The UK Government has set out its approach to resilience, and stated that the military ‘cannot be the first port of call whenever an emergency hits’. Rather, the UK Government is to ask more of some parts of the private sector.

In a foreword to The UK Government Resilience Framework, Chancellor of the Duchy of Lancaster Oliver Dowden said: “The core of the Framework is built around three fundamental principles: that we need a shared understanding of the risks we face; that we must focus on prevention and preparation; and that resilience requires a whole of society approach. This Framework is a broad and tangible set of actions. It is the first step in our commitment to develop a wide and strategic approach to resilience. We are committed to working with partners, industry and academia from across the UK to implement this Framework but also as we continue to develop our approach.”

Businesses, especially those that run essential services and Critical National Infrastructure (CNI), are described as ‘an active partner’ in resilience (the document has a cover photograph of the Thames Barrier in east London, pictured). While the country’s military will remain ‘an ultimate guarantor of national security and resilience in emergencies’, and were used in the response to the covid pandemic, if they’re used in a non-emergency, that’s ‘an indication of policy failure, inadequate resilience planning or chronic under-investment’, according to the document. In fact the document says the UK Government will look to reduce reliance on the armed forces.

On that point, under ‘partnerships’, the documents foresees ‘much fuller integration of these private and third sector partner organisations into our resilience frameworks, through a combination of new opportunities, guidance and obligations’. CNI is described as an interconnected system. “This interconnectedness brings many benefits but comes with risks, especially the possibility of cascading failures across systems,” which may be under-estimated, the document warns.

The UK Government will introduce standards on resilience; and where these do not already exist, it will ‘give a clear benchmark on what ‘good’ looks like for resilience’. These standards on resilience will be non-statutory, and take into account sector ‘landscapes, priorities, needs, and interlinkages with other sectors’. CNI resilience standards, too, will be non-statutory, covering malicious (cyber or physical criminal) and non-malicious (such as extreme weather) risks. As for how those standards will be regulated, or how to show assurance standards are met, the document says that the UK Government will ‘review existing regulatory regimes on resilience’. The document promises better guidance on resilience, and risk assessment information.

The document acknowledges that the UK Government cannot ‘expect organisations to properly prepare if they do not have the tools to understand which risks they face or how those risks may impact on their businesses. In turn, they must also understand how a lack of resilience in their own business may have wider impacts’, such as IT failure or in supply chains.

In the (unspecified) highest priority sectors that are not already regulated, and for the (also unspecified) highest priority risks, the UK Government will consider enforcing standards through regulation; such as on risk assessment, contingency planning and data sharing.

As for insurance, while it’s increasingly supporting resilience (in the physical and cyber worlds), insurance is not a substitute for good preparation, the document notes. Nothing more concrete is proposed than to ‘explore opportunities to better support the insurance industry’.

A new UK Resilience Academy is proposed, ‘built out from the Emergency Planning College’ at Easingwold in north Yorkshire. It means a broader remit for the College, that will ‘include the private sector covering CNI, the voluntary sector and finance. It will also provide ratified and current mechanisms, methods, materials, and guidance to inform individual citizens in a way that is clear, simple and would benefit their lives’.

CCA

The Civil Contingencies Act (CCA) 2004, which provides the legal basis for emergency response, and defining category one and two responders, remains fit for purpose, the document states. As for the Local Resilience Forums (LRFs) in England, and equivalents in Wales and Scotland, and Northern Ireland, the document says that the UK Government ‘will work to significantly strengthen LRFs’. The document moots ‘a full time permanent role occupied by an appropriately qualified and experienced individual who will become the Chief Resilience Officer (CRO) for each LRF area’.

At household level, the document says that the UK Government will work with LRFs in England and local partners ‘to offer new guidance to community organisations and individual householders, to help those people to make more informed decisions about investing in their own resilience and preparedness’.