This blog gives my impressions of a potentially important Government publication looking at the resilience of the UK (well actually the resilience of England and Wales). The report being discussed can be found at https://www.gov.uk//government/publications/the-uk-government-resilience-framework
A policy paper that predates this report stated that “The National Resilience Strategy will specifically consider the roles and responsibilities of CNI owners and operators to ensure high levels of resilience across our most essential sectors. The strategy will also consider how to integrate the roles of CNI owners and operators within a wider framework that also incorporates all levels of government, the wider private sectors, civil society and the public”.
It also said that:
“Much of what is needed is already in place, but improvements can still be made:
- government should publish a full set of resilience standards every five years, following advice from regulators, alongside an assessment of any changes needed to deliver them;
- infrastructure operators should carry out regular and proportionate stress tests, overseen by regulators, to ensure their systems and services can meet government’s resilience standards, and take actions to address any vulnerabilities;
- infrastructure operators should develop and maintain long term resilience strategies, and regulators should ensure their determinations in future price reviews are consistent with meeting resilience standards in the short and long term”.
It recommended that government should introduce a requirement for Secretaries of State to publish (among other things) “clear, proportionate and realistic standards every five years for the resilience of energy, water, digital, road and rail services”. These seem more about the continuity of service (business continuity) with targets “which cover 12 key service areas, including supply restoration, connections and voltage quality” rather than the protection of the public so may not have a great effect on emergency planning as I know it.
It is claimed that “Setting agreed standards is key to effective assurance regimes that ensure that the UK’s most critical systems and organisations are resilient across a broad range of risks, that operators, regulators and stakeholders have confidence in that assurance and have clarity on what further resilience improvements are necessary and desirable” whereas I would argue that correctly identifying the level of preparation that is sensible and then meeting and policing appropriate standards make the difference not setting standards alone, but then I’m not a Civil Servant.
While talking about a “National Strategy”, written and managed by the UK Government, the paper admits that it has no control over the actions of the devolved administrations and seems to suggest that this will continue.
[Para 64] “The UK Government remains fully committed to working closely with the devolved administrations to ensure integration of respective approaches, share best practice and learning, and ensure strong cross-border collaboration – delivering on our duty to protect citizens in every part of the UK. The devolved administrations have their own established and effective local resilience partnerships, and these will not be impacted by the planned strengthening of English LRFs”.
Given that this did not work during the Covid response, what happened to learning from experience?
Early in the resilience framework report it states that “This framework focuses on the foundational building blocks of resilience, setting out the plan to 2030 to strengthen the frameworks, systems and capabilities which underpin the UK’s resilience to all civil contingencies risks”. It is seen as a “long term commitment to systematic changes” [Para 3].
The introduction to this current paper refers to the war in Ukraine, Covid, climate change and “cyber challenges” which makes a change from flu, flood, animal disease, terrorism and industrial accidents which have been the headline risks for many years. Who can remember being told that the government, local authorities and NHS were ready for a severe flu pandemic but watched it fold like a playing card castle in a hurricane when Covid, which shares many of the attributes of flu, hit the world? Apparently “Although there was an understanding of the risk of pandemic flu, treating it as a health emergency meant that there was limited planning outside of the healthcare sector”. So that’s alright then.
We are told that we now have “bold and comprehensive plans to build resilience to specific risks”, personally I’d settle for appropriate and adequate rather than bold which according to my Oxford dictionary means “confident and daring or courageous” or “audacious; impudent”. Confidence in plans too often turns to hubris. Emergency planning is a career that should be reserved for pessimists and worriers once you think that you have comprehensive plans you are on a slippery slope.
The Government’s approach to resilience is to develop a shared understanding of the civil contingencies risks we face; prevention is better than cure and resilience is a whole of society endeavour. This all sounds reasonable.
The weakness is that no matter how many committee hours we spend gazing into crystal balls life can hit us with something we hadn’t considered or something we had considered but with a slight variation that throws our plans out of the window. “No plan survives first contact with the enemy”[1]. However, plans can be flexible and plans can be exercised. Having a framework in which different disciplines work together coordinated by agreed mechanisms and sharing information and expertise should allow a better response to events. The history of the British Government response to major events has included events where a the carefully prepared plan was not used (Fukushima – initially seen as a humanitarian issue so the nuclear plan emergency plan was somewhat bypassed) and where the carefully prepared plan had fallen into disrepair (Flu/Covid where stocks of PPE had been run down on the promise of just in time acquisition and had not really followed through on consideration of the impacts).
As the paper admits “But, while prevention is a key principle, it cannot replace careful and effective management of emergencies as they occur”.
The paper talks about a new “Resilience Directorate” [para 53 and 54] but I cannot find any other mention of it on Government websites. This will work alongside COBR.
On the National Security Risk Assessment (NSRA) the report states that: “The UK Government’s ambition is to create an NSRA process which readily invites external challenge from experts, academia, industry and the international risk community. Relevant information from the NSRA, sensitivity permitting, will be openly available to the public”. This is good to hear and it hasn’t fallen too far short of that target in the past although the public facing National Risk Register has recently been dumbed down to make it “more accessible to the public” but has reduced its usefulness to the preparedness professional.
It also talks about “multiple scenarios” which is encouraging. I’ve previously found that some other countries publish a range of scenarios for each threat against which their plans are prepared and tested. I’ve always thought this good practice provided the system does not become too rigid.
The UK Government could learn from the US 2019 National Threat and Hazard Identification and Risk Assessment (THIRA) which
- reports a literature review of existing government response plans and academic studies to develop a preliminary list of 59 threats and hazards.
- Consulted with subject-matter experts (SMEs) and reviewed a preliminary list of threats and hazards to select nine scenarios—consisting of both natural and human-caused incidents—that would most challenge the Nation’s capabilities.
- Developed a set of 29 standardized impacts, based on in-depth research and stakeholder feedback. These standardized impacts represent key metrics that emergency managers use to understand the magnitude of a disaster, such as fatalities or number of people requiring shelter.
- Finalized 22 specific, quantifiable capability targets, representing the most critical and measurable elements of selected core capabilities.
These are used to develop and test plans and confirm that adequate resources, including trained personnel, are available.
Also mentioned is a National Situation Centre [paras 39 – 42] which was new to me. This can be found elsewhere on the Government websites “The National Situation Centre (SitCen) was established to bring data, analysis and insight together, boosting the government’s ability to identify, monitor and manage risks. For example, during the period of extreme heat in July, the SitCen worked with partners to identify vulnerable groups and locations, enabling responders to target support effectively”. This sounds like a useful asset. [see also job advert for Technology Head].
Under the title “Social Vulnerability” [Paras 43 – 48] the paper talks about data sharing before and during crisis and stating an aspiration to improve this that squeezes in a suggestion that additional problems meet ethnic minority and low-income groups which must be reflected in plans and preparations. See also para 32 with regard to communications to these groups and an annual survey of public perceptions of risk, resilience and preparedness.
An expressed intention is to develop a measurement of socio-economic resilience and vulnerability to “provide a snapshot of the key characteristics of local areas”. In my work with them, I have found that LRFs have a very good understanding of their area; being able to make educated guesses about how easy it would be to evacuate areas based on an impression of household size, car ownership and transport links and what proportion of the affected people might use reception centres rather than make their own arrangements for accommodation. To attempt to make this more rigorous and data based may not be easy nor cost effective although in the era of big-data it may be easier than I suspect.
The UK Government will continue to use the Lead Government Department model to guide risk ownership, but there will be further clarification of roles and responsibilities for complex risks. In addition, “Government will create a new Head of Resilience role to provide leadership for this system. This new role will guide best practice, support adherence to resilience standards, and test planning in a meaningful and proportionate way to support the LGD model”.
A commitment [para 31] is given that “The UK Government will improve its communication of risk, focussing on personalisation (for organisations and individuals) as a means to ensure that organisations and individuals have access to relevant, actionable information. We will work closely with both national and local partners to develop and deliver these messages, as well as supporting partners to develop and deliver their own communications campaigns”. Always easier said than done successfully.
The proposed Annual Statement to Parliament on civil contingencies risk and performance and any debates within the House will be one to watch.
The paper reiterates the commitment that “local level will continue to be the building block of the UK’s resilience” and to “significantly strengthen LRFs (in England)” but most of the development seems to be at central government level. Changes at LRF level seem to concentrate on accountability and “clear mechanisms for the assurance of the multi-agency activity”.
Paras 79 – 88 discuss the CCA. This reiterates the central government view that enhanced accountability combined with moving the current advisory resilience standards to a statutory footing will sort any local weaknesses. In addition, they recommend making the Met. Office a Cat 2 responder (sensible) as well as the Coal Authority (I have no view on this).
“The armed forces will continue to play a vital supporting role to the civil authorities in resilience but will not be asked to take on an enhanced role” [in para 93].
Page 33 marks the start of an Action Plan.
Para 110 talks about engaging the private sector (mainly considering CNI) and includes “Raising private sector resilience standards may mean that the UK Government asks more of some parts of the private sector, but it will provide the guidance and information on risks that organisations need in order to be able to meet the standards that the UK Government sets”. The Government providing guidance and information and then asking private industry to put significant effort into something they may not see as a benefit might be a hard sell. Industry needs to know “What’s in it for me?” Again, I hear the voice of Civil Servants living in a world of their own.
To achieve this promulgation of standards “The National Infrastructure Commission has recommended that the UK Government should publish a set of standards for energy, water, digital, road and rail services, to be reviewed and updated every five years” and the Government has committed to do this (“to create common but flexible resilience standards across CNI”) and to develop an action plan to deliver the standards[Para 114]. The CNI standards will be stress tested.
It is intended that there will be a review of the existing regulatory regimes on resilience [Para 119] and regulation may be extended to cover the highest priority sectors and risks that are currently not subject to regulation.
P.131 UK Resilience Forum (UKRF) was established in 2021. The UKRF brings together representatives from the UK Government, devolved administrations, emergency services, responder organisations, the private sector and the voluntary and community sector. This advisory board is aimed at aligning efforts across the system, strengthening relationships between partners, and informing the government’s work on its resilience commitments under the Integrated Review.
P146 “the UK Government will continue to deepen and strengthen its relationships with the VCS (Voluntary and Community Sector) in England. The capabilities of the VCS will be better understood and integrated, as appropriate, strengthening resilience at local and national level in England”.
The Department for Digital, Culture, Media and Sport is also funding the Voluntary and Community Sector Emergencies Partnership (VCSEP) in England with up to £1.5m, to 2025.
Page 49 onwards – Investment
There is a commitment that by 2030 the Government will
- “Have a coordinated and prioritised approach to investment in resilience within the UK Government, informed by a shared understanding of risk.
- Consider options for funding models for any future expanded responsibilities and expectations of LRFs in England.
- Offer new guidance to community organisations and individual householders, to help those people to make more informed decisions about investing in their own resilience and preparedness”.
Some interesting statistics:
- Where there is a risk of flooding, the Environment Agency has helped ensure homes are built in a flood safe way. Every £1 spent advising on flood risk matters in spatial planning applications has saved £12 in future flood damages.
- During Storm Christoph, 49,000 properties were protected from flooding, with fewer than 1200 inundated.
- Improved response arrangements ensured that a Foot-and-mouth outbreak in 2007 caused much less damage (£150 million) than the outbreak in 2001 which cost the UK around £8 billion.
There could be increased funding of LRFs. “DLUHC (Department for Levelling Up,
Housing & Communities) agreed a £22m three-year funding settlement or LRFs in England starting in the 22/23 financial year” [Para 174]. This does not commit the additional funding of LRFs to extend beyond the third year leaving the Government to “consider options for funding models for any future expanded responsibilities and expectations of LRFs” [Para 175]. The Government preference is unsurprisingly to spread the cost among responder organisations and businesses.
Page 58 onwards Skills
There is an intent to set up a UK Resilience Academy built on the Emergency Planning College to deliver new training and skills and create a professional pathway. This “will be a physical and virtual campus delivering the scoping, design and delivery of training, wider education, learning and development and exercising for resilience professionals” [Para 195].
Annex B summarises the Framework actions.
Summary
This is a comprehensive document suggesting a step change in the Government’s view of resilience. It is a surprise that it totally ignores Business Continuity Management which seems to me to be closely related to resilience in the sense it is used here and is well imbedded in most businesses and responder organisations.
There is a tendency for the government to consider that improvements require new toys at Central Government level and more standards and accountability at the local levels. This is seen to be true in this report to a certain extent with a new Resilience Directorate, a newish National Situation Centre (SitCen), a new Government Head of Resilience role, a CNI knowledge base, a measurement of socio-economic resilience and vulnerability and the Resilience Academy for central Government on the one hand and a set of standards for energy, water, digital, road and rail services, to be reviewed and updated every five years on the other.
But there is new funding for the LRFs for at least three years and moves to build accountability into the Central Government roles with the proposed Annual Statement to Parliament on civil contingencies risk and performance.