The operational response to these attacks was beyond competent; it was inspiring. The government demonstrated an impressive grip on the situations as they happened. When people were mown down by a car on Westminster Bridge, the paramedics’ response was near instantaneous. The armed response to the London Bridge attackers was lightning fast. A senior police officer named Mark Rowley explained events publicly with an authority and tone that reassured. Police social media messaging was fast, economical and of real use to mainstream journalists. Following meetings of the government’s crisis mechanism, COBR, senior ministers spoke to cameras conveying purpose and control. Order was made of what might have been confusion.
This calming effect was replicated for major cyber events but with more difficulty. The public are less familiar and less forgiving with how these play out. Media coverage is often less supportive, as when North Korea’s Wannacry ransomware infected the National Health Service in 2017. In response to this type of crisis, journalists and activists like to “blamestorm.” On a technical subject where lack of expertise is easily revealed, corporate and government leaders who try to explain matters put themselves at risk. We managed this by having the technocrat Heads of the National Cyber Security Centre and National Crime Agency stand in front of the cameras together to explain what was happening and what steps those affected should take. A single Minister, Amber Rudd, briefed on the language and approach needed for cyber incidents, was chosen to speak to cameras.
The Novichok poisonings in Salisbury strained the system in another way. There was a massive operational response, the center of an English market town occupied by the military vehicles of crews specializing in chemical and biological defense. But there was little to say publicly and the use of chemical weapons understandably provoked fear. It all took a very long time (indeed it is still going on). Looking back now, though, the thoroughness of the police investigation leading to the identity of the Russian attackers, their unmasking by the investigative site Bellingcat and the validation of British announcements by the Organisation for the Prevention of Chemical Weapons all reinforced the public’s sense that the UK’s response system can be trusted.
You don’t want to be learning your crisis-response processes the day of an event. Britain developed its crisis-response mechanism, COBR, following the attack on Israeli athletes at the Munich Olympics in 1972. The British process was refined during years of attacks by the IRA and Middle Eastern violence. Prior thought about what to do and say – and indeed who might say it – pays huge dividends. This is even truer when the subject is technical, as during a cyber attack or (God forbid) chemical event.
Especially important is to prepare as a team. As the crisis-response lead in the UK from 2014 to 2018, I always felt most wary when I had a new set of ministers who hadn’t worked an event together. One didn’t know how the decision-making chemistry would work or how differences of approach would play out or, indeed, how raw politics would feature. Best to explore those questions and build a compact approach before crisis strikes. You won’t be forgiven if you get it wrong – or given another chance to get it right.
Paddy McGuinness is a Senior Adviser for Brunswick based in London. He served as the UK Deputy National Security Adviser for Intelligence, Security and Resilience.
Photograph: Justin Tallis/AFP/Getty Images