Cover Image

Not for Sale

View/Hide Left Panel
Click for next page ( 10

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 9
10 CAPTA Final Report expose or exploit different vulnerabilities. Note that an asset may be susceptible to hazards or threats that may increase its vulnerability, such as having publicly accessible information (e.g., drawings, schedules, secure areas) that could assist a terrorist in planning and executing a successful attack. Risk is a function of likelihood (hazard or threat plus vulnerability) and consequences of an adverse event affecting an asset and related stakeholders. It is represented in the following function: Risk = f (T , C , V ) Where: Risk = the quantitative or qualitative expression of possible loss that considers both the prob- ability that a hazard or threat will cause harm and the consequences of that event. T = hazard or threat in terms of likelihood or probability of occurrence of a specific hazard or threat, characterized by relevant dimensions (e.g., magnitude, strength). C = a measure of the consequences of damage, destruction, or other functional losses to a critical asset resulting from a natural or unintentional event or deliberate attack. V = a measure of relative susceptibility to the consequences of a hazard or threat. The specific quantitative relationship among the variables in the risk equation depends on how the factors are developed and expressed. Consequences and vulnerability of assets can be judged on a relative scale with upper and lower bounds or through analytical models that assess asset criticality in terms of potential casualties, economic impacts, or physical or operational vul- nerabilities; the probability of a terrorist attack is difficult to estimate in more than qualitative terms and may change over time based on changes in the intent and capability of the attacker and the political/cultural context that may make a particular asset more or less attractive to the terrorists at different points in time. As discussed below, the CAPTA methodology simply asks users to identify hazards and threats of greatest concern and does not require an estimate of like- lihood. Consequently, it does not attempt to provide a formal expression of "risk" as described in the risk equation shown above. Conversely, the CAPTA methodology assumes that the user is sufficiently knowledgeable of the potential hazards and threats to make an informed decision regarding which should be included in the analysis. Many of the approaches that emerged following the attacks of September 11, 2001, on the World Trade Center and the Pentagon attempted to apply risk assessment models that require estimates of likelihood and severity for threats and hazards of interest. These approaches gener- ally used subjective estimates of the threat likelihood or of the factors that contribute to likeli- hood (e.g., target value, threat capability, probability of detection) to determine a probability of successful attack (PSA). After reviewing these methods, the project team concluded that the level of uncertainty in these estimates is so great as to cause the team to question their utility in resource allocation, especially when specialized threat expertise is unavailable and the nature of the threat is likely to change in response to changes in the local, national, or global context. Countermeasures programs reduce risk by reducing the likelihood of or vulnerability to an attack or by reducing the consequences associated with a hazard or intentional attack that exploits these vulnerabilities. Risk Management Taxonomy The taxonomy of risks to multimodal transportation systems in terms of threats and hazards, shown in Figure 2, aids in understanding the nature of hazards (that may be natural and/or unin- tentional) or threats (that are intentional), their extent, and the potential strategies for managing

OCR for page 9
Project Rationale and Approach 11 Figure 2. Taxonomy of threats and hazards for multi-modal transportation systems. risks or mitigating consequences. The taxonomy suggests that while any of the three types of events of interest can result in highly undesirable consequences, their mitigation is not identical. Risk management for natural events relies upon historical data. These sources include meteo- rological and seismic readings, which provide sufficient evidence of the frequency and severity of events over multiple decades. Historical data also allow a reasonable understanding of the potential consequences to transportation assets and activities. Because the frequency and severity of natural events is, for the most part, uncontrollable, risk management strategies involve Design decisions that avoid such events or endure their effects (including where facilities are located); Response preparation (i.e., planning, equipping, training, and exercising); Monitoring both trends and rapidly evolving circumstances (e.g., weather patterns, seismic activity); Warning; Evacuation; and Recovery. Unintentional events lead to significant adverse consequences. There are actuarial data regard- ing the frequency, nature, and other characteristics of these events from which countermeasures can and have been developed. Approaches to mitigating the consequences include reducing the frequency, the consequence, or both through re-design, more effective regulation and enforce- ment, and safer operations. Operational measures include better training and more robust response preparation and recovery implementation. Intentional events such as attacks and crime involve a threat that actively responds to risk man- agement strategies and countermeasure implementation. Active threats are constantly seeking to increase the probability that their attack is successful. Risk management for intentional events draws upon many of the approaches used in the other two types of events, enhanced by intelligence gathering, operational security, and a well-planned and -executed response. The response, includ- ing both rescue and law enforcement, needs to take into account the possibility of secondary attacks on response forces or elsewhere while first responders are diverted.