The National Academies Press

Currently Skimming:

Interim Report
Pages 4-13

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 4... ... Second, the United States requires a periodic senior-level policy net assessment that evaluates progress in implementing this policy, identifies continuing gaps or vulnerabilities in our biodefense posture, and makes recommendations for re balancing and refining investments among the pillars of our overall biodefense policy. The Department of Homeland Security, in coordination with other appropriate Federal departments and agencies, will be responsible for conducting these assessments.2 The first Department of Homeland Security bioterrorism risk assessment was completed on January 31, 2006, and the report documenting the analysis was published on October 1, 2006.3 This assessment and report implemented the requirement of the National Strategy for Homeland Security,4 issued in July 2002 by the Office of Homeland Security, and of HSPD10 for DHS to assess the biological weapons threat in coordination with other appropriate federal departments and agencies. Read the entire page →
From page 5... ... The committee's charge for its final report is as follows: � Recommend how the methodology can incorporate changing probability distributions that reflect how various actors (e.g., terrorists, first responders, public health community) adjust their choices over time or in different contexts; � Recommend further improvements to the consequence analysis component of the methodology, including its models of economic effects; � Identify any emerging methods for handling large degrees of uncertainty (e.g., fuzzy logic, possibility analysis) Read the entire page →
From page 6... ... Risk perception can be influenced by personal knowledge, experience, and beliefs; it can be affected by changing perceptions of the threat, the vulnerabilities, and/or the consequences; it may be influenced by information about hazards, risk assessments, risk policies, and risk management decisions. � Risk communication -- the process used by risk analysts, decision makers, policy makers, and intelligent adversaries to provide data, information, and knowledge to change the risk perceptions of individuals and organizations and enable them to assess the risk differently than they otherwise might. Read the entire page →
From page 7... ... RECOMMENDATIONS For the most part, the analysis described in the previous section follows approaches considered technically sound and useful in other areas of risk analysis such as nuclear reactor safety and chemical safety. In validation of risk, PRA avoids many of the practical problems and difficulties that arise from other alternative methods such as fuzzy logic, the analytic hierarchy process, or worst-case analysis (Banks and Anderson, 2006; Laviolette et al., 1995) Read the entire page →
From page 8... ... However, it seems logical that the DHS vision for risk analysis should be broad enough to include risks posed by other significant future biological threats. Traditional bioagents are "naturally occurring microorganisms or toxin products with the potential to be weaponized and disseminated to cause mass casualties.".9 Testing the methodology by using existing biological agent threat lists, as has been done to date, is a prudent and logical way to start, given the very large number of pathogens that could possibly be used as weapons. Read the entire page →
From page 9... ... The committee believes that the DHS PRA tree is reasonably complete, although DHS should examine this further in light of the expectation that adversaries will adapt to any defensive decisions made by the United States. A small number of wellchosen red teams (i.e., individuals including both technologists and those with experience in targeting and strategy, whose purpose is to simulate adversarial decision making) Read the entire page →
From page 10... ... must also be included to avoid underestimating true financial consequences. If these indirect costs are large, it may be necessary to evaluate their impact, taking into account risk aversion and/or loss aversion.12 Evaluation of these costs will require that DHS more carefully consider its consequence measures and modeling, which should be augmented to include indirect economic effects. Read the entire page →
From page 11... ... It is unclear to the committee how the current PRA approach supports DHS's design and evaluation of alternative risk management strategies. The computational engine does not permit, let alone encourage, risk managers to explore scenarios of "if resource allocation, then probable consequence." DHS needs to determine how alternative risk management strategies, involving specific resource investments in attack prevention, consequence mitigation, or other forms of protection, translate to changes in the overall level of risk. Read the entire page →
From page 12... ... � DHS's current plans for the incorporation of second-order indirect economic effects into its methodology are appropriate, as long as the model's level of granularity is carefully considered. � High degrees of uncertainty can be addressed by the incorporation of red teaming, attack preference models, attack-tree models, and game-theoretic analyses. Read the entire page →
From page 13... ... 1986. "Reliability and Fault Tree Analysis Using Expert Opinions." Journal of the American Statistical Association 81: 87-90. Read the entire page →

From page 4...

... Second, the United States requires a periodic senior-level policy net assessment that evaluates progress in implementing this policy, identifies continuing gaps or vulnerabilities in our biodefense posture, and makes recommendations for re balancing and refining investments among the pillars of our overall biodefense policy. The Department of Homeland Security, in coordination with other appropriate Federal departments and agencies, will be responsible for conducting these assessments.2 The first Department of Homeland Security bioterrorism risk assessment was completed on January 31, 2006, and the report documenting the analysis was published on October 1, 2006.3 This assessment and report implemented the requirement of the National Strategy for Homeland Security,4 issued in July 2002 by the Office of Homeland Security, and of HSPD10 for DHS to assess the biological weapons threat in coordination with other appropriate federal departments and agencies.

Read the entire page →

From page 5...

... The committee's charge for its final report is as follows: � Recommend how the methodology can incorporate changing probability distributions that reflect how various actors (e.g., terrorists, first responders, public health community) adjust their choices over time or in different contexts; � Recommend further improvements to the consequence analysis component of the methodology, including its models of economic effects; � Identify any emerging methods for handling large degrees of uncertainty (e.g., fuzzy logic, possibility analysis)

Read the entire page →

From page 6...

... Risk perception can be influenced by personal knowledge, experience, and beliefs; it can be affected by changing perceptions of the threat, the vulnerabilities, and/or the consequences; it may be influenced by information about hazards, risk assessments, risk policies, and risk management decisions. � Risk communication -- the process used by risk analysts, decision makers, policy makers, and intelligent adversaries to provide data, information, and knowledge to change the risk perceptions of individuals and organizations and enable them to assess the risk differently than they otherwise might.

Read the entire page →

From page 7...

... RECOMMENDATIONS For the most part, the analysis described in the previous section follows approaches considered technically sound and useful in other areas of risk analysis such as nuclear reactor safety and chemical safety. In validation of risk, PRA avoids many of the practical problems and difficulties that arise from other alternative methods such as fuzzy logic, the analytic hierarchy process, or worst-case analysis (Banks and Anderson, 2006; Laviolette et al., 1995)

Read the entire page →

From page 8...

... However, it seems logical that the DHS vision for risk analysis should be broad enough to include risks posed by other significant future biological threats. Traditional bioagents are "naturally occurring microorganisms or toxin products with the potential to be weaponized and disseminated to cause mass casualties.".9 Testing the methodology by using existing biological agent threat lists, as has been done to date, is a prudent and logical way to start, given the very large number of pathogens that could possibly be used as weapons.

Read the entire page →

From page 9...

... The committee believes that the DHS PRA tree is reasonably complete, although DHS should examine this further in light of the expectation that adversaries will adapt to any defensive decisions made by the United States. A small number of wellchosen red teams (i.e., individuals including both technologists and those with experience in targeting and strategy, whose purpose is to simulate adversarial decision making)

Read the entire page →

From page 10...

... must also be included to avoid underestimating true financial consequences. If these indirect costs are large, it may be necessary to evaluate their impact, taking into account risk aversion and/or loss aversion.12 Evaluation of these costs will require that DHS more carefully consider its consequence measures and modeling, which should be augmented to include indirect economic effects.

Read the entire page →

From page 11...

... It is unclear to the committee how the current PRA approach supports DHS's design and evaluation of alternative risk management strategies. The computational engine does not permit, let alone encourage, risk managers to explore scenarios of "if resource allocation, then probable consequence." DHS needs to determine how alternative risk management strategies, involving specific resource investments in attack prevention, consequence mitigation, or other forms of protection, translate to changes in the overall level of risk.

Read the entire page →

From page 12...

... � DHS's current plans for the incorporation of second-order indirect economic effects into its methodology are appropriate, as long as the model's level of granularity is carefully considered. � High degrees of uncertainty can be addressed by the incorporation of red teaming, attack preference models, attack-tree models, and game-theoretic analyses.

Read the entire page →

From page 13...

... 1986. "Reliability and Fault Tree Analysis Using Expert Opinions." Journal of the American Statistical Association 81: 87-90.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Interim Report Pages 4-13

Interim Report
Pages 4-13