11 minute read
THE IMPORTANCE OF SECURITY FOR OUR PARLIAMENTS AND ITS IMPACT ON DEMOCRACY
The Speaker of the UK House of Commons highlights how security issues for Parliamentarians can impact on administering Parliament and the democratic process.
By Rt Hon. Sir Lindsay Hoyle, MP is the Speaker of the House of Commons in the UK Parliament since 2019 and the Joint Branch President for the CPA UK Branch. He was first elected as a Member of Parliament in 1997 for the constituency of Chorley in Lancashire, having previously served in local government as a councillor and Mayor. He held a number of Select Committee roles in Parliament before being elected as the Chairman of Ways and Means and Deputy Speaker in 2010. As Honorary Colonel of 3 Medical Regiment, he is a keen supporter of and advocate for the UK Armed Forces. A key priority during his Speakership is to strengthen the United Kingdom’s ties with the Commonwealth and the UK Overseas Territories.
When we talk about security, I think it’s important to be clear about what it is there to protect. This isn’t just about people; or even about buildings, information or IT systems. Our Parliaments and the Parliamentarians who serve in them symbolise our democracies, our freedoms, our ways of life and it is democracy that needs defending across many fronts from an ever-evolving range of threats. At the most fundamental level, we must ensure that our elected representatives, and those who work with them, have the protection they need, both on, and away from the Parliamentary Estate, to feel secure enough to continue to participate in the democratic process. Security is about safeguarding our democracies.
In 2016 we lost Jo Cox, a UK MP shot and stabbed in a brutal act of terrorism. And in 2021, my friend and colleague, Sir David Amess, another UK Member of Parliament, was stabbed and killed while working with his constituents. Jo and David were all helping others, serving our nation. They did not deserve to die. We should also remember PC Keith Palmer, a police officer who was stabbed to death on the Parliamentary Estate in 2017 as he heroically confronted a terrorist who was intent on taking further lives after he had murdered members of the public on nearby Westminster Bridge.
The UK Parliament’s security requirements are ever evolving because the nature of the threat is rapidly changing, or to be more precise, new and different threat actors and vectors are emerging, while some of the old ones haven’t gone away.
The Palace of Westminster and the UK Parliamentarians who serve there have long been iconic terrorist targets. Looking back at British history, we had the Gunpowder Plot in 1605, and the assassination of a serving UK Prime Minister, Spencer Perceval, in 1812, just outside the Chamber itself. In modern times, we have faced the threat of Irish terrorism: In 1979 Conservative MP Airey Neave was murdered driving into the car park at the Palace of Westminster, the Grand Hotel in Brighton saw a bomb detonated at the Conservative Party Conference in 1984, murdering five people. However, the nature of that threat has morphed, and will likely do so again; the capability of groups like Al Qaeda and ISIS to mount spectacular attacks in locations like London – as we experienced in May 2005 – seems to have receded for the time being, with the disruption of their bases in Afghanistan and Syria. Their ability to regroup and rebuild capability is a real possibility which we need to factor into our planning and mitigations: if we aren’t focused and determined, terrorist groups can form and build capability more quickly than we can install our defences.
As our politics have become more divisive, and extremism has developed more generally, we have seen the rise of far-right extremism, and it was one such individual who murdered Jo Cox. As we have seen from recent events in Germany, this is a global phenomenon.
These are the tangible threat actors, those who wish us physical harm. Over the past 5 years, I have become increasingly aware of the threat to our democracy from foreign state actors. In 2017, our Parliamentary network was attacked by a state actor. We learnt a lot from that experience, and have invested heavily in cyber security since, but I am acutely aware of the sheer volume of attacks, from criminals as well as state actors, that we need to plan on the assumption that it’s a “when”, not an “if” that the next attack penetrates one of our defences.
We have also become increasingly aware of attempts by foreign powers to subvert our democracy. This time last year our Security Department at the UK Parliament worked with the UK’s Security Service to issue an interference alert to Members of both Houses, naming a Chinese-British dual national, Christine Lee, as an agent of influence for the Chinese State. The year before we called out two individuals working to influence UK politicians on behalf of the Russian state and the year before that, 3 Chinese nationals operating as journalists were asked to leave the UK. Just this autumn, we identified a covert influence campaign which saw thousands of emails impersonating genuine constituents being sent to UK Members of Parliament, asking them to lobby our Foreign Office and raise a Human Rights issue the Middle East on the floor of the House. I’m not arguing for the rights or wrongs of the case, but calling out as unacceptable the attempt to subvert our Parliamentary democracy. I’m sorry to say, that the more we look for this kind of activity, the more we will find.
It is all too easy to consider these threat actors and vectors in isolation from each other, but they can also be blended threats. A careful piece of social engineering, based on the real-world activities of a Parliamentarian, can enable a successful cyber-attack. A cold approach on Linked In, inviting a Parliamentarian to write a paper for a conference hosted by an obscure Chinese think tank can be the first, seemingly benign, step in a relationship with the State Security Service.
What do we need to do to safeguard our democracies?
The threats we are facing are increasingly complex and blended; it’s essential that we don’t treat threat actors and vectors in isolation, but consider how they interact, and their impact on our collective vulnerabilities – whether it’s the Parliamentary Estate or Parliamentarians. We then need to make sure that this emerging threat picture drives dynamic development and implementation of mitigations. It’s all too easy to fight the last battle or focus on implementing the recommendations from the last security review, without building the capability to understand the threat, feed it into the security model, and build an adaptive capability which, if it doesn’t enable you to get ahead of the threat, at least enables you to understand it and keep pace with it.
In order to develop that threat picture, we need to work with our partners: police, government departments, including security and intelligence services, commercial partners and platforms, and our sister Parliaments overseas, to share our understanding and data points. It’s essential that we learn from each other’s experiences: share our own learnings and borrow others’ crises and think through what would happen if we suffered the same misfortunes. After January 2021 we, like many Commonwealth Parliaments, reconsidered our ability to respond to a mass incursion. I’m sure many other Parliaments reconsidered the extent to which they could protect their Parliamentarians in 2021, following the murder of Sir David Amess.
At Westminster, we have spent the past year working with the police and Home Office to develop a risk assessment capability which will ingest all source intelligence across all threat vectors and actors: physical and cyber; terrorist, extremist and state actors. We then set this threat picture against known vulnerabilities to drive all aspects of our mitigation response. We prioritise threat assessments for our most targeted and vulnerable MPs, and ensure that we put in place any additional measures, over and above the standard measures we aim to implement for everyone. As this analytical capability develops, it will increasingly drive our physical and operational mitigations across the parliamentary estate.
Together with the UK Home Secretary, I also asked the Security Department and Police to review the protective security measures for all UK MPs, which were originally put in place following the murder of Jo Cox, six years ago. We’ve built on these to ensure that we are not just protecting the buildings our MPs use – their homes and offices – but also their travel, the cyber security of their personal devices and so on. Our partnership with police forces across the UK is crucial here. Every MP has a point of contact in their local force they can contact about security concerns and threats, and we have an embedded Metropolitan Police team from the Met at Westminster that co-ordinates effort across the forces and draws together that all-important threat picture.
There’s a lot of work going on here to further improve the offer to UK MPs, and deliver a consistently strong response to all 650 MPs’ security needs, but I think the most important thing we can do is to develop UK Members’ awareness of the threat, and what they can do through their own actions to reduce their vulnerability:
whether it is about two factor authentication on their devices; taking up the security offer; taking security advice in how they arrange their surgeries and meetings with constituents. We need Parliamentarians to be active participants in their own security and transform the security culture at the UK Parliament.
Safeguarding the physical security of a sprawling and ageing estate is challenging at the best of times, but when you have thousands of pass holders, hundreds of thousands of visitors every year (or in the space of six days, during Her late Majesty’s lying in State), it’s a real headache which many of us share. It’s essential that our democracies are accessible to the public and are seen to be accessible. It’s a central tenet of British democracy that any member of the great British public can come and lobby their Member of Parliament outside the Chamber: that’s why the space outside the Chamber is known as ‘Members’ Lobby’, and anyone can come and listen to debate in the Chambers.
A vibrant democracy like ours will have any number of Committees, meetings and events on a single day. We must make sure we have got the balance right, between enabling the business of the House to proceed without disruption, and in public view; and keeping everyone involved safe and secure.
If access and security are in tension at our Parliaments, then so is the requirement to keep malign actors out at the perimeter, and let passholders, particularly Members of Parliament, in as quickly as possible. After the Westminster Bridge attack, we initiated a series of security upgrades to the perimeter. This is important and necessary work, but we also need to build a layered model out from our hard perimeter. At Westminster, we are fortunate in working with our partners in the Parliamentary and Diplomatic Protection Command of the Metropolitan Police to secure the perimeter of the estate. We are currently developing a policing model which projects beyond the perimeter, providing that additional protection and reaction time, and working to improve the co-ordination with the wider Met.
I’ve only just scratched the surface of this massively important issue. To meet the ever-evolving requirements of parliamentary security, we’ve all got to stay on top of the threat. Which means working together and sharing our concerns, our problems and solutions. Security is a team sport.
We need to build adaptive systems which take into account the full range of threat actors and vectors. We all know what it’s like to manage security on a day-to-day basis: the gravitational pull of the urgent day-to-day can easily crowd out the allimportant longer-term change. It can be tempting to drive security looking exclusively through the rear-view mirror, addressing what has happened, rather than considering what might. We need to keep one eye on the mirror, and the other on the road ahead.
This article is an extract from a presentation given at the 26th Conference of Speakers and Presiding Officers of the Commonwealth (CSPOC) which took place from 3 to 6 January 2023 in Canberra, Australia. CSPOC is a separate independent organisation, although many of its participants are also members of the Commonwealth Parliamentary Association. More information can be found at www. cspoc.org