Department of Homeland Security Bioterrorism Risk Assessment: A Call for Change (2008)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

7 Improving the Department of Homeland Security’s Biological Threat Risk Assessment and Adding Risk Management [Public Law 107-188:] An Act [t]o improve the ability of the United States to prevent, prepare for, and respond to bioterrorism and other public health emergencies. —Public Health Security and Bioterrorism Preparedness and Response Act of 2002 THE USE OF PROBABILISTIC EVENT TREES ALONE than others, the conditional probability distributions are IS INSUFFICIENT TO MODEL TERRORISM THREATS seldom assessed in the chronological order of the event tree. In the BTRA of 2006, however, probability assessment for Terrorism, especially relatively high-technology bioterror- each event in the tree was done by requiring a chronological ism, involves intelligent adversaries whose decisions focus ordering of events, using assumptions about dependence on on achieving their objectives by responding to the observed some of the previous events. and anticipated actions of the opponents. Additionally, the at- Some events of the BTRA of 2006 represent deliberate tacker and defender are both limited by technological and re- decisions made by a terrorist, but such events are modeled source constraints which influence the choices that they make as random events. Other events represent defensive choices, when committing attacks and arranging defenses. These two but these, too, are modeled as random events. The BTRA aspects are not properly captured by the probabilistic risk as- of 2006 does not properly model intelligent adversaries. Its sessment adopted by the Department of Homeland Security probability assessment of terrorist decisions is independent (DHS) in its Biological Threat Risk Assessment (BTRA) of of the potential consequences of the attack. As the attacks of 2006. Probabilistic risk assessment has its roots in event-tree September 11, 2001 (9/11) clearly illustrated, terrorists adapt risk assessments—used to assess failures of engineered sys- their means and select targets that have a high probability of tems, purely random hazards, or acts of nature (e.g., storm attaining the consequences that they hope to achieve. damage or nuclear reactor accidents). Consideration of terrorist objectives introduces something The excessive complexity of the BTRA assessment of entirely new to the BTRA, implying a decision theoretic or the probability of terrorist decisions is a significant weak- game-theoretic perspective (Golany et al., 2007). Both deci- ness—especially considering that such complexity is not sion theory and game theory (including attacker-defender necessary (see Chapter 3). Below, the committee introduces models using mathematical programming) need to be three models in which terrorist decisions are just that, deci- informed by expertise and judgment. In attacker-defender sions—not prior estimates of probabilities. The models rep- models and other game-theory applications, a rough sym- resent different trade-offs and assumptions in addressing the metry between attacker and defender is assumed; that is, risk management problem, but any of the three approaches what the defender seeks to minimize, the attacker seeks would improve the methodology currently used by the BTRA to maximize. This is supported by evidence that al-Qaeda or other simple extensions. wants to maximize any damage that the United States would Event trees can help focus attention in cases where uncer- rather minimize (e.g., see the captured “Al Qaeda Training tainty is high or new defense investment can have maximum Manual,” [FAS, 2007]), so if the key U.S. consequence for impact. Event trees also admit flexible calculation—the event risk in the BTRA is expected fatalities, then for al-Qaeda it outcomes contain the conditional probabilities obtained is the first choice to maximize (but other terrorists may have from any or all of these sources: expert opinion, mathemati- different priorities). Note that if the terrorist uses some other cal equations, or complex simulations. Event trees model objective but the defender still favors minimizing fatalities, sequential time effects, but in the bioterrorism application this improves the results for the defender. assessed here, events may occur in parallel or at unknown The overly complex consequence models used by the times. Since credible data are more available and probabili- BTRA of 2006 to assess fatalities at terminal events are ties are more assessable for some conditional distributions another weakness (Chapter 6). For example, the susceptible, 51 

52 DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT exposed, infected, and recovered (SEIR) model used to the United States, it was an exercise in blue (defender) estimate the size of a smallpox epidemic started by a single response to attacks scripted in advance. Red teaming can be infected individual accounts for every possible disease- used for the enhancement of such exercises and for analysis. transmission pathway. Because of the large uncertainties Red teaming (i.e., terrorist role playing) is a robust and well- throughout the model and the uncertainties in the parameters understood analysis technique for assessing adversarial risk that describe smallpox transmission, the detail and precision in complex, dynamic environments. However, red teaming reported by this embellishment are illusory. only reveals vulnerabilities and does not directly support decisions about investment trade-offs among different kinds of defenses. SEVERAL METHODS ARE AVAILABLE FOR IMPROVED In red-teaming exercises, people are assigned to play the MODELING OF INTELLIGENT ADVERSARIES roles of terrorists. It is essential that the adversary’s point Ultimately, the defending of the United States from ter- of view is pursued when considering adversary actions and rorist attack boils down to choices of investment to prevent, reactions. The red team must be immersed in enemy culture, protect against, respond to, and recover from terrorist attacks. tactics, and beliefs. There may also be an opposing blue The committee has suggested improvements that, if used to team playing the roles of defenders. Each of the adversar- simplify, clarify, streamline, and improve the BTRA, would ies has certain resources, certain information, and certain yield more realism, more accuracy, more transparency, and goals. They play out their scenarios, and results can show faster computation; additionally the rankings of bioagents by how bounded human intelligence, nonstandard thinking, risk would be more credible than those now produced. The and group dynamics may affect the kinds of attacks that are BTRA might then be useful to decision makers for purposes attempted and the kinds of defenses that are successful. By of risk management as well as risk assessment and, most trying to win the encounter for the adversary, the terrorist important, for exploring homeland security strategic invest- (or red) team helps to better elucidate defender responses ment choices. for each adversary course of action. In an earlier recommendation—see Chapter 3, the subsec- In principle, red-teaming exercises can become large tion entitled “The Approach to Determining the Probabili- and complex, depending on the number of different roles, ties of Terrorist Decisions Is Incomplete”—the committee the degree to which the scenario is unstructured, and the advises DHS to model terrorists as intelligent adversaries. number of independent replications that are completed to Here the committee reinforces that crucial recommendation assess variability in outcome. Nonetheless, this is a relatively and provides alternatives for its accomplishment. inexpensive way for decision makers to learn what they have overlooked about their opponents. Homeland Security Recommendation: In addition to using event trees, DHS Presidential Directive 10 (The White House, 2004) cites red should explore alternative models of terrorists as intel- teaming as a technique for better understanding potential ligent adversaries who seek to maximize the achievement enemy actions, and the committee suggests red teaming to of their objectives. DHS as a useful validation test for scenarios favored by the BTRA. Red teaming is just as applicable in improving risk The committee does not underestimate the difficulty analyses based on decision trees, optimization, and game in producing a dependable and reliable bioterrorism risk theory (Reichart, 1998). analysis that responds to its 13 recommendations. Three appendixes, D, E, and F, in this report present modeling Decision Trees Can Model Bioterrorist Threats approaches that can be used with the existing BTRA struc- ture to improve the risk analysis. Table 7.1 evaluates these In addition to having event nodes whose random out- approaches against the 13 recommendations. None of these comes are determined by a probability distribution, a deci- approaches alone may be an adequate and complete solu- sion tree has decision nodes, whose outcomes are chosen tion to the problem, and any implementation may present to maximize (or minimize in the case of the defender) the unforeseen difficulties. However, the committee believes expected consequence from that node forward. The BTRA that a suitable combination of these approaches, and possibly event tree could be converted to a “bioterrorist decision tree” others, is feasible and will yield a risk analysis that satisfies with four important changes: the demands that this committee sees as necessary. • Convert each node representing a terrorist decision into an expected-damage maximizing decision node, Red Teaming Can Be Used to Understand • Assess probabilities of outcomes of random events, Intelligent Adversaries rather than probability distributions of outcomes, DHS has experience in exercises. But, for instance, although Top Officials 3 (TOPOFF 3) was the most com-   Information on TOPOFF exercises is available at www.dhs.gov/ prehensive terrorism response exercise ever conducted in xprepresp/programs/editorial_0896.shtm. Accessed September 19, 2007. 

IMPROVING HOMELAND SECURITY’S RISK ASSESSMENT AND ADDING RISK MANAGEMENT 53 • Eliminate nodes representing frequency of attack and tary “attacker-defender” models in which the United States potential for multiple attacks, and is the attacker, to “defender-attacker” models in which the • Employ a simple, random-consequence model at each United States defends its critical infrastructure from attacks. event node in the last stage of the tree. They have developed more than a hundred such prototypical applications since then, presenting a new one in Appendix E Called the Bioterrorist Decision Model (BDM), this ap- crafted to the exact needs of DHS for bioterrorism. proach to modeling the scenario presented in the BTRA is The three decision stages are these: developed in Appendix D and briefly described here. Appendix D presents two figures, Figure D.1 showing 1.  DHS commits strategic defense investments, chosen the modeling choices made by DHS and Figure D.2 show- from alternate program portfolios each consisting of ing alternatives that could be used by the BDM. Using a compatible set of defense options, to minimize the these alternate choices, the Bioterrorist Decision Model maximum expected damage from any attack; these can be relatively quickly implemented for bioterrorism risk investments are of such magnitude that they are neces- assessment and risk management because it uses existing sarily visible to the attacker; techniques (Parnell, 2008), it is a direct modification of the 2.  The attacker, after observing these defense invest- 2006 BTRA event tree, and it uses commercially available, ments, chooses attack alternative(s) to maximize off-the-shelf software. Much of the work done by DHS on expected damage; and segmenting the bioterrorism attack for modeling and on 3.  defender mitigates damage from the attack(s) with The probability assessment and consequence modeling for the resources already in place as a result of prior strategic BTRA of 2008 can be retained. investments. The framework represented by the BDM has the potential to resolve all of the major deficiencies that have been identi- Here, the term damage (to the defender) is used in lieu of, for fied in the current BTRA. This is a model from the terrorist’s example, fatalities or other particular consequence. point of view. Because U.S. actions and random events are Using the hypothetical scenario from Chapter 1, one uncertain to the terrorist, these are modeled as events in the defense option might be to procure 100 million doses of decision tree, but terrorist decisions are modeled as decision anthrax protective antigen (PA) vaccine, and another to nodes. Huge BTRA data demands are mitigated by delet- purchase the same number of doses of Russian (STI) live ing the two most problematic stages (frequency of attack vaccine (see Chapter 5). No defense strategy would include and multiple attacks) and by using probabilities rather than both of these defense options. One attack alternative would probability distributions for each outcome of each event. The be the anthrax attack hypothesized in Chapter 1. Mitigation model improves transparency by using commercially avail- efforts after this attack would include distributing and using able software with extensive graphic visualization and with a vaccine, but only if such vaccine has already been put in built-in features to perform sensitivity analyses. Finally, the place by a defense strategy. model can be modified for use in risk management. After risk This is a very conservative model for the defender be- management decisions are implemented and the probabilities cause the defender must protect against the worst possible set of the random events are changed conditional on these deci- of attacks. But that is what good management does. sions, BDM can be rerun for recalibration. Denote the defense strategy d, the attack alternative a, and the mitigation effort m. A key input is damaged,a, the expected damage if defense strategy d has been followed Attacker-Defender Optimization Can Unify Risk and terrorist attack alternative a is chosen. This is a BTRA Management, Risk Assessment, and Resource Allocation output from its suite of consequence models. Denote another Terrorists cannot afford to invest in developing attacks input as mitigated,a,m, and suppose that if defense strategy d using every major pathogen. Nor can the United States afford has been followed and terrorist attack alternative a has been every possible defense. Decision makers on both sides have chosen, then mitigation effort m (enabled by d) is put in full limited resources and seek to optimize their “payoff” sub- force, and the expected damage is reduced by this amount. ject to these constraints. Appendix E offers an optimization Constraints on capital budget for defensive options in model that unifies risk management, risk assessment, and any affordable defense strategy govern defender decisions, resource allocation in what is called a “tri-level, defender- as do any synergistic or antagonistic interactions among de- attacker-defender” optimization. After 9/11, U.S. law was fense options in any defense strategy portfolio that together changed to allow the U.S. Department of Defense to devote dictate what damaged,a results, and any other technological resources to defending the United States within its borders, or resource limit on the defender. Similarly, limits on ter- and the authors of Appendix E were asked to convert mili- rorist capital and technology are incorporated directly into the attacker model as conventional optimization constraints.   Gerald G. Brown, W. Matthew Carlyle, and R. Kevin Wood, Depart- These data are precisely the same as those that the BTRA ment of Operations Research, Naval Postgraduate School, Monterey, now presents to subject-matter experts to elicit their opinions California. 

54 DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT TABLE 7.1  Evaluation of Risk Analysis Techniques Biological Threat Risk Assessment Optimization (BTRA) of Possibly Revised Bioterrorist Decision Tree Models Game Theory Committee Recommendation 2006a BTRA of 2006a (Appendix D) (Appendix E) (Appendix F)a The Department of Homeland Security Does not. Could be used. Would be used. (DHS) should use an explicit risk analysis lexicon for defining each technical term appearing in its reports and presentations. To assess the probabilities of terrorist Does not. Would require new Terrorist decision nodes Probabilities of Probabilities of decisions, DHS should use elicitation techniques to replace replace event nodes, and terrorist actions terrorist actions are techniques and decision-oriented sole reliance on event decision tree is solved to are outputs of outputs of game models that explicitly recognize trees. maximize consequences. optimization theory models. terrorists as intelligent adversaries who Consequences can be solved model. observe U.S. defensive preparations individually or combined and seek to maximize the achievement using standard decision of their own objectives. analysis techniques. The event-tree probability elicitation Does not. Could be greatly Would be done. Probability Would be done. Would be done. Tree should be simplified by assessing simplified. elicitation is used for events Tree methods methods are used probabilities instead of probability in decision tree. are used to in risk estimates for distributions for the outcomes of each calculate expected cost table. event. consequences. Normalization of BTRA risk Normalizes Normalization could Not used. Risk assessment Not used. Not used. assessment results obscures information risk be removed. would be provided without that is essential for risk-informed assessment. normalization using decision making. BTRA results should cumulative consequence not be normalized. distribution(s). Two significant simplifications should Does not. Stages 1 and 16 could Would be done. Stages Stages included Would be done. Tree be made to the BTRA of 2006 event be deleted resulting 1 and 16 would not be are optional. methods are used tree: in a simplified model. included. Opportunities for Aggregation in risk estimates for   •  DHS should eliminate Stage 1, aggregated stages would be of stages is cost table. Frequency of Initiation [of an pursued. mathematically attack] by Terrorist Group, and automated. Stage 16, Potential for Multiple Attacks; and   •  DHS should seek opportunities to aggregate some stages of the tree to only those essential to calculate probabilities and consequences with realistic fidelity. Subsequent revision of the BTRA Does not. Would be extremely Decision trees are Primary focus is This approach should increase emphasis on risk difficult owing to routinely used for making finding investment currently lacks a management. An increased focus on model complexity. resource allocation portfolio that portfolio analysis, risk management will allow the BTRA decisions. Probabilities minimizes which is essential for to better support the risk-informed and consequences would expected risk, risk management. decisions that homeland security be changed by risk given that But it seems likely stakeholders are required to make. management options. terrorists see these that this capability investments before could be added, as choosing an attack. duopoly problems. DHS should maintain a high level of Does not. Could be improved. Built in with normal Complete Complete transparency in risk assessment models, decision tree tools, mathematical mathematical including a comprehensive, clear including sensitivity specification specification is mathematical document and a complete analysis. Bayes nets could is presented presented. description of the sources of all input increase transparency. with a complete data. The documentation should be numerical sufficient for scientific peer review. example. 

IMPROVING HOMELAND SECURITY’S RISK ASSESSMENT AND ADDING RISK MANAGEMENT 55 TABLE 7.1  Continued Biological Threat Risk Assessment Optimization (BTRA) of Possibly Revised Bioterrorist Decision Tree Models Game Theory Committee Recommendation 2006a BTRA of 2006a (Appendix D) (Appendix E) (Appendix F)a Subsequent revision of the BTRA Does not. Would be extremely The removal of unnecessary Responsiveness The computing time should enable a decision support difficult owing to complexity should allow depends on is not yet known system that can be run quickly to test model complexity. reasonable run times using required level of for this kind of the implications of new assumptions complete enumeration or detail. Insights approach, operating and new data and provide insights to Monte Carlo simulation. are provided with on realistically large decision makers and stakeholders to Insights are provided mathematical problems. support risk-informed decision making. with normal decision tree programming analysis tools. techniques. The BTRA should be broad enough to Does not. Could be done Could be done Could be done Could be done encompass a variety of bioterrorism as illustrated in as illustrated in as illustrated in as illustrated in threats while allowing for changing Chapter 5. Chapter 5. Chapter 5. Chapter 5. situations and new information. DHS should develop a strategy for the rapid assessment of newly recognized and poorly characterized threats. The susceptible, exposed, infected, Does not. Could be done. Would be done. Would be done. Would be done. and recovered (SEIR) model adopted by DHS is more complex than can be supported by existing data or knowledge. DHS should make its SEIR model as simple as possible consistent with existing knowledge. While human mortality and the Does not. Could be done. Could be done. Could be done. Could be done. magnitude and duration of morbidity should remain the primary focus of DHS bioterrorism risk analysis, DHS should incorporate other measures of societal loss, including the magnitude and duration of first- and second-order economic loss and environmental and agricultural effects. In addition to using event trees, DHS Does not. Would require new Explicitly designed Explicitly Explicitly should explore alternative models of techniques to replace to consider intelligent designed to designed to terrorists as intelligent adversaries who sole reliance on event adversaries. consider intelligent consider intelligent seek to maximize the achievement of trees. adversaries. adversaries. their objectives. The BTRA should not be used as a Deficiencies Analyses for Biological, chemical, and Similar models The approach basis for decision making until the are biological, chemical, radioactive threats could be have been described applies deficiencies noted in this report have uncorrected. or radioactive done with different decision demonstrated to generic threats, been addressed and corrected. DHS threats would require trees for each type of threat. for biological, not just biological should engage an independent, senior new techniques Results would be compared chemical, and terrorism. technical advisory panel to oversee this for intelligent based on consequence radioactive task. In its current form, the BTRA adversaries to distribution(s). threats, especially should not be used to assess the risk replace sole reliance when defensive of biological, chemical, or radioactive on event trees. preparations are threats. visible to attacker. NOTE: This table evaluates the BTRA of 2006, a possibly revised BTRA, and the three techniques discussed in Appendixes D, E, and F of this report in terms of their responsiveness to the recommendations in the report. aText in italics represents great difficulty in satisfying the objective or inability to satisfy the objective. 

56 DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT on event probabilities. Here, exactly one defense strategy is Some such insights are trivial to observe, while others may chosen, with its defensive option portfolio, but terrorists are take additional analysis with optimization. For instance, sup- allowed to mount fractional attack alternatives, and mitiga- pose that damaged,a (i.e., unmitigated risk) is ordered from tion efforts may be allocated fractionally within resource worst (largest) to best. That is, an ordinal set of (d,a) pairs is limits put in place by a defense strategy. The result is that created. If the best (largest) mitigation effort for each (d,a) probabilities emerge as outputs from the optimization, that is, pair would not change this ordering, then there is little sense as recommended optimal mixed strategies, rather than posing in taking extraordinary efforts to secret this. Conversely, required, subjective inputs from subject-matter experts. substantive mitigation abilities that would change this risk Appendix E presents a simple illustrative example in ordering are worth keeping secret. See Appendix E for more detail sufficient for any reader with adequate off-the-shelf suggestions about secrecy and insights on deception. modeling and optimization software to repeat the exercise. The optimization introduced by Appendix E bears many Appendix E also establishes two key theoretical results that resemblances to game theory—in particular, to alternating- permit the full, 18-stage BTRA model to be solved as a play, extensive-form games—and there are deep connections tri-level one. Noting that the first (defense strategy) stage not pursued here. Suffice it to say that the optimization is a linear integer program, because choice of strategy is proposed accommodates highly detailed technological con- necessarily binary, but that all subsequent stages feature straints and resource limits on the opponents (to the extent continuous (i.e., perhaps fractional) decisions, mimicking that they are known), and the solution method offered is the BTRA of 2006: completely new and can actually solve these problems at large scale. • Result 1: Any sequence of contiguous continuous stages of defender decisions, or of attacker decisions, Game Theory Models Can Help with Risk Management can be collapsed into a single stage; and • Result 2: The order of continuous attacker stages, or Appendix F describes an analysis that combines game continuous defender stages, makes no difference to the theory and statistical risk analysis in the context of a coun- optimization, so with no loss in generality all continu- terbioterrorism example. It is similar to the approach taken ous attacker stages from the BTRA can be aggregated in Appendix E, which uses a linear program to solve the un- into a single, second-stage attacker model, and all con- derlying game-theory decision making. The main difference tinuous defender stages can follow in the third stage. is that the method in Appendix F generates many random payoff matrices for the game-theory problem and estimates Beyond this, Appendix E shows how to solve this tri-level the proportion of times that a given decision is optimal, as optimization model at large scale with conventional methods opposed to solving a single game that uses the expected and off-the-shelf software; that is, there is little need for ag- values of the risk distributions as the entries in the payoff gregation or sacrifice of essential fidelity to render a smaller matrix. This has the advantage of not overlooking threats that model more amenable to solution. are nearly equal in terms of expected risk, and it provides Further insights arise from these models. For instance, as managers with a comparative view of different defense op- the nation spends more and more money on better and bet- tions. (Appendix F does not address the resource allocation ter defenses, terrorists are forced to optimally spread their issue treated in Appendix E, but the optimization developed efforts among more and more attack alternatives, and the in Appendix E could be transferred to Appendix F.) United States responds with increasingly diverse mitigation More generally, game theory is useful for analyzing the efforts. This dilution of terrorist effort may bring collateral dynamics between terrorist activity and the reactions of advantage to the defender and afford more and better op- defenders when there are interdependencies and weak links portunities for detection and interdiction. (For example, in the system. The key point in this model of interdependent terrorists, even those committed to suicide attacks, fear cap- security is that the incentive which an agent has to invest ture more than death, so the defenders want to increase the in risk reduction measures depends on how that agent ex- apparent risk of detection, interdiction, and capture.) pects the other agents to invest in security. The agent may These models also lend insight into the utility of secrecy change the incentive to invest, or not to invest, depending and deception. Although strategic defense investments are on the investment of others in security. Consequently, there assumed to be so large that they cannot effectively be hidden can be a perverse equilibrium in which no one invests in (the committee notes without irony that some current DHS protection, even though all would be better off if they had efforts can be profiled quickly on the World Wide Web and incurred this cost. This situation does not have the structure in the press, and in more detail via open academic literature), of a prisoner’s dilemma game, although it has some similari- the resulting mitigation capabilities are another thing. If the ties (Heal and Kunreuther, 2006). Appendix H develops a United States knows how well it can mitigate but the terror- more formal model of interdependencies for a two-person ist does not, the United States can use this to its advantage. game and illustrates situations in which there can be two 

IMPROVING HOMELAND SECURITY’S RISK ASSESSMENT AND ADDING RISK MANAGEMENT 57 equilibria—both individuals invest or neither of them takes including the adoption of security measures. For example, protective action. the National Association of Chemical Distributors has devel- To illustrate in the context of a real-world event, consider oped a code of responsible distribution, mandated third-party the destruction of Pan Am Flight 103 in 1988. In Malta, auditing of code compliance, and actually terminated mem- terrorists checked a bag containing a bomb on Malta Air- bership for noncompliance. Other chemical-infrastructure lines, which had minimal security procedures. The bag was industry organizations such as the American Chemistry transferred in Frankfurt, Germany, to a Pan American feeder Council, Synthetic Organic Chemical Manufacturers As- line and then loaded onto Pan Am Flight 103 in London’s sociation, American Petroleum Institute, and National Pet- Heathrow Airport. The transferred piece of luggage was not rochemical and Refiners Association can also play key roles inspected at either Frankfurt or London, the assumption in in this regard. each airport being that it was inspected at the point of origin. There may also be a role for governmental standards and The bomb was designed to explode above 28,000 feet, a regulations coupled with third-party inspections and insur- height normally first attained on this route over the Atlantic ance to enforce these measures. More specifically, third-party Ocean. Thus, failures in a peripheral part of the airline net- inspections coupled with insurance protection can encourage work, Malta, compromised the security of a flight leaving decentralized units in the supply chain to reduce their risks from a core hub, London. Terrorists may follow similar be- from accidents and disasters. Such a management-based havior with respect to a bioterrorist attack by finding a weak regulatory strategy shifts the focus of decision making from link in the system that could have severe direct and indirect the regulator to individual units that are now required to do consequences to a much wider population. their own planning to meet a set of standards or regulations. The behavior of terrorists is also affected by what their The combination of third-party inspections in conjunction adversaries will do. More specifically, terrorists may respond with private insurance is a powerful combination of two to security measures by shifting their attention to more vul- market mechanisms that can convince many units of the nerable targets. Keohane and Zeckhauser (2003), Sandler advantages of implementing security measures to make their (2005), and Bier et al. (2007) analyze the relationships operations more secure. As a result of these units taking ac- between the actions of potential victims and the behavior of tion, the remaining ones can be encouraged to comply with terrorists. Symmetrically, rather than investing in additional the regulations to avoid being caught and fined. This is a form security measures, firms may prefer to move their opera- of tipping behavior noted in Appendix H. In other words, tions from large cities to less populated areas to reduce the without some type of inspection, low-risk units that have likelihood of an attack. Of course, terrorists may then choose adopted risk-reducing measures cannot credibly distinguish these less protected regions as targets if there is heightened themselves from the high-risk ones. security in the urban areas. Terrorists also may change the With the delegation of part of the inspection process to nature of their attacks if there are protective measures in the private sector through insurance companies and certified place that would make the probability of success of the origi- third-party inspectors, a channel would exist through which nal option much lower than another course of action (e.g., the low-risk units could speak for themselves. If a unit chose switching from hijacking to bombing a plane). The impact of not to be inspected by certified third parties, it would more endogenous probabilities on the nature of the game-theoretic likely be perceived as high-risk rather than low-risk. If a unit equilibrium is discussed more fully in Appendix H and in did get inspected and received a seal of approval that it was Heal and Kunreuther (2006). protecting itself against catastrophic vulnerabilities, the unit would pay a lower insurance premium than that of a unit not undertaking these actions. In this way, the number of audits Risk Management Strategies needed would be reduced because units that had received The three models considered here all treat adversaries as seals of approval from private third-party inspectors would intelligent adversaries that seek to maximize their objectives. already be known. Some of the implications are that distributed networks of As observed in the safety arena with the National Trans- protection, across different agencies or airlines or firms, may portation Safety Board and the U.S. Chemical Safety and not lead to solutions that are as good as can be obtained with Hazard Investigation Board and in the security arena with leadership and central direction. the 9/11 Commission, an effective system will also indepen- For example, if different defender agents are reluctant to dently and publicly investigate when catastrophic failures oc- adopt protective measures to reduce the chances of losses cur. Investigations examine the root and contributing causes, from terrorism due to the possibility of contamination from including the sufficiency of policies, practices, and oversight weak links in the system, there may be a role for the private in the private and public domains. Such future investigations and public sectors to play in addressing this problem. A could possibly incorporate a “testing” of the model, or at a trade association can play a coordinating role by stipulating minimum provide data about interdependent security. that any member must follow certain rules and regulations, 

58 DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT THE EXISTING BTRA FRAMEWORK SHOULD NOT INTELLIGENT-ADVERSARY RISK BE USED FOR THE RISK ANALYSIS OF BIOLOGICAL, ANALYSIS TECHNIQUES CAN BE USED ON CHEMICAL, OR RADIOACTIVE THREATS RADIOACTIVE AND CHEMICAL THREATS AS WELL AS ON BIOLOGICAL THREATS National decision makers and DHS leaders will need to allocate scarce resources to prevent, prepare for, and respond Although the committee has recommended that in its to all types of terrorist attacks. Clearly there is a wide va- present form the BTRA of 2006 and 2008 not be extended to riety of potential terrorist attack alternatives (conventional, radioactive and chemical risk, it believes that the intelligent- biological, chemical, and radioactive). Each of these attack adversary modeling improvements recommended in this alternatives has different attack signatures, detection tech- report can be applied. Risk management strategies to protect nologies, and mitigation options. While biological agents the U.S. chemical infrastructure are discussed in detail in the can, perhaps, be usefully compared (e.g., by considering National Research Council report Terrorism and the Chemi- whether to invest in vaccines for some specific agent rather cal Infrastructure: Protecting People and Reducing Vulner- than others), there is no analogous comparison for non- abilities (NRC, 2006). Models for anticipating the actions biological agents. For nonbiological agents, the defense of of intelligent adversaries and for optimizing the allocation particular locations or facilities against attack and the prepa- of defensive resources can be extended across these areas ration of mitigation resources should such an attack occur because all involve similar problems of warning, response, assume a more important role than in the case of biological and recovery, and the consequences can be measured in attack, in which the biological agent used is a primary con- the same consequence units, for example, fatalities. The sideration. In principle, the committee believes that the most models suggested here can be applied using risk assessment simple, meaningful, and useful way to compare biological methods developed specifically for radioactive and chemi- agents (e.g., anthrax) to chemical agents (e.g., chlorine) and cal risks. Probabilities and consequences in the hypothetical radioactive threats (e.g., a dirty bomb) is by comparison of biological scenario used in this report with the probabilities the potential consequences given a terrorist attack and, when and consequences in radioactive and chemical scenarios can possible, the likelihood of an attack. then be compared. However, throughout this report the committee has noted These models can then be used to assess the risk reduction many weaknesses in risk analysis, modeling of intelligent (reduction in probability and/or reduction in consequences) agents, consequence assessment, and presentation of as- for the resources required for risk management options. Risk sessment results that it believes make the BTRA of 2006 management options can then be compared by comparing problematic even for assessing biological agents, let alone probability and consequence reduction in each of the three other classes of threats. Because of these weaknesses, the threat areas—biological, chemical, and radioactive. Many rankings produced by the BTRA of 2006 are likely to be risk management alternatives (e.g., vaccines for bioagents, biased or skewed by a magnitude that cannot be assessed. radiation sensors for nuclear threats, and chemical sensors Conventional peer review, or periodic reviews by an inde- for chemical threats) will only affect the primary threat area. pendent, senior technical advisory panel would almost surely In some cases—for example, recovery options and com- have revealed these BTRA problems earlier. The committee munication systems—risk management options may result believes that outside oversight will be crucial to correcting in consequence reductions in all threat areas. In other cases, these deficiencies. risk management options may only result in the adversary’s shifting or modifying the attack to achieve the same or simi- Recommendation: The BTRA should not be used as a ba- lar consequences. sis for decision making until the deficiencies noted in this Achieving this integrated risk assessment and risk man- report have been addressed and corrected. DHS should agement capability is critical in order for risk-informed deci- engage an independent, senior technical advisory panel sions to achieve this nation’s national security objectives of to oversee this task. In its current form, the BTRA should reducing the threat of weapons of mass destruction. not be used to assess the risk of biological, chemical, or radioactive threats. REFERENCES Bier, V., S. Oliveros, and L. Samuelson. 2007. “Choosing What to Protect: Strategic Defense Allocation Against an Unknown Attacker.” Journal of Public Economic Theory 9(4):563-587. FAS (Federation of American Scientists). 2007. “Al Qaeda Training   The committee uses the term “radioactive” to include both “radiologi- Manual.” Available at www.fas.org/irp/world/para/aqmanual.pdf. Ac- cal” (i.e., involving radioactive decay such as in a dirty bomb) and “nuclear” cessed August 23, 2007. (i.e., involving complete fission as in an atomic bomb). Although these two Golany, B., E.H. Kaplan, A. Marmur, and U.G. Rothblum. 2007. “Nature threats are not identical, the committee believes that its recommendations Plays with Dice—Terrorists Do Not: Allocating Resources to Counter and suggestions concerning the BTRA methodology used to evaluate the Strategic Versus Probabilistic Risks.” European Journal of Operational risk of these threats apply to either. Research. In press. 

IMPROVING HOMELAND SECURITY’S RISK ASSESSMENT AND ADDING RISK MANAGEMENT 59 Heal, G., and H. Kunreuther. 2006. “You Can Only Die Once: Interde- of Science and Technology for Homeland Security. John G. Voeller pendent Security in an Uncertain World.” In The Economic Impacts (ed.). Forthcoming. of Terrorist Attacks, H.W. Richardson, P. Gordon, and J.E. Moore III Reichart, J.F. 1998. “Adversarial Use of Chemical and Biological Weap- (eds.). Northampton, Mass.: Edward Elgar. ons.” Joint Forces Quarterly 18(Spring):130-133. Available at www. Keohane, N., and R. Zeckhauser. 2003. “The Ecology of Terror Defense.” fax.org/irp/threat/cbw/2218.pdf. Accessed October 23, 2007. Journal of Risk and Uncertainty 26(2-3):201-229. Sandler, T. 2005. “Collective Action and Transnational Terrorism.” The NRC (National Research Council). 2006. Terrorism and the Chemical Infra- World Economy 26 (6):779-802. structure: Protecting People and Reducing Vulnerabilities. Washington, The White House. 2004. Homeland Security Presidential Directive 10 D.C.: The National Academies Press. [HSPD-10]: Biodefense for the 21st Century. Available at www.fas. Parnell, G.S. 2008. “Multi-objective Decision Analysis.” Wiley Handbook org/irp/offdocs/nspd/hspd-10.html. Accessed January 16, 2008.