Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page R1
Review of the Department of Homeland Security’s Approach to Risk Analysis Review of the Department of Homeland Security’s Approach to RISK ANALYSIS Committee to Review the Department of Homeland Security’s Approach to Risk Analysis NATIONAL RESEARCH COUNCIL OF THE NATIONAL ACADEMIES THE NATIONAL ACADEMIES PRESS Washington, D.C. www.nap.edu
OCR for page R2
Review of the Department of Homeland Security’s Approach to Risk Analysis THE NATIONAL ACADEMIES PRESS 500 Fifth Street, N.W. Washington, DC 20001 NOTICE: The project that is the subject of this report was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance. Support for this project was provided by the Department of Homeland Security under sponsor award HSHQDC-08-C-00090. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of the organizations or agencies that provided support for the project. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies, either expressed or implied, of the U.S. government. International Standard Book Number—13: 978-0-309-15924-1 International Standard Book Number—10: 0-309-15924-5 Additional copies of this report are available from the National Academies Press, 500 Fifth Street, N.W., Lockbox 285, Washington, DC 20055; (800) 624-6242 or (202) 334-3313 (in the Washington metropolitan area); Internet, http://www.nap.edu. Copyright 2010 by the National Academy of Sciences. All rights reserved. Printed in the United States of America.
OCR for page R3
Review of the Department of Homeland Security’s Approach to Risk Analysis THE NATIONAL ACADEMIES Advisers to the Nation on Science, Engineering, and Medicine The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences. The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its members, sharing with the National Academy of Sciences the responsibility for advising the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievement of engineers. Dr. Charles M. Vest is president of the National Academy of Engineering. The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine. The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Charles M. Vest are chair and vice-chair, respectively, of the National Research Council. www.national-academies.org
OCR for page R4
Review of the Department of Homeland Security’s Approach to Risk Analysis This page intentionally left blank.
OCR for page R5
Review of the Department of Homeland Security’s Approach to Risk Analysis Committee to Review the Department of Homeland Security’s Approach to Risk Analysis John F. Ahearne, Chair, Sigma Xi (Executive Director Emeritus), Research Triangle Park, North Carolina, and Duke University, Durham, North Carolina Gregory B. Baecher, University of Maryland, College Park Vicki M. Bier, University of Wisconsin, Madison1 Robin Cantor, Exponent, Inc., Alexandria, Virginia Timothy Cohn, U.S. Geological Survey, Reston, Virginia Debra Elkins, Allstate Insurance Company, Northbrook, Illinois2 Ernest R. Frazier, Sr., Countermeasures Assessment and Security Experts, Middletown, Delaware Katherine Hall, BAE Systems, McLean, Virginia Roger E. Kasperson, Clark University (Emeritus), Worcester, Massachusetts Donald Prosnitz, Consultant, Walnut Creek, California Joseph V. Rodricks, ENVIRON, Arlington, Virginia Monica Schoch-Spana, University of Pittsburgh Medical Center, Baltimore, Maryland Mitchell J. Small, Carnegie Mellon University, Pittsburgh, Pennsylvania Ellis M. Stanley, Sr., Dewberry, Los Angeles, California NRC Staff Stephen D. Parker, Study Director Scott T. Weidman, Deputy Study Director Stephan A. Parker, Scholar Associate Glenn E. Schweitzer, Scholar Associate Ellen A. de Guzman, Research Associate Stephen Russell, Senior Program Assistant 1 Dr. Bier resigned from the committee on July 1, 2009, when she began to perform research supported by the Department of Homeland Security (DHS). 2 Dr. Elkins resigned from the committee on December 7, 2009 to avoid a potential conflict of interest. She took a position with DHS’s Office of Risk Management and Analysis on February 1, 2010.
OCR for page R6
Review of the Department of Homeland Security’s Approach to Risk Analysis This page intentionally left blank.
OCR for page R7
Review of the Department of Homeland Security’s Approach to Risk Analysis Preface The events of September 11, 2001, changed perceptions, rearranged national priorities, and produced significant new government entities, most notably the U.S. Department of Homeland Security (DHS). Whereas the principal mission of DHS is to lead national efforts to secure the nation against those forces that wish to do harm, the department also has responsibilities in regard to preparation for and response to other hazards and disasters, such as floods, earthquakes, and other “natural” disasters. Created in 2003, DHS is large and complex, with 22 “components,” some of which were well established prior to the department’s creation and others that were new creations along with the department. Across the department, whether in the context of preparedness, response, or recovery from terrorism, illegal entry to the country, or natural disasters, both the previous and the current DHS Secretaries have stated a commitment to processes and methods that feature risk assessment as a critical component for making better-informed decisions. The difficulties in developing a risk-based framework and activities for decisions across DHS are daunting, largely due to the great uncertainties in understanding the suite of threats. In concept, however, risk assessment is believed to provide a good opportunity for sound analysis and consistent decision support. Against this backdrop, the U.S. Congress asked the National Research Council (NRC) of the National Academies to review and assess the activities of DHS related to risk analysis (P.L. 110-161, Consolidated Appropriations Act of 2008). Subsequently, a contract featuring the Statement of Task shown in Boxes S-1 and 1-1 was agreed upon by the National Academies and DHS officials to support this study. Our committee was appointed in October 2008 to carry out the study. The committee was a multidisciplinary group with technical, public policy, and social science expertise and experience concerning the areas of DHS’s responsibilities. During a 15-month study period, our full committee met 5 times and subgroups of the committee met another 11 times with DHS officials and representatives of a variety of organizations to gather information. (See Appendix C for a chronology of our meetings and visits and Appendix D for a list of individuals who contributed information and perspectives to our efforts.) At most of our meetings we received briefings from numerous DHS officials on various aspects of our charge. The task of reviewing a large set of continually evolving activities across an organization as large and diverse as DHS presented difficulties for the committee. Although DHS is responsible for all aspects of homeland security, which
OCR for page R8
Review of the Department of Homeland Security’s Approach to Risk Analysis includes planning for and responding to natural disasters such as hurricanes, the report is weighted toward terrorism because that is where DHS efforts are weighted. Throughout, however, the committee was mindful of its chief objective: to help DHS by critiquing and providing advice on improving the risk-informed basis for decision making across the department. We began with a good appreciation for the difficulty of the task and that appreciation only grew as we learned more about relevant activities and their inherent challenges. We hope that this report is helpful to DHS as it proceeds with implementation of its plans. This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the NRC’s Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the NRC in making its published report as sound as possible and will ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report: John T. Christian, consulting engineer; Jared L. Cohon, Carnegie Mellon University; William H. Hooke, American Meteorological Society; Howard Kunreuther, Wharton Risk Management Center; Linda Landesman, New York City Health and Hospitals Corporation; Stephen M. Robinson, University of Wisconsin-Madison; Kathleen J. Tierney, University of Colorado at Boulder; Detlof von Winterfeldt, International Institute for Applied Systems Analysis; and Henry H. Willis, RAND Corporation. Although the reviewers listed above provided many constructive comments and suggestions, they were not asked to endorse the conclusions or recommendations, nor did they see the final draft of the report before its release. The review of this report was overseen by Patrick Atkins, Pegasus Capital Investors (Retired) and Lynn R. Goldman, Johns Hopkins University. Appointed by the NRC, they were responsible for making certain that an independent examination of the report was carried out in accordance with institutional procedures and that all review comments were considered carefully. Responsibility for the final content of this report rests entirely with the authoring committee and the institution. Finally, I want to acknowledge and thank the committee members for their conscientious work, the help of DHS staff, and the dedicated work of the Academies staff. John F. Ahearne, Chair
OCR for page R9
Review of the Department of Homeland Security’s Approach to Risk Analysis Contents ACRONYMS SUMMARY 1 1 INTRODUCTION 15 The Decision-Making Context for this Study 16 Risk Models and Methods Examined in Detail to Carry Out This Study 18 How the Study Was Conducted 20 Structure of This Report 21 2 OVERVIEW OF RISK ANALYSIS AT DHS 22 Introduction 22 The Decision Context at DHS 23 Review of Current Practices of Risk Analysis Within DHS 30 Concluding Observation 42 3 CHALLENGES TO RISK ANALYSIS FOR HOMELAND SECURITY 44 Comparison of Risk Assessment of Natural Hazards and of Terrorism 44 Risk Analysis for Counterterrorism Is Inherently More Difficult Than Risk Analysis for Natural Hazards 46 4 EVALUATION OF DHS RISK ANALYSIS 52 Detailed Evaluation of the Six Illustrative Risk Models Examined in This Study 53 A Number of Aspects of DHS Risk Analysis Need Attention 80 5 THE PATH FORWARD 88 Build a Strong Risk Capability and Expertise at DHS 88 Incorporate the Risk = f(T,V,C) Framework, Fully Appreciating the Complexity Involved with Each Term in the Case of Terrorism 93
OCR for page R10
Review of the Department of Homeland Security’s Approach to Risk Analysis Develop a Strong Social Science Capability and Incorporate the Results Fully in Risk Analyses and Risk Management Practices 100 Build a Strong Risk Culture at DHS 106 Adopt Strong Scientific Practices and Procedures, Such as Careful Documentation, Transparency, and Independent Outside Peer Review 109 REFERENCES 115 APPENDIXES A Characterization of Uncertainty 127 B Evolution of Risk Analysis at EPA 133 C List of Committee Meetings and Site Visits 139 D Presenters and Resource Persons at the Committee’s Information-Gathering Meetings 141 E Committee Biographical Information 143
OCR for page R11
Review of the Department of Homeland Security’s Approach to Risk Analysis Acronyms AEP Annual Exceedance Probability BARDA Biomedical Advanced Research and Development Authority BTRA Biological Threat Risk Assessment C2C Cost-to-Capability CAF Critical Asset Factors CBP U.S. Customs and Border Protection CBRN Chemical, Biological, Radiological, Nuclear CFATS Chemical Facility Anti-Terrorism Standards CIKR Critical Infrastructure and Key Resources CITA Critical Infrastructure Threat Assessment Division (DHS) CREATE Center for Risk and Economic Analysis of Terrorism Events CREM Council for Regulatory Environmental Modeling (EPA) CTRA Chemical Terrorism Risk Assessment DHHS Department of Health and Human Services DHS Department of Homeland Security DOJ Department of Justice DoD Department of Defense EPA Environmental Protection Agency ERM Enterprise Risk Management EVPI Expected Value of Perfect Information EVPIX Expected Value of Perfect Information About X EVSI Expected Value of Sample Information GAO Government Accountability Office FEMA Federal Emergency Management Agency HITRAC Homeland Infrastructure Threat and Risk Analysis Center HPS Hurricane Protection System HSGP Homeland Security Grant Program HSPD Homeland Security Presidential Directive I&A Office of Intelligence & Analysis (DHS) IP Office of Infrastructure Protection (DHS) iCBRN Integrated Chemical, Biological, Radiological, Nuclear ICE Immigration and Customs Enforcement (DHS) IECGP Interoperable Emergency Communications Grant Program IRMF Integrated Risk Management Framework IT Information Technology IVA Infrastructure Vulnerability Assessment
OCR for page R12
Review of the Department of Homeland Security’s Approach to Risk Analysis MKB Models Knowledge Base MSRAM Maritime Security Risk Analysis Model NFIP National Flood Insurance Program NIPP National Infrastructure Protection Plan NISAC National Infrastructure Simulation and Analysis Center NMSRA National Maritime Strategic Risk Assessment NRC National Research Council OMB Office of Management and Budget PANYNJ Port Authority of New York and New Jersey PMI Protective Measure Index PPBE Planning, Programming, Budgeting, and Execution PRA Probabilistic Risk Analysis PSA Protective Security Advisor PSGP Port Security Grant Program QRA Quantitative Risk Analysis RAMCAP Risk Analysis and Management for Critical Asset Protection RAPID Risk Analysis Process for Informed Decision Making RFI Request for Information RMA Office of Risk Management and Analysis RMAP Risk Management Analysis Process RMAT Risk Management Analysis Tool RMS Risk Management Solutions RRAP Regional Resiliency Assessment Project RSC Risk Steering Committee (DHS) S&T Science and Technology Directorate (DHS) SHIRA Strategic Homeland Infrastructure Risk Assessment SHSP State Homeland Security Program SME Subject Matter Expert SSP Site Security Plan START Study of Terrorism and Responses to Terrorism SVA Security Vulnerability Assessment TCL Target Capabilities List TRAM Terrorism Risk Assessment and Management TSA Transportation Security Administration TSGP Transit Security Grant Program TVC Threat-Vulnerability-Consequences UASI Urban Areas Security Initiative USCG U.S. Coast Guard USGS U.S. Geological Survey VOI Value of Information WMD Weapons of Mass Destruction