the National Security Strategy

Vital interestsThreatsResilience

ALL-HAZARD APPROACH

NATIONAL SECURITYthe Dutch definition5 vital interests:Territorial securityPhsyical safetyEconomical securityEcological securitySocial and political stability

Societal disruption

All-hazard approachSafety and security

NATIONAL SECURITY STRATEGY

GOAL: To increase our national resilience through insight in threats and capabilities

Multi-sector approachMinistries remain primarily responsible for prevention and preparation and in cooperation with the ministry of Security and Justice for responseMinistry of Security and Justice is primarily responsible for crisismanagementGovernment-wide cooperation based on equalityPublic-private cooperation

WORKPROCESSThreat/RiskAnalysisRiskAssessmentTasksCapabilitiesPolicyinitiativesWhich threats do we face?What is the impact?What do we need to do?What do we need to have?Strategic foresightShort-termanalysisNational RiskAssessmentCapabilitiesAnalysisPolitical Decision

ACTORS INVOLVED

RISK: likelihood and impact

10 IMPACT CRITERIA

1. Territorial security

2. Physical safety

3. Economical security

4. Ecological security

5. Social and political stability1.1 infringement of territorial integrity 1.2 infringement of the international position of the Netherlands2.1 fatalities2.2 seriously injured or chronically ill2.3 physical suffering (lack of basic necessities)3.1 costs4.1 longterm impact on environment and nature (flora & fauna)5.1 disruption of everyday life5.2 violation of the democratic system5.3 social-psychological impact

Uncertainties in risk assessmentExperts should state source of know-how (e.g. empirical data)

Available empirical data may not be rejected, replaced or removed

Experts should differentiate between uncertainties (due to a lack of knowledge) and differences of opinion between experts

Records should be kept of all references, sources assumptions and uncertainties used by experts

WORKPROCESSThreat/RiskAnalysisRiskAssessmentTasksCapabilitiesPolicyinitiativesWhich threats do we face?What is the impact?What do we need to do?What do we need to have?Strategic foresightShort-termanalysisNational RiskAssessmentCapabilitiesAnalysisPolitical Decision

CAPABILITIES ANALYSIS GOAL: Identifying capabilities that help reduce the impact and/or likelihood of a threat.

General capabilitiesThe capabilities analysis primarily identifies capabilities that have a positive effect on more than one type of threat. reasons are:cost-efficiency and also covering unknown threats

PreventionPreparationResponseRecoveryTRADITIONAL PARADIGMRESILIENCEPOLICY INITIATIVES

All ministries: Responsible ministry leads capabilities analysisSecretariat by NCTV

Experts:Private sector and critical infrastructure companiesThematic experts (e.g. social media)Other bodies of government:Local/RegionalInternationalSocietal organisations and civiliansACTORS INVOLVED

WORKING TOGETHERDifferent responsibilities Common interest To avoid societal disruption

Government: Prevent fatalities and injury and prevent a loss of confidence in governmentPrivate sector: Prevent loss of income/profit/customersIndividuals: Prevent personal losses (cash, gas/water/electricity)

POLITICAL ACCOUNTABILITYYearly report to Parliament about:The National Risk AssessmentPriorities (based on Capabilities analysis)Progress on previous priorities

Interdepartmental cooperation:Interdepartmental Workinggroup on National Security (IWNV)Steeringgroup National Security (SNV)Council on Safety and SecurityCouncil of ministers

ADVICE & DECISIONMAKING PER STEP

QUESTIONS?

PRIVATE SECTOR & CRITICAL INFRASTRUCTURECritical infrastructure sectors:products, services and underlying processes that, if interrupted, can cause societal disruptionThe dependency of society on these (mostly) basic needs is a reason to take extra measures. Critical infrastructure in NL: 12 sectors, partly public, mostly private companiesWhat is expected of C.I.-sectors?Resilience, garanteed continuity, prevention of disruption

Mutual aim: to avoid losses as a result of discontinuityMutual interest: shared notions of possible risks and solutions

CIVILIANS & SOCIETAL ORGANISATIONS Openness to the public on risks:Risk map on the internet: www.risicokaart.nlMass communication campaignResilience of citizensPublic participation (encourage citizens to act)Implementing a cell-broadcast system

Cooperation with societal organisations:Red Cross & Orange Cross (Disaster response and first aid)Educational organisationsKnowledge & advice organisation for post-disaster psychosocial careCenter for Crime-prevention and Safety

THE INTERNATIONAL CONNECTIONInternational attention for risk-analysis is rising:EU (guidelines for risk assessment)NATO (Civil Protection Committee)OECD (future global shocks)UN (ISDR-Hyogo Framework for Action 2005-2015)

Similar approaches in different countries (UK, France, Germany, Norway, Canada, The Netherlands)But many different ways of organising the process

Exchange on methodology, process and outcomesExchange of experiences, also in crisissituations

*Our national security strategy focuses on three main themes:In order to know whats at stake you have to know what your vital interests areTo protect those vital interests you have to have an insight to the possible risks and threatsTo be able to overcome those threats and to avoid societal disruption you have to be resilientIn The Netherlands we take an all-hazard approach. Meaning we look at any kind of threat endangering our national security.Be it natural or man-madeBe it malicious or non-malicious/ intentional or non-intentional**In the Netherlands our work for National Security aims at making NL more resilient to any kind of risk.

We focus on 5 vital interests that we wish to protectAnd try to prevent those interests being harmed tot a degree that causes societal disruption

To achieve this, we try to increase our insight in possible threats and ways to deal with them (we call this capabilities)

Because we include all hazards, this asks for a multisector approach, including all Dutch ministries, the private sector and civilians

All ministries keep their own responsibilities and are equal to each otherThe ministry of Security and Justice, and especially the NCTV, coordinates and facilitates the whole process

Our ministry has an exceptional role to play, because of its responsibility for crisismanagement, the police forces, safety regions and fire brigades. If other ministries dont do their homework, w end up with a lot of trouble and a lot of workA good incentive to stimulate all those involved in the National Security Strategy.To keep track of the possible threats to our national security and the ways to deal with those threats, weve developed a working process consisting of two major parts:Risk analysis resulting in our NRA Capabilities analysis resulting in an advice how to strengthen our resilience

This workprocess effectively IS our strategyTo keep the process running, a lot of actors are involved.On the left you see the governmental parties involved. The Steering Group for National Security (and the lower level interdepartmental working group)In the Steering Group all departments, intelligence services and a network & lobby organisation for the major bussinesses in NL are represented

On the right you see the Analist Network for National Security.We used to do the National risk assessment ourselves, with help of experts etc.But to be able to tap into the most up to date knowledge and in order to avoid (political or policy) bias, we developed a network where knowledge institutions, intelligence services, planning agencies, scientists from universities, thinktanks etc provide their knowledge and expertise and conduct our national risk analysis.

*Scenario development offers the opportunity to gain a sense of future uncertainties and factors that influence current decisions. All scenarios follow a similar build up: From context, to trigger event, incident/escalation to impact/consequences.

Scenarios are then scored both on impact, i.e. the total sum of all consequences of a given scenario and an estimation of the likelihood a scenario might actually occur. Impact and Likelihood are scored separately, as can be seen. Risk is the combination of the scores on impact and likelihood.

LIKELIHOODLikelihood can be scored in two ways: In some cases empirical data is available or can be calculated. It is possible to calculate the likelihood in a percentage of the incident occurring within the coming 5 years. This is for instance the case in most natural threats (like flooding).In other instances, we only have intelligence data to estimate the likelihood, for example in cases such as radicalization scenarios. If this is the case, the methodology requires us to ask two questions and to motivate the answers.Is the incident imaginable?Do we have concrete evidence or indications that this incident might occur within the next 5 years?

To assess the impact of scenario events, 10 impact criteria have been developed. These criteria are linked to the five critical interests of the Dutch society that I mentioned earlier. For example:Infringement of territory: when an area is lost due to for example flooding, nucleair incident, or invasion by other country.Physical suffering: this may be caused by exposure to hunger, thirst, cold, extreme weather.

Impacts are scored in five classifactions, ranging from limited impact significant impact severe impact very severe impact to the highest category; catastrophic impact. Classifications are not based on a single number, but on an estimation between two exacts, which makes it easier to deal with lack of details and uncertainties.The criterium for number of fatalities is, for example, subdivided into the classifications: < 10 , 10-100, 100-1000, 1000-10.000, > 10.000

This is the result of the second national risk assessment that was done in the beginning of 2012 Unfortunately it is still only available in Dutch. The English translation will most likely become available shortly.

As you can see, each scenario is placed on an axis with on one side the severity of impact and on the other the likelihood the scenario will occur.

Comparing the different scenarios with each other, it is visible that flooding, both the worst possible scenario and the less severe flooding of the area with the 4 largest cities in the Netherlands has the highest severity of impact level, but is, at the same time, quite unlikely to occur. Oppositely, the impact of the scenario for snow storms is considered substantially less severe, but at the same time very likely.And mineral scarcity is deemed very likeli and very severe

Risks are more comparable to each other.This helps for instance with prioritising. Which is needed because funds and capacity are limited.

*One of the paradoxes of the National Security Strategy is that the more (politically) relevant the results become, the more hesitant partners can be to participate. In addition, ministerial interests are sometimes advocated. There are several factors to be considered:

- It might not be expedient to focus on particular policy domains due to political realities Partners might question whether or not a particular policy domain is relevant to national security. Ministries might nog oversee the consequences of a policy domain being included in the risk assessment and potentially scoring high on impact or likelihood Ministries might feel threatened by the fact that a policy domain is included into the risk assessment (this is my subject and I will deal with it)

The results can be that ministries or partners have to be convinced to have their policy domain included in the risk assessment. A debate might need to be held that scenario scores should be based on the realistic situation. For example, it it is claimed that 80% of trains run on time, but in reality the number is higher or lower, tht percentage should be scored.

In order to deal with these type of concerns, it is important to have commitment from all partners throughout the process, starting at the very beginning. We arranged this by having them represented in the steering committee and by having the steering committee sanction the themes for which scenarios will be written before these scenarios are actually written. Furthermore, the ministry responsible for a policy domain will chair the working group developing and scoring the relevant scenarios.

Finally, on the methodological side, a protocol for the use of expert opions was developed. This protocol states clearly what steps need to be followed and how to deal with differing opinions. The use of this protocol increases the comparability of results as all working groups must follow the same structure.The second step based on our NRA is the analysis of ways to reduce the likelihood of a threat and/or mitigate the consequences.

This is our capabilities analysis.The goal of our capabilities analysis is to identify means to reduce impact and/or likelihood of a threat.

What do we need to do to be able to deal with the assessed risks?Are there ways to reduce the impact and likelihood of more than one type of threat?And what stakeholder has power over those capabilities?Traditionally the focus in crisismanagement has been on preparation and response within the government.

With our workprocess and our capabilities analysis we aim at broadening this scope. Resilience is much more than the ability to respond to a threat. It is also the ability to prevent a threat from happening altogether, to limit the impact by preventing crippling effects (e.g. disruption of critical infrastructure processes) and to recover from a crisis in order to avoid a lasting societal disruption and the disaster after the disaster

Therefore we look at a broad set of capabilities (procedures, legislation, training etc.) General capabilities: influence more than one type of threatSpecific capabilities

**All ministries are involved in this processBut because capabilities may very well be privately owned (for instance by critical infrastructure parties) or best developed at local or regional level, other parties are also involved.

And some capabilities may be quite new or unknown (e.g. social media) so knowledge from experts is needed.But why does the private sector want to participate, you may ask?

We do not have a whole stack of laws and regulations to make private companies work with us.But we share our aims and interests: to avoid losses due to societal disruption

Working together is a way to reduce the likelihood of suffering these losses and also avoids duplication or focussing on different priorities.

When we finish our workprocess we report the outcomes, including the priorities set by our council of ministers, to the parliament.We also report on our progress on previous priorities

In order to make this report two different sets of decisionmaking bodies are involved:The policymakers, involved in the interdepartmental working group and the steering groupThe ministers/politicians, involved in two ministerial councilsIn short the whole proces is described in this picture:

Below are the steps of our workprocessIn the middle the parties giving advice and input on each stepAt the top are the decisionmakers

As you can see the workprocess is non-political until the last step the setting of priorities.The governement is not the only party responsible for our safety. Some of the most effective capabilities are not owned or influenced by the government.

For example: critical infrastructure, such as food, drinking water or telecommunication, is owned by private companies. And mostly by several private companies.

Examples of cooperation

DigiNotar: cooperation in crisismanagement;

Flooding:National Exercise Floodex 2008dialogue between C.I. sectors and government about possibilities to avoid damage to critical infrastructure by spatial planning.

Pandemics: Continuity Plans

Counterterrorism: alert system (information about threats and the measures to be taken)

Laws and regulations: Paragraph on good homeownership in law on drinking water. Request of the drinking water sector!

*civilians can also play their part.If Dutch citizens are able to keep themselves and others safe for about 72 hours and be resilient. This lessens the impact of a wide array of threats. Not only because lives are spared, but also because social-psychological trauma will be less severe if people are able to take matters into their own hands.

Therefore its important to work together with private parties and citizens.To be open about risks. To both the public and private parties.