Advice letter: Dominic Fortescue, short-term piece of work leading a review for BT Group plc
Updated 30 November 2022
1. BUSINESS APPOINTMENT APPLICATION: Dominic Fortescue, former Government Chief Security Officer, application to work with BT.
Dominic Fortescue, former Government Chief Security Officer, sought advice from the Advisory Committee on Business Appointments (the Committee) under the government’s Business Appointments Rules for former Crown servants (the Rules) on a short-term piece of work leading a review for BT Group plc (BT). The material information taken into consideration by the Committee is set out in the below annex.
The purpose of the Rules is to protect the integrity of the government. Under the Rules, the Committee’s remit is to consider the risks associated with the actions and decisions made during Mr Fortescue’s time in office, alongside the information and influence a former Crown servant may offer BT.
The Committee has advised that a number of conditions be imposed to mitigate the potential risks to the government associated with this appointment under the Rules; this does not imply the Committee has taken a view on the appropriateness of this appointment for a former Government Chief Security Officer.
The Rules set out that Crown servants must abide by the Committee’s advice[footnote 1]. It is an applicant’s personal responsibility to manage the propriety of any appointment. Former Crown servants are expected to uphold the highest standards of propriety and act in accordance with the 7 Principles of Public Life.
2. The Committee’s Consideration of the risks presented
BT is a British international telecommunications company headquartered in London. It operates internationally and is the largest provider of fixed-line, broadband and mobile services in the UK. It is a strategic supplier to government and part of the critical national infrastructure. The Committee[footnote 2] noted that Mr Fortescue was not responsible for regulation or policy relating directly to BT (which falls predominately to another government department - the Department for Culture, Media and Sport). Mr Fortescue met once with BT alongside other officials in the department for a general discussion. The Cabinet Office confirmed there was one specific contract for work on an IT system in June 2021, for which he was not responsible. In the circumstances, the Committee considered there is no reason it might be perceived this short-term appointment is a reward for decisions made or actions taken from his time in office.
The Committee noted the information provided about the broadly transparent nature of Mr Fortescue’s responsibilities in office - building security capability and capacity within government departments. However, there are inherent risks associated with his access to information in office, including some sensitive security matters, though the Committee recognised this is limited.
There are also risks associated with Mr Fortescue’s network gained in government service which could lead to the perception his influence might assist BT unfairly. The Committee considered this is limited given the stakeholder relationship BT already holds with government and the limited internal nature of this short-term role.
3. The Committee’s advice
The Committee noted the department’s confirmation that Mr Fortescue is bound by the Official Secrets Act and three months have passed since he was in office. Further, he is subject to the below standard privileged information ban. As such, whilst BT will undoubtedly gain from his skills and experience in security, the risk he could use sensitive information to unfairly benefit BT is appropriately mitigated.
The Committee would draw Mr Fortescue’s attention to the lobbying restriction and the restriction on providing advice on the terms of a bid or contract relating directly to the work of the UK government, imposed below. These conditions will prevent him from providing an unfair advantage to BT in respect to his contacts across the government. However, the Committee noted this was in keeping with his role as described.
The Committee’s advice, under the Government’s Business Appointment Rules, that this short-term appointment to lead a review should be subject to the following conditions:
-
He should not draw on (disclose or use for the benefit of himself or the persons or organisations to which this advice refers) any privileged information available to him from his time in Crown service;
-
for two years from his last day in Crown service, he should not become personally involved in lobbying the UK government or any of its Arm’s Length Bodies on behalf of BT Group plc (including parent companies, subsidiaries, partners and clients); nor should he make use, directly or indirectly, of his contacts in the government and/or Crown service contacts to influence policy, secure business/funding or otherwise unfairly advantage BT Group plc (including parent companies, subsidiaries, partners and clients); and
-
for two years from his last day in Crown service, he should not provide advice to BT Group plc (including parent companies, subsidiaries, partners and clients) on the terms of, or with regard to the subject matter of, a bid with, or contract relating directly to the work of the UK government or any of its Arm’s Length Bodies.
By ‘privileged information’ we mean official information to which a minister or Crown servant has had access as a consequence of his or her office or employment and which has not been made publicly available. Applicants are also reminded that they may be subject to other duties of confidentiality, whether under the Official Secrets Act, the Civil Service Code or otherwise.
The Business Appointment Rules explain that the restriction on lobbying means that the former Crown servant/Minister ‘should not engage in communication with government (Ministers, civil servants, including special advisers, and other relevant officials/public office holders) – wherever it takes place - with a view to influencing a government decision, policy or contract award/grant in relation to their own interests or the interests of the organisation by which they are employed, or to whom they are contracted or with which they hold office.’
Please inform us as soon as Mr Fortescue takes up employment with this organisation, or if it is announced that he will do so, by emailing the office at the above address. We shall otherwise not be able to deal with any enquiries, since we do not release information about appointments that have not been taken up or announced. This could lead to a false assumption being made about whether Mr Fortescue has complied with the Rules.
Please also inform us if he proposes to extend or otherwise change the nature of his role as, depending on the circumstances, it may be necessary for him to make a fresh application.
Once the appointment has been publicly announced or taken up, we will publish this letter on the Committee’s website, and where appropriate, refer to it in the relevant annual report.
4. Annex - Material information
4.1 The role
BT Group plc (BT) is a British international telecommunications company headquartered in London. It operates internationally and is the largest provider of fixed-line, broadband and mobile services in the UK. It also provides subscription television and IT services. Mr Fortescue notes BT is a strategic supplier to the government and a key part of UK critical national infrastructure. Its subsidiaries include EE, Openreach and Plusnet.
Mr Fortescue also described BT as offering a broad range of security services and tools, many of which will be offered by others in the security sector. The CEO of BT has has commissioned a review and asked Mr Fortescue to lead it. He will be reporting directly to the CEO of BT.
Mr Fortescue described this as an internal role, involving no contact with the government. In describing the role he said: ‘The review would be focussed on BT by definition. My role would be informed by my generic experience in understanding the threat to organisations garnered over my full career and my understanding of vulnerability and security reviews in government, and how to craft these effectively for impact at Board level.’ He said he expected this role to last for three months.
4.2 Dealings in office
Mr Fortescue said that as part of his outreach to security functions in industry he met BT’s Chief Security Office, Kevin Brown, and his top team with other officials (his senior management team in government security) once in 2020. This was described as an exchange of views six months into the pandemic. He also invited Kevin to speak at the Government Security conference in the autumn of 2020.
Mr Fortescue confirmed his role in government had no direct crossover with BT or this role. He said he has no role in regulation or work specific to BT. He also confirmed he had no involvement in commercial or contracting decisions.
He provided some general context around his time as Chief Security Officer:
‘Government Security sounds highly sensitive. In fact, the vast majority of our work is not. Government security is focussed on protecting government, and the challenges in that and the mitigations are familiar to security practitioners across all other sectors, across the globe. There is nothing special, or uniquely sensitive about Government Security, other than its prominence when things go wrong. In particular, Government Security is NOT national security, as practiced by the National Security Secretariat – which looks at threats to the UK from terrorists or hostile states, and is heavily involved with the intelligence and defence world and their capabilities, and constitutes some of the most sensitive work conducted by HMG.’
‘Unlike the big policy departments in HMG, Government Security does not develop sensitive, let alone market or commercially sensitive policies or strategies (unlike HMT, DfT, etc). Nor does it have a regulatory role. Like the other Functions, the Security Standard is published on gov.uk. Our new Government Cyber Security Strategy will be published in early January, after the publication of the National Cyber Security Strategy. Many of our other broader policies are also publicly available on gov.uk. None of this is sensitive and because one of the ambitions, backed by Ministers, is that Government Security, our policies and practices, should become an exemplar for other sectors in the UK, we give them prominence.’
‘There is nothing sensitive, for the most part, about Government Security capabilities either. Government overwhelmingly uses commercial tools from the big security providers. We deploy one bespoke platform for more sensitive material, but the fact of this has long been in the public domain. The providers are from the private sector.’
He noted there may be some limited information he would have had access to in relation to general security threats. However, he also noted the government’s work to publicly attribute cyber attacks to those responsible, referring to the example of the SolarWinds attacks earlier this year. He said any access he did have to sensitive information was subject to the Official Secrets Act. Mr Fortescue noted he had held the highest level of security clearance for 31 years and said he recognised his ‘…..life-long obligations under the OSA, of course, and have made the necessary undertakings to [his]parent department. [He] spent a career using what [he] know[s] with different audiences in different ways, carefully adhering to protective caveats….’
4.3 Departmental assessment
The Cabinet Office confirmed the details provided by Mr Fortescue. It also provided further information:
-
The government security function seeks to build the capacity and capabilities of security professionals across UK government departments, covering physical, human and information security.
-
As Director General of the Government Security Group within the Cabinet Office, he was also responsible for the oversight, coordination and delivery of protective security within all central government departments, their agencies and arm’s-length bodies; and the Government Security Profession, bringing together security professionals from across government in supporting them gain skills and knowledge to fulfil their roles.
-
The role was primarily focused on building capability and capacity as opposed to developing policy or regulatory in nature, and the protective security knowledge and information is shared widely across sectors.
-
The Cabinet Office said that Mr Fortescue notionally oversaw contracting within his team as the responsible DG but that he was far enough removed from them for the Permanent Secretary to be confident that this would not present a conflict of interest in these applications.
-
There was only one contract with BT Global Services for a piece of technical support for the delivery of Rosa (the secure IT network) in June 2019 and had a total value of just under £8k. The Cabinet Office did not consider this to be a risk: ‘Given the very small value of this contract and the technical service provision for which it was established, and further that Dominic would have had no involvement in this contract, the Department considers that there is no real or perceived conflict of interest here.’
-
All sensitive national security and other information that Mr Fortescue had access to/ knowledge of will be protected under the terms of the OSA and his ongoing duty of confidentiality means he is obligated to ‘to ensure that all information surrounding Government business, whether secret or not, is protected and kept confidential following departure from the department….’
-
‘Protective security knowledge and information, particularly in relation to techniques, are no different to those used by industry and in fact we share and draw on much knowledge and information gleaned from industry partners and wider sectors.’
-
‘Techniques and understanding of protective security move fast and much innovation and development in this space is available from open sources.’
The department confirmed Mr Fortescue did not have access to information that could provide an unfair advantage. It said whilst it ‘…would acknowledge there is a risk that his seniority and role within government could be perceived to unfair assist organisations in influencing government’, that he had already observed a three month wait and that it was recommend he be subject to the conditions which prevent lobbying and use of privileged information be applied.
-
Which apply by virtue of the Civil Service Management Code, The Code of Conduct for Special Advisers, The Queen’s Regulations and the Diplomatic Service Code ↩
-
This application for advice was considered by Jonathan Baume; Andrew Cumpsty; Sarah de Gay; Isabel Doverty; The Rt Hon Lord Pickles; Richard Thomas; Mike Weir; Lord Larry Whitty. Dr Susan Liautaud was unavailable. ↩