ment agencies, as well as the many public and private organizations that have operational responsibilities and relevant information and expertise. Systems analysis should be used as one tool to help identify these gaps and seams.

The analysis of terrorist threats is a major input, as shown in Figure 10.1, to the risk analyses that must be performed to establish homeland security priorities. Currently, a large volume of pertinent information is collected by the U.S. intelligence community, but there is much work to do in organizing and integrating the information so it can be used for counterterrorism activites.

This section discusses some of the factors involved in the development of an appropriate risk analysis model. It sketches an illustrative model based on systems analysis, probability theory, and game theory—one that can be used to set priorities among the various threats and threat-reduction measures. These measures include short-term actions such as restricting access to an airplane cockpit; medium-term actions such as the manufacture and stockpiling of vaccines; and long-term actions such as investing in specific areas of scientific research and in the development of new technologies.

Comparison of such options is complicated because of massive uncertainty, but investment decisions must be made nonetheless. To inform such decisions, we first need a system framework that embraces the various infrastructures within the United States, the terrorist system, and their interactions. The committee lays out such a framework, sketches a model that represents it, and describes ways of dealing with uncertainty in the model’s variables.

An overall system description must describe connections between infrastructures, people, the national economy, and social values. All of these are vulnerable, in part from the myriad of interdependencies and in part from the openness of American society (Gilmore Commission, 2001). This modeling effort clearly must be approached in stages, with continuing improvements in scope and level of detail. And as the key threats become better understood, the evolution of this system description will lead to many near-term actions.

Ultimately, there is little we can do to avoid some level of discrete vulnerability. Still, we can seek to ensure to the degree possible that U.S. infrastructure systems as a whole, and certain critical subsystems, are robust, adaptive, and