Homeland Security Watch

News and analysis of critical issues in homeland security

December 3, 2007

Concept of Risk Deserves Greater Focus

Filed under: Risk Assessment,Strategy — by Jonah Czerwinski on December 3, 2007

Homeland Security Secretary Chertoff delivered a speech before the Institute of European Affairs in Dublin last Thursday and hit the usual high notes of transatlantic cooperation, which continues to strengthen below the radar of our politically charged policy environment on this side of the Pond.

How the Secretary portrayed that progress was with a lingua franca unfamiliar to the State Department diplomats. For example, he cited three principles on which he believes Americans and Europeans agree.

First, nations “must be willing not only to operate within their own borders and ports of entry, but beyond them as well.” He probably doesn’t mean that the way it sounds. Translation: find effective ways to cooperate with other nations to pursue shared interests in countering terrorism that crosses national boundaries.

Second, complete safety is out of reach and “the best alternative is a strategy that is governed by risk management.” While it may seem unremarkable by now, that concept will likely leave observers wondering what exactly the U.S. means by it.

Third, security can only be pursued effectively if in partnership with other nations. Put Chertoff on the National Security Council, please. It’s another unremarkable concept, but one that needs to be stated repeatedly.

So risk is inevitable and we should “manage” it. The closest this country has gotten to defining risk at the strategic level is in the context of debating where to apply federal funds, such as UASI grants.  Unfortunately, for all the work DHS and its component agencies have put toward defining risk over the years – since long before 9/11 – the latest Homeland Security Strategy barely addresses the idea.

The National Strategy gets only so close:

“the [National Preparedness Guidelines] constitutes a capabilities-based preparedness process for making informed decisions about managing homeland risk and prioritizing homeland security investments across disciplines, jurisdictions, regions, and levels of government, helping us to answer how prepared we are, how prepared we need to be, and how we prioritize efforts to close the gap.”

That’s what we should get if we manage risk, but what is the nature of risk in a post 9/11 strategic context? Later in the Strategy is a longer paragraph representing the only other description of risk:

“The assessment and management of risk underlies the full spectrum of our homeland security activities, including decisions about when, where, and how to invest in resources that eliminate, control, or mitigate risks. In the face of multiple and diverse catastrophic possibilities, we accept that risk – a function of threats, vulnerabilities, and consequences – is a permanent condition. We must apply a risk-based framework across all homeland security efforts in order to identify and assess potential hazards (including their downstream effects), determine what levels of relative risk are acceptable, and prioritize and allocate resources among all homeland security partners, both public and private, to prevent, protect against, and respond to and recover from all manner of incidents. A disciplined approach to managing risk will help to achieve overall effectiveness and efficiency in securing the Homeland. In order to develop this discipline, we as a Nation must organize and help mature the profession of risk management by adopting common risk analysis principles and standards, as well as a professional lexicon.”

Over 150 words and it still seems as though we’re talking around the concept without really saying what risk is apart from “a function of threats, vulnerabilities, and consequences.” That’s the same way we described risk on September 10, 2001. What we need is a straight forward explanation of risk in the 21st century. Sure its terrorism, but it is also much more if we consider that terrorist targets include almost anything in the civilian and commercial realm.  Risk is therefore a function of how interconnected today’s world has become.  A danger in this hemisphere ripples around the world depending on numerous factors beyond just threats, vulnerabilities, and consequences.

With little else to go on, our allies overseas listening to Secretary Chertoff last week could be forgiven if they walked away from his speech wondering just what it means to choose “a strategy that is governed by risk management.”

The new IBM white paper we wrote and I blogged about earlier offers the following:
“Risk today is characterized by the rise of the individual as well as the rise of small groups as strategic threats and the speed and unpredictability with which the harmful effects of disruptions in one part of the world can spread to other companies, sectors and countries.”

The National Homeland Security Strategy makes a sound point when in another slight reference to risk, it suggests that “companies that minimize risk will be rewarded by the market.” You might say that this maxim applies to the government, too.

While the National Strategy may have prompted more questions than it answered, there is another opportunity for us to get this knotty issue of risk nailed down so that we can plan against it and make wiser investments in both the public and private sector. Recall that Congress mandated that DHS issue a Quadrennial Homeland Security Review along the lines of the Pentagon’s Quadrennial Defense Review. This repesents a valuable opportunity for DHS to take this head on. No better document – at this point, anyway – than the first QHSR to put forth a workable concept of risk.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by Claire B. Rubin

December 3, 2007 @ 2:32 pm

For those interested in some additional background on this topic see: “Toward a National Hazards Risk Assessment” by Patrick Roberts in the current issue of
the Journal of Homeland Security and Emergency Management (www.bepress.com/jhsem).

Comment by Dale A. Rose

December 4, 2007 @ 11:19 pm

One might also begin to think of risk as a concept that constitutes and is constituted by specific practices (e.g., risk assessments based on calculable probabilities), in the service of certain aims (e.g., efficient resource allocation). If threats cannot be characterized utilizing standard models of calculability, it follows that new models, new techniques, and new practices are (or should be) innovated.

My sense is DHS has been engaged in a balancing act between more “traditional” forms of risk assessment and newer ones, which rely not on known/calculable elements and probabilities, but on *unknown* futures. If future events or probabilities cannot per se be calculated, the focus must go on what can be empirically observed… such as vulnerabilities and capabilities. The interesting empirical question, for me anyway, is how do these two forms of knowing danger mesh? How do they overlap? Where are they congruent, and where do they diverge? What are the demands placed on citizens and governments in “knowing” that certain dangerous things will (probably) happen, or not, versus knowing that *if* they do, the result is catastrophe? As it turns out, there is a growing literature tackling these and related kinds of questions having to do with risk, ranging from Congressional Research Service and GAO reports all the way through pretty hardcore academic journals.

Some of the scholars and analysts at Vital Systems Security have pursued researches in the area of risk and disaster, and have traced some of the ways in which concepts like “vulnerability” have been introduced not only into professional vocabularies – but more important how the concept itself has been a centerpiece for “rationalities” (paradigms) such as Preparedness. Anyone so inclined should have a look at what we’re doing. It’s a tad more on the academic, as opposed to applied side of things – so heads up. Go to: http://www.anthropos-lab.net/vss and apologies in advance for the shameless plug.

BTW: Nice post, Jonah, keep it up.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>