My Lords, I express my own thanks to our chair, the noble Lord, Lord Arbuthnot, not only for his excellent introduction today but for his superb chairing of the committee, especially given that meetings had to be conducted remotely almost throughout. I support his thanks to our terrific staff and advisers, and to my fellow committee members for their stimulating company and insights.
I joined the committee encouraged by some of the writing of the noble Lord, Lord Rees, especially in his excellent book On the Future: Prospects for Humanity, in the hope and expectation that we would grapple with how best to anticipate and mitigate some of the extreme and existential risks we face in the UK, particularly those arising from new technologies such as artificial intelligence.
However, the fact is that, in risk terms, we have rarely been thinking beyond a two-year timeframe, let alone a parliamentary term, and we found that our system is completely deficient in assessing and planning for chronic or long-term risks and has a bias against low-likelihood, high-impact risks. In his evidence to us, the noble Lord, Lord Harris of Haringey, chair of the National Preparedness Commission, rightly questioned whether the current political system, with short parliamentary terms and ministerial postings, allows for the proper consideration of risk. Sir Patrick Vallance, who it is clear will be playing an important role in government reforms in this area, was even blunter, saying:
“If you take a two year outlook, you get the wrong answer.”
We discovered that it was not just generational risks where risk assessment and planning were inadequate, such as with climate change or AGI—artificial general intelligence—but that we failed even when it came to the medium term. As we have heard, the great irony is that, prior to the onset of Covid-19, the UK’s approach to risk assessment and management—as the Institute for Government pointed out in its report Managing Extreme Risks—was admired. It is clear, however, that there are both cultural and institutional flaws in planning, assessment, mitigation and prevention. The time is never right for expenditure on prevention and mitigation, as the noble Lord, Lord Rees, says—another plug for his book—in his new introduction.
The risks we face are changing. As we say in the report:
“Technological advances have raised the threat posed by the malicious deployment of technologies which could be used for good or ill, while traditional threats such as those from nuclear or chemical warfare remain.”
We also found that the Government’s risk assessment process through the NSRA looks at only discrete risks and is unable to encompass the complexity of risks facing the UK. It has failed to account for interconnected or cascading risks, which go far beyond the failure of one part of a system.
In his prologue to his book Apocalypse, How?, one of our witnesses, Sir Oliver Letwin, posits a national emergency where the internet goes down, electricity supply fails across the country and no analogue communications backup is available. Given the way that BT’s Digital Voice programme to replace copper telephone lines with fibre seems to be taking place without any assessment of the impact on national resilience, it looks like we are heading for an emergency of exactly that type. Robert Harris, author of The Second Sleep, illustrated this graphically in his evidence:
“Sophisticated societies do collapse. Every civilisation collapses. You cannot think of one that did not face some terrible crisis, partly because they became so sophisticated.”
We further found that the central government risk assessment process has developed a culture of secrecy that impedes thorough scrutiny, expert consultation and information sharing with key partners, as experience with Exercise Cygnus and the DHSC’s more recent report on learning Covid lessons are already showing.
I welcome a great deal of the Government’s response and the new resilience framework, particularly the adoption of the overarching three principles adumbrated by the noble Lord, Lord Arbuthnot, and action relating to local resilience forums and the voluntary sector—and, indeed, relating to the development of skills. But how will the resilience directorate and the new head of resilience be
“providing leadership for this system”?
It seems there will not be any teeth in terms of challenging lead government departments.
Then we have the lack of a statutory duty regarding critical national infrastructure threats, which could be the Achilles heel of our risk planning. How does this square with the commitment to deliver resilience standards in the private sector? What does action to “refresh” the NSRA mean? What methodology will be adopted? Why is there no commitment to looking more than five years out? These proposals all aim to ensure that we have a much better handle on the future. As Professor William MacAskill says in his recent book, What We Owe the Future, sacrifices can actually be win-wins for posterity. I hope the Treasury takes note.