King's College London

As a researcher with a focus on technology and its impact and role in geopolitics and security, the Integrated Review of 2021 provides a great deal of material to get my teeth into. 114 pages in the main paper, 76 in the accompanying Command Paper, and a further 112 in the Defence and Security Industrial Strategy. Across this cumulative work of 300 pages there are a huge array of bullet points and references to policies and newly formed bodies whose principal goal is to support the UK as a science and technology superpower.

You have no doubt seen numerous tweets of reporters and academics who have used the CTRL + F function to highlight the astronomical amount of times that the terms closest to their hearts have been mentioned. I know that I contributed to this trend (“cyber” is mentioned 237 times across the three documents and “norms” a mere 38). These three documents commonly cross-reference each other, ascribing to one of their peers the role of providing more detail to the pleasing soundbites around policy direction, investment, or strategic re-evaluation. On following these threads it quickly becomes apparent that the detail is, in fact, absent.

While the headline-grabbing pronouncements contained in the Integrated Review and supplementary documents are certainly pleasing (the recognition of the pace of technological development as a critical feature to be considered in security policy being a highlight), beyond the veneer of these announcements there is very little to be found.

For example, norms are expressly linked to technical standards. Such a frank statement is gratifying to see in a document intended to set out strategy for a decade. However, nowhere in the Integrated Review is there any mention of international technical standards bodies such as the International Telecommunication Union (ITU). In fact, to find any reference to an actual body where the UK might operationalise the apparent commitment to normative standards as they are connected to technical standards, one has to turn to the Defence and Security Industrial Strategy. Here, the single mention of the term suggests that cooperation in international forums like the ITU and International Civil Aviation Organization (ICAO) is a means of addressing how market failures could create security risks.

The lack of depth extends to a significant proportion of the Integrated Review’s signalling as to strategic direction on science and technology. In several places in all three of these documents, reference is made to the risks posed by an insufficient supply of expertise in critical technical areas. This is demonstrably the case: the supply of expertise in information security is far outstripped by the demand across the public and private sector. This dearth of knowledge is only exacerbated by the increasingly global nature of that demand, with a diversifying array of state and non-state parties seeking to hire and retain those with expertise, knowledge, or skills critical to the development of both offensive and defensive cyber capabilities. Beyond recognising the risks and suggesting that efforts will be made to train and retain strategically crucial skills and expertise, there is no detail as to what these efforts could, let alone should, involve.

The Integrated Review and accompanying documents are meant to provide a strategic overview of the United Kingdom’s efforts over the next 10 years, alongside a coordinated direction as to how to achieve what, without it, can often appear to be contradictory goals. What has been produced, however, is a grand strategic gesture sorely lacking in any evidence of detailed thought or understanding as to how these goals might be achieved.

While the Integrated Review accurately identifies technology, science, and research as critical to the security and the defence of the United Kingdom in the coming decade, it fails to address in any meaningful detail how the nation is meant to maximise its own security through an intangible set of resources.

There remains one potential source of hope in this regard. The Integrate Review, Command Paper, and Defence and Security Industrial Strategy are not only self-referential: they also signpost upcoming policy papers and legislative updates as future vessels of further detail as to how the strategic goals identified in the Review are to be achieved. Our hope, then, is that these, as-yet-unpublished pieces, such as the Cyber Strategy 2021, will do a better job of adding flesh to the bare bones of the Integrated Review.

 

Dr Alexi Drew is a Postdoctoral Research Associate at the Policy Institute, King’s College London.