It is often said that the first duty of Government is to keep its people safe. But I know from my time as UK National Security Adviser that this is becoming increasingly unrealistic, given the changing nature of the threats, particularly from terrorism and cyber attack.
The changing terrorist threat
Take terrorism. The stark reality is that the simpler the attack and the fewer the number of terrorists involved, the more difficult it is for anyone to prevent. If a terrorist takes a gun or a knife and attacks innocent bystanders in a public place; or hires a car and runs down pedestrians, there is little Governments can do to prevent that.
The horrendous attack in March on Muslim worshippers in Christchurch, New Zealand, by a single terrorist is a case in point.
Of course, if there is a wider conspiracy, with more terrorists involved who need to communicate with each other or use more sophisticated weapons, then the opportunities for law enforcement and Intelligence agencies to detect and disrupt are much greater.
The shocking attacks over Easter in Sri Lanka fall into this category, and perhaps could have been prevented.
Given this reality, individual vigilance has become increasingly important, as are tip offs of suspicious behaviour, perhaps from family members or co-workers noticing signs of radicalisation.
Likewise, Governments have to rely on stronger action by private tech companies to prevent their platforms being used by terrorists to communicate, or to spread extremism.
Unsurprisingly, given that they compete to outdo each other on commitment to privacy, some tech companies are more willing to cooperate with Government agencies than others.
The new Cyber threat
The same limitation in Governments’ ability to protect applies to the cyber threat, from both state and non-state actors. Government systems are of course targeted, but – despite some well publicised breaches – they are relatively well defended.
Companies and individuals are much more vulnerable. Technology and data are so business critical these days that businesses have to spend hundreds of millions of dollars on their own cyber security.
And the threat is growing. 55% of British companies were hacked last year – and that compares relatively well with most other western countries.
Individuals fare no better than companies. Of the 200 billion emails sent every day, more than 1 billion contains malware. Smart devices in our homes, commercial use of drones in our skies and driverless cars on our roads will all make us more vulnerable to cyber attack.
At a more mundane level, it is up to each person to look after their own passwords and avoid being taken in by scam emails. Governments can’t do that for you.
Cyber security is not just about buying the latest technology – or potentially not buying it, as in the case of Huawei’s involvement in 5G telecommunications networks.
Employee training is arguably more important – 90% of current cyber attacks on businesses result from employees, or connected third parties, clicking on a malicious link or attachment in a seemingly harmless looking e-mail.
Impact on sense of personal security
One consequence of this development is an increase in the sense of personal insecurity felt by many people today in Western democracies, despite the fact that – in strategic terms – our countries are as safe as they have been for hundreds of years.
It is right still to look to Government to protect us from attack by a hostile state, or from global threats such as serious organised crime, drugs, climate change or health pandemics.
And with the right resources, law enforcement and intelligence agencies can offer a degree of security against terrorism and major cyber attacks.
But it is important to be aware of the limitations on what Governments can and can’t do to keep us all safe.