Director Steve Southern discusses the cause and effect of Government reform
There is a fundamental disconnect within and throughout Government when it comes to personnel security clearances.
Under this Government, the Cabinet Office Efficiency and Reform Group (ERG) achieved £14.3 billion of savings for 2013/14. Although not specifically listed in the technical note that accompanied the announcement of these savings, there is no doubt that the ERG turned a spotlight on security, specifically on the Government Protective Marking System (GPMS).
Minister for the Cabinet Office the Rt Hon Francis Maude MP took a personal interest, stating that the ‘old’ system of protective markings was in effect no longer fit for purpose and unduly burdensome for the business of modern Government. A new GPMS, (the Government Security Classifications (GSC)) scheme, was duly crafted and has now been in use for a year; whether it stands the test of time, as did its forerunner, remains to be seen.
On the Richter scale of Government reforms, a new GPMS barely registers as a slight tremor, but a cynic might still question whether the primary motive behind the imperative for change was to reduce cost. In fact, a Ministry of Defence fact sheet states that the changes “will help to save taxpayers’ money.” Any cost, savings that might be realised, set against the opposing requirements of an open Government and the need to protect sensitive information in a post-Edward Snowden world, is a matter for consideration elsewhere.
Notwithstanding the motives behind changes to the GPMS, or their effectiveness, the ERG may have missed a bigger opportunity for reform by failing to examine the Government system of personnel security clearances. I use the word ‘system’ advisedly, as this implies a single, cohesive and effective mechanism that operates seamlessly across Government. The reality is somewhat different.
Just to be clear, my problem is not with the vetting system itself or the associated national security clearances that have, a bit like the old protective marking scheme, stood the test of time. Having been a subject of the vetting process more or less continuously for over 30 years, and a vetting officer for a short period, I can also attest to its rigour and effectiveness. More recent improvements such as the online Cerberus portal have also helped to bring the process into the 21st century. Of course no vetting system can ever be 100% successful and there will always be cases where individuals deliberately act against the interests of national security in spite of being vetted to the highest levels. The case of Geoffrey Prime, who became a Soviet spy in spite of being cleared to the old high level PV, is one that always sticks in my mind.
The real problem today concerns stovepipes and bureaucracy across Government and within the public sector, at the heart of which is an inability to quickly and efficiently share security clearance information and have mutual recognition between departments. While this has somewhat less of an impact on civil servants or serving military personnel, all of whom have an identification card, it most certainly affects the many tens of thousands of consultants and contractors, without whom Government could not function.
To those without experience of working in the public sector it may seem surprising that, a person having been granted a security clearance by a sponsor in one Government department, say the Ministry of Defence, this information is not automatically shared and mutually recognised across all departments. The situation is further compounded when certain departments or agencies, for perfectly justifiable reasons, need to conduct additional checks over and above those already required for the security clearance; e.g. duplication of nationality checks by the Home Office, and criminal records checks by the police for their Non-Police Personnel Vetting (NPPV) clearance. One might also think that reciprocal agreements with longstanding and trusted western allies such as the United States might mean a simple and ready recognition and acceptance of their security clearances. Our recent experience acting for one client shows this not to be the case, requiring our considerable administrative effort in order to achieve a resolution.
What does all of this cost? It’s hard to estimate, but the delays and difficulties that can arise, not to mention the bureaucracy of sharing information via email or on the telephone, are likely to have a significant cost. How to fix it? I would suggest a study to: review and assess the current situation; identify the shortfalls, inefficiencies and concomitant costs; and make recommendations for improvements supported by a business case.
While we are on the subject of inefficiency, we might also consider the relative merits of having both a List-X (MoD) and List-N (Office for Nuclear Regulation). My experience and knowledge of the former is longstanding, whereas my exposure to the latter is far less, albeit quite recent, but even with this caveat it appears that both schemes are remarkably similar in their aims, scope, and standards. In essence they seek to control the release and protection of sensitive and/or protectively marked information. To an outsider the obvious question would be – could the two schemes not be combined and administered as a single scheme, perhaps resulting in efficiencies and savings?
Finally, I’d like to return to the new GSC with a personal observation, namely that it has caused, and continues to cause, considerable confusion, both within Government and across its supply chain. It’s hard to pinpoint why this should be as It has always been and remains a fundamental principle that every individual is responsible for assessing information that he or she originates or owns, and for determining with whom it can be shared. But with confusion comes doubt, and fear of making mistakes. One response, which I have witnessed, is to become overly cautious and, in old language, to over-classify. Even at Official-Sensitive this can seriously impact the ability to share information, even where all parties are cleared and have a need to know. Multiply this factor across the whole of Government and its many thousands of suppliers, and once again I would expect that the total cost is significant.