:
- High quality intelligence collection, collation and assessment by government;
- Co-operation with the private sector in the trawling of open source information;
- Sharing assessed information in a more trusting and fuller way with the organizations outside government whose functioning is crucial to the functioning of society as a whole; and
- Getting the act together on providing both general guidance to the public about precautions they can usefully take and clear, easily understood and consistent guidance during an alert as well as during an actual incident.
Maritime Illustration
Here it might be useful to offer one illustration of what, at a practical level, the realization of the points above is likely to involve. The story is maritime. Between 1 January and 31 October 2003, twelve ships were hijacked and eight went missing. How do you lose a ship? Quite easily it seems. Gard services, a respected independent authority in the maritime world reported that the areas most affected were the South China Sea and the Malacca Straits, the Indian Ocean and the Caribbean, the coast lines of South America and Africa - no small area, in other words. Actually the zones where piracy is prevalent have not changed in several hundred years. In the shipping business, margins are so thin because competition is so cutthroat that anything involving a sunk, unproductive cost such as increased security will not be accepted unless mandatory. Which is now about to happen.
Under a revised Saving Lives at Sea agreement and Security Code, every port and harbour and 20,000 ships will have to undergo a security assessment and submit a security plan before July 2004. Every one of 34 million containers is going to have to be individually identified. As things stand almost none can be. Every seafarer will have to have an internationally recognised identification document including biometrics. Without these additional measures, no ship will enter major ports of the world, no cargo will be landed and no seafarer will get off or back on to his ship. None of this is in place now. Quite complex and quite costly but justified and necessary. This is just one measure among the many thousand that will be put into place in the world we live in now but we have barely begun.
Protective Measures
Secondly, the implementation of protective measures is also essential. These include:
- Effective tracking of suspects, which unavoidably involves, however much we may dislike it, comprehensive collection of data concerning the movement of people;
- The same, mutatis mutandis, on certain types of physical goods;
- Again unavoidable, the sharing of data between agencies, accompanied by stringent contemporaneous auditing by independent trusted bodies to safeguard against abuse;
- Education of the citizen to recognise anomalous behaviour and act against it - a sensitive issue which can lead to appalling officiousness - but which in the electronic sphere could add significantly to the robustness of inter- and intra-nets: most of us, and I include myself, need to understand more about our computers and their vulnerabilities;
- Effective physical security measures of concealed people and weapons at or before borders; and lastly
The key points remain that government must lead and co-ordinate while institutions, companies and individual citizens must participate. Legal protections against abuse must also be put into place at the same time as measures designed to increase security are implemented. One final observation which can be made is that the lack of trust between citizen and authority will be much more destructive of our society, our freedoms and our values than anything the terrorist could do to us.
Pauline Neville-ones is Chairman of Qinetiq