Development of a National Security Strategy (plus NEMA) is one part of a National Risk Approach

Matt Boyd & Ben Payne

TLDR

• Following the Royal Commission of Inquiry into domestic terrorism, two Cabinet papers outline how NZ might improve the National Security System
• A proposed National Security Strategy would address malicious threats
• Improved national security oversight, and links with agencies such as NEMA would form a more comprehensive national risks approach
• However, this approach still omits accountability and resources for analysing, prioritising, and mitigating large global catastrophes and their impact on NZ
• Potentially, most of the risk to NZ lies in such rare but devastating scenarios
• An integrating office is still needed, which looks across all risks, comparing likely harms and prioritising resources. 

Introduction

The Department of Prime Minister and Cabinet proactively released two Cabinet papers describing a plan for improving how security risks of national significance are managed in New Zealand.

These Cabinet papers address aspects of the Royal Commission of Inquiry into the Christchurch terror attacks, the ongoing development of NZ’s first National Security Strategy, and cover some common ground with the recently released Draft National Security Long-term Insights Briefing (LTIB), upon which we have commented here.

Two National Security papers proactively released by Cabinet/DPMC

The Cabinet papers are:

·  Charting a New Path for Aotearoa New Zealand’s National Security: Developing our first National Security Strategy

·  Charting a New Path for Aotearoa New Zealand’s National Security: Strengthening the design of our machinery of government

Two primary Boards govern the existing National Security System (NSS) outside of crisis scope:

·  The Security Intelligence Board (focusing on malicious threats)

·  The Hazards Risk Board (focusing on civil contingencies)

In the Cabinet papers, however, national security is narrowly defined as, “actively protecting Aotearoa New Zealand from malicious threats to our national security interests, from those who would do us harm” (emphasis added). This very much limits the set of risks managed by the NSS, which is perfectly fine provided all other risks are picked up elsewhere.

At present 42 risks of national significance are compiled in a classified National Risk Register. The Cabinet papers propose creating a clear division between risks of a national security nature (ie threats from malign agents) and natural hazards and civil contingencies such as earthquakes and floods. This is because the ‘securitisation’ of risk in somewhat ad hoc fashion over time has stretched the national security apparatus, which is under-resourced and roles within it are not always formally legislated or appropriately funded. 

This issue, perhaps best summarised as the question of ‘who is responsible?’ is highlighted in the Cabinet paper on design of our machinery of government, which states that the NSS relies: “on mechanisms of coordination that do not impose formal responsibilities or specific accountabilities [across a wide ecosystem of agencies]”

Addressing National Security shortcomings

The Cabinet papers highlight that a core task moving forward will be to identify an “appropriate system leader” for the NSS (malign risks), as well as “independent statutory oversight for any new agency and/or the system as a whole”. The Cabinet papers are clear that any structural change must ensure, “our national security and hazard risk systems as a whole are not left worse off by piecemeal change, and are supported by an all-of-government National Risk Approach”.

It is this kind of ‘National Risk Approach’ that we particularly favour, which would account for security risks, hazards and civil contingencies such as those concerning the National Emergency Management Agency (NEMA), and also other major risks that fall through the cracks of the present system (as we discuss below).

Risks and risk amplifying factors 

The Cabinet papers acknowledge important risk amplifying factors including low social cohesion and stability, misinformation, and the impact of climate change. Other risk amplifying factors plausibly include rising technological capabilities (eg AI, bioengineering), geopolitical tensions, threats to trade, and consolidation of power in, and dependence on, large multinational firms (for example polarising and immensely powerful social media and technology firms). 

The Cabinet papers note that social and environmental policy are needed to address some of these issues. Trends across some, though not all, of these risk amplifying factors are discussed in the recent draft LTIB. 

These issues are examples of risks that currently fall outside NEMA and the National Security System. Important global risks and risk factors need to be identified as part of a complete set of national risks and risk factors. Analysing and addressing risk in ad hoc fashion means that resources may not be directed where they are most effective. 

Also missing from the discussion in the Cabinet papers is the intent to analyse and mitigate global catastrophes, which could include the future risk of nuclear conflict/winter, extreme climate change scenarios and potential for super-pandemics of significantly greater scale and impact than Covid-19. 

Global catastrophic risks are often not traditionally seen as ‘national risks’, due to uncertain probabilities of occuring in the nearer timeframes often applied in national level risk management and planning. However, we argue that the potential for such events across the longer-term should be central to national risk profile development and anticipatory governance and that a large amount of critical risk to NZ arising from these external sources may be missed by what amounts to a clear separation of NEMA and NSS with some additional aims of building interconnections between these risk entities.

Reforms to the system need to ensure all risk finds a home

Overall, we agree with the Cabinet papers where they acknowledge that the NZ NSS needs to:

1. Be clear on what interests are being protected (a list is offered, but notably future generations are absent)

2. ‘Securitise’ fewer risks (while making sure that the NSS is one component of a wider risk assessment and approach)

3. Identify threats earlier and act to influence them before they manifest

4. Be more open and transparent with risk information (to foster engagement and the possibility of resilience-building) 

However, it is still not entirely clear where management of some risks would lie with the proposed clear separation of NSS and NEMA. For example, is nuclear war between, eg India and Pakistan, causing a global famine and trade collapse, a malicious threat to NZ, where some agent wants to do us harm? Or is it more like a natural hazard in NZ, that impacts us without there being an overt ‘security’ risk? What about major global catastrophes such as a climate changing supervolcanic eruption in Indonesia (akin to  the Toba eruption 70,000 years ago), or a similarly consequential asteroid impact, or a global industry-disabling solar flare? What about a bioengineered pandemic that occurs accidentally? Or an accidental AI catastrophe with global impact, or a great power war not involving NZ, or a yet unknown risk devastating key pinch points of global commerce? Which agency is responsible for assessing these global catastrophic risks, and advising on resource allocation for analysis and, if necessary, mitigation and investment in resilience? There needs to be some systematic assessment and prioritisation across the complete set of risks.

The Cabinet paper on Developing our First National Security Strategy hints at an important solution to managing such a diverse set of risks in paragraph 110:

“On the basis of the Policy Review findings, I [the PM] therefore recommend a transition to a national security system that manages the subset of national security risks, complemented by a hazard risk system and supported by an all-of-government National Risk Approach and strategic crisis management mechanism” (emphasis added).

We think that this ‘National Risk Approach’ should not be merely NSS plus NEMA and various strengthened interconnections between them (even with the addition of engagement with other external agencies). Such an arrangement could still result in important risks (perhaps the majority of all actual risk, if significant global catastrophes are considered) falling through the cracks. Figure 1 shows these cracks schematically and the kinds of risks that slip through. A backstop is needed to prevent this from occurring (as outlined below). 

Figure 1: There are important risks which neither NEMA nor a more focused National Security System appear responsible for managing

Figure caption: Global catastrophes such as a regional or great power nuclear war, supervolcanic eruption/industry-disabling solar flare, or devastating accidental engineered pandemic should be assessed in comparison with other traditional NZ threats and hazards. An independent office could look across the entire National Risk Approach and conduct an integrated risk assessment, advising parliament and providing information to the public. This information and advice can feed into rationally targeted action based on expected consequences and uncertainty, ie building resilience across a range of catastrophic scenarios. 

The Cabinet papers envision, “oversight across all nationally significant risks and a cohesive approach.” This should include all risks and should generate resource prioritisation advice based on the expected magnitude of the consequences, the marginal utility of action, and the likely value gained. If earthquake strengthening is costing tens of millions of dollars per life saved (as it plausibly is) but lives can be saved for $1m each elsewhere in the risk landscape, then those tens of millions should be shifted. The public needs access to risk information, but also to cost-effectiveness information in order to engage in informed prioritisation discussions (across the spectrum of multi-attribute risk impacts).

A fully comprehensive national risk approach (of which NEMA’s domain of expertise, and that of the NSS are important sub-components, along with assessment of risks that have yet to find a home) could be engineered. Indeed, the Cabinet papers ask, “who is best placed to lead and coordinate the National Risk Approach?” There are different possible answers to this question, and we discuss them (at least as they pertain to global catastrophic risks – the ones falling through the NEMA/NSS cracks) in our paper arguing for a Parliamentary Commissioner for Extreme National Risks.

Overall, resourcing needs to be allocated in proportion to the risk (while also considering the marginal benefit of additional resources, or reallocation of existing resources, and the likely value obtained). Both NSS risks and NEMAs traditional focus are subsets of all things that can go badly at a national level and should receive an appropriate slice of the national risk management pie (for analysis, resilience building, prevention, and mitigation). But overarching advice looking across these sets of risks, and all other risks, is needed to ensure comprehensive risk coverage. The new NSS (plus NEMA) will then be integral parts of a wider cohesive whole.