The Royal Commission has spoken. Its report seems both comprehensive in its scope and magisterial in its pronouncements.
Amongst its findings was that ‘no Public sector agency involved in the counter-terrorism effort failed to meet required standards or was otherwise at fault in respects that were material’.
To counter any lingering feeling of complacency though, the Commission finds that the system across the security sector doesn’t work as effectively as possible, or indeed as it should, for dealing with counter-terrorism matters.
Implement the Royal Commission’s recommendations however, the report asserts, and we will have a better system and will thus be safe from future terrorist events.
The report concludes and recommends that New Zealand needs a responsible minister to ‘lead and coordinate the counter-terrorist effort’, a ‘new national intelligence and security agency’, with a ‘chief executive who is designated as the intelligence and security adviser to the Prime Minister and Cabinet’, and which amongst other tasks would develop a ‘counter-terrorism strategy’. As well, the possibility of an ‘interdepartmental executive board’ should be investigated. This would ensure that ‘work, planning and budgets’ are aligned and coordinated across the security sector
The Commission is very sure of its findings. The new agency ‘will deliver a more systematic approach to counter-terrorism’. Brave words as anyone with experience in public administration will understand.
So far so apparently straightforward. But there seem to be some gaps.
The first gap is in explanation.
The Commission makes a point of noting how many previous reports assessing the system there are (35 identified) and states ‘while we have drawn on them as part of our inquiry, we have also seen that some of the deficiencies previously identified have yet to be fixed’.
We are invited here to infer that the system has been lax in not fixing well identified problems.
One of the reports the Commission states as having been ‘drawn on’ is by the Controller and Auditor-General, Governance of the National Security System. That report published in 2016, concludes that ‘in our view, the governance arrangements for responding to national security events and emergencies are well established, fundamentally sound and fit for purpose’. As well, since 2014, ‘the governance of how national security risks are managed … has started to improve. The right people are on the various boards that make up the “governance” side of the National Security System…’.
This is startlingly at variance with the overall conclusions drawn by the Commission. The Commission should surely have explained why the Auditor-General got it so wrong. Or perhaps the Commission did not actually read the reports it notes as having drawn on. Which opinion should we accept?
The second gap is of logic.
The problem according to the Commission is that the system doesn’t do what is necessary for various reasons, mostly because the agencies within it have resisted DPMC oversight, or because they have not had an approved focus. Both issues of process.
The solution given is one of structure. Build a new agency. That is not necessarily a ‘wrong’ solution, but there is no discussion (although there are assertions) about why a different structure would lead to better process and, presumably, better outcomes.
The Commission spent a considerable amount of time and space analysing the counter-terrorism system. But that analysis leads to a conclusion that the national security system overall needs an overhaul. Again, this could be a ‘right’ answer but there is no indication as to why perceived problems in a sub-system need changes to the system overall.
The third gap is one of detailed research and analysis
While analysing terrorism as a risk the Commission did not set that risk against others faced by the country because, it seems, the national risk register developed in 2018 ‘has not yet been approved and published’.
In 2011, however, in New Zealand’s National Security System (referenced by the Commission, but otherwise apparently ignored) the government published a ‘riskscape’. Events such as a pandemic (no surprises there), a major pest disease outbreak, food safety issues, a large urban flood or earthquake, and indeed global conflict were all considered to be as likely and as consequential as terrorism. They pose the same level of risk, in other words, as terrorism. No doubt judgements have developed since 2011, but they can’t be completely different.
The Commission did note that it’s recommendations were intended to go wider than just terrorism and should ‘relate to all threats and intelligence issues’. Given that and the 2011 conclusions on risk, if terrorism is to be assessed as a risk deserving of being addressed through structural change, so too, surely, should the others be analysed before system-wide prescriptions are delivered.
The Commission notes the National Security System Handbook, published in 2016, but mostly in terms of countering terrorism. The handbook covers much more than that. And if the Commission had dug into it deeper it would find that much of what it notes as failings and recommends as solutions already exists.
The Commission asserts that the Handbook focuses primarily on response rather than (risk) reduction, readiness and recovery. That is an eccentric reading of the document. For example, there are some 19 plans covering the gamut of security hazards (although not terrorism). These plans contribute to reduction, readiness and recovery significantly, as well as to response.
Further in the Handbook the senior cross-sectoral officials’ group the Officials Committee for Domestic and External Security (ODESC) is described.
ODESC has been in existence for some decades. It is chaired by the Chief Executive of DPMC, who is designated in the Handbook as the government’s lead official on intelligence and security matters and is de facto national security adviser to the government.
ODESC already deals with emergencies and planning for potential emergencies across the whole range of the security sector. This is the sector-wide-responsibilities agency envisaged by the Commission and the new Public Sector Act 2020.
The Way Ahead
What then of the Commission’s recommendations? We already have a minister (two in fact) with intelligence and security responsibilities, we have a senior security policy advisor, we have central oversight and coordination, we have agencies and groups with relevant responsibilities.
There seem to be perhaps three choices to improve the security system.
The first is to make the current system work more effectively. That would use the basis of the current system and apply the Commission’s recommendations to it where applicable. That should not be difficult, although it would not meet the Commission’s call for a new agency. It would, though, meet the spirit of the recommendations. It would also, following the Auditor-General’s report, acknowledge that much of the system is indeed fit for purpose.
The second would be to make a new governance structure, hierarchically superior to the present individual agencies, committees and working groups. That could involve taking the national security group from DPMC and making it the basis of a stand-alone agency. This is perhaps what the Commission envisages.
This would be, in effect, a discrete National Security Council as seen in various forms around the world, for example in both the US and Russia. There is no evidence that countries with this form of security governance are any more secure than is New Zealand.
The third choice could be to raise a new agency for counter-terrorism issues (perhaps based on the existing Combined Threat Assessment Group) within the current national security system architecture. This could be within DPMC as is the National Emergency Management Agency, also a component of the national security system, or it could stand alone as both GCSB and NZSIS do.
Both the second and third options would require significant adjustments to current system-wide processes with consequent disruption.
There is little doubt there is greater clarity needed about roles, responsibilities, strategies and the like within the national security system. Whether the report’s recommendations are the best approach is an open question.
Comprehensive? Not sufficiently in some important areas. Magisterial? Perhaps overly so.