“What threats to our domestic security are coming next?” Many ministers asked me this question and for good reason. In the security world, you don’t want surprises.
My advice to them was not to fixate on the ups and downs of any particular terrorist group, cyber gang or hostile state. This was the traditional way but risked just chasing the ball round the existing pitch. We needed to think differently.
Our focus should be on spotting threat actors who were building the ability to outmatch us in a new domain. An actor, for example, that had mastered a new technology or was creating a new audience for their vision of the world. These were the threats that could change our way of life and needed the most attention.
Two examples. Al Qaeda exploited the air domain, weaponizing planes and flying them into buildings on 9/11. They became a global player instantly and changed air travel for ever. The so-called Islamic State mastered social media, the information domain, to attract young people in the West to travel to Syria and join their ranks, people who had never been part of an extremist cause beforehand. This galvanised Western governments to start the long and still unfinished journey of regulating the content we see on the internet.
Domains are also levers of power and deterrence. The US government dominates the domain of finance. It can shut countries and companies off from US dollars, the currency of global trade. China wants to circumvent this vulnerability to them by creating a Chinese digital yuan. Nations possess nuclear weapons to neutralise the use of the nuclear domain by mutually assuring destruction.
In conflict, mastering domains is the difference between winning and losing. Russia’s inability to dominate the air domain when it invaded Ukraine has fatally undermined its forces on the ground. Ukraine has already defeated Russia in the information domain by rallying its whole society to the cause whilst Russians flee their country to avoid being press ganged into a war they don’t see as their own.
But the number of domains which threat actors can exploit, and in which states can compete, is increasing in the information, pandemic, climate age. The accelerating spread of new technologies is the big driver.
The science and data that underpins these new technologies are now seen by governments as a new fourth pillar of global influence and power, alongside the more traditional pillars of economic, military and diplomatic. Terrorists and organised criminals will look to exploit new technologies when they become commercially available.
A few examples:
- The digital domain has already provided threat actors with new opportunities to spread disinformation, defraud us and hold us to ransom, even using malware to shut down hospitals, power plants and factories to turn a profit. Quantum technologies will upend our ability to encrypt and protect our communications systems.
- The space domain is emerging as a new area of competition between states as satellites increasingly become integral to how our communications and navigation systems work on earth. China has successfully tested its ability to destroy a satellite in space.
- The pandemic showed how vulnerable we are as a species to a new strain of pathogen, the domain of biology. Gene editing, as it spreads as a technology, could fall into the hands of an actor who wishes us and our way of life to extinction. The only thing worse than a terrorist is a Bioterrorist.
But enough of the doom. Governments and companies allocate significant resources and good people to keep us safe and allow us to go about our business. They constantly adapt and innovate to new threats. Our security and law enforcement agencies have extensive powers and demonstrable suppressive effect. Ultimately, all of us involved in security are in the business of protecting domains, narrowing the space and options of those who seek to do us harm.
In my experiences this meant thinking what capabilities you need to control these domains and putting your best people on where there are gaps. You build capabilities that you can “build once and use many times” against a range of threat actors who might seek to master that domain. You realise early that solutions increasingly sit outside of government and not within. You work with partners in industry as they are increasingly the owners of the infrastructure that underpins these domains. You ask manufacturers and designers to build products, planes, public places that are secure by design. You share the burden with like-minded countries, including agreeing conventions to stop the proliferation of dangerous precursors or technologies.
You also use the authority of the law to move the goalposts with new legislation and regulations. You regulate access to advanced technologies, just as the US administration has done recently in banning the export of advanced computer chips to China. You have an industrial policy where you prioritise, even subsidise, your own mastery of the technologies you most need to prosper and stay safe. You co-build, co-locate and co-finance innovation in these new technologies with commercial partners. You also ensure that you retain and attract the best scientists and engineers into your universities and deep tech companies as their success, their intellectual property, will be your success and security.
But back to the question I started with. “What threats are coming next?”. The holy grail is the future domain. Will artificial intelligence offer us the ability to look into the future and act against threats before they emerge? Artificial intelligence can already join the dots faster than humans in piecing together information from across the battlespace. How much further can it go and do we really want to go there? A dystopian world of wars fought by computers and “minority report” style surveillance at home is the extreme. But better data-driven early warning systems will be viable and will save lives, as we found during COVID with the creation of the Joint Biosecurity Centre.
In all circumstances, my mantra has always been never to have a failure of imagination of what our foes will do to us nor our collective ability to stop them.