1 / 24

How DHS Currently Manages Risk

How DHS Currently Manages Risk. Alyson Wilson, Ph.D. Statistical Sciences Group Los Alamos National Laboratory agw@lanl.gov. Disclaimers. I am not a Department of Homeland security employee or contractor.

cato
Download Presentation

How DHS Currently Manages Risk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How DHS Currently Manages Risk Alyson Wilson, Ph.D. Statistical Sciences Group Los Alamos National Laboratory agw@lanl.gov

  2. Disclaimers • I am not a Department of Homeland security employee or contractor. • I am speaking from publicly available information based on my experience working with the Departments of Defense and Energy, and as a member of the National Research Council’s Panel on Methodological Improvements to the Department of Homeland Security's Biological Agent Risk Analysis. • This talk is intended to provide background for understanding the complex risk analysis issues in defense and security.

  3. DHS has adopted a “risk-based approach” to homeland security “Risk management must guide our decision-making as we examine how we can best organize to prevent, respond, and recover from an attack . . . . Our strategy is, in essence, to manage risk in terms of these three variables – threat, vulnerability, consequence. We seek to prioritize according to these variables, to fashion a series of preventive and protective steps that increase security at multiple levels.” DHS Secretary Michael Chertoff, March 16, 2005

  4. DHS Strategic Goals • Awareness – Identify and understand threats, assess vulnerabilities, determine potential impacts and disseminate timely information to our homeland security partners and the American public. • Protection – Safeguard our people and their freedoms, critical infrastructure, property and the economy of our Nation from acts of terrorism, natural disasters, or other emergencies.

  5. Risk Management Risk experts appear to agree that all communities have some level of risk from terrorism. Yet, homeland security officials acknowledge that it is impossible to protect every target and harden every community to the extent that they become impervious to future attacks. It seems clear that it is necessary, from a national perspective, to identify the areas and entities across the country most at risk and to work to reduce that risk. What is less clear is the best way to evaluate relative homeland security risk, and establish an acceptable level of risk while attempting to close the most dramatic gaps between risk and capabilities. Congressional Research Service 2007

  6. Risk Definition Risk = Threat*Vulnerability*Consequence

  7. Risk Definition Details Threat: The probability that a specific target is attacked in a specific way during a specified time period, or Threat = P(attack occurs) Vulnerability: The probability that damages (where damages may involve fatalities, injuries, property damage, or other consequences) occur, given a specific attack type, at a specific time, on a given target, or Vulnerability = P(attack results in damage | attack occurs) Consequence: The expected magnitude of damage (e.g., deaths, injuries, or property damage), given a specific attack type, at a specific time, that results in damage to a specific target, or E[damage | attack occurs and results in damage] Willis, RAND Center for Terrorism Risk Management Policy (2006)

  8. Homeland Security Presidential Directive 10 Biodefense for the 21st Century, April 2004 “Biological weapons in the possession of hostile states or terrorists pose unique and grave threats to the safety and security of the United States and our allies.” “Another critical element of our biodefense policy is the development of periodic assessments of the evolving biological weapons threat. First, the United States requires a continuous, formal process for conducting routine capabilities assessments to guide prioritization of our on-going investments in biodefense-related research, development, planning, and preparedness.

  9. Homeland Security Presidential Directive 18 Medical Countermeasures against Weapons of Mass Destruction, February 2007 “Weapons of Mass Destruction (WMD) – chemical, biological, radiological, and nuclear agents (CBRN) – in the possession of hostile states or terrorists represent one of the greatest security challenges facing the United States.” “The Secretary of Homeland Security shall develop a strategic, integrated all-CBRN risk assessment that integrates the findings of the intelligence and law enforcement communities with input from the scientific, medical, and public health communities. Not later than June 1, 2008 . . . . update those findings when appropriate, but not less frequently than every 2 years.”

  10. 2006 Bioterrorism Risk Assessment The first DHS Bioterrorism Risk Assessment (BTRA) was completed on January 31, 2006, and the report documenting the analysis was published on October 1, 2006. How did this report address • Risk = Threat*Vulnerability*Consequence? • Risk Management?

  11. National Research Council’s Panel on Methodological Improvements to the Department of Homeland Security's Biological Agent Risk Analysis Greg Parnell - (Chair) David L. Banks U.S. Army Military Academy Duke University Luciana L. Borio Gerald G. Brown University of Pittsburgh School of Medicine U.S. Naval Postgraduate School Tony Cox John Gannon Cox Associates BAE Systems Eric Harvill Howard C. Kunreuther Pennsylvania State University University of Pennsylvania, Wharton School of Business Stephen S. Morse Marguerite Pappaioanou Columbia University, School of Public Health University of Minnesota, Minneapolis Stephen M. Pollock Nozer D. Singpurwalla University of Michigan The George Washington University Alyson G. Wilson Los Alamos National Laboratory

  12. 2006 BTRA Methodology Assess the risk in the U.S. from bioterrorism • Twenty-eight bioagents • Fatality, illness, and direct economic impact BTRA divides the spectrum of possible events into a discrete set of scenarios. For each scenario, si • Estimate consequence, Ci • Estimate probability, pi • Aggregate the risk from the set of all triplets <pi,si,Ci>

  13. Agents Considered in 2006 BTRA with CDC Categories

  14. Simple (Binary) Event Tree

  15. Threat

  16. Event Tree Branches

  17. Threat Scenario Probabilities • Each pathway through the tree is a “scenario” • Each event has multiple branches, rather than two • For a single agent (B. anthracis, the causative agent of anthrax), the complete event tree results in more than 35 million scenarios • 2.2 million scenarios are non-interdicted • 870,000 scenarios are non-interdicted and have non-zero probability • Only the non-interdicted and non-zero end-nodes are associated with consequence distributions. • Each branch probability (split fraction) is represented by a distribution, rather than a single probability • These distributions represent uncertainty in knowledge of terrorist capabilities and their likely actions

  18. Vulnerability and Consequence

  19. Vulnerability and Consequence Modeling Release and Dispersion Major categories considered • Inhalation – Outdoor and Indoor • Food • Water Medical Mitigation • Time delay between exposure and initiation of treatment • Event identification • Transfer and distribution of treatment measures • Effectiveness of countermeasures • Antibiotic, vaccine, antiviral, antitoxin, supportive care • Mortality rates for treated and untreated diseases • Treatment alone does not guarantee survival

  20. Basic Consequence Equations (All Terms are Distributions) • MRE = MR * QFA * QFR * QADD • MRE = effective mass release • QFA = active fraction after dissemination (inhalation modes) • QFR = respirable fraction after dissemination (inhalation modes) • QADD= dry aerosol dissemination efficiency due to additives • CI = II|MRE * MEI|II • CI = number of illnesses • II|MRE = index illnesses given effective mass released • MEI|II = epidemiological illness factorgiven index illnesses • CF = CI * RF|MRE * MFI • CF = number of fatalities • RF|MRE = deaths per illness given effective mass release • MFI = medical mitigation/epidemiological factor • DEC|MRE • Decontamination Costs given effective mass released

  21. The principal product of the 2006 BTRA was the ranking of the risk of bioagents Normalized mean, 5th, and 95th percentiles of risk distribution

  22. Unique Challenges for Terrorism Risk Analysis for Homeland Security adapted from Kunreuther (2007)

  23. Issues • Risk management • Tradeoff between “fidelity,” available information, and sheer size of analysis • Adversarial risk analysis

  24. References T. Masse, S. O’Neil, J. Rollins (2007). The Department of Homeland Security’s Risk Assessment Methodology: Evolution, Issues, and Options for Congress. Congressional Research Service Report RL33858. H. Willis (2006). Guiding Resource Allocations Based on Terrorism Risk. Working Paper, RAND Center for Terrorism Risk Management Policy.

More Related