Part 3: Effectiveness of governance of responses to national security events
3.1
In this Part, we discuss:
- how well the response side of the System responded during Operation Concord and after the November 2015 terrorist attacks in Paris;
- the aspects of effective governance that helped the System respond well; and
- ways to improve the governance of the response side of the System.
Summary of our findings
3.2
The response side of the System is fundamentally sound. It has provided an effective and co-ordinated, all-of-government response to recent events. We consider it to be fit for purpose.
3.3
Operation Concord was an example of the System responding at its best. Those involved with Operation Concord, and the response to the Paris attacks, worked together effectively to manage risks.
3.4
The response side of the System is flexible in the way it responds to different types of events. We saw and heard of other times when this side of the System responded well when activated.
3.5
The right people come together to respond. Strong, trusting, and respectful relationships between the people involved in responses provide a solid platform for effective governance, and enable the System to respond well. The Directorate generally supports the response side of the System well and is providing better support over time.
3.6
Some improvements are needed to enhance the governance of responses:
- The roles and accountabilities of the lead agency and DPMC, and the lines of accountability between Watch Groups, ODESC, and Ministers, in a response need to be more clearly defined.
- Better induction processes are needed so that new people involved in the System can quickly learn what is required of them.
- Lessons from activations of the System need to be identified, recorded, and applied in a more methodical way to enable the System to learn and mature quickly and effectively.
3.7
DPMC has some of these improvements under way already.
The National Security System has responded well in the past
3.8
We looked at two examples of recent system activations to assess the response side of the System: Operation Concord and the Paris attacks. Operation Concord was the name given to the response to the threats to contaminate infant formula with 1080 poison received by Fonterra and Federated Farmers in November 2014. The Paris attacks were a series of terrorist attacks in that city, including several suicide bombings and mass shootings, in November 2015.
3.9
For each example, we reviewed:
- meeting agendas and minutes of ODESC and Watch Group meetings;
- communication between Watch Groups, ODESC, the National Security Systems Directorate, and Ministers;
- situation updates from lead agencies;
- documents relating to reviews of each response after the response was deactivated.
3.10
Overall, we found that the System responded well in both examples. The response side of the system was activated promptly, and the different agencies worked effectively together until the response was deactivated.
Figure 5
Examples of effective responses to security threats
Example: Operation Concord On 27 November 2014, Fonterra received an anonymous letter threatening to contaminate infant and other formula products with 1080 poison. Federated Farmers received a similar letter the next day. Both letters were accompanied by a sachet of infant formula that tested positive for 1080 poison. After receiving the letters, Fonterra and Federated Farmers both immediately informed the Police. The System was activated the day the first threat was received. A Watch Group convened that evening and met weekly after that. The day after the first threat was received, a meeting of ODESC was called, and it then met fortnightly. Watch Group and ODESC meetings continued regularly between November 2014 (when the threat was received) and March 2015 (when a public announcement about the threats was made). Elements of effective governance in Operation Concord The System responded quickly to the threat, provided sound direction for the response, and ensured that the appropriate agencies were working together. The following elements of effective governance helped enable the response:
|
Example: Paris attacks On 13 November 2015, several suicide bombings and mass shootings took place throughout Paris, resulting in the deaths of 130 people. Most of the casualties came from the attack on the Bataclan theatre, where gunmen carried out a mass shooting and took hostages. The System was briefly activated in response to the attacks. It was initially uncertain whether the attacks posed a threat to New Zealand or could otherwise affect the country, so the System was activated to consider possibilities. This was an example of the System activating in response to a potential threat and quickly deactivating when the threat was gone. Elements of effective governance in the response to the Paris attacks The System responded quickly to this event. The first Watch Group was convened on a Saturday afternoon, the second Watch Group meeting was on the following Sunday, and the System was deactivated on the following Monday when the potential threat to New Zealand was considered to be over. The following elements of effective governance helped to enable the response:
|
Aspects of effective governance of responses
The right people come together to respond
3.11
Overall, the right people are involved in responses. Watch Group and ODESC membership varies depending on the nature of the response. When a Watch Group is called, the Directorate informs the relevant agencies, and they decide who to send to represent them. Members of Watch Groups are usually senior officials who are able to commit resources and agree actions on behalf of their organisations.
3.12
Watch Groups can be large. One Watch Group that we observed involved more than 30 people. There are several reasons why Watch Groups can be large. Sometimes, agencies send representatives from throughout their organisation, including response staff, policy staff, and communications staff. Inviting a wide variety of people means that it is more likely that the right people are there from the start in a time-critical response.
3.13
However, this can also cause problems, because large Watch Groups can be unwieldy and difficult to manage. They can delay progress and be an inefficient use of resources. A balance between ensuring appropriate representation at meetings and not having too many people must be struck. The Directorate is mindful of this when sending out invitations to meetings.
3.14
We saw that, when an ODESC meets, the chief executives from relevant agencies generally attend. This shows that chief executives prioritise attendance at these meetings. When ODESC and Watch Groups meet, the purpose of the meetings is clear. For the examples we looked at, the purpose of Watch Group and ODESC meetings was stated in the records of meetings.
3.15
We observed some ODESC and Watch Group meetings during our audit. For these meetings, the purpose of the meeting was stated when the meeting invite was sent out and again at the beginning of the meeting. In our view, this helped people understand their roles in the response.
Strong relationships mean people work together well to respond
3.16
Strong, trusting, and respectful relationships between the people involved in responses provide a solid platform for effective governance and enable the System to respond well. In the examples we observed, the people involved in responses generally had strong pre-existing relationships. People were open and worked together constructively. This was encouraged and facilitated by the chairpersons of the meetings, and there was constructive challenge and rigorous debate of issues.
3.17
Strong relationships need to be supported by good processes. These processes need to enable and not constrain the agility and flexibility of the System, but also provide continuity for the System to operate effectively over time. For example, it is important to have knowledge management systems and information repositories so that institutional knowledge is not lost when people leave the System (see Part 5).
Accountabilities are clear
3.18
During an incident, Watch Groups are accountable to ODESC and ODESC is accountable to Ministers. Within this accountability framework, specific accountabilities depend on the circumstances of the response and are agreed when Watch Groups and ODESC meet. When accountabilities are agreed at these meetings, they appear to be clear, assigned, understood, and actioned.
The Directorate generally supports the response side well and is providing better support over time
3.19
The Directorate generally provides effective support for Watch Groups and ODESC. For example, in the Operation Concord and Paris attacks examples, the Directorate facilitated information flows between Watch Groups, ODESC, and Ministers. The Directorate also provided support such as risk analysis to help decision-makers consider how to respond.
3.20
As it matures and learns from experience, the Directorate is providing better support for responses. Although we were told of occasions where the Directorate's support for Watch Groups could have been better, most of the people we talked to told us that they had seen improvements over time.
3.21
The Directorate is making ongoing improvements to how it supports the response side of the System. For example:
- The Directorate introduced standard agendas for Watch Groups and produced a National Security System Handbook so that officials working within the System are clear about roles, responsibilities, and the purpose of the System. The National Security System Handbook has been published on the DPMC website with the intention that it should be available as a resource for all.
- After Operation Concord, the Directorate introduced standard operating procedures for how it supports the response side of the System, including how it prepares to support Watch Groups and ODESC before they meet. The Directorate considers that these standard operating procedures are a way to capture and apply best practice and lessons identified in responses. For example, during Operation Concord, a need for enhanced internal co-ordination before Watch Group and ODESC meetings was identified. The Directorate trialled a new process during an exercise in 2015. The process was found to be useful so has become a standard operating procedure. This is a good example of the Directorate making ongoing improvements.
Ways to improve governance of the response side
Greater clarity is needed on the roles and accountabilities of the lead agency and DPMC in a response
3.22
People generally understood their roles and responsibilities in responses. Those involved in previous responses are clearer about their roles and responsibilities than new people coming in. However, there is occasionally confusion about the distinction between the role of the lead agency and the role of DPMC.
Better induction is needed for new people involved in responses
3.23
New people involved in the System do not always clearly understand what is expected of them. Better induction processes are needed to ensure that new people are able to get up to speed quickly.
3.24
Examples of improvements already made to help improve knowledge throughout the System include developing the National Security System Handbook and the officials' courses that DPMC and Victoria University of Wellington have developed.
More systematic identification, recording, and application of lessons is needed
3.25
The response side of the System needs to improve the way that lessons are identified and actioned. There is a process for debriefing after activations of the System, and some lessons have been identified, recorded, and applied. However, lessons from activations and exercises could be collated and co-ordinated in a more systematic and comprehensive way. Particularly, so that lessons identified in one context are considered for application throughout the System.
3.26
Developing a process that records and applies all the lessons identified from responses and exercises should support the System to learn and mature quickly and effectively. DPMC has work under way to identify how to improve the way lessons are identified, recorded, and applied.