Welcome to this second panel in today’s hearings of the Economic Security Sub-Committee. We are going to be zeroing in now on the question of threats and risks to our country. Lord Sedwill, perhaps I could start with you. Could you paint us a picture of the broad set of threats that the UK confronts today and maybe give us a sense about some of the things that you worry about most?

It is an important topic. We have to think about economic security in the context of the wider question of economic resilience, which is essentially the ability of the economy to withstand and recover from a whole range of potential disruption. I see economic security very much in terms of threats, as you framed the question, and essentially deliberate attempts to disrupt the UK economy. That could come in different ways. There are direct threats, so cyber-attacks on critical national infrastructure. The thing that I worry about slightly more in that context would be something that is simply harder to respond to. We can defend critical national infrastructure, or at least the governmental part of it. It is not straightforward, but at least it is defensible. A combined cyber and information propaganda attack, for example, could be designed to disrupt essential supplies, create panic buying and affect public order. There is that kind of thing as well. A sort of hybrid attack of that kind is extremely challenging to defend against and prepare for. Then we have indirect questions of economic security, so foreign hostile ownership of important parts of the economy, which the national security investment regime is designed to tackle, or potential disruption to critical supply chains—possibly deliberate if they are controlled by a foreign Government. China, as you know, has a near monopoly on the refining and production of critical raw materials. It has just invested in it, but it has that near monopoly, so it could leverage that. We could see disruption to supply chains from friendly countries. We saw some of this during the pandemic by friendly countries, as everyone panicked over their own access to critical medical supplies. For example, we are dependent on Taiwan for the highest-end semiconductors. There could be an attempt to disrupt the supply from a friendly country—Taiwan—of those into the UK economy as well. There is a whole range of potential threats out there. There will be others I have missed. We have to think of direct threats, indirect threats and some of the complexity of a modern economy that could be disrupted.

You are underlining there the point about our capacity to respond to them. Therefore, the threats that we perhaps should be most worried about are where we have more limited capacity to respond.

Exactly, yes. This was touched on in the 2010 and 2015 strategic defence and security reviews, but you re-read those and the economic pillar of those was much more about opportunity. They talked about prosperity and promoting that, rather than about economic security. We started thinking much harder about economic security with the 2018 national security capability review and then the two integrated reviews. It is part of the framework of the SDR, and, I guess, of the new national security strategy. You are right. We have to think about how we defend ourselves against these potential threats, direct and indirect. It is complex to do. How do we recover and respond? Of course, that is part of defence. If we can recover quickly, the potency of the threat is less. Also, how do we deter them?

Catherine Royle, I know that you are speaking in a personal capacity to us today. Thank you very much indeed for joining us to give evidence. What is your perspective on this question about the threats that our country confronts, in particular when it comes to economic security?

I would absolutely agree with everything that Mark said. Because I sit in a NATO context, I start from there, where you are looking at the military threat as well. Even NATO has had to realise that, even if we manage to do what we are all working so hard to do, and we build up our conventional capability and keep our nuclear deterrence and so forth strong, we need to think about the attacks that are happening now. They are precisely the ones that Mark was talking about: the cyber-attacks and disinformation. I would go a bit further than that, to subversion—funding of political parties to influence elections, disinformation, espionage, energy and sabotage. Frankly, our adversaries are looking for any sign of weakness in our institutions and where they think it is going to be difficult for us to respond. They are attacking us on a pretty regular basis on that. Of course, it is not just the state actors. We all, especially in NATO, tend to focus on Russia when we think about all this. Organised crime is also part of it. One problem we have at the moment is attribution. We have come a long way since, for example, when Litvinenko was attacked and we all found it incredibly difficult to accept that that was an attack on our sovereign territory against somebody living in Britain. We have all done that, but we have almost swung the other way now. We assume that anything that happens is going to be Russia and a state actor, but that may not be true. When we look at things such as critical underwater infrastructure, which NATO has been thinking about quite hard with the problems that we have seen with cables in the Baltic sea, we are not quite sure whether it was an attack or incompetence. It is almost impossible to tell and that is one of our problems. To address the point that Mark made about our ability to defend ourselves, we could do even more to educate our publics. I do not think that our publics really understand the level of threat that comes against all of us all the time. With attacks such as we have seen on Marks & Spencer and issues such as the British Steel example, people are now beginning to wake up to the fact that there are vulnerabilities around. They do not necessarily understand that even the foundations of our democracy are under that sort of attack. I mentioned, for example, the foreign funding into political parties, which has happened right across NATO. It means that the very foundations that we are on are not as solid as we thought. Mark mentioned foreign ownership as well. I would add foreign ownership of the media. We are at risk of letting malign actors into very sensitive parts of our society and economy.

That is a very comprehensive list of perils.

Sorry.

No, that is exactly what we wanted out of this panel. Francesca, what would you add to what you have heard this afternoon?

I am an academic, so I have a list. It goes from the most security-related, as in traditional security, to the most economic type of threats. I would start with access to intelligence and sensitive data, which I heard was discussed in the previous conversation. Access and transfer of dual-use technologies is definitely the second one. The third one is loss of access to strategic supplies. This can be civil or military. The fourth one is risk of growing dependencies, so losing economic sovereignty and economic coercion. Then there are the two that are probably the most controversial when it comes to economic security. First is loss of competitiveness. It has to do with not only manufacturing—for example, the conversation around British Steel—but also services. The UK has such a great wealth of start‑ups and unicorns, and almost always they get acquired by a major foreign company, most of the time American. Finally is unfair competition and the fact that, globally, you do not have a level playing field. Therefore, those of us who respect the international rules in terms of subsidies and competition most of the time tend to lose out. These are six or seven; I do not know whether I know how to count any more. These are the six risks that we have identified to economic security.

Lord Sedwill, you have overseen the creation of national risk registers in the past. Do you think that the issues that we have just enunciated here this afternoon are all on the current national risk register? At a guess, do you think that they are given the right weights?

They are there. Certainly they were in the most recent ones I have looked at. As I said, this really came on to the agenda of the national security community back in 2018, with the capability review of that year, and then was part of the integrated reviews. There was a shift to economic security away from prosperity opportunity, as the world became a more competitive place. In order not to simply come up with an infinite number of scenarios, national security risk registers try to ask about where the potential impacts are. Those impacts could arise from either a hazard or a threat. Major disruption to the power supplies from a power station, for example, could be a cyber-attack. It could be a flood. It could be a pandemic or an outbreak of disease affecting the personnel. There are certain things one has to do to deal with some of those potential risks and issues, but, in the end, you also have to be able to deal with, “What happens if the power station shuts down? What happens if the mobile phone network goes out? What happens if it is the undersea cables?” I know that Mr Western is very interested in that and chairs the joint committee I am on that is looking at some of that. The national risk register then leads through to questions of how to prepare for these disruptions, should they arise, and how to respond. In a sense, one is looking at both the direct and the indirect hazards and threats, and trying to crystallise that and ask, “Whatever the cause, if a power station is out and the mobile phone network is down, what do we do about it?”, so looking at it from both ends of the telescope at once.

Catherine, in the same way that people have talked about a whole-of-society approach to defence for this new era, do we now need a whole-of-society approach to economic security?

One thing that I am quite frustrated by, in a NATO security way of thinking about things, is that Russia has one serious comparative advantage over us. That is that it is able to pull the different levers, the instruments of power, as and when it chooses to put the maximum pressure on NATO and NATO nations. We cannot do that, as NATO, because it is a military alliance and can only use the military and information instruments. As NATO nations, of course, with the whole of Government, we have the ability to use all of that. We need to learn to do co-operation so that we can act against those sorts of actors in a much more effective way. We have done it occasionally. We did it after Skripal, for example, where we did a really effective concerted action against Russian embassies and intelligence capabilities in those embassies. That is important. If you move away from that NATO perspective, I was at an event in Wilton Park a couple of weeks ago, which was launching its new grouping with business. One thing that really struck me was that we are still in a position where—I know that it is a word that is overused at the moment—there is a rather transactional relationship. There is a lot of lobbying from business and a lot of regulation from Government. We need to learn to work together as a team, support each other, understand each other’s needs better and understand that, on occasions, in order to deal with things in the way that Mark Sedwill just described, there is going to be some additional cost. If you are going to put some extra capacity into a system or decide that a water supply ought not to be privatised, there are financial consequences to that. We need to try to work together because, in the end, it is in the interests of British business, our people and our Government.

May I just add very quickly to that? The short answer to your question is yes. We need a whole-of-economy, whole-of-society approach. This is best understood by people within and close to the national security community, but, in a modern economy, it has to go much wider than that, for the reasons that Catherine Royle said. There is an underlying assumption among the public that someone somewhere is all over this and has it under control, not really understanding that that someone is them. Resilience, not just security but resilience in a more general sense, is a responsibility of every business and every citizen as well. That engagement of the wider community is the big missing part in this modern era.

Francesca, do you think that this is the strategic shift that is now needed?

First, resilience for a private sector is not necessarily the same thing as resilience for a country. This is the big issue. A lot of private companies currently are not necessarily nationalised, in the sense that their allegiance is not to a country; it is to their own business. A company could be resilient by abandoning the UK economy entirely and locating somewhere else, or it could be resilient by having high dependencies on, for example, the Chinese market; then, when the choice comes to it, it is going to abandon the easiest market to go into the Chinese market. We need to differentiate between those two things first. I am going to make three quick points. The second one is that we need to understand what economic security is. My impression is that that is not fully clear within Government.

We are going to come back to that point in a sec.

Yes, I am not going to unpack it. How can we ask people and society to have an all-of-society economic security approach if we do not know what economic security is? Thirdly is the point of across Government. We first need a cross-Government economic security approach and then we can talk about a whole-of-society approach.

Catherine Royle, in terms of—probably Russia—a state actor testing NATO’s article 5, do you see the probability of that testing increasing now? Also, where do you rate NATO’s realistic readiness to address that and how has that changed over the last year or two?

Wow, that is a fairly big question. It is very much personal opinion. My view is that Russia does not want to engage in a military fight with NATO, but partly that is because it is doing pretty well at achieving its goals without doing that. If you look at the political shifts inside NATO nations and the potential for divisions in the alliance—the American position is obviously the major one of those that everyone is focused on at the moment—Putin does not need military action in order to achieve his aim of disrupting NATO. He is getting there anyway. Would he resort to it if he felt that that was something he needed to do to achieve his biggest ambition or objective, which is to preserve his regime in power? Yes, I think he probably would. There is certainly risk attached to that. That has been one of the major considerations as Governments have decided in what way they wanted to support Ukraine. The question of whether this is going to get more or less likely in the coming years is a really difficult one. The truth is that we do not know at the moment what US foreign and security policy is. Hopefully the NATO summit in June will give us a better idea. My own perception at the moment is that there is a pretty big fight going on inside the US Government about exactly what to do in terms of commitment to Europe. There is a pretty big range of possible answers that will come out of it, so we need to wait and see. I think that all of us would be more comfortable with the feeling that NATO cohesion remained at the top of the agenda for all of its members, but we will need to see how that pans out.

Is there anything either of you would like to add to that?

Remember that whether the article 5 threshold is crossed is essentially a political judgment; that is the only point I would add to Catherine Royle’s point. NATO decided after 9/11 that that was an article 5 attack. We had never really envisaged a non-state terrorist attack being an article 5 attack, but, in order to show solidarity with the United States and enable it to use NATO assets, a political decision was taken to invoke article 5, and NATO came in in support. After the Salisbury attack, we again decided that there was a case for saying it was an article 5 attack, although it was obviously a limited attack. It was nevertheless an attack by another state on a NATO nation using a chemical weapon. We decided not to do so, or even to invoke article 4, because it was clear that it was going to be more straightforward to secure NATO solidarity in the political response we wanted, in terms of targeting the Russians with sanctions and so on, if we did not invoke article 5. So we almost made a point of not doing so. It is worth keeping in mind that this is not a legal definition that is a very fixed line. One of the issues that NATO institutionally and nations are going to have to consider is, “What is an article 5 attack that is not a use of armed force? When does that cross the article 5 threshold? Is it the effect being the same as the use of armed force? Is it intent?” That issue is yet to be resolved. If one is talking about the grey zone campaigns and warfare, it is very much a relevant question.

That is an issue that is exercised now in the crisis management exercises that are held at NATO headquarters, because it is, exactly as Mark says, a very difficult definition to reach.

Estonia is a really good example. The difference is one of scale. It is a tiny country with an ability to work cohesively that is much greater than in a larger country, but also a much more urgent need to do it. If you talk to the Estonians about their military commitment, the reserve force is a really critical part of their defence. They are also working extremely seriously on barrier plans. They are looking at the physical way to stop an invasion. They are fully integrated into NATO’s plans for the defence of the eastern flank. They have moderated and adjusted their own defence plan in order that we have one coherent approach across the alliance. The contribution that their reserve force would make to that defence would be huge. The level of training and commitment going on there is very important. They are also very focused on modernising weapon systems. They are involved in the development of drones and of software to support them, as you would expect with the type of economy they have. They are also in a position where the threat is felt very keenly and therefore the motivation for people to support that kind of action is very different from people who live further away from the front.

Its private sector works as hard as ours does, or perhaps it is better the other way round to say ours works as hard as any other country to resist this. We have all seen the devastating effects on the businesses themselves. Where it is perhaps more resilient, and certainly more agile, is in the whole of Government that we heard mentioned before. That is an extremely important point. That co‑operation and coherence between Government institutions is something where perhaps we could learn a lot from a country such as Estonia.

The only point I would add is a point made by a former director of the National Cyber Security Centre in talking to businesses, when he was encouraging them and helping to equip them to defend themselves in the most effective way they could against cyber-attacks. He also said, “It will happen. Something will get through. There is no such thing as 100% defence”. Therefore they also needed to have a plan for recovery and response. If you can recover quickly, the potency of the attack is that much less. It was very striking to hear someone whose job was to help them protect themselves make the point to them that there was no impermeable cyber-defence, and therefore preparation for recovery from a successful attack is a critical part of this. That is clearly true for the private sector as a whole.

No is the short answer, and it is partly because of scale. In a very cohesive political culture, where there is a completely common view of the threat and the threat is acute, it is more straightforward to deal with it. It is more straightforward to deal with it in a smaller country than in a larger one. The central governmental system is in reasonable shape on it. It is less strong when one moves beyond that to devolved and local levels, but we certainly beefed up the local resilience fora, for example, in planning for the contingency of a no-deal Brexit and then again during the pandemic. Those mechanisms need to be constantly nurtured. As I mentioned earlier, though, much of our economy and society do not really have this front and centre in their minds. Catherine Royle pointed out earlier that there is a tension that, if you optimise for resilience, you cannot optimise for cost. There is a consequence for that and businesses, but also Governments, need to make a judgment about where on that spectrum they think is the sensible place to be.

There needs to be a conversation about redundancies. I would keep an eye on how Spain, Portugal and France now deal with what has just happened in terms of disruptions of energy. It is not necessarily related to a conflict, but it will definitely push them to change their approach towards resilience and redundancies.

This goes to the question of resilience and security. They are distinct, as Dr Francesca was pointing out earlier, but of course, for businesses and so on, actually dealing with the consequences, whether it is a deliberate attack or just something that has gone awry, you still have to optimise. It is optimising for resilience, not for security, recognising that security is the acute, deliberate threat, as opposed to the potential hazard or disruption that might arise for other reasons.

Let us get into some of the definitions of this.

Good afternoon. I will start with you, Francesca, because you have already touched on this. It is clear that there is not an existing definition and no consensus around what constitutes economic security. You have obviously thought about it and given us some examples today that perhaps we had not thought of. The direct threats are perhaps obvious, but you also mentioned the idea that sections of our economy could be undermined and made not economically viable. That is a threat to us. Rather than asking you to define it, would it be helpful if we had a formal definition of what economic security is? Would that help us respond? If so, why do you think that it would help us?

No, I do not think that a definition is what we need. A definition is definitely useful for academics and to wrap our heads around what is happening. We need objectives, and I have said that several times. Countries that have had a relatively successful approach to economic security do not necessarily have a functioning definition, but they have clear objectives. I heard Japan being mentioned before. Japan has a set of three clear objectives. One is self-sufficiency, especially for critical infrastructure. The second one is advantage and indispensability, in order to deter and avoid economic coercion, or use levers if it is brought to it. The final one is upholding international order. We can agree or disagree with these three objectives, but, thanks to these three objectives, Japan was able to operationalise an economic security approach and all the things that we have heard mentioned before. Personally, I do not think that we need a functioning economic security definition. We need to understand clearly what we want to do, why we want economic security and what we want to do with it. Whether it is similar to Japan or not is a different story.

We could potentially take that Japanese template and perhaps add in our own. As you said, different countries will have different priorities. Our priorities may be different, but we need to establish what it is we want to achieve, first and foremost. Lord Sedwill, what are your thoughts on that? Do you think a definition is helpful, or should we be setting targets?

I agree, essentially. I spent quite a lot of my time in Government getting wrapped around the axle of definitions of different things, including even something that we think is as clear-cut as the definition of terrorism, which was done by Sun Tzu about 2,500 years ago and has not been done better since, but we still struggle with it. I would not want to dwell a lot on the legal wording around it. When I chaired the G7 panel on economic resilience, we deliberately decided not to have a definition up front in it. We talked, in very high‑level terms, about the ability of the economy to withstand and recover from disruption. You can call that a definition if you like, but it does not really help lead into deliberate objectives. I would see economic security as a subset of that, because I would see that as the deliberate effort to disrupt, whether that is from a state or a non-state actor. It also goes beyond economic resilience, because an economic attack could be designed to have not just an economic effect, but a broader political effect. I mentioned the risk of a combined cyber and information attack that might create a public panic and panic buying, which could then lead to public disorder. The objective might be to undermine confidence in the state to maintain order, not to have a major impact on the economy. You may remember that, in the early days of the pandemic, there were punch-ups in supermarket aisles over loo rolls, because people believed there was going to be a shortage of those. There is a fragility to social cohesion under pressure that could be exploited. That is why we have to be careful. I agree that we have to be really careful about definitions, because you then tend to define it in terms of the effect—an economic effect—rather than actually thinking of the economic vector into a political security threat. Both are relevant. One has to focus on what we are going to do about it.

If I think about fairly durable frameworks from the past, such as Contest, it feels to me like they worked in terms of marshalling forces from across Government. Young civil servants could know which way was up because they had a framework like that. Even if you did not have a semantically perfect definition of economic security, would a framework like Contest for economic security help us a bit?

Yes. Actually, the language of Contest applies to security more generally. That was the genius of the people who came up with it; I was not one of them. How do you prepare for an attack? How do you deal with the people who may wish to carry one out, so how do you deter them and deal with the threats themselves? That kind of framework, or actually that framework itself, probably with some tweaking, would not be a bad place to start.

Catherine, you were nodding along there. I wondered what your thoughts are on that. NATO likes to define things, but is a more general approach what we really need here?

There is a good reason why NATO defines things. When you have a large, multinational organisation, you need to know that you are all talking about the same thing. I am not sure that, in other circumstances, it is the best way to go. I much prefer the approach of a framework like Contest. I was thinking, as Mark Sedwill was outlining the economic threats that could have other consequences, that we have not mentioned the word “corruption” yet. Corruption is a major threat to our economic security. We have a really robust framework. Do we really implement it? We can have a wonderful framework, a wonderful definition, the right objectives and even the right legislation, but, if we do not actually use it and recognise, in this case, corruption, we have a problem. I suppose that I am rather scarred by having lived in Argentina, Venezuela and Afghanistan. These are all countries where corruption and the failure to defend institutions mean that you are just completely built on sand. Everything is at risk and fragile. That sort of framework is really important. One problem with a definition is that you could well leave out the defence of those sorts of institutional foundations, which are actually critical to everything.

Building on this discussion around framework, perhaps I will ask Francesca first and then other panel members might like to comment. The last Government had quite a lot of different approaches to economic security. We know that we have different Departments responsible for different elements. The Cabinet Office is looking after that risk register that we spoke about earlier. The Department for Business and Trade has the supply chain resilience and export controls. We have the Home Office looking after the National Security Act. Everybody is looking at this. What is your assessment of how effective these initiatives are or were?

Let me say to begin with that the UK has made a great step forward in economic security—that should be recognised and not dismissed—in general, from barely talking about it, especially for a highly liberal economy, to actually creating some structures within Government that talk about economic security. There are two main problems at the moment. The first one is that it seems that the whole economic security agenda now is towards growth, which is not necessarily negative. It is actually positive, but there is a gap. I am not sure that anyone within Government is filling that gap between economic security and growth. How can economic security actually lead to growth? The second problem is that co-ordination is not really happening among the different economic security units to the degree that it should be happening. Everyone is doing their own thing. There are a number of strategies that are about to come out and they will give strategic guidance, but there really needs to be more co-ordination. It needs to be more frequent and coherent. The last point is that, again, there needs to be a common understanding. At the moment, when I talk to different Departments and units, there really does not seem to be a common understanding of what we are doing when we talk about economic security. That, in part, is a symptom of all the different bits and pieces that you have just mentioned, which at the moment are bits and pieces. They do not work together. Export controls and FDI screening work very nicely together with sanctions. At the moment, they just work separately, so they are not as effective as they could be.

That is quite an alarming conclusion, Francesca. Without dropping anybody in it—but please feel free to do that if that is what you want to do—why have you drawn that conclusion?

It is the most normal trajectory of—

No, but what kinds of experiences have you had that have led you to the conclusion that the bits of the state are not working together as they should?

Thank you so much for the question. Especially if you think about the difference between the defence or security Ministries and those that have to do with prosperity, the way in which the two look at economic security, which, at the end of the day, is the competence of both, is very different. That is not the issue per se; the issue is that they do not necessarily find a moment to exchange ideas, find a minimum common denominator among them and exchange their points of view. They do not necessarily listen to each other as much as we would need right now, so that is why I draw that conclusion.

You have had that experience. You have spoken to people in different parts of the forest and concluded that they are not talking to each other in the way they should.

That is my experience, yes.

Which are the Departments that are not talking to each other?

I do not want to throw people under the bus, but especially, as I mentioned before, prosperity Ministries, so everything between HMT, DBT and even FCDO, should talk more with the defence apparatus.

It would be interesting if anybody else had anything to add to that. It was just to understand whether you had come to a clear conclusion or whether there were other thoughts around what we could be doing. For example, do we need to look at a prioritisation? We have already spoken about Japan having a categorisation of objectives, if you like. Would it help to change a hierarchy of decision making so that all Departments can see that it is higher up their agenda? Might that help, for example? That is one way of doing things, just to say that this is more important and that we all share responsibility for a risk register, for example.

Lord Sedwill, you tried to do this, I think, with fusion and some of the structures you were putting in place.

Government is naturally siloed. That is just the way it is. The political system is naturally siloed. Those vertical structures are much stronger than every attempt to burrow across them with horizontal connecting tissue. That was an obsession of mine throughout my time in Government and I was partially successful in some areas and wholly unsuccessful in others. That is the truth of it. Whether it is joined-up Government, the fusion doctrine, integrated approach or whatever, it is right that it is a whole-of-Government issue. For all the reasons we have said, it is not only a whole‑of‑Government issue; it is a whole-of-economy, whole-of-society issue, so it has to be a whole-of-Government issue. Therefore, you have to create strong, not just co-ordinating but integrating, machinery, as we do in other areas of national security, in order to get everyone lined up and pursuing a common strategy, possibly under a framework such as Contest. You will recall from your time at the Home Office that there we had to engage the social policy Departments, which did not think about terrorism, in that effort, because they were part of the whole prevention effort. The point is that we know how to do this. We have done it before, when we have really focused on it, whether it is Contest on terrorism or the fusion thing that I led in other areas of national security. We know how to do it. It just has to be prioritised. That means that, whether you call it a mission or something else, it has to be led from the centre of Government. You have to reconcile the tensions that exist that Francesca was just talking about between that and a quite understandable focus on growth. As Catherine Royle mentioned earlier, if you optimise for resilience, you cannot optimise for cost. You cannot therefore optimise completely for growth. You have to resolve that tension. Otherwise, different Departments will essentially be pursuing separate Government objectives that are in contradiction with each other. You just have to resolve that and then set a common approach. That means taking some risk. There is no zero-risk approach to this. It means taking some risk in some areas, but not taking risk in others and working out where the compromises are with the wider growth agenda or, indeed, social agenda.

Catherine Royle, is there anything you want to add to that?

I agree with everything that has been said, and they are much more expert than I am on this subject. I would say that the signalling to business on this could be a lot better. It was interesting listening to a high-level business group a couple of weeks ago. They said exactly the same, that they get different answers from different parts of Government. They would really like a clearer signalling of where the Government’s judgment lies. It is a judgment, as Mark Sedwill said, of what risk is going to be taken and what the expectations are for the partnership of Government and business in how much risk is acceptable.

You have to be clear in the governmental process about what it is you are trying to achieve. In that case, is it really about the economic resilience of the UK, maintaining sovereign capability in the production of certain grades of steel that we need for important sectors, including the defence sector? Is it about protecting jobs in a local area because of the economic impact of a facility, and so on? Those things will sometimes align, and sometimes they will not. It was Nye Bevan who said Government is about choice. You do have to make judgments, because it is not always straightforward simply to intervene. There may be wider consequences from an intervention. You can create moral hazard in the economy. Government just have to make judgments. One of the things that I was always concerned about, for example, with the national security investment regime and the retrospective component of that, was that, as we have seen in the United States, where national security has been used to justify extraordinarily broad measures—comprehensive tariffs and all the rest of it, which are supposedly the province of Congress, but a national security lever has been declared and pulled in order to do it—we have to be careful not to use something that Parliament has legislated for to protect national security, because there is a lot of ministerial discretion permitted in its exercise, as essentially a tool for protectionism in the economy without that being an explicit choice. Personally, I think all these regimes when introduced have to be pretty rigorous and pretty targeted. Otherwise, political pressure will mean they will slide. They will slide into a more interventionist approach in the economy, which you can be in favour of or against, but was not the intention of the original regime. That is already the case. Our national security investment regime, given how immature it is, is in pretty good shape. It is striking how much more targeted the Americans’ much more mature CFIUS regime is, and how many more cases they simply dismiss under that regime than is the case with ours. They say they had to learn to do that, but I would just point to that creep in any regime that we put in place. Discretion can mean that it gets used for purposes it was not originally intended for.

The first question that British Steel poses is, “Is it a critical asset?” That needs to be the first question that we ask when we screen FDIs. I wrote my PhD thesis on FDI screening, and it is always ultimately a political decision at the end of the day, in every single country, including in the United States. We saw the acquisition of Nippon Steel. The first question is, “If you have a list, does that asset enter that list? Is it part of that list?” The UK does have a list. Then, if it is part of that list, there are lots of good lessons to be drawn, such as how costly it is to nationalise an asset that is abandoned or that needs to be nationalised. The reason why I am saying it is an important lesson is that, in the past few years, we spent loads of energy trying to explain to different Governments that ceding assets can be a very costly exercise afterwards, especially when they say, “If there is a conflict or a tension, we can always nationalise it”. My answer was always, “You can, sure, but then it is going to be a very costly exercise with a very tight budget”. I would take as many lessons as possible from British Steel to begin with. It is not very useful to retroactively ask whether an FDI screening applied to that should have had a different type of outcome. We need to ask ourselves, “Is that 17-item list for FDI screening what we need at the moment? Does it need to be changed?” The last thing to say is that currently the National Security and Investment Act is about national security, obviously. What is the role of economic security in that particular regulation? I am asking that because you have European countries that are thinking about whether there should be a role for economic security in investment screening.

No, it would not have been a good idea. My personal opinion, and I know that lots of colleagues disagree with me, is that foreign ownership of critical national infrastructure by countries that are not allies should be at a minimum or there should be none.

I can think of a couple of examples, and I will not quote them because they are sensitive, where we blocked investment in tech start-up companies in quite sensitive areas from not necessarily hostile but at least potentially questionable states. Those were the only sources of investment, or at least potential investment at that time. This is sometimes the problem that Governments face. The British Government decided at first to allow Huawei infrastructure into our mobile phone networks. That was because the experts were confident that they could mitigate the risks that arose from that. In the end, the American sanctions made that less practical. The alternative was not a different investment and a different set of capabilities going into those networks. It was none, because the capacity did not exist elsewhere to do it at the scale and pace that the Government needed. The Government had to make a choice about essentially its broader economic agenda, moving quickly to superfast broadband, et cetera, versus the security threat posed by Huawei being in the network, which the security professionals thought they could mitigate. That was a very difficult judgment for a Government to make. They had to reverse it when Huawei was sanctioned. That is the kind of dilemma that Governments face all the time. In the British Steel case, it was not that there was a friendly investment or an unfriendly investment, and they perversely chose the unfriendly investment. It was investment from one source or none.

We are just looking at some of the estimates from Boston Consulting Group on forward capital investment needed in a range of sectors. It is about £700 billion over the next four or five years. Some 25% of that money, £179 billion, is in the renewable sector. We are going to need to get quite good at this, given how much of the investment we need is going to need to come from abroad.

Yes, we are going to have to get very good at attracting investment from sources that we are comfortable with. For example, retrospective elements in legislation have a chilling effect on that, because people are unsure about it. We have to find ways of assuring those investors that their investment, if made, is entirely secure and they can realise the benefits of it. We have to be competitive in attracting investment from the places we are confident of, if we are going to be more rigorous about excluding investment from the places where we perceive a risk.

That concludes this panel. That has been an extremely helpful and illuminating set of evidence. Thank you so much to all of our brilliant witnesses for helping us think this through.