Last Thursday I posted a bit on Cynefin. Developed by David Snowden and others, the Cynefin Framework can be a helpful tool for engaging reality’s varied flows, especially the flows — sometimes floods —  from known to knowable to complex to chaotic and betwixt and between.

Cynefin is both a strategic and an operational tool. Depending on one’s strategic perception it calls for adjusting how reality is engaged. For example, dealing with what is known is a matter of sensing, then categorizing, and responding appropriately. We choose a response to match our understanding of what is happening, our prior experience with what is happening, and how we have previously dealt with this category of event.

In contrast, a complex context presents a novel environment that needs to be probed in order to sense what is happening and then we respond to that understanding… often an incremental understanding that comes from multiple probes (some helpful and some not). Snowden argues that chaos does not allow for investigatory probes, but requires full-fledged actions and adaptation as we move with reality’s cascade.

In a comment to last week’s post John Plodinec suggested that Cynefin reminds him a bit of the OODA (Observe, Orient, Decide, Act) framework developed by John Boyd.  I agree.  The two frameworks are especially helpful when applied together.

I use Cynefin to understand the context in which I find myself.  I use OODA to better understand myself.  Simultaneous application helps me adjust effectively to unfolding reality.

The principal impediment to recognizing a shift from a complicated context into complexity or from complexity into chaos is my own orientation, my own readiness and (un)willingness to recognize reality.

By clicking on the illustration a larger version will appear in a new window

My orientation has significant influence on my observation.  Instead of seeing unfolding circumstances I often “see” a prior circumstance.  Instead of receiving outside information, I may depend on inside information (often inside my own mind).  Instead of interacting directly with the environment, I interact with data-feeds, indirect reports, and other representations of reality rather than reality-itself.

Not surprisingly given this warped view of reality my decisions (conscious or usually not)  can produce actions wildly mis-matched to reality.  In mistaking a complex context for a merely complicated context, my decisions and actions amplify the complexity.  By mistaking a chaotic situation for a complex situation I undertake tentative decisions and actions that merely delay the bolder steps that are the best bet for stabilization.

Snowden warns that mistaking chaos for a known — and controllable — situation is often the precursor to catastrophe.  This is an error to which experienced experts are, paradoxically, especially susceptible.

The Orientation element of the OODA framework (inside the blue in the illustration) consists of what Boyd suggests are five anchors… predispositions… core capabilities…

• Genetic Heritage:  We see, hear, smell, taste,  feel and think within the limits of our species.
• Previous Experiences:  We tend to expect what we have previously experienced.
• Cultural Traditions:  We tend to process new experiences with concepts derived from our social experience.
• Analysis and Synthesis: Boyd especially emphasized the speed with which we can analyze and synthesize, greater speed providing greater potential advantage.
• New Information:  Our receptiveness to novelty can profoundly affect every other aspect of orientation.

The more open I am to new information, the quicker I am to analyze/synthesize new information, and the less constricted I am by genetics, culture, and prior experience the more resilient I am likely to be in dealing with complexity and chaos.

Another way of saying the same thing:  My resilience is advanced when I can take thoughtful action even when seriously doubting my own judgment.  The more complex and chaotic the context, the more self-doubt is productively adaptive… as long as I take action, monitor outcomes, and adjust as best I can.   Will this work for a group?  For a community?  For a region?  For a nation?

Can a society increasingly organized around specializations affirmatively embrace self-doubt?  We usually speak of self-doubt as a problem.  Yet Jim Collins found that Level 5 Leaders “build enduring greatness through a paradoxical blend of personal humility and professional will.”  What is humility, but self-doubt courageously deployed?

–+–

I constantly stumble over pronouncing cynefin (it’s Welsh and sounds something like “kuh-ne-vin”.  Whenever I ask someone if they know about OODA they seem to think I’m asking about a breakfast cereal.   So I’m going to start writing and talking about “The Snoodan Frameworks” (Say Snowden with a kind of Scottish brogue or Scandinavian sing-song.)

We’re about one-third or so through a series on catastrophe, resilience, and civil liberties that started with a post on May 18. The series will continue next Thursday or Friday.

In the movie Apollo 13 — recounting the nearly deadly 1970 moon mission —  the heroic NASA mission director says, “Failure is not an option.”

The real hero — Gene Kranz — never said this.   It’s a scriptwriter’s creation.   After the movie’s success, Mr. Kranz did use the phrase as the title of his memoir.

Failure is always an option.  We recently received several reminders of this reality:

The final report on Air France Flight 447 found that “the crew was in a state of near-total loss of control” because of inconsistent data reports.

A  Japanese parliamentary commission found the Fukushima nuclear emergency was a “profoundly man-made disaster.” (See a good summary from the BBC.)

Last week from Columbus, Ohio to Charleston, West Virginia to Washington DC the best laid plans of intelligent people and competent organizations unraveled before an unexpected strong storm.

There was failure.   There was passivity, fear, denial, selfishness and greed.

At Fukushima and in response to the derecho there was also creativity, courage, patience,  generosity, self-sacrifice and resilience.  We don’t know enough about what happened over the South Atlantic to be sure, but I expect even in those horrific 3 minutes, 30 seconds the full range of humanity could be found.

Across all these situations there was uncertainty.   Some uncertainty is innate to nearly every context.  But we are increasingly adept at self-creating even more.

Responding to the Air France Final Report, William Voss, President of the Flight Safety Foundation, told The Guardian, “Pilots a generation ago would have… understood what was going on, but [the AF447 pilots] were so conditioned to rely on the automation that they were unable to do this,” he said. “This is a problem not just limited to Air France or Airbus, it’s a problem we’re seeing around the world because pilots are being conditioned to treat automated processed data as truth, and not compare it with the raw information that lies underneath.”

It’s a problem well-beyond commercial aviation.  We organize much of our lives around the assumption that automated processes will persist and critical information will be available.  We expect to be warned of a threat, about the location and condition of our family and friends,  and about when a crisis will be over.  We expect to be able to access our credit and cash accounts. We expect to be able to travel from here to there to purchase what we need and reunite with those we love.   If necessary, we expect to be able to call 911 and quickly get professional help.  Over the last two or three generations everyday life has — increasingly — demonstrated these are reasonable expectations.

We are habituated to success.

But like the Air France pilots, when our information habit is not being fed our response can be self-destructive.   In the absence of information we tend to continue as usual or focus on restoring access to information. Both behaviors can significantly increase our risk by ignoring rapidly changing conditions and/or delaying thoughtful engagement with changed conditions.

The Apollo 13 Review Board found the accident, “…resulted from an unusual combination of mistakes, coupled with a somewhat deficient and unforgiving design.”

The deficient and unforgiving design that many of us — private citizens as well as public safety agencies — have adopted is dependence on just-in-time information.

My twenty-something children  seldom pre-plan in any significant way. They expect cell phones, text messaging, Facebook, and email to allow them to seize the best opportunities that unfold.   It works and I envy them.  Except when it does not work.  Except when these digital networks fail.

Much of our consumer culture is built around the same approach. We have become an economy, a society optimized for just-in-time. It can be a beautiful dance of  wonderful possibilities emerging in a moment and rapidly synchronized across time and space.  Until the music stops.

In the three examples above (not all catastrophic) there is a shared over-confidence in the fail-safe capabilities of protective design and effective communications.   In each of these cases the design bias increased risk exposure, communications was confusing or worse,  and both the design and the communications protocols complicated effective human response once risk was experienced.

There are several contending definitions of resilience.  Something that all the definitions I have encountered share is an expectation of failure.  Resilience is in many cases the learned-response to failure.  If it doesn’t kill you, you can learn from it.   The good news — and the bad news — is that catastrophes are sufficiently rare that we don’t get many opportunities to learn about catastrophic resilience.  What is a “forgiving design” for encountering catastrophe?

In April 2010 Jim Lovell, the commander of Apollo 13, called the mission a “successful failure.” Lovell explained that while Apollo 13 never reached the moon, there was  ”a great success in the ability of people to take an almost certain catastrophe and turn it into a successful recovery.”

Envision a complete blackout of telecommunications (voice and data) across a region, say, extending from the mouth of the Susquehanna River south to the Potomac River and from about the Bull Run Mountains in the West to the Chesapeake Bay in the East.  This encompasses roughly 5 million residents.

Such a blackout for any sustained period  is an “an almost certain catastrophe”.   Can we envision how to “turn it into a successful recovery?”  What could be done?  What should be done?  What does the mental exercise (more?) tell us about our dependencies, our operational options, mitigation opportunities, and creativity?

I know, I know… such an event is wildly unlikely… nearly unimaginable.  Just about as silly as a bad thermostat undoing a mission to the moon.

–+–

This is part of a series examining potential relationships between catastrophe, resilience, and civil liberties.  We have spent the last several Friday’s looking mostly at catastrophe.  With this post we are pivoting toward resilience.   There have been a couple of great conversations.   Please contribute to the conversation by selecting the comment function immediately below.

Derecho forming in Midwest and barreling to the Mid-Atlantic

The implications of last week’s derecho are a matter of some debate. Please contribute to the debate through the comment function at the close of this post.

TIME: Friday. June 29, 2012.  Minimal notice.  Emerged in Southern Great Lakes during  mid-afternoon, hit National Capital Region between 10:30PM to 11:30PM.  (By statute the National Capital Region consists of the District of Columbia, 2 Maryland counties, 4 Virginia counties, and the City of Alexandria.)

SPACE: 650 miles deep (Northern Indiana to Atlantic seaboard), 270 miles wide (roughly Norfolk VA to Philadelphia PA).

CHARACTERISTICS: Fast-moving, averaging 60 miles per hour.  Hard hitting with sustained winds ranging between 60 to 90 miles-per-hour, very strong downbursts (and even stronger microbursts, producing tornado-like outcomes), widespread lightning strikes, and hail.  Wind-gusts of over 80 miles per hour were reported along an arc extending from Baltimore (MD) in the north to Richmond (VA) in the south.

Derecho’s are difficult to predict.  Most meteorologists are surprised the June 29 squall line survived its transit of the Appalachians.   Descending toward the coastal plain the derecho was quickly strengthened by the hot, humid atmospheric instability spawned by a record-breaking hot day.  The June 29 temperature in Washington DC had reached 104 degrees.

Again and again the June 29 derecho has been described as a “no-notice hurricane.”

FREQUENCY: Uncommon.  Usually less than one per year anywhere in North America.  Typically no more than one every four years in the mid-Atlantic.

CONSEQUENCES: Twenty-six deaths,  over 5 million without electricity for up to one week, widespread telecommunications outages (including 911 system failures), water quality concerns in West Virginia, suburban Maryland and other locations, transportation system stress due to reduced fuel pumping capabilities, traffic signal failures, and increased traffic, as a result of both the storm and Independence Day holiday.  Economic impact — from both physical destruction and loss-of-trade — not yet calculable.

ANALYSIS: Following is a Washington Post editorial that was written about 72 hours after the event.  It is, I suppose, a kind of consensus analysis.  I am concerned this consensus gives insufficient attention to several strategic realities.  The Post editorial board’s original analysis is in italics.  My counter-argument is indented non-italic.

Powerful storm exposes lack of disaster preparedness

The aftermath of the Derecho storm that exploded across the upper midwest to mid-Atlantic on Friday has exposed a series of cascading dependencies.  None of these dependencies are surprising.  But the scope and scale of the event offers a very public case-study for what is usually obscured in the rapid response to smaller events.

I will focus mostly on the National Capital Region, because that’s where I experienced the event.

Friday’s record-breaking heat in the Washington DC area reached 104 degrees. An unexpected late afternoon meeting kept me in the capital until rush-hour.  The air-conditioning in my car failed.  I bailed off I-395 and got a hotel room.  I was given a room on the top — eleventh — floor.  The room’s AC was struggling.  No doubt the roof-top temperature was much higher than 104.

At about 10:45 I was awakened by a high pitched squeal.   My room faced West-Southwest.  Straightline winds — estimated at 60 to 90 miles-per-hour — were pushing against the window and whistling through its frame.

A tall wall of lighting filled the far Western horizon.  It rolled toward me, swamping the glittering urban landscape.  As the strobe dance of lightening  approached, it was as if a black wave covered the ground.   A mile away a blazing bright tower suddenly disappeared.  I was next.  No lights. No air air conditioning.  No way to open the windows.

Roughly 1.3 million people in the National Capital Region lost power on Friday night.  On Sunday morning the Washington Post’s lead story reports, “As the region suffered through a second day of 100-degree-plus heat, power companies said it could take up to a week before everyone has electricity again.”

Because of the loss of power, the Washington Suburban Sanitary Commission, serving much of the Maryland suburbs, was unable to refill its water system over-night.  With another record-breaking hot day on Saturday, there was the threat of the system being sufficiently drained to lose system integrity.  Mandatory water restrictions were put in place.  (Once a water system experiences negative-pressure it can take weeks to clean and recover system integrity.)  Other water utilities were also calling for reduced usage and issuing boil orders.

Because of the loss of power, many service stations were unable to pump gas.  My wife was unable to fill up in Charlottesville (VA), found an open station in the Shenandoah Valley, needed gas again in Charleston (WV) and after passing closed station after closed station, sat in a line for nearly an hour with her gauge on E.  The station was only taking cash because their credit-card verification connection was offline.

When my wife called me  she was about to leave the gas line, frustrated and angry with all the “cheaters.”  I was able to tell her the utility map showed severe outages extending West to Huntington and into Kentucky.  Later she called to confirm she would have been stranded if she had not gotten gas when she did.  She also reported periodic traffic congestion much greater (and weirder) than the typical start of the Independence Day weekend.  Her speculation was that a lot of people were out looking for functioning grocery stores, gas stations, and such.

I returned to our Blue Ridge mountain-top very early Saturday morning and while I am, obviously, online and was able to use my smartphone at the height of the storm, there are increasing reports of communications problems.  According to the Washington Post:

Cellular and Internet services were down after Friday night’s storm (http://wapo.st/KSPWn8 ), as reports of slow or intermittent service came in from Virginia, Maryland and the District. A Verizon representative confirmed that there had been “voice outage and no signal” in parts of Virginia, including Herndon, Manassas and Woodbridge. In a statement, Verizon said that as commercial power was being restored, some services would come back and that they were working to fix service.

AT&T is also reporting outages, including to some land-line phones. Several 911 centers  were blacked out or had functional problems as a result of electrical failures.  Even redundant systems, with emergency power back-ups, in some cases failed.  There has not yet been time to determine the full cause.

This was a high-impact event doing direct damage to a variety of infrastructures.  The scale of destruction and disruption was considerable.  The geographic scope of the event was much greater than typical.  This scope-and-scale is straining recovery capabilities.   Electric utilities are, for example, needing to call on mutual aid from much farther away than usual.

We all know, but do not always acknowledge, our dependence on the grid, on the water system, on the fuel distribution network, on the credit-and-debit card verification system, et cetera, et cetera.  Events like this force us to recognize our reality. Will this event encourage more attention to systemic mitigation?  Probably not in a sustainable or systematic way.

Even with the death, destruction, and discomfort this is far from a catastrophe.

But… on Sunday morning the Weather.com forecast is headlined: Hot, Humid and Hellish.  Clearly public safety agencies and the population have been proactive in minimizing day-after effects.  How about three days after… five days after?   What if the response-and-recovery period is punctuated by another hard hit?

Speaking Saturday to news media at the Virginia Emergency Operations Center, Governor Bob McDonnell said, “This is a very dangerous situation… It will take several days to restore all power, so Virginians should plan accordingly. This is not a one-day situation; it is a multiday challenge.”  The same could be said for a wide region extending back to the Great Lakes.

A potential catastrophe unfolds over time and space, cascading across an ever-expanding landscape, exposing and uncoupling dependencies as it goes.  The potential for catastrophe increases as the cascades recur in the same space with increasing frequency.   So far this is just another tough time that we will, probably, treat as a rare event rather than a leading indicator.

MONDAY MORNING UPDATE:

More than 600,000 electric utility customers in the National Capital Region continue without power.  Some of the utilities in the mid-Atlantic do not expect to achieve the 90 percent restoration benchmark before Friday.

The same storm that hit the DC metro area pummeled Ohio with even more force.  Initially 1 million Ohioans were without power, as of Monday morning 200,000 remain in the dark.  In West Virginia 500,000 remain power-less and the Governor ordered non-essential state workers to stay home today.

Public transit in the National Capital Region is mostly operating at full capacity.

The Federal government and most private employers will open for business-as-usual in Washington.

The weather forecast for the Washington DC area is for a high of 95 degrees.  Similar highs are predicted for the remainder of the week.

The following is excerpted from the Sunday Charleston (WV) Gazette-Mail:

The storm, which swept from the Great Lakes to the Chesapeake Bay, devastated parts of Ohio, Maryland, New Jersey, Virginia and the District of Columbia. But West Virginia took the biggest hit, according to FirstEnergy.

“It affected it fairly catastrophically,” company spokesman Todd Meyers said Sunday.

“Parkersburg took the brunt of the storm, with 90-plus mile-per-hour winds.”

Forecasters on Friday predicted a number of storm cells, but no one expected a continuous line stretching from the Northern Panhandle to south of Huntington, Meyers said. “It blew across the entire state.

“In Ellenboro, a 500-kilovolt transmission line — it crunched three towers. That’s part of the interstate transmission grid, and it’s out.” Repair crews were at the scene Sunday, he said.

“They’ll build temporary structures and get that line back up by midweek, hopefully. Then in the fall, when you have less load, that’s when you’ll go back in and do permanent repairs.

“Our problem, why so many customers are out, this one damaged over 50 large transmission lines and 70 substations.”

Other details on this region-wide no-notice (little notice) event from The Baltimore Sun and the Richmond Times-Dispatch.

Earlier today the President signed a Major Disaster Declaration for El Paso and Larimer counties in Colorado.

During his afternoon visit (seen above) to the fire ravaged western edge of Colorado Springs, the President remarked:

In the meantime, some lessons are being learned about how we can mitigate some of these fires in the future, and I know that the Mayor and Governor, and other local officials are already in those conversations.  It means that hopefully, out of this tragedy, some long-term planning occurs, and it may be that we can curb some of the damage that happens the next time, even though you obviously can’t fully control fires that are starting up in these mountains.

Some of these mitigation lessons had already been “learned” but not applied.  This is a recurring issue in risk-readiness.  We know more than we choose to recognize or implement.  A few examples of extant lessons:

Development at the wildland–urban interface and the mitigation of forest-fire risk (Proceedings of the National Academy of Sciences) 2007

Specific to Colorado Springs:

Wildfire Risk and the Housing Market (2007)  Fascinating findings.  The Firewise website mentioned in the study is available at http://csfd.springsgov.com/ Basically, the Colorado Springs Fire Department provides parcel-by-parcel risk ratings for all houses in the wildland urban interface through a website.  One finding:

… some home buyers prefer a densely wooded lot or a house on a ridge. The results… suggest that pre-Web site, these positive amenity values outweighed the negative effect of wildfire risk on housing price… However post-Web site, the coefficients on the overall risk rating variables were no longer significant. This result suggests that post Web site, the positive amenity effects were offset by the increased wildfire risk associated with such parcels.

For even more please see a whole collection of prior findings from the USDA Pacific Northwest Research Station.

Lots of implications for recovery planning, future mitigation, and risk-awareness.

The book that received the most positive reaction in a recent homeland security course was Thinking, Fast and Slow, by Daniel Kahneman.

Kahneman won a Nobel Prize in economics. He never took an economics course. He is one of the people who created behavioral economics.

Creating a new discipline is a very good way to avoid taking an economics course.

I think the book is overwritten. It’s more than 400 pages; 250 pages would probably have been enough.

But if you’ve received a Nobel Prize, your books can be as long as you want.

Here is a video (about an hour long) where Kahneman outlines the core ideas in his book.

The video gets going for real at about the 8 minute mark. (Modified Wadsworth Constant at work.)
————————————–

Here’s a question:

What is 2+2?

You probably have an immediate answer.

Here’s another question:

What is 17 times 36?

You probably do not have an immediate answer.

Kahneman posits two thinking styles. System 1 is quick, intuitive and emotional.

System 2 isn’t.

————————————–

What do you think about this image?

Or what about this headline and paragraph:

Climate-Change Deniers Are On The Ropes — But So Is The Planet

It’s been a tough few weeks for the forces of climate-change denial.

First came the giant billboard with Unabomber Ted Kacynzki’s face plastered across it: “I Still Believe in Global Warming. Do You?” Sponsored by the Heartland Institute, the nerve-center of climate-change denial, it was supposed to draw attention to the fact that “the most prominent advocates of global warming aren’t scientists. They are murderers, tyrants, and madmen.” Instead it drew attention to the fact that these guys had over-reached, and with predictable consequences.

According to Kahneman’s findings, if you like and trust the Heartland Institute, you are likely to accept the anecdotal story the billboard tells, more than any climate-alarmist propaganda or scientific evidence about climate change.

If you like and trust, ThinkProgress — the source of the On the Ropes tale — you like their anecdotes; maybe more than science.

If you don’t know anything about Heartland or ThinkProgress, you used some other System 1 shortcut to decide which story worked better for you.

————————————–

Stories are concrete, specific and immediate. They cut through the need for all that heavy thinking stuff.

Stories appeal to System 1.

System 2 is slower, deliberative and a more logical way of thinking. It’s also a more difficult style to use.

It takes work.

Have you calculated 17 times 36 yet?

Nope; probably not worth the effort.

That’s System 2 at work; or rather at avoiding work.
————————————–

Here’s another question:

A bat and a ball together cost $1.10. The bat cost one dollar more than the ball. How much does the ball cost?

System 1 says the ball cost ten cents.

Next question?

System 2, when it gets around to it, — and in some tests, 80% of the time it doesn’t get around to it — System 2 will let you know ten cents is the wrong answer.

(If your System 2 gets off the couch, you’ll see why ten cents is not the correct answer.)

People are more afraid of dying in a terrorist attack than they are afraid of dying.

But the chances of dying are greater than the chances of dying in a terrorist attack. Why does the less likely path to death have a more greater emotional impact?

System 1 again.

People are more likely to believe the following statement is true:

“Woes unite foes”

than they are to believe this statement is true:

“Woes unite enemies”

Why do people tend “to see the rhyming [aphorisms] as more accurate than the non-rhyming ones”?

Even if both sayings mean the same thing.

System 1 likes rhymes.
————————————–

What does this have to do with homeland security?

The April 2012 issue of Risk Analysis (“An Official Publication of the Society for Risk Analysis”) is filled with examples illustrating the significance of risk perception and communication.

The issue is titled “Risk Perception Behavior: Anticipating and Responding to Crisis.”

Take a look at the table of contents.

Or look at this report about one of the articles: [my emphasis]

A dirty bomb attack centered on downtown Los Angeles’ financial district could severely impact the region’s economy to the tune of nearly $16 billion, fueled primarily by psychological effects that could persist for a decade….

“We decided to study a terrorist attack on Los Angeles not to scare people, but to alert policymakers just how large the impact of the public’s reaction might be,” said study co-author William Burns, a research scientist at Decision Research in Eugene, Ore. “This underscores the importance of risk communication before and after a major disaster to reduce economic losses.”….

“The economic effects of the public’s change in behavior are 15 times more costly than the immediate damage in the wake of a disaster.”

“These findings illustrate that because the costs of modern disasters are so large, even small changes in public perception and behaviors may significantly affect the economic impact….”

Or look at these slides that report on a recent experiment about “Inoculation as a Strategy for Achieving Assertive Risk Communication.” [Please keep in mind the important caution that slides cannot substitute for the full study or being present at what I was told was a "fascinating" presentation by world class scholars.]

Assertive risk communication means “actively and continuously anticipating and preempting counter-arguments” that might be generated by someone else’s System 1 response to, say, a catastrophic incident in the United States.

“Inoculating messages foster resistance to counterarguments,” says one of the slides.

“Inoculation messages move individuals in the desired direction—initially enhancing confidence.
Inoculation messages enhance resistance to counter-arguments in high-risk circumstances.
Using inoculation messages fortify what is known about best practices for risk and crisis communication.” reports another slide.

So, what does that mean in practice?

Assume “a commercial airliner carrying 253 passengers from Los Angeles to New York exploded 70 minutes into flight leaving no survivors. Air traffic control lost radar contact with the plane and within minutes local officials in Nevada began receiving reports from witnesses who saw debris falling from the sky.”

Some people speculate it was terrorism. Others wait for evidence. No one is quite sure

What should the assertive risk communication message be to inoculate an uncertain nation against jumping to “inappropriate” System 1 conclusions? Or if people are going to jump to System 1 anyway, what kind of counter-perception could be seeded?

One message is:

The Department of Homeland Security said it had “no specific, credible information regarding an active terrorist plot against the U.S. at this time, although we continue to monitor efforts by al-Qa’ida and its affiliates to carry out terrorist attacks, both in the Homeland and abroad.”

Or how about this one:

“In addition to this event, DHS has detected and prevented numerous terrorist plots. All of these plots have been thwarted by a combination of intelligence work, policing, and citizen participation.”

————————————–

Right now, I’m wondering what your System 1 response is to either message and to the idea of inoculating people through assertive risk communication.

My System 2 reaction is I think people interested in homeland security will benefit from reading  Thinking, Fast and Slow.

Or at least listening to Kahneman talk about his ideas.

Normally I would welcome any reason to extol the virtues of brushing up on your nuclear and radiological-related preparedness planning. However, I strangely find myself wanting to push back on some nuclear-alarmism that I’ve come across lately from usually professional and restrained quarters.

To be clear before I begin: I believe nuclear terrorism has been and remains a real threat; that a dirty bomb is a question of when and not if; and that the two are entirely different animals that look similar in the same manner that one’s house cat may occasionally remind you of a lion in the wild…but not really.

The meme I suspect is emerging is that heightened tensions in the Middle East, in particular the increased threat of conflict with Iran over it’s nuclear program, is increasing the chances that the U.S. will either be the victim of a nuclear or radiological attack or that we may be involved in treating radiation-related casualties originating from hostilities in the Middle East. The mistaken perceptions involve current Iranian capabilities and the results of any possible attack on Iranian nuclear facilities, particularly by Israeli forces.

First capabilities: no evidence has been made public that Iran has enriched uranium beyond 20%.  While that gets them a lot closer to having the material for nuclear weapons (it is a strange fact, but enriching uranium up to 20% is more difficult than taking it from 20% to 90% and above, which is generally considered weapons grade; as Harvard’s Graham Allison has put it: “In effect, having uranium enriched at 20 percent takes Iran 90 yards along the football field to bomb-grade material.”), it does not give them a nuclear capability at this moment.  Barring work at a secret enrichment facility, this means that Iran does not have a nuclear weapon to use (whether directly or through allied terrorist groups) against any potential attacker.

Yes, this could change in the future through any number of potential scenarios.  Yes, there are serious concerns for U.S. national security if Iran was to become a nuclear state.  The most likely of these would not involve Iran directly attacking the U.S with a nuclear weapon.  Many others have sunk their teeth into this topic and debated various outcomes.

A dirty bomb could be a possibility, but in taking stock of that particular threat the pieces don’t point toward any special Iranian capability. Neither the low-enriched or high-enriched uranium that Iran is producing, or any of the stages of pre-enriched material, would make particularly effective dirty bomb material.  Uranium is not highly radioactive, in fact one can handle highly enriched uranium with nothing more than a simple gloved hand. In other words, the Iranian nuclear program does not add to their capability to carry out or assist others in carrying out a dirty bomb attack.

An Israeli or U.S. attack on Iran’s nuclear facilities could potentially embolden, radicalize, or otherwise incentivize terrorists to carry out a dirty bomb attack.  One can imagine a desire to carry out some sort of event involving radiation in retaliation.  Yet the particulars of Iran’s nuclear program do not affect the odds of this occurring, nor would the products be particularly helpful.

If homeland security officials at all levels want to prevent a dirty bomb attack, in addition to planning and exercising to respond and recover from any such incident (deterrence through denial of goals), they can take stock of the radioactive sources in their own jurisdictions and connect with the owners and licensees about security and safety. Every big city has potential dirty bomb ingredients without the necessity of terrorists attempting to smuggle in Iranian radioactive sources.

The second layer of concern seems to center on the possibility that hostilities between Iran and Israel, and maybe the U.S., would involve populations being exposed to high levels of radioactivity.  However, at this point in Iran’s nuclear development that is also unlikely.

Despite the bluster out of some corners, Israel is not going to use nuclear weapons it does not officially acknowledge having to destroy a nascent nuclear capability the goal of which is contested by various world powers.  Nuclear weapons are political weapons that are best used to deter nuclear attack and invasion.  It is often pointed out that a reason Iran might want to either develop a breakout capability or the weapons themselves is that they witnessed what happened to Iraq and Libya and what has not happened to North Korea.

An Israeli nuclear strike on Iran without direct nuclear provocation would likely result in their achieving North Korean-like pariah status.  Instead, if they decided it was in their national security interest to strike the Iranian nuclear program it would involve conventional weapons.  These bombs may cause dispersion of nuclear material, but as I mentioned before the uranium involved would not be highly radioactive and the effects would be more toxic and less radioactive.

Would there be detectable raised levels of radiation in the surrounding areas  following such an attack?  Likely. Are we talking about an Iranian Fukushima?  Probably not.

Israel could decide to bomb the nuclear reactor at Bushehr, but this would do little to stop any weapons program as light water power reactors are poorly suited for the production of plutonium for bombs and this particular one is under stringent IAEA safeguards.  In addition, it would earn the ire of potentially sympathetic Gulf nations who may bear the brunt of the radiation released.

Following any strike by Israel on its nuclear program, Iran is judged likely to attack Israel with missiles.  Whether launched from Iranian territory or by allied groups such as Hezbollah and Hamas, some of these weapons may be targeted at the Israeli nuclear reactor at Dimona.  It is possible that the reactor would sustain enough damage to release radiation, but these facilities are not soft nor large targets.  The relatively unsophisticated missiles involved would have to be lucky in both hitting the target and achieving enough damage to release any radiation.  Only in the worst case might there be a call to evacuate any casualties to the United States due to radiation injury.

So to end this already too long foray into predicting the results of events that may never occur, let me just reiterate:

• homeland security officials at all levels should worry about the security of radioactive sources within their jurisidcitions and make sure that they are prepared to respond and recover from any dirty bomb attack;
• yes Dorothy, a nuclear terrorist attack is possible, if not likely, and should be regarded as a national catastrophic event planned for on a regional basis including non-traditional partners (in FEMA-speak this is a MOM event requiring a WOC response);
• in the short-to-medium term, events regarding Iran’s nuclear program will not directly impact the risks of a radiological or nuclear attack upon the U.S.

Here is a 10 minute CNN interview with Senator Rand Paul, as he discusses his side of what happened at the Nashville airport on Monday.  Senator Paul says he was detained by TSA because he wanted to walk through the body imaging machine a second  time after the machine apparently showed he had something on his leg.  Senator Paul wanted to lift his pant leg and show there was nothing there.  TSA, apparently, insisted on patting down the United States Senator. Senator Paul declined and was not allowed to travel on that particular flight.

Here is a link to the Transportation Security Administration’s blog telling their side of the story.  One part of that post includes this explanation:

When a passenger or bag alarms in screening technology at a TSA checkpoint, the alarm has to be resolved before the passenger can enter the secure area past the checkpoint.  Passengers who refuse to complete the screening process can’t be granted access to the secure area. TSA notifies law enforcement when this happens, and law enforcement officers can escort them out of the checkpoint.  This isn’t done to punish the passenger– it’s done to ensure that every person who gets on a plane is screened appropriately.

The White House press secretary had this to say about Paul’s claim he was detained:

“Let’s just be clear… the passenger was not detained. The passenger triggered an alarm during routine airport screening, but refused to complete the screening process in order to resolve the issue. Passengers, as in this case, who refuse to comply with security procedures are denied access to the secure gate area. In this case, the passenger was escorted out of the screening area by local law enforcement. It’s my understanding he has now rebooked and passed through security without incident, and that has resolved itself.”

Senator Paul said: he certainly felt like he was detained.

“If you’re told you can’t leave, does that count as detention?” Paul asked. “I tried to leave the cubicle to speak to one of the TSA people and I was barked at: ‘Do not leave the cubicle!’ So, that, to me sounds like I’m being asked not to leave the cubicle. It sounds a little bit like I’m being detained.”

—————————-

I heard TSA Administrator Pistole a few weeks ago talking about wanting to move TSA away from looking for dangerous objects and toward looking for dangerous intent.

I think that is a worthwhile objective.

To implement that idea,  Pistole (and yes, it is pronounced “pistol”) noted in a speech last month, TSA has :

… begun implementing additional risk-based security measures at numerous airports [to] expedite the screening process for travelers we know and trust the most, and travelers who are willing to voluntarily share information with us before they travel.

This initiative includes easing access for the military:

U.S. service members are entrusted to protect citizens with their lives and as such, TSA is recognizing that these members pose very little risk to security.

—————————-
In the decade TSA has been in business, the agency’s employees have:

screened more than five billion passengers and detected thousands of firearms among countless prohibited items discovered and prevented those weapons from entering the cabin of an aircraft.

I have not seen or read evidence or anecdotes to suggest any – repeat – any of the TSA-screened passengers caught with prohibited items planned to commit a terrorist act.  And that includes Sergeant 1st Class Trey Scott Atwater, the man who reportedly brought C4 explosives with him in his carry on baggage last December.  (Earlier this month, Atwater was released on a 50,000 dollar unsecured bond.)

I do not have access to classified information. Maybe TSA has prevented  or displaced terrorist aviation-related attacks.  I want to grant the agency the benefit of the doubt here.  But I am willing to bet, say, $10,000 none of those possible attacks was perpetrated by a United States Senator.

—————————-

People can be — and are — stupid, criminal, sneaky and forgetful when it comes to bringing things onto an aircraft.  (I am not without sin here.)  But at what point do we start actually doing risk-informed, risk-based, risk-whatever decision making with passenger screening?

Unless TSA’s continuously evolving risk-based security model seeks to achieve zero risk, why does it take so long to develop discretionary policies “for travelers we know and trust the most,” for people who a reasonable person would consider not to be a risk?

During Monday’s Republican debate in Florida, Newt Gingrich used the phrase “huge institutional barriers against doing the right thing.”  Is that what’s going on here? Is it congress, the administration, TSA, the airline industry who intends to take another decade to get this worked out?  Who is calling the timing shots here? What is the delay?

I do not ask this to be snarky.  I’d really like to know why a nation-wide trusted flyer program cannot be put into place before the summer arrives.

I would be more than happy to make space available on this blog to help clarify why this is taking so long.

—————————-

Some flyers may experience a tinge of Schadenfreude at Senator Paul’s experience. But something is deeply wrong when TSA employees are not given — by law, or policy, or doctrine, or procedure, or whatever —  the discretion to treat a United States Senator with some common sense.

Senator Paul did not have “dangerous intent.”  He was not planning to bring the plane down.

If he wanted to destroy America he has access to a much more powerful device.

..

Map was developed by Spiegel Online. See a collection of BBC maps of Nigeria examining wealth, health, ethnicity, literacy, and known oil deposits.

People Committed to the Propagation of the Prophet’s Teachings and Jihad (Jama’atu Ahlis Sunna Lidda’awati Wal-Jihad), better known by its Hausa name Boko Haram, has claimed responsibility for another set of coordinated attacks in Northern Nigeria occurring late afternoon Friday.

According to Al-Jazeera:

A series of bombings and attacks claimed by the radical Islamist group Boko Haram has left at least 120 dead and many more injured in northern Nigeria’s largest city, witnesses and the Red Cross have said.

“Many agencies are involved in the evacuation of corpses from the streets,” a Nigerian Red Cross spokesman said on Saturday, under condition of anonymity because he was not authorised to speak publicly, following Friday night’s attacks.

“From our tally, we have 121 so far,” he said.

Other death tolls are higher. Maude Gwadabe, a journalist in Kano, told Al Jazeera by phone that he had seen at least 140 dead bodies.

Gwadabe said the disparity was due to confusion in the aftermath of Friday’s attacks and that victims had been taken to different hospitals, homes and treatment clinics.

“At least 140 people died. The Red Cross and Nigerian emergency services have collected the victims and brought them to one hospital [Murtala Central Hospital], and indeed, hospital officials say 140 people were killed,” Gwadabe said.

In a statement released on Friday, Boko Haram claimed responsibilty for the attacks and said the blasts were revenge for the recent arrests of its members in Kano.

(Note: The death toll reported by Al-Jazeera is much higher than that currently — 10:00AM Eastern — being reported by Reuters or AFP.  As I read reports originating in Nigeria my current assessment is that Al-Jazeera is closer to accurate. NEW: BBC is confirming at least 120 deaths. SUNDAY UPDATE: The Nation (Nigeria) newspaper is reporting 162 fatalities.  LATE SUNDAY: Reuters is reporting “at least 178 deaths.”)

On Thursday — between attacks on Wednesday and yesterday — an op-ed in the Vanguard, a leading Nigerian newspaper, argued:

Now let us take a critical look at the present scenario: Boko Haram is bombing almost everywhere in Nigeria: churches, United Nations Building, Police Headquarters, etc. Members of the sect are Muslims.

None of them is a Christian, and they make audacious statements which no sane individual should utter. Consider some of them: “Western Education is Sin”; “Christians should leave the North within three days else they will be eliminated”; “there will be no respite unless and until Nigeria becomes an Islamic state”, etc.

But as distasteful as the posture of the Boko Haram sect is, it seems not to have occurred to the Southern Christians that there is a grand agenda to extinguish the Southerners from the entity called Nigeria. It has not occurred to them that they should close ranks, forge a common front and fight the mother of all battles for their survival.

On Wednesday, according to the Anglican Church of Nigeria website, the Primate of Nigeria responded to a letter received from the Archbishop of Canterbury:

Primate Okoh stated that all hands are on deck, the National assembly is concerned, the president is having sleepless nights and the Church is already facing serious temptation even though the Church does not initiate hostility. The head of the Anglican Church said the intense attack of Boko Haram is really tempting the Christians whether to continue to maintain peace, always turning the other cheek ,or fight back to find their safety.

He therefore made a passionate appeal to leaders in the country who can reach out to Boko Haram to dissuade them from dastardly acts of killing innocent Christian’s souls, asking them to dialogue with government if they have any axe to grind with her and leave the Church alone.

He said the attempt to drag Nigerians into militancy is something Nigerians must resist.

Roughly 20 million Nigerians are in communion with the Anglican Church, out of a total population of approximately 140 million.   Most demographers indicate that 50 percent of Nigerians are Muslim, 48 percent are Christian.

As outlined previously, the emergence of — or widely-held perception of — an explicit inter-religious war in Nigeria would likely have significant ramifications well beyond Nigeria.

SUNDAY UPDATE:

According to AFP: Gunmen overnight raided a northern Nigerian town with a history of sectarian violence and killed at least nine people, a traditional leader said Sunday.

“We are going round the town checking. So far we have nine people dead and 12 wounded,” Bukata Zhyadi, a traditional ruler of the mainly Christian Sayawa ethnic group, told AFP.

He blamed the attack in Tafawa Balewa in Bauchi state on the Muslim Hausa-Fulani ethnic group.

He said the attackers hurled home-made hand grenades into houses while people were sleeping and shot at those trying to escape.

“Some were shot while trying to escape and some died as a result of the explosives,” he told AFP by phone.

Tafawa Balewa is located along the so-called middle belt between Nigeria’s mainly Muslim north and predominately Christian south.

BREAKING NEWS AS OF 6AM (EASTERN)

According to Reuters: Explosions struck two churches in the northern Nigerian city of Bauchi on Sunday, witnesses said, destroying one of them completely, although there were no immediate reports of casualties.

According to Vanguard: Two days after Boko Haram’s coordinated attack in Kano that left over 162 people dead, the radical Islamic sect is currently attacking Bauchi town and its environs. (See map above for location.)

According to reports, explosions were said to have rocked near IBB square, Jahun area and near a railway line in Bauchi township.

A  police station in Tafawa Balewa local government area and another military checkpoint was attacked at Marar Rabar Liman Katagun.   Vanguard cannot ascertain the number of casulties in the attacks.

PLEASE SEE COMMENTS FOR ADDITIONAL UPDATES AND RELATED INFORMATION

I feel somewhat uncomfortable defending the actions of a group that seemingly brings so much discomfort to so many, but a recent Vanity Fair article on airport security not only regurgitates the obvious and well known, but lacks little strategic point of view.  First, the well-known:

Not only has the actual threat from terror been exaggerated, they say, but the great bulk of the post-9/11 measures to contain it are little more than what Schneier mocks as “security theater”: actions that accomplish nothing but are designed to make the government look like it is on the job. In fact, the continuing expenditure on security may actually have made the United States less safe.

From an airplane-hijacking point of view, Schneier said, al-Qaeda had used up its luck. Passengers on the first three 9/11 flights didn’t resist their captors, because in the past the typical consequence of a plane seizure had been “a week in Havana.” When the people on the fourth hijacked plane learned by cell phone that the previous flights had been turned into airborne bombs, they attacked their attackers. The hijackers were forced to crash Flight 93 into a field. “No big plane will ever be taken that way again, because the passengers will fight back,” Schneier said.

Buried within the article is, in my opinion anyway, a very nice articulation of the problem of looking at the issue of terrorism risk simply by crunching the numbers:

Has the nation simply wasted a trillion dollars protecting itself against terror? Mostly, but perhaps not entirely. “Most of the time we assess risk through gut feelings,” says Paul Slovic, a psychology professor at the University of Oregon who is also the president of Decision Research, a nonprofit R&D organization. “We’re not robots just looking at the numbers.” Confronted with a risk, people ask questions: Is this a risk that I benefit from taking, as when I get in a car? Is it forced on me by someone else, as when I am exposed to radiation? Are the potential consequences catastrophic? Is the impact immediate and observable, or will I not know the consequences until much later, as with cancer? Such questions, Slovic says, “reflect values that are sometimes left out of the experts’ calculations.”

Security theater, from this perspective, is an attempt to convey a message: “We are doing everything possible to protect you.” When 9/11 shattered the public’s confidence in flying, Slovic says, the handful of anti-terror measures that actually work—hardening the cockpit door, positive baggage matching, more-effective intelligence—would not have addressed the public’s dread, because the measures can’t really be seen. Relying on them would have been the equivalent of saying, “Have confidence in Uncle Sam,” when the problem was the very loss of confidence. So a certain amount of theater made sense. Over time, though, the value of the message changes. At first the policeman in the train station reassures you. Later, the uniform sends a message: train travel is dangerous. “The show gets less effective, and sometimes it becomes counterproductive.”

Eventually, Bruce Schneier overreaches and follows his generally reasonable assertions with analysis that only serves to buttress his own arguments while ignoring a bit of reality:

Terrorists will try to hit the United States again, Schneier says. One has to assume this. Terrorists can so easily switch from target to target and weapon to weapon that focusing on preventing any one type of attack is foolish. Even if the T.S.A. were somehow to make airports impregnable, this would simply divert terrorists to other, less heavily defended targets—shopping malls, movie theaters, churches, stadiums, museums. The terrorist’s goal isn’t to attack an airplane specifically; it’s to sow terror generally. “You spend billions of dollars on the airports and force the terrorists to spend an extra $30 on gas to drive to a hotel or casino and attack it,” Schneier says. “Congratulations!”

This simplifies the issue in ways that are counterproductive.  Two points:

1. Air travel remains an attractive target due to the cost benefit ratio: it takes very little explosive to bring down a plane and kill hundreds, while at the same time creating a spectacular event that instantaneously affects a large industry in the short and long term. The shoe or underwear bombers would have caused relatively little damage at a shopping mall or casino, but could have easily killed hundreds in an instance and caused enormous economic damage if successful on their original mission.  The liquid bombing plot seemed to be aiming for thousands of deaths and a truly strategic impact, one not attainable by the same number of operatives killing themselves in other public spaces (before it is brought up, I do know of the line of reasoning that a wave of attacks against American malls would have a huge impact…but I guess that I have greater faith in citizen resilience in that we as a nation would not hide at home following such an event).

There is a lot of security theater at airports, but much of it began in response to a rash of hijackings decades ago.  When there was no security it was simple to bring a gun or bomb aboard a flight, take it hostage, and gain attention for one’s political demands.  Steps were taken to make this more difficult.  Reasonable steps should be taken now when instead of simply attention the goals include death on a grand scale.

2. Terrorists do not simply “switch from target to target and weapon to weapon.” Groups consider their goals, determine their resources, and plan for what is then attainable.  The IRA was a sophisticated group capable of inflicting a great number of civilian casualties, yet they were restrained by their political goals.  Al Qaeda has different goals and therefore utilizes different methods.  The same will be true of other current and future groups.  If killing hundreds is a goal but resources are limited to a few poorly trained agents, targeting an airliner would seem more attractive than attempting an operation similar to the assault on Mumbai. Terror is a goal when traditional military victory is out of reach, however it should not be thought that all groups and individuals would generalize this goal into a least common denominator and aim for the easiest target.  That is partly what got us into trouble the last time…(Pre-9/11: What?  Worry about a group of actors with no state backing?!?  Preposterous…now about those Chinese….).

Mr. Schneier has performed an invaluable service over the years bringing to light deficiencies in our homeland security thinking, and Mr. Mann (the author of the article in question) accomplishes the same by exposing it to a wider audience.  Yet I can’t help but think that by not considering the issues a few steps beyond shouts of “security theater,” the conversation we should have about homeland security as a nation will not take place.

Monday the independent panel appointed to investigate the Fukushima nuclear accident released a 507 page interim report.  Most of the document focuses on specific operational decisions and tactical choices.

Several specific failures are highlighted: insufficient planning, poor regulation and oversight, inadequate training and exercising, a breakdown in communications within the government and between the government and the operator of the nuclear power plant.

The previous paragraph could be quickly edited to apply to nearly every serious industrial accident: Bhopal, TMI, Deepwater Horizon, various large-scale blackouts and others.   The same failures are referenced in most after-actions for events large and small.

Also typical has been most of the media coverage focusing on personal failures by political, regulatory and corporate leaders.

But toward the end of the report — and the 22 page English-language executive summary — are several atypical bits of analysis worth much more attention than given so far.

It is not easy to admit an absolute safety never exists and to learn to live with risks.  But it is necessary to make effort toward realizing a society where risk information is shared and people are allowed to make reasonable choices.

A quarter century ago I made some extra Yen editing Japanese-to-English translations.  This time I will mostly leave the first draft as it is. There is a kind of clarity in the slightly awkward but more literal rendering.

Even for an accident of low probabilities so long as extremely large scale damages are anticipated once it occurs… due consideration should be given to the risks involved and precautionary measures should be taken.

It was a major shortcoming for the safety of both nuclear power plants and surrounding communities that a nuclear accident had not been assumed to occur as a complex disaster.  Disaster prevention programs should be formulated by assuming complex disasters, which will be the major point in reviewing nuclear power plant safety for the future.

It cannot be denied that the viewpoint of looking at a whole picture of an accident was not adequately reflected in nuclear disaster prevention programs in the past.

The nuclear disaster prevention program had serious shortfalls. It cannot be excused that nuclear accidents could not be managed because of an extraordinary situation that… exceeded the assumption.

The Investigation Committee is convinced of the need of paradigm shift in the basic principles of disaster prevention programs for such a huge system, which may result in serious damage once it has an accident.

Whatever to plan, design and execute, nothing can be done without setting assumptions. At the same time, however, it must be recognized that things beyond assumptions may take place. The accidents this time present us crucial lessons on how we should be prepared for such incidents beyond assumptions.

Low probability, high consequence events deserve our sustained attention.

Reasonable assumptions will be exceeded.

The chairman of the investigation panel, Yotaro Hatamura, has been especially critical of the tendency to blame the crisis on soteigai. This is often translated as “unforseeable events,” but is probably closer to “unimaginable events.”  (Echoes of a “failure of imagination” in the 911 Commission report.)

Hatamura is an engineer.  His best known work is probably Learning from Design Failures in which he examines more than 100 cases to “uncover the root cause, reveal the scenario that led to the unwanted event, describe what happened so readers can clearly repeat the steps in their mind, and propose ways to avoid those mistakes in the future.”   It is a very detailed, case-by-case, engineering oriented approach to disciplined thinking.  He is a solution-oriented guy.

But Hatamura  has also become an advocate for clearly distinguishing between complexity and non-complexity and what can — and, even more important, cannot — be done to manage complexity.  With a little effort we can foresee complex events.  We have a much more difficult time imagining how our strategy for the complex must differ from our strategy for the merely complicated or novel or known.

The Japanese for complexity (see above) includes kanji a classically minded literalist might read as “a surprising recurrence of miscellaneous elephants.”  If you can imagine how you would manage that, you are on your way to being able to manage the cascade of a complex event.

The final report is expected in June.

The new National Preparedness Goal is “a secure and resilient Nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk.”

The upgrade given mitigation is arguably the most important policy shift represented in the NPG.   Mitigate now joins Prevent, Protect, Respond, and Recover as “Mission Areas.”  Once the red-headed stepchild of preparedness, mitigate has — at least intellectually — been fully accepted as a strategic priority.

According to the NPG several “core capabilities” are necessary to achieve the mitigation mission area, including:

• Community Resilience
• Long-term Vulnerability Reduction
• Risk and Disaster Resilience Assessment
• Threats and Hazard Identification

The details of these capabilities are not — yet — specified.  The forthcoming National Preparedness System is likely to provide much more.  All of these capabilities have significant pedigrees in both research and practice.

There has tended to be an engineering orientation to mitigation.   Fifty-four of 77 examples in the FEMA Mitigation Best Practices Portfolio relate to flooding.  A specific threat is identified, vulnerabilities related to the threat are assessed, risk is reduced usually through some change in the built environment.  You can see this same logic embedded in the capability list.  All of this is helpful and works for earthquakes, wildfires, industrial accidents, and terrorism too.

According to the NPG mitigation is, “The capabilities necessary to reduce loss of life and property by lessening the impact of disasters.”  Unpacking the definition, this suggests that community resilience (see capability list above) contributes to mitigation.

As a strategic principle I would turn this around: mitigation contributes to community resilience.  Resilience and mitigation can be complementary.  But they are also quite distinct. The very best mitigation cannot ensure resilience.  Nor does less-than-full mitigation negate the possibility of significant resilience.   If I had to choose, I would choose resilience over mitigation.

Fortunately, we don’t have to choose.  Attention to both mitigation and resilience is helpful.

The NPG defines resilience as, “The ability to adapt to changing conditions and withstand and rapidly recover from disruption due to emergencies.”

The use of steel reinforcement to allow buildings to sway with an earthquake is an example of both mitigation and resilience.  The ability of the Internet to allow information-packets to find multiple open channels and opportunistically use whatever is available is another example of resilient design that can mitigate the impact of a threat.

But resilience and especially community resilience is much more than mitigating impact.

Last Thursday I was driving a narrow road through rural Virginia when the radio sounded a tornado warning.  The rain and wind were already strong.  At the first opportunity I pulled off at a convenience store to allow the tornado, about five miles ahead, to finish its run Northeast.

Paying for coffee and a cookie I asked the sales clerk if she had heard the tornado warning.  Glancing at the rain lashing the windows she replied, “Nope.  No radio.  Grew up in Oklahoma thought I’d gotten away from ‘em. ”

I showed her the tornado’s track on my smartphone’s screen.

“Funny thing.  Both my grands (grandparents) had storm cellars, purpose built in the backyard,” she said. “We never did and no basement neither.  Just a ranch house on a slab.  Was like we don’t believe in tornadas no more.”

The storm cellars — my mother’s parents in Oklahoma also had one — are examples of mitigation.   But as the sales clerk observed, before mitigation there was something the authors of the NPG would no doubt call “Threat and Hazard Identification” (this is tornado alley) and “Risk and Disaster Resilience Assessment”  (I need a place to be protected from a tornado) which leads to “Long-term Vulnerability Reduction” (I will build a storm cellar).  In other words, our grandparents actively acknowledged a realistic threat.

On May 22 the residents of Joplin, Missouri were alerted to a Tornado Watch at 1:30 PM local time.   A Tornado Warning was br0adcast at 5:09.  Sirens were sounded at 5:11.  The killer tornado touched down southwest of Joplin at 5:34.  According to a study conducted by the National Oceanic and Atmospheric Administration (NOAA),  ”The majority of surveyed Joplin residents did not immediately go to shelter upon hearing the initial warning.”  There were 159 deaths and several hundred injuries.

“Was like we don’t believe in tornadas no more.”

I was never in a storm cellar during a storm.  Several times I was in the cellar to retrieve a sack of potatoes or a jar of preserves.  Most storm cellars were also used to store what was harvested from the garden.  Every storm cellar I can remember was dug next to the garden.

You can argue that gardening is also a mitigation measure (against hunger).  But that would squeeze all the joy out of it.  My father’s parents owned grocery stores, but were also gardeners.  I have never had such luscious tomatoes, fresh or canned, since they stopped gardening.

Here’s my hypothesis:  As gardening declined and home refrigeration increased, storm (root) cellars fell into disuse, eventual disrepair, became a hazard themselves, and were filled in. The prospect of tornadoes was not sufficient  to sustain the mitigation activity.  The need for a cool dark place to store vegetables was a crucial indirect motivation for the mitigation.

We never really believed in “tornadas”, but once upon a time we believed in tomatoes (and green beans and peas and potatoes) and retrieving the taste of an August garden deep into February.

Resilience is the outcome of positive behaviors regularly practiced.  Resilience is being aware and appreciative of your environment. Resilience is being enmeshed in a dense network of human relationships.  Resilience is caring for yourself and others.

Resilience is about tomatoes.  Mitigation is about tornadoes.

–+–

For a more technical take on resilience:

Resilience: Five principles of good practice

A Super-cell outbreak is one kind of complex threat: Do the principles of good practice apply?

Principles of good practice for advancing resilience: Awareness of complex context and connections

The national preparedness goal (NPG) says the nation is successfully prepared when we have a

“secure and resilient nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to and recover from threats and hazards that pose the greatest risk.”

I was with several dozen people last week who think the language is entirely too bureaucratic. Maybe it is.  But of all the homeland security preparedness goals published during homeland security’s first decade, the current one is my favorite.

I like the “whole community” language.

Homeland security is now officially more than the Department of Homeland Security. The goal acknowledges that.

I also like the emphasis on “threats and hazards that pose the greatest risk.”

It’s not your grandfather’s homeland security anymore. Homeland security is focusing on the greatest risks, not just terrorism and natural hazards.

What are those greatest risks?

When Admiral Mike Mullen was chairman of the joint chiefs of staff — a job he left earlier this week — he many times said the national debt is the biggest threat to our national security. But the new chief doesn’t  “agree exactly with that.”

I know threat is not the same thing as risk, but as a nation we can do better than having dueling threat assessments. The NPG recognizes that:

“All leveles of government and the whole community should present and assess risk in a similar manner to provide a common understanding of the threats and hazards confronting our nation.”

That makes sense to me (except for the “present” part, whatever that means). I would like to know what threats and hazards pose the greatest risk, especially considering the NPG observation that “understanding the greatest risks to the nation’s security and resilience is a critical step” in being prepared.

I want to be prepared. So bring on the threats and hazards information.

“In accordance with PPD-8, and in coordination with Federal departments and agencies, a Strategic National Risk Assessment was conducted.”

However, an informative NPG  footnote says:

The complete results of the Strategic National Risk Assessment are classified. For an unclassified summary, see http://www.fema.gov/ppd 8.

I could not find anything at that location called an Unclassified Summary of the Strategic National Risk Assessment.

But I did find:

National Preparedness is aimed at strengthening the security and resilience of the Nation by preparing for the full range of 21st century risks that threaten national security, including weapons of mass destruction, cyber attacks, terrorism, pandemics, transnational threats and catastrophic natural disasters.

The “full range of 21st century risks” seem a lot like 20th century risks. But perhaps the real risk assessment — the one that apparently cannot be shared with the “whole community” — is much rangier.

———————————-

Meanwhile, Wall Street is being occupied by people exercising their first ammendment right “peaceably to assemble.”

And, according to a Wall Street Journal article titled “Wall Street Protest Digs In, Spreads”, and other reports, people in Chicago, Boston, Los Angeles, San Francisco, Pittsburgh and elsewhere inside and outside the United States are also peaceably assembling.

There’s a website called Occupy Together that seems to be keeping track of where these activities are taking place.

Another website, Occupy Wall Street, offers one perspective of what this “organic movement” (as the Wall Street Journal calls it) is about:

Occupy Wall Street is leaderless resistance movement with people of many colors, genders and political persuasions. The one thing we all have in common is that We Are The 99% that will no longer tolerate the greed and corruption of the 1%. We are using the revolutionary Arab Spring tactic to achieve our ends and encourage the use of nonviolence to maximize the safety of all participants.

Let’s see,  Arab Spring: Tunisia, Egypt, Libya, Bahrain, Syria, Yemen, Israel, Algeria, Iraq, Jordan, Morocco, Oman, Kuwait, Lebanon, Mauritania, Saudi Arabia, Sudan, Western Sahara.

Unemployed people with cell phones, twitter accounts, facebook pages, youtube feeds.

Now there’s a 21st century risk.

I wonder if it is included in the Strategic National Risk Assessment.

Probability map for a >5.0 earthquake within 50 km of Washington DC

In June a colleague used a US Geological Survey Earthquake probability tool to explore the likelihood of a  5.0 or stronger quake  occurring within 50 km of Washington D.C.   Maybe once in 5000 years is what he decided.

How time flies.

Of course, that’s not exactly how probability works.   But however you treat it, Tuesday’s 5.8 tremor was a rare event along the east coast. Statistically it was “improbable.”

When speaking of events that have the potential to seriously disrupt society and  kill lots of people, we should stop using the word “improbable.”  Somehow in ordinary English improbable implies “safe to ignore.”

There are some eventualities of which we can be certain, but are beyond our ability to situate in time and space.   We can confidently anticipate these events, but precise prediction is beyond our current capability… and potentially impossible.

We can anticipate the general characteristics of Hurricane Irene.  We cannot be sure if she will visit Times Square, Montauk, or the Delaware Water Gap.  We have a better sense of when rather than where she will arrive.  Wherever she washes up, Irene will be an unwelcome guest.

Hurricanes entering New York harbor are infrequent.  Earthquakes strong enough to crack the capitol dome are infrequent.  Major dam failures are infrequent.  Terrorist attacks are infrequent.  Will they happen?  Almost certainly.

Somehow, I am much more likely to give some sustained attention to that which I know is infrequent,  than to what I perceive is improbable.

A  firefighter, a  cop, and an emergency manager walk into a bar.  This is not a joke.  I was with the three of them.

One had red wine, another had a beer, the third ordered scotch.   I was drinking Dry Sack on the rocks with a twist.

Can you guess which one had which drink?  Can you guess which offered what to the conversation:

“The problem is everyone is in denial about the worst risks.”

“New Orleans after Katrina was simple compared to Sendai after the tsunami.  How about Memphis after New Madrid or LA after the big one?” You can know the real pros by whether or not they pronounce it Maaadrid, as in really crazy.

“How about DC, Pittsburgh, and Birmingham after New Madrid?  How about pipelines, rail bridges, interstates, and the Eastern Interconnect after New Madrid?”  Hows about every little town downstream from a dam?

“How about the whole economy for the next ten years after Long Beach is taken out? I don’t care if it’s tsunami, pandemic, or an IND.”

“How about the whole economy if some cyber-anarchists decide to really screw with credit cards and ATMs?”

“As long as they vaporize my mortgage too.”

The bar talk was not as grim as this suggests.  Extended conversations with this crew are like a public reading of Dante’s Inferno (no Paradiso) with a running commentary by the comedian Lewis Black.  You roar with laughter over a comment that ought not be documented here.   A slightly sick sense of humor is essential to survival in these professions.

“We’re the real problem,” one guy said wrapping his arms around the shoulders of those on either side.  ”We’re too good.  Why worry when the A team’s got your back?”

“Just call 911 and the cavalry always comes.”

“Even under fire… hell, with radioactive brimstone falling from the sky.”

“Thing is, we’re really good at the everyday stuff and lots of the tough stuff.”

“Did you hear about the 911 call because the citizen thought her remote had been stolen.  Cops found it in a drawer.  They responded!”

“That’s the problem, we are so #$!@ responsive we’ve trained the citizens to depend on us.  When the big #$!@ happens they just wait around.”

“Not everyone.”

“Practically EVERYONE!”

“There’s two big pile-ups:  real increasing dependence. Who grows their own food anymore?  Who even eats at home? And where does our food come from? Not anywhere close.  Second pile-up: The #$!@ complicated system works really, really well until it doesn’t work at all.  So there’s no obvious reason to pay much attention, until it’s too late.”

“So… what we’re really good at is hiding the problems?”

“Sure.  There’s a fire.  You put it out.  You get ‘em temporary housing or they go to the in-laws.  I keep gawkers away.  Everything’s fine. No worries. But in Joplin or Tuscaloosa? Even those huge twisters were tiny compared to what we’ll get when the wrong fault shifts under 5 million or a wildfire overwhelms San Diego.  Hows about a CAT 5 and flood surge pounding Miami-Dade?”

“When they call 911 no one will answer, they won’t even get a #$!@ dial-tone!”

“It doesn’t take such a big hit.  Maybe catastrophe comes on little cat feet?  You read Ted Lewis’ new book?  The complex systems we depend on are so intricate  just one little complication and the consequences cascade.”

“Sort of like the 2003 blackout caused by tree branches in Ohio?”

“But the cause wasn’t tree branches, it’s the way WE build and manage systems. Tree branches are a preexisting condition.  Our choices create the vulnerabilities.”

“You know when I was a little kid,” (the guy to his right mimicked the Staten Island accent) we had a farm right down the road.  It’s a landfill now.  The big farms in Jersey, they’re all McMansions.  Mom and pop get their broccoli and peas from California just like all of us.”

“You know what though? The beers alot better than back then.  Hey waitress, another round here.”

Ten years of Al Qaeda-focused concern about terrorism may have faded the memory of a group that in the 1990s had significant programs aimed at developing biological and chemical weapons and successfully used Sarin nerve gas in an attack on the Tokyo subway, killing 13 and injuring thousands. Reminding us of those efforts and seeking to cull insights from their work, The Center for a New American Security (CNAS) has released a report, “Aum Shinrikyo: Insights Into How Terrorists Develop Biological and Chemical Weapons.” According to their website, this report

“culminates a multi-year project led by Richard Danzig, former Secretary of the Navy and Chairman of the CNAS Board of Directors; with Marc Sageman, Advisor to the Deputy Chief of Staff of the Army on the Insider Threat; Terrance Leighton, Senior Staff Scientist at Children’s Hospital Oakland Research Institute and Chief Scientist at Science Applications International Corporation; Lloyd Hough, Senior Research Scientist at Battelle in International Technology Assessments; Zachary Hosford, Research Associate at CNAS; and two Japanese colleagues investigating these issues.  Through personal interviews and correspondence with former members of Aum Shinrikyo’s leadership, the report provides never-before documented information on the terrorist group and its operations.”

It is an interesting document that provides a great deal of detail about the cult’s evolution, members, and technical background on their efforts to produce and deploy biological and chemical weapons.  From this narrative the authors have pulled out ten points that they feel can be useful in understanding future terrorist groups who may attempt to go down a similar path.  Here are the points, though I would strongly recommend reading the report itself for explanation and in-depth analysis of each observation:

1. Aum’s biological program was a failure, while its chemical program was even more capable than would have been evident from its successful release of sarin in the Tokyo subway system in 1995.

2. Effectively disseminating biological and chemical agents was challenging for Aum.

3. Accidents recurred in Aum’s chemical and biological programs but did not deter pursuit of these weapons.

4. When Aum’s top members transitioned to using violence, they readily brought other leaders down this path and effectively persuaded, isolated or killed dissidents.

5. Though police pursuit of Aum was remarkably lax, even intermittent or anticipated enforcement actions highly disrupted the cult’s efforts to develop chemical and biological weapons.

6. The key work on Aum’s biological and chemical programs was conducted largely by the leadership group.

7. Aum’s hierarchical structure facilitated initiating and resourcing biological and chemical programs.

8. Even a retrospective assessment of biological and chemical weapons programs like this one is difficult and burdened with gaps and uncertainties.

9. Aum displayed impressive persistence and produced successes despite its commitment to many bizarre ideas, its misallocation of resources and its numerous operational failures.

10. Significant failures preceded or accompanied Aum successes.

Guns and bombs will continue to be the most likely weapon utilized by terrorists, and as Anders Breivik demonstrated, they can be horrendously destructive.  Yet it has been more than 15 years since Aum used Sarin in the Tokyo subway and technological trends are not moving in a direction that will make it more difficult for future groups to attempt something similar.  A balanced counter-terrorism approach is necessary to prevent the most likely types of attacks while not closing our eyes to the possible, if more remote, threats.

Or as the authors put it:

“Groups such as Aum expose us to risks uncomfortably analogous to playing Russian roulette. Many chambers in the gun prove to be harmless, but some chambers are loaded. The blank chambers belie the destructive power that the gun can produce when held to the head of a society.”