National resilience strategy call for evidence Local Government Association response - September 2021

• The Local Government Association (LGA) is the national voice of local government, and our members include councils and fire and rescue authorities. We work with our members to support, promote and improve local government.
  
   
• We are a politically-led, cross party organisation which works on behalf of councils to ensure local government has a strong, credible voice with national government. We aim to influence and set the political agenda on the issues that matter to councils, so they are able to deliver local solutions to national problems.

• The LGA welcomes the development of a new national resilience strategy and review of the Civil Contingencies Act (the Act).   There are various key themes which we would like to see more accurately reflected within an updated Act, including the role of local resilience forums (LRFs), the concept of building resilience and councils’ role within recovery.  To maximise effectiveness, the theme of building resilience needs to be linked up with other relevant legislation and activity across government.
  
   
• In particular, we would like to see the role of local elected representatives formally recognised within civil continencies structures. Councillors have vital roles to play in providing civic, community and political leadership throughout the emergency planning cycle and this should be reflected within legislation.   In recognising the principle of local political engagement within the Act, however, there will need to be flexibility about how this is structured locally given diverse LRF footprints and differing local and mayoral/combined authority arrangements.
  
   
• We are pleased to see consideration through the review of the role of LRFs and LRF chairs, given the increasing divide between the demands being placed on them and their statutory responsibilities as set out in the Act. Any changes in this area should be consistent with the need to build the role of local politicians into local processes and should also reflect the complementary roles that local partners bring to the partnership.  The current funding pilots will help increase LRF capacity to help meet the greater demands on LRFs and are a positive development. However the importance of the resilience of individual partner agencies including councils should not be overlooked.

• We would like to see enshrined in legislation and practice the recognition that councils and LRFs are trusted local partners when it comes to planning for and responding to incidents. During recent incidents, local planning and operational responses have been hindered by the failure to share critical information or future plans in a timely way, as well as by the failure to bring local partners into co-design key mechanisms at an early stage. A legal duty to share relevant information with local partners should be considered.
  
   
• With increasing expectations on LRFs and clear government interest in how they are operating, the LGA would support a programme of peer reviews and mutual support to help strengthen LRFs in line with an updated legal framework and/or set of resilience standards.   The LGA has previously developed a programme of training events and guidance for elected members on civil resilience and would welcome the opportunity to work with Government on a further programme as changes resulting from this consultation are taken forward.
  
   
• We would also support the use of central capacity to more effectively share learning and tools on resilience issues across the country. As a current example, there is a need for a shared learning approach to the development of a whole society approach to resilience. All areas are grappling with what this means at both an organisational and community level, and there is a need for join up to reduce unnecessary duplication of effort. The Government should focus some of its resilience resources specifically on supporting the development of shared tools and learning on these types of issues.
  
   
• In terms of community resilience, being able to manage uncertainty and disruption is likely to become more important going ahead, given the impact of climate change and emerging issues such as energy and food security. Councillors have a key role in communicating risks, articulating the needs of communities (particularly the most vulnerable) and identifying and joining up community resources – both before and during emergencies.

• Climate change is presenting significant challenges to our way of life. The UK is experiencing a greater number of extreme weather events, while rising average temperatures are also affecting our biodiversity. Councils are an essential partner for Government in making sure the UK is resilient to the effects of climate change through adaptation. The Government should work with councils and business to establish a national framework for addressing the climate emergency, including tackling biodiversity loss. As part of this framework, the Government should devolve funding for flood prevention to local areas and give councils other tools to take action locally (the Somerset Rivers Authorities has been seeking precepting powers for several years without progress). The government should also consider formalising consideration of resilience issues within the planning process to help prevent development without adequate infrastructure (eg drainage) and/or in flood corridors.
  
   
• While councils and local partners have proven extremely resilient in managing and responding to crises in the physical world, cyber security and resilience presents a newer challenge where our experience and resilience is still developing. The new resilience strategy should make clear the significant and varied risks posed by the cyber world, including those underpinning many of the other risks we face.  It should also identify the best structures and practice for achieving good cyber resilience within multi-agency planning environments and outline ways to ensure that cyber risk is well-integrated with broader risk management arrangements, including cyber-specific business continuity plans for individual organisations.

We set out below our response to the key themes in the call for evidence. For each theme, we have included comments focusing specifically on resilience in a cyber context.

1. We support the vision and principles set out in the call for evidence, subject to the following observations:
2. 1. To reflect that resilience is everybody’s business, the principles should explicitly reference that individuals, organisations, communities and government all have a role to play.
   2. The principles should acknowledge that to deliver the vision, we may need to specifically or routinely consider and reference resilience in areas where it may not have been an explicit focus before.
   3. The principles could note the importance of mechanisms to enable shared learning and reduce duplication of effort.
3. Delivering the vision, and a whole society approach to resilience, will require new approaches, with resilience made a specific and necessary consideration across a much wider range of issues when compared to a narrower focus on preparedness and emergency planning. The LGA would welcome the opportunity to work with the Government, councils and LRFs to identify what that means for local government in practice, and the practical steps to be taken to embed the whole society approach.
4. At national level, delivering the vision will require a cross government approach to resilience. In terms of specific incidents, we have seen a need for better join up between departments nationally and agreement on shared priorities – particularly where there are competing objectives as can be seen in the health/economic considerations of COVID-19. Outside of response periods, it requires both strategic oversight of resilience and greater consideration of long-term resilience issues across all policy issues and departments.

• COVID provides a relevant and timely platform for more open communications with businesses, organisations and individuals about the other risks society faces and how people can prepare for and try to mitigate them.  While councils and local partners will be looking at these issues locally, for example through their work with flood groups, the pandemic provides an opportunity for national communications on building resilience.
  
   
• As general principles, the Government should work collaboratively with local partners to communicate messages around risk and risk appetite. Where the Government is taking the lead on communications, these should be shared with local partners – ideally in advance – who can play a supporting role in amplifying messages through their local communications. In other instances, it will be appropriate for local partners to take the lead on these communications, but there is a clear role for the Government to share best practice approaches to communicating risk and risk appetite.

• We have seen challenges during recent periods of preparation/response (both EU exit and COVID) caused by an unwillingness by government departments/agencies to share critical information that would assist local planning and response work, as well as to give councils forewarning of announcements that will impact their response work. We believe there is a case for a duty on central government to share relevant data that would support local plans and responses in these periods, although frontline officers will be better placed to identify the most effective mechanisms for sharing data during an emergency.

Response on cyber issues

• On cyber issues, we believe that the new strategy should make clear the significant and varied risks posed by the cyber world, reflecting that the National Security Strategy (2015) categorises cyber as a Tier 1 risk to UK interests. Recent experience such as the cyber-attack in Redcar and Cleveland council shows that cyberattacks can steamroller traditional risk procedures and processes, which may traditionally have been more likely to focus on disruption to systems stemming from physical threats such as flooding and fire rather than a total IT loss perpetrated by a ransomware attack.  
• There is a need to ensure that the perpetual and ever-changing nature of cyber risk is fully understood by all councils and partners, something the LGA’s cyber programme is working to support. A key lesson from a cyberattack that hit Copeland Borough council in 2017 was that local authorities and partners should talk more about, and understand better, particularly at the corporate level, the perpetual risk and implications of cyberattacks. Similarly, Redcar and Cleveland council, drawing upon its experience, has emphasised to the sector the need to keep re-engaging with cyber risk. The new strategy should stress the need for cyber risk to be continuously reviewed, refreshed and reinforced in the interests of public services, communities and businesses.

• Councils and their LRF partners have demonstrated through the COVID response and beforehand that they are critical to emergency response efforts and should have an important role to play in co-designing new response mechanisms in an emergency situation. In particular in the early months of the response to the pandemic we saw issues with an over-centralised approach to planning, information sharing, decision making and service planning, when trust and co-design with local partners delivering on the ground would have enhanced our response. Local agencies should be treated as trusted, equal partners in national emergencies and as set out above, there is a case for exploring the duties that are binding on central government in its interactions with local partners as part of an updated Civil Contingencies Act.

• A related point is the need for senior level engagement between LRFs and the centre both during and between response periods, to enable local understanding at the central level and an effective flow of communication between local areas and the centre. Currently, engagement is led by the Ministry of Housing and Local Government’s Resilience and Emergencies Division (MHCLG RED), but at a relatively junior level. In the middle of an emergency in particular, senior leaders in LRFs need to be able to link into central government decision makers.

• In our response to the integrated review last year, we questioned whether it is helpful for there to be a split in central government’s resilience arrangements, which extend across the Cabinet Office’s Civil Contingencies Secretariat and MHCLG RED. We recommend that this issue is considered as part of the review of the CCA.

• The question of assurance mechanisms for local resilience arrangements has been under consideration since the multiple emergency responses of 2017.  We would not support a centrally assessed performance framework but are in favour of a sector led peer support model, with peer reviews undertaken by LRF and other resilience experts, which we believe would help strengthen existing arrangements and share best practice. Shortly before the start of the pandemic in early 2020, the LGA had commenced a programme of resilience peer reviews for London Boroughs, and we believe there is scope to broaden this approach to LRFs. However, any assurance model that extends beyond the current approach will require investment, something the Government should consider as part of its current LRF funding pilots.

Response on cyber issues

• The LGA’s cyber security stocktake in 2018 found that awareness of cyber risk is growing at a leadership level and there have been some positive developments regarding the governance of cyber security structures, processes and policies. More work is needed, however, to support leaders in carrying out their resilience responsibilities, with officers leading on procurement being an important constituent. The LGA will soon update its National Procurement Strategy (2018) to better reflect the importance of cyber specific requirements within procurement.

• There is yet to be published a widely accepted standard operating procedure compiled to help councils follow the most effective workflow when dealing with a cyber security event. Moreover, there are no statutory cyber security standards, but rather a range of voluntary standards, compliance regimes, certifications and frameworks (for example, the ISO 22316:2017). The call for evidence asks if the introduction of statutory resilience standards would improve the security and resilience of Critical National Infrastructure operators. Whether statutory or non-statutory, we know there is no guarantee of assurance even if such standards were followed.

• A useful question to ask is: ‘could resilience standards be achieved by well-publicised voluntary sign-up instead?’ Using Cyber Essentials accreditation as an example, take-up of this government-backed scheme is far from universal among councils, partly because it is not specific to a local authority context. We would want to see rigorous testing of a set of metrics that could be used across the risk spectrum before seeing them placed on a statutory footing. We would expect to see clear dialogue on the role taken by central government in both supporting and ensuring that local authorities were meeting the mandatory standard.

• A positive intervention by the new strategy would be to endorse asset mapping. Councils should be undertaking regular inventories of their assets to understand the risks posed by the services, systems and infrastructure they own. This process should involve the mapping of a council’s core infrastructure, extended ecosystem and public facing interaction points. It should focus on the losses that would be catastrophic if they fell into the wrong hands or were made public. Some councils will struggle with this process and will need support to ensure they have a written, accepted and understood risk appetite, in order to invest time and budget.

• Furthermore, the new strategy should promote the use of scenario-based testing. Our Stocktake found that all councils have an IT disaster recovery plan, but these were infrequently tested within the council, and more rarely still with the partners and suppliers on whom its successful implementation would depend. We know that when a cyber incident occurs, the benefit of having exercised a cyberattack incident specifically will pay dividends, so the new strategy and update of the Act must reinforce the importance of exercising with local partners, and that such exercising should include specific testing for cyber events.

Response on climate change

• Climate Change is presenting significant challenges to our way of life.  The UK is experiencing a greater number of extreme weather events from thunderstorms, hailstorms and months’ worth of rain falling in days to droughts and heatwaves damaging crop production and threatening lives.  In addition to this, Climate Change is also affecting our biodiversity. Increasing average temperatures are causing species to gravitate north and invasive species to arrive on our shores such as the Asian Hornet that has the potential to decimate our native pollinating honeybee.

• The Government should work with councils and business to establish a national framework for addressing the climate emergency, including tackling biodiversity loss. This must set out a clear articulation of the national role and local roles, and an assessment of funding and financing opportunities through public and private sector means.
  
   
• Around 230 councils have declared a climate emergency, and nearly two-thirds of councils in England are aiming to be carbon neutral by 2030. However, councils in England have limited access to their own ‘in-house’ ecologist and around 65 per cent have no or only limited (i.e. part-time or shared with another authority) access to any ‘in-house’ ecological expertise. New requirements on councils coming in through the Environment Bill, such as implementing Biodiversity Net Gain through the planning system and the production of Local Nature Recovery Strategies, will mean councils will receive New Burdens funding to provide the resource capacity required to deliver on these new requirements. Additional government support to further increase support for the resilience agenda seems a logical progression of the council/government partnership.

Response on cyber issues

• The Integrated Review commits the government to strengthening the role and responsibilities of LRFs in England and the new Strategy aims to drive forward this ambition. Our cyber stocktake indicated that, as a sector, partnerships are strong. WARP networks (Warning, Advice and Reporting Point) are a good example of councils working together to share intelligence and good practice. Almost all councils were aware of their local WARP and about two-thirds reported WARP membership, based on our survey.
  
   
• Regarding multi-agency partnerships, we take the view that cyber risks at a council-level can be viewed as a ‘single agency issue’ by partners rather than existing in a multi-agency environment. A conclusion arising from central government’s response to the Redcar and Cleveland event was that its resilience framework – where the need for a multi-agency response through LRFs was correlated to the seriousness of an event – appeared to be unfit for cyber events. This highlights the specific need for consideration of how to ensure coordination and cooperation between responders at the local level in the face of cyber-attacks.

• In terms of partnerships with central government, MHCLG’s cyber pathfinder for practitioners and policy makers from local authorities, local resilience forums and other public sector organisations, launched in 2019, was helping to improve the understanding of cyber resilience issues at a local level in England. The closure of this programme has reduced the avenues for sharing knowledge across the local government sector. Material relating to the scheme is still accessible on the Resilience Direct Cyber Hub, but we would recommend that improvements are made to increase the usability and accessibility of this service.

• Specifically, the Call for Evidence asks how government can support CNI owners or operators during an emergency. Our experience of working with impacted councils is that much more clarity is needed on the of role central government when an incident occurs. Existing Cabinet Contingency Secretariat (CCS) policy states that the responsibility for COBR-level events (such as a cyberattack) should be led by the responsible department of state. In Redcar and Cleveland’s case, responsibility moved between MHCLG, Cabinet Office and eventually the Home Secretary chaired the ministerial COBR. We understand, however, in the case of Hackney’s incident that COBR was led by the Home Office throughout.

• More positively, the pandemic has shown the importance of integrating cyber security into LRF operations. For example, Norfolk’s Resilience Forum stood-up a Cyber Delivery Group as part of its emergency response to COVID-19 with a range of positive outcomes. It categorised ‘loss of IT infrastructure’ as a significant risk because: public sector organisations were likely to see an increase in targeted cyberattacks; the emergency response effort was heavily reliant upon digital systems and services; secure methods of data sharing, data analytics and communication were essential’; and a significant cyber incident impacting any one of its member organisations would have a catastrophic impact on the collective ability to deliver the required emergency response effort.

• A final consideration relates to the prevention of cross-contamination across shared services; a technique used to mitigate risk in the event of a cyberattack. At Copeland council, for example, when shared services were informed about the council’s cyberattack, its access was immediately cut-off as a defence mechanism. Similarly, at Redcar and Cleveland, when the attack hit, partner organisations blocked contact to prevent the spread of malware. A negative side of this being that the council didn’t know if partners were receiving its messages. In addition, the council received information requests from multiple agencies about the state of its response, data that may have been comprised, council actions, concurrency risks and more, which distracted from its IT recovery work. We would stress the need to maintain a strong human interface after putting in place controls to minimise cross-contamination.

• We agree that everybody has a part to play in supporting the UK’s resilience, whether that is personal resilience in an individual capacity or organisational or community resilience in other contexts. Through their civic and community leadership roles, councillors have a key role to play in approaches to building community and local resilience to crises and emergencies

• Individual, organisational and community resilience may be supported by both communications and awareness raising, and by supporting more structured approaches to resilience (for example through community networks). There is an important role for the Government to develop shared resources and share best practice about what works well in these areas so that learning is spread consistently across the country. There is also a role for investment and measures to help pump prime community resilience approaches, so we welcome the innovation element of the LRF funding pilots, which in some cases is being used for these purposes.

• At the local level, councillors can add huge value in communicating preparedness requirements, articulating need in communities and identifying community resources and capacity.  Councillors know their communities best, including the risks, vulnerabilities and strengths, and can provide a two-way flow of information into communities and back to the council.

• We are aware that the voluntary and community sector are keen that there should be a statutory requirement in the Act for engagement with the sector as part of the emergency planning cycle. We would support this being formalised within the Act, but again there must be local flexibility to determine how such a requirement is delivered locally.

• This consultation is focused specifically on resilience in a civil resilience context. However, it is important to reflect that councils think about community resilience in the much broader context of how communities are resilient in the face of every day challenges rather than shocks in a civil resilience sense; for example how communities can be resilient to crime and anti-social behaviour, or economically. COVID has shown how long term structural challenges and inequalities left some groups far more vulnerable to COVID than others, and councils’ recovery plans are therefore focused on building back better in a way that strengthens local places and local communities.

• The LGA’s Build Back Local paper sets out how councils can contribute to a levelling up agenda that strengthens and deepens resilience more generally.

Response on cyber issues

• All local authorities should have in place arrangements in place to warn, inform and advise the public about the risks of a cyber event and explain their preparedness to respond. They should also work with partners to avoid confusion arising from public warnings coming from multiple sources. This is an area where central government could support councils during an emergency, as asked in the Call for Evidence. Some considerations from recent cyber events are: ensuring staff are kept aware without their usual IT equipment; knowing how much to reveal about the complexity and severity of a cyber event; and dealing with immense media interest.

• Government departments need to find an agreed approach to communicating with a victim council to ensure their messaging is coordinated and to avoid adding additional pressure to a council under attack. Moreover, much more effort is needed to ensure that actionable information from a cyber incident is widely shared at the time of the event. The sector was deeply frustrated when this did not occur in relation to recent attacks on councils. We, as the membership body for local government, made a concerted effort to coordinate and communicate immediate messages to the sector and to present these to central government. We concur with Foreign Office guidance on sharing cyber-threat intelligence published this year stating that ‘information shared too late may lose its value’.

• Not all steps to build resilience and ensure preparedness require additional funding; we set out below how giving councils the power to allocate funding for flood defences could ensure better outcomes from existing funds, while encouraging individuals to think about risk and preparedness does not necessarily require funding but can help to increase personal resilience. However, it has to be recognised that some level of investment is required to deliver the Government’s ambition for a whole of society approach and an updated Civil Contingencies Act.
  
   
• To date, LRFs have been funded through voluntary contributions from partners, leading to inconsistencies in resources among different LRFs, while the greater demands placed on them in recent years have imposed additional burdens on already stretched partner agencies. It is positive that the Government has recognised this issue and established funding pilots to assess how dedicated funding could be used to support LRF secretariats and activity, and we hope that the pilot will prove successful.
  
   
• It is important to recognise, however, that the funding and capacity of LRF partner agencies is as critical as a properly resourced secretariat. Spending on emergency planning in councils has fallen over the last decade, reducing councils’ capacity in this critical area. Alongside this, the pandemic has exposed the extent to which capacity and resilience in key services has been reduced by austerity, while simultaneously highlighting the importance of wider organisational resilience alongside emergency planning expertise in enabling effective responses to shocks and emergencies.
  
   
• With services stretched throughout councils, the ability for them to embed an organisation wide approach to resilience, and to promote a whole of society approach to resilience, becomes more challenging. The Government should use the forthcoming spending review to ensure that sustainable funding is made available to promote an organisation-wide and whole of society approach to resilience.

Response on cyber issues

• The call for evidence refers to ‘the challenge of where to place investment in the risk cycle’ being one that affects the public and private sectors alike. Our position is that much more investment is needed to raise awareness of cyber risks within councils. Considering the size of the local government workforce, approximately one million people providing more than 800 different services to local communities, bolstering understanding of cybersecurity risks is an enormous task. Moreover, much more work is needed in making it easier for people to behave securely in the workplace and for them to engage in their organisation’s security culture.  Again, this is an area where central resources should be developed to support all councils and avoid duplication of effort.
  
   
• Looking at recent examples, Copeland, Redcar and Cleveland and Hackney councils show the devastating impacts of cyberattacks. Redcar and Cleveland, for example, experienced a complete shutdown of essential services, intense media pressure, work-related stress and fatigue for employees and a recovery bill stretching into millions of pounds. The council considered itself still in recovery a year after the attack. For Copeland council, the scale of the loss of systems, networks and devices overwhelmed its IT team, and it took many days to regain some control. Moreover, councils work hard to garner trust from their communities and businesses, and the reputational impacts of a cyberattack can also be significant.

• We are keen for the new strategy to help build resilience at a local level so councils can continue to unlock the significant opportunities that digital technology brings to public services. This means that investment must consider the talent pipeline now and also what may be needed in the future to build digital resilience within councils. We have seen the landscape change considerably as a result of the COVID-19 pandemic and work must continue to engage with the opportunities and challenges brought by working in an online environment.

Flood defence funding

• Councils are well placed to lead a local approach to flood defence, using their local knowledge to ensure that money is directed towards projects that best reflect local needs, including protecting key roads and bridges to keep residents and businesses moving. We are calling for funding for flood defences to be devolved to local areas and sit within a new national framework for addressing the climate emergency.
  
   
• The current funding model for flood and coastal erosion risk management is overly complicated and not designed to deliver local priorities. The complexity of the process for applying for Grant in Aid (GiA) and local levy funding can result in a situation where it is not justifiable, from a resource perspective, to seek contributions from these sources. This is particularly the case for small schemes when the actual amount needed is relatively small. Securing contributions to develop schemes as well as securing contributions to maintain schemes are time and resource consuming. There is a general feeling by potential private sector contributors that maintenance should be the responsibility of the Environment Agency, which makes it difficult to obtain contributions from other sources. (Council’s role in the future allocation of flood and coastal erosion risk management funding. Report prepared by Risk & Policy Analysts, for the Local Government Association.)
  
   
• Moving to a block grant funding approach and allowing local authorities to self-assure small projects would be far more beneficial for smaller scale projects and local priorities. In areas that experience regular and/or severe flooding events the grant formulas would need to reflect these local circumstances to ensure access to enough funding.
  
   
• Local authorities should be responsible for managing the grant in aid funding for local flood resilience measures for a multitude of reasons. They are more able to obtain any necessary match funding through established and maintained relationships in their community. Local authorities up and down the country have proved repeatedly that they are very capable of implementing both small and large scale flood resilience measures such as Sustainable Urban Drainage systems (SUDs). Examples include Project SPONGE 2020 in Somerset and the Renfrew Close Rain Gardens in Newham.
  
   
• Projects delivered locally by local authorities forming partnerships have the added benefit of investing in the local economy and ensuring local ownership of the scheme. The Stroud SuDs project for example works with landowners, farmers, local community flood groups and partner organisations to implement a range of measures that will reduce flood risk but also enhance the natural environment for all users. Local authorities are perfectly placed to manage these approaches as they know their community’s strengths and they have the community’s trust.
  
   
• The Government should also empower local areas to fund work to address flooding risks; for example, through granting precepting powers to newly established river authorities set up by councils in areas with high flood risks.

Response on cyber issues

We have outlined some of the distinct risks that can arise from working in a digital world, but we would also stress that such risks run concurrently to others. For example, during the Salisbury Novichok poisoning attack there was increased cyber activity from external threat actors. Cyber is now recognised as a key theme for Wiltshire and Swindon LRF going forwards. Had one occurred at the height of the COVID-19 crisis, which saw a heavy reliance on digital technologies, a cyberattack would have caused significant damage to delivery capability and could have cost lives. The new National Resilience Strategy should fully consider the risk of exploitation by cybercriminals at times of critical vulnerability. The cyber risk agenda will become increasing important as more councils start to explore new technologies, such as Internet of Things developments.

• We support the Government’s review of the Civil Contingencies Act alongside the development of the new national resilience strategy.  It is important that both the legislative framework and supporting guidance should reflect the current landscape in terms of both local and regional structures and current risks, as well the most up to date global experience of building resilience and ensuring preparedness. It is widely recognised that in recent years, as the Government has turned to local resilience forums (LRFs) to lead work to respond to EU exit as well as the COVID-19 pandemic, the demands on them have extended well beyond the statutory duties for multi-agency planning and preparedness set out in the Act.
  
   
• As an overarching principle, the Act should focus not just on preparedness, response and recovery, but also on building resilience and mitigation: to help build a whole society approach to resilience, this needs to be reflected in the central piece of relevant legislation. Additionally, the shape and scale of the challenges that local places are dealing with has changed significantly since the Act was first introduced – with long term climate change, cyber security and more recently public health risks now in sharp focus. The Act needs to reflect that these are the longer-term challenges local places will have to deal with and build resilience to in the 21st century and must ensure that current resilience structures – which are more geared to short term emergency responses – can be flexed to reflect the different challenges we are dealing with.
  
   
• In reviewing and updating the Act, the Government should ensure that the civic, community and political leadership role of local elected politicians is clarified and built into civil contingencies structures; although there is recognition of the role of national politicians in an emergency (for example through COBR processes), there is currently no reflection of the need for democratic oversight and input at the local level. While local council leaders have played a role in local civil contingencies activity, and ward members have been engaged at a community level, this has relied on local processes and relationships, rather than there being a statutory requirement to ensure the engagement of and communication with members and an established role for local leaders.
  
   
• There will be a need for flexibility in how democratic input is structured.  In the first instance, the types of civil contingencies issues local areas respond to vary considerably. As noted above, prior to EU exit and COVID-19 work, LRF response work was generally based around short-term emergencies such as a major fire or flooding, where there is often a very short-term operational response overseen by the LRF/strategic coordination group that politicians would not and should not get involved in. However, in cases such as the COVID-response, and where other responses involve longer term response/recovery work and/or community issues, there is a clear need for democratically elected representatives to be involved in a leadership capacity, alongside other local partners such as business and community groups. Frameworks will therefore need to include a degree of flexibility to allow for the appropriate response to different incidents, and there should be consideration of when it is appropriate to revert to existing democratic structures rather than LRF structures to lead the response. In more accurately reflecting the role of recovery within the Act, and particularly councils’ role within it, consideration could be given to the distinction between an immediate clean up versus a long term recovery role.
  
   
• There will also be a need for flexibility to allow for the wide variance in LRF footprints and the different tiers of local government, including the new combined and mayoral authorities. While the Act should set out expectations for local political engagement within the structures of the LRF, it should be for local areas to determine how this can best be arranged. While this is not exclusive to coterminous LRFs, we note that coterminous organisational boundaries within LRF footprints has often assisted the smooth functioning of both LRFs and member level engagement.
  
   
• It is widely recognised that in recent years, as the Government has turned to local resilience forums (LRFs) to lead work to respond to EU exit as well as the COVID-19 pandemic, the demands on them have extended well beyond the statutory duties for multi-agency planning and preparedness set out in the Act. It is important that the legislative framework should reflect what is actually asked of LRFs, and that it sets out expectations of LRFs covering the full range of the emergency cycle – preparedness, response and recovery. Both the Act and guidance should reflect the differing and complementary roles that different agencies can play within the LRF, with more focus on place leadership and recovery, which councils play a critical role in.