. "7 Improving the Department of Homeland Security's Biological Threat Risk Assessment and Adding Risk Management." Department of Homeland Security Bioterrorism Risk Assessment: A Call for Change. Washington, DC: The National Academies Press, 2008.
The following HTML text is provided to enhance online
readability. Many aspects of typography translate only awkwardly to HTML.
Please use the page image
as the authoritative form to ensure accuracy.
Department of Homeland Security Bioterrorism Risk Assessment: A Call for Change
exposed, infected, and recovered (SEIR) model used to estimate the size of a smallpox epidemic started by a single infected individual accounts for every possible disease-transmission pathway. Because of the large uncertainties throughout the model and the uncertainties in the parameters that describe smallpox transmission, the detail and precision reported by this embellishment are illusory.
SEVERAL METHODS ARE AVAILABLE FOR IMPROVEDMODELING OF INTELLIGENT ADVERSARIES
Ultimately, the defending of the United States from terrorist attack boils down to choices of investment to prevent, protect against, respond to, and recover from terrorist attacks. The committee has suggested improvements that, if used to simplify, clarify, streamline, and improve the BTRA, would yield more realism, more accuracy, more transparency, and faster computation; additionally the rankings of bioagents by risk would be more credible than those now produced. The BTRA might then be useful to decision makers for purposes of risk management as well as risk assessment and, most important, for exploring homeland security strategic investment choices.
In an earlier recommendation—see Chapter 3, the subsection entitled “The Approach to Determining the Probabilities of Terrorist Decisions Is Incomplete”—the committee advises DHS to model terrorists as intelligent adversaries. Here the committee reinforces that crucial recommendation and provides alternatives for its accomplishment.
Recommendation: In addition to using event trees, DHSshould explore alternative models of terrorists as intelligent adversaries who seek to maximize the achievementof their objectives.
The committee does not underestimate the difficulty in producing a dependable and reliable bioterrorism risk analysis that responds to its 13 recommendations. Three appendixes, D, E, and F, in this report present modeling approaches that can be used with the existing BTRA structure to improve the risk analysis. Table 7.1 evaluates these approaches against the 13 recommendations. None of these approaches alone may be an adequate and complete solution to the problem, and any implementation may present unforeseen difficulties. However, the committee believes that a suitable combination of these approaches, and possibly others, is feasible and will yield a risk analysis that satisfies the demands that this committee sees as necessary.
Red Teaming Can Be Used to UnderstandIntelligent Adversaries
DHS has experience in exercises. But, for instance, although Top Officials 3 (TOPOFF 3) was the most comprehensive terrorism response exercise ever conducted in the United States,1 it was an exercise in blue (defender) response to attacks scripted in advance. Red teaming can be used for the enhancement of such exercises and for analysis. Red teaming (i.e., terrorist role playing) is a robust and well-understood analysis technique for assessing adversarial risk in complex, dynamic environments. However, red teaming only reveals vulnerabilities and does not directly support decisions about investment trade-offs among different kinds of defenses.
In red-teaming exercises, people are assigned to play the roles of terrorists. It is essential that the adversary’s point of view is pursued when considering adversary actions and reactions. The red team must be immersed in enemy culture, tactics, and beliefs. There may also be an opposing blue team playing the roles of defenders. Each of the adversaries has certain resources, certain information, and certain goals. They play out their scenarios, and results can show how bounded human intelligence, nonstandard thinking, and group dynamics may affect the kinds of attacks that are attempted and the kinds of defenses that are successful. By trying to win the encounter for the adversary, the terrorist (or red) team helps to better elucidate defender responses for each adversary course of action.
In principle, red-teaming exercises can become large and complex, depending on the number of different roles, the degree to which the scenario is unstructured, and the number of independent replications that are completed to assess variability in outcome. Nonetheless, this is a relatively inexpensive way for decision makers to learn what they have overlooked about their opponents. Homeland Security Presidential Directive 10 (The White House, 2004) cites red teaming as a technique for better understanding potential enemy actions, and the committee suggests red teaming to DHS as a useful validation test for scenarios favored by the BTRA. Red teaming is just as applicable in improving risk analyses based on decision trees, optimization, and game theory (Reichart, 1998).
Decision Trees Can Model Bioterrorist Threats
In addition to having event nodes whose random outcomes are determined by a probability distribution, a decision tree has decision nodes, whose outcomes are chosen to maximize (or minimize in the case of the defender) the expected consequence from that node forward. The BTRA event tree could be converted to a “bioterrorist decision tree” with four important changes:
Convert each node representing a terrorist decision into an expected-damage maximizing decision node,
Assess probabilities of outcomes of random events, rather than probability distributions of outcomes,