It has been announced that the threat of a terrorist attack has been reduced from “severe” to “substantial”.  There have been various suggestions that such a change may be made for some time.  But what does it really mean in practice?  The answer is not a lot. 

In principle, the change is supposed to mean that an attack is “a strong possibility” as opposed to “highly likely”.  What does that mean?  Well, how will you change your behaviour as a result?  This encapsulates the problem with generic threat levels – particularly those with a five-point scale.  Whilst, in principle, additional security measures may be triggered when the threat level goes up a notch (and deactivated when the level goes down), in practice the response should be more graduated and should in any case be related to more specific factors (is the threat against iconic sites, financial centres or crowded places?).

Nonetheless, the decision to reduce the overall threat level is good news, particularly as until quite recently the official line was that the threat level was “at the severe end of severe” (whatever that might have been intended to mean).  It demonstrates the degree of success that the police and the security service have had in disrupting terrorist plotters and the work that is being done to divert individuals from violent extremism.

So we can relax?  Not really – the threat of attack remains substantial and a strong possibility.  And, of course, last time the threat level was reduced was in May 2005 – just a few weeks before the London bombings that July.

I have tabled a question for written answer on electromagnetic pulses and the National Security Strategy arising from the meeting I went to yesterday:

To ask Her Majesty’s Government:

 

“What consideration was given to the threat to the critical national infrastructure of a high intensity electromagnetic pulse, produced either by malign intent or as a result of solar activity, in preparing the National Security Strategy.”

Earlier today I went to a meeting (organised by the Henry Jackson Society) in one of the more remote Commons Committee Rooms chaired by James Arbuthnot MP, the Chairman of the Select Committee on Defence.  He began by intoning that we were all attending “the most important meeting you will ever go to”.  I am not sure about that, but it was undoubtedly one of the scariest I have ever attended.

It was addressed by Avi Schnurr, President of EMPACT (The EMP Awareness Coordination Taskforce) and concerned the threat of an electro-magnetic pulse that could permanently disable the electricity grid and most electrical systems.

In 1962, the United States conducted “Starfish Prime,” a nuclear weapon test over a remote region of the Pacific Ocean. The test was successful, with one unexpected result: fifteen hundred kilometers away in Hawaii streetlights burned out, TV sets and radios failed and power lines fused. This was unexpected and demonstrated that a nuclear warhead set off above the atmosphere causes an Electromagnetic Pulse, or EMP. Unlike a ground burst, an EMP blast can mean (depending on how high in the atmosphere the explosion takes place) continent-wide catastrophe, a capability potentially in the hands of any rogue nation or terror organization that can acquire a single nuclear-tipped missile.

With some of the world’s most unstable regional powers acquiring or already in possession of nuclear weapons, the United States Congress established the Electromagnetic Pulse (EMP) Commission, tasked with evaluating this growing threat. The Commission, based on testimony from throughout the federal government, warned that America’s current vulnerability invites attack. They concluded, remarkably, that “EMP is capable of causing catastrophe for the nation,” as “one of a small number of threats that has the potential to hold our society seriously at risk, and might result in defeat of our military forces.”

During the Cold War, the USA and the USSR relied on deterrence, but because of the threat from EMP (which could have limited their capacity to respond after a first warhead had detonated) both would have responded to a single missile in flight by a full maximum response within minutes – hence the briefcase with the codes that still follows the US President.

However, if one postulates a rogue state or a rogue group having access to a quite small nuclear device and a rocket powerful enough to send it into the upper atmosphere above the target nation or nations (perhaps launched from a boat), deterrence is no longer the answer.  The attraction for a North Korea or an Iran (and in both countries there is evidence according to Avi Schnurr that the military elites are not only aware of the potential of EMP attack but have also actively discussed it) is the comparative simplicity of delivering such an attack that would disable the United States or Europe and that it could be done stealthily.  The same attraction would also be there for terrorist groups.

And there is no question that the effect of an EMP attack could be devastating.  Electricity grids would be destroyed as transformers burnt out (and although these could be replaced the process would take years and again according to Avi Schnurr there is only one company in the world that makes the transformers on which the US electricity grid relies).  Control systems for parts of the critical infrastructure (eg the water supply) and even for vehicles would be destroyed by an EMP attack.  For a significant period the infrastructure could not function, distribution systems (eg for food) would not function, and the internet would not work.  Given the nature of modern society, social structures would break down very rapidly.

And as if the threat from a rogue state or terrorists was not enough, electromagnetic pulses can occur naturally as part of solar activity. Avi Schnurr quoted the US National Academy of Sciences as warning that solar activity can produce effects of equivalent magnitude and does so approximately every hundred years or so.  The last such massive solar surge was in 1859 and shorted out telegraph wires and caused widespread fires.  The next occasion when there might be such a surge is 2012 (although it might not be the big one, but that is when the next peak of solar activity is anticipated).

I will have to check but I don’t remember any of this being mentioned in last month’s National Security Strategy.  I can feel some Parliamentary Questions coming on …

In an interview with BBC Radio 4’s “The World This Weekend” Peter Clarke who was the National Coordinator for Terrorist Investigations until about 18 months ago has suggested that the current rules on contempt of court may hinder counter-terrorist work and certainly make it harder for the public to understand what is going on.  (I am not sure what was gained in public understanding by recording the first part of the interview in the street outside the Old Bailey, but then I’m just a listener, so what do I know … )

Peter Clarke was supported by former Attorney-General, Lord Peter Goldsmith, who said reviewing the legislation would be timely, while recognising the importance of ensuring that those arrested could get a fair trial.

There are real issues at the moment in terms of how public confidence in police actions in addressing terrorism may be maintained, if no public explanation of why a high-profile raid has taken place until all relevant Court proceedings have concluded possibly as much as three or for years later.

This was one of the issues that emerged in the major consultation exercise that I led on behalf of the Metropolitan Police Authority three years ago and which culminated in the publication of  “Counter Terrorism: The London Debate“.

The report concluded:

 

“It is critically important that the MPS continues

in relation to its counter-terrorist work to find

innovative ways to communicate important

factual information to the public before an

incident, as an incident unfolds, and afterwards.

In the absence of official information, rumour

will always thrive. Maximum safe information

must therefore be communicated by the police

to scotch such rumour, and thereby to limit

misunderstanding. Only in possession of the key

facts can the public make up its own mind in an

informed way as to whether a particular police

action is appropriate and proportionate.

Improved arrangements for the disclosure of

information on counter-terrorism matters by the

police to the public through the press are

urgently required. Current legal constraints

around pre-trial reporting prevent the police

from issuing information at their disposal,

thereby creating an information vacuum, which

is invariably filled by unsubstantiated public

accounts, resulting in damaging scepticism of

counter-terrorism operations within

communities. It is therefore time to revisit the

law on sub judice (matters under trial or being

considered by a judge or court). Whilst the legal

system must protect the rights of all individuals

to a fair trial, the police need to command

public confidence in order to do their difficult

counter-terrorist work, and this is made much

more difficult by restrictions imposed upon their

ability to share information with the public

about that work.”

Alan Johnson, the Home Secretary, has made it clear that ID cards will not be compulsory.   In a press conference, he said that the pilot schemes for airside workers to have ID cards in Manchester and London City Airports would not now be compulsory for UK citizens.

He said:

“Holding an identity card should be a personal choice for British citizens – just as it is now to obtain a passport.   Accordingly I want the introduction of identity cards for all British citizens to be voluntary and I have therefore decided that identity cards issued to airside workers, planned initially at Manchester and London City airports later this year, should also be voluntary.”

At the press conference, he was asked by journalists if ID cards would be made obligatory and said quite clearly that they would not be.

In a Parliamentary written statement he said:

“There will be significant benefits to individuals from holding an identity card which will become the most convenient, secure and affordable way of asserting identity in everyday life. Identity cards will also be valid for travel throughout Europe in place of a British passport. ….. However, holding an identity card should be a personal choice for British citizens – just as it is now to obtain a passport. Accordingly I want the introduction of identity cards for all British citizens to be voluntary.”

This is a sensible and proportionate approach to adopt.

I have always felt that identity cards were mis-sold when they were first announced.  They were never going to be a magic bullet in the battles against terrorism or organised crime – although that was what was claimed when the proposals were first aired.  However, a simple system enabling the citizen to demonstrate – should they wish to do so – who they are always seemed to me to have enormous value (certainly better than having to turn up at a bank with a driving license, a council tax receipt and a utility bill).  In essence, that is the system that the Government is now saying we will be moving towards.

The Government has today published its much-heralded “Cyber Security Strategy of the United Kingdom“.  The document is welcome and will lead to an Office of Cyber Security (OCS) being set up to “provide strategic leadership” across Government.  In addition, a Cyber Security Operations Centre (CSOC) will be set up as part of GCHQ.  This Centre will be responsible for “incident response”, as well as monitoring “the health of cyber space” and providing advice and information.

This all looks extremely positive, as does the philosophy under-pinning the Strategy which includes working in partnership with industry, being more integrated within government, tackling security challenges early, and being grounded in a set of core values based on human rights.

As ever, (forgive the lapse into cliche) the devil will be in the detail – and the detail is not contained in the Strategy.  How much clout and authority will the OCS have within Government?  Will the CSOC have the resources it needs to be sufficiently pro-active and will it have the legal powers to take appropriate action?

According to the Independent this morning, the announcement of the new Cyber Security Strategy that was promised last week and that I have been calling for over the weeks (years?) will take place tomorrow.  Earlier this week I chaired a seminar on “Meeting the Threats in Cyberspace”.  One of the most impressive (worrying?) presentations was from Scott Borg of the US Cyber Consequences Unit.  His conclusions, which spell out why a fresh approach from the UK Government is so urgent, can be summarised as follows:

“Based on the work the US-CCU has already done, it is evident that the potential economic and strategic consequences of cyber-attacks are very great.  The US-CCU’s research has demonstrated that the numbers widely quoted for the costs of denial-of-service cyber-attacks lasting up to three days are actually wildly inflated.  But the US-CCU’s findings show that other types of cyber-attacks are potentially much more destructive.  Especially worrisome are the cyber-attacks that would hijack systems with false information in order to discredit the systems or do lasting physical damage.  At a corporate level, attacks of this kind have the potential to create liabilities and losses large enough to bankrupt most companies.  At a national level, attacks of this kind, directed at critical infrastructure industries, have the potential to cause hundreds of billions of dollars worth of damage and to cause thousands of deaths.

Some of the attack scenarios that would produce the most devastating consequences are now being outlined on hacker websites and at hacker conventions.  The overall patterns of cyber intrusion campaigns suggest that a number of potentially hostile groups and nation states are actively acquiring the capability to carry out such attacks.  Meanwhile, the many ways in which criminal organizations could reap huge profits from highly destructive attacks are also now being widely discussed.  This means that American corporations and American citizens need urgently to be informed, not just of their technical vulnerabilities, but of the economic and strategic consequences if those vulnerabilities are exploited.  It is only by basing our cyber-defenses on a comprehensive assessment of cyber-attack consequences that we can make sure those defenses are sensible and adequate.”

While the House of Commons was embarking on its second ballot to elect a new Speaker, the House of Lords was debating an amendment to the Policing and Crime Bill proposed by Lord Imbert, a former Commissioner of Police for the Metropolis.

The Bill, as drafted, gives the Commissioner a statutory right to be consulted by the Metropolitan Police Authority over any appointment of an Assistant Commissioner, Deputy Assistant Commissioner or Commander.  At present these are the prerogative of the Police Authority, although customarily the Commissioner acts as an advisor to the Authority.  The Bill’s proposals are sensible and enshrine in law current custom and practice.

Lord Imbert’s amendment, however, went much further.  This would have given the power of appointment to the Commissioner, who would in turn be required to consult the Police Authority.  A complete reversal of the present practice – effectively side-lining the Authority and moving against the direction of the Bill which gives a greater say to local communities in their policing arrangements.

Lord Imbert (for whom I normally have the highest of respect), in moving the amendment, said that he was moving the amendment with the “full knowledge and support” of the present Commissioner, Sir Paul Stephenson.  (In fact, I understand that the amendment was drafted by Sir Paul’s office in New Scotland Yard and was actively promoted by them.)  The implication of this is that Sir Paul does not have confidence in the Police Authority to make such senior appointments properly and to take his views sufficently into account.

Not a happy basis for a relationship with the Police Authority to whom he is accountable.

The amendment itself was withdrawn without being voted upon.

The Boston Globe has an article from a fellow at the Harvard Kennedy School of Government arguing that the United States should assert its right to cyber self-defence by declaring that “it will promptly counter-attack as accurately and as proportionally as technology allows”. 

This is an interesting – if scary – argument.  It conjures up memories of the Cold War and “Mutually Assured Destruction” or even further back of Lord Palmerston and “the send a gun-boat” style of diplomacy.  Did either strategy work?  Well, some would argue there was no nuclear war during the Cold War years (although, the aftermath poses some interesting problems of proliferation etc).  And, of course, during the Palmerston era the Sun never set on the British Empire (allegedly because the Sun knew it could never trust the British Empire in the dark).

It is undeniably the case that a number of nation-states are developing an offensive cyber-warfare capacity and those that ostensibly are only interested in developing a defensive strategy can readily reverse the process to become offensive (Porton Down was always ostensibly about developing chemical weapons defence …).

Similarly, non-state-sponsored cyber attacks often emanate from countries who are either indifferent to the activities going on within their borders or are powerless to intervene.

Does this give a country the right to retaliate?  The Boston Globe article suggests that a few bouts of such retaliation would bring about the creation of some international means of regulating and protecting  cyberspace.  That may be true, but it would be good to think that such an outcome could be achieved without the digital trench warfare that the article describes.

The “Digital Britain” report, published today has an excellent section on “Digital Security and Safety”.  The report makes it clear that there will definitely be a national Cyber Security Strategy, something I have been calling for for some time, when it says:

 

“The UK’s National Security Strategy describes how ‘cyber security’ cuts across almost all the national security challenges that it identifies, and the need to address them in a coherent way. To this end, the Government is developing a Cyber Security Strategy to build a safe, secure and resilient cyber space for the UK, through both the beneficial exploitation of cyber space and the reduction of risks posed by those who seek to do the UK harm: the forthcoming Cyber Security Strategy will set out how the Government intends to approach this task.”

This is an extremely welcome development.  When Lord Stephen Carter made his statement introducing the report in the House of Lords this afternoon, I asked him when the Strategy might be issued and he said he hoped it would be ready by the end of July.