Broadening the security agenda
Speech by the Director General of the Security Service, Dame Eliza Manningham-Buller, at the CBI Annual Conference 2004, Birmingham.
Ladies and Gentlemen, I would like to begin by thanking John Sunderland and Digby Jones for their invitation to speak to you this afternoon. I am delighted to be here to introduce your session focusing on security. I believe this is the first occasion that security has been on the agenda at a CBI Conference.
I have come here today to get across two things: what the threat from international terrorism is and what you as leaders of British industry should do about it, and how my Service can support you in that.
First the threat. There is a serious and sustained threat of terrorist attacks against UK interests at home and abroad, including against the business community. There might be major attacks like Madrid earlier this year. They might be on a smaller scale. The terrorists are inventive, adaptable and patient; their planning includes a wide range of methods to attack us.
Many senior Al Qaida figures have been killed or arrested since 9/11 but, although the organisation has been damaged, it retains the capability to mount terrorist attacks on Western interests. Moreover the international terrorist threat manifests itself in other forms which are as challenging. "Al Qaida" has become shorthand for other terrorist groups or networks that, inspired by Al Qaida's successes, and in imitation of it, are now planning attacks against Western interests.
There may be people here who doubt this description of the threat or perhaps question the language used to describe its scale. It is right to ask questions and challenge assumptions. Indeed it is necessary to do so. We need to continue to check our judgement of a threat that is shifting and evolving. But I would urge you to consider the events of 9/11, in Bali, in Istanbul, in Madrid. Be under no illusion. The threat is real and here and affects us all.
I am often asked why there have been no attacks in the UK since 9/11, an entirely reasonable question. Part of the answer is the effectiveness of the UK's counter-terrorist response and the great increase in international co-operation and exchange of intelligence. Following operations involving my Service, the police and many other partners, plots have been disrupted and terrorist suspects arrested in the UK. A significant number of those arrested have been charged with serious terrorist offences. They will appear before the Courts in due course.
Other reasons include the steps taken by the Government to make it harder for terrorists to operate in the UK and the part played by everyone, business included, in reducing our vulnerability to terrorist attacks by protecting ourselves better. Responding to the threat has not been easy and difficult judgements have to be made. Balancing liberty against security is perhaps the most difficult of them. But stopping an atrocity is only one aspect of the challenges we face. Across the UK, private companies are working with the Service and the police to increase resilience and strengthen the capability of the private sector to stay in business in the face of threats or actual attacks.
The role of business
This is where I come to my second message, your role. As I have just said, progress has been made in reducing our national vulnerabilities - there have been definite improvements - but I worry that, against the background of no attacks here, we risk becoming complacent. So my message is to broaden your thinking about security issues.
A narrow definition of corporate security including the threats of crime and fraud should be widened to include terrorism and the threat of electronic attack. In the same way that health and safety and compliance have become part of the business agenda, so should a broad understanding of security, and considering it should be an integral and permanent part of your planning and Statements of Internal Control; do not allow it to be left to specialists. Ask them to report to you what they are doing to identify and protect your key assets, including your people.
I am often asked what single piece of advice I can recommend that would be most helpful to the business community. My answer is a simple, but effective, business continuity plan that is regularly reviewed and tested. Many of you already have sophisticated business continuity plans in place. Indeed this is one of the areas in which the private sector, rather than the public sector, sets best practice and from which government and others can learn, but do you all have such plans and have you considered them at Board level?
Support from the Security Service
And where do we, the Security Service, fit in? Those of you who only know us from fiction may imagine that the only role of the Security Service is to pursue terrorists, spies and serious criminals. We certainly do that (this is exciting and rewarding work, though not quite in the way that it is presented in fiction) but we also give advice, based on our inside knowledge of the intelligence on the threat.
Some of you here today will be familiar with our long established role in providing security advice to a selected range of customers. In the last twenty years, alongside the advice we provide to government, we have increasingly given security advice to some of the private sector. In the past that has been to the sectors of the business community that form the UK's key national assets, known as the Critical National Infrastructure. Our advice is based on access to all intelligence available to the UK. It is formulated by experts who, supported by an extensive programme of scientific research and development funded by Government and shared with close allies overseas; are well equipped to access the best practice for others.
But that is not enough and reaches too few of you. To support your judgements and you and your employees' security, we have recognised the need to make you better informed about the nature of the terrorist threat and what practical steps can be taken to protect your business. The MI5 website has been redeveloped for that purpose and you can also access it through a link on the main CBI website.
This is a first step. There is, of course, more for my Service to do to make useful material about terrorism available to you and your companies. Further initiatives can be expected and improved generic advice made more widely available. The CBI is helping us with this. We need your help channelled through them in identifying where we can best help you. The CBI Business Security Survey will contribute to that process. Specialist effort will continue to be focussed on the critical services but we recognise the demand for advice and information in the wider business community and are working hard to respond to it.
So in sum: the threat is current and real; it affects us all and you, supported by us, have a key role to play.