No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Critical Asset and Portfolio Risk Analysis for Homeland Security
... The DHS risk formulation applies a threat-driven approach supported by decades of experience in safety and reliability engineering that uses logic trees, influence diagrams, causal loop diagrams and other such methods to model human-initiated events [4]. According to McGill [11], "threat-driven approaches are appropriate for studying initiating events that are well understood and whose rate of occurrence can be reliably predicted from historical data; however, they ultimately fail to consider emerging or unrecognized threats devised by an innovative adversary." In the insurance community and the financial sector, risk assessments benefit from rich, voluminous data sets that can be mined for historical behavior patterns. ...
... Moreover, Y, N and U stand for yes, no and unknown, respectively. Unlike threat-driven risk methodologies, an asset-driven approach estimates the consequences and probability of adversary success for an exhaustive set of plausible initiating events without regard to their probability of occurrence [11]. The main criticism of the asset-driven approach is that it is an "impact analysis," not a "risk analysis" [6]. ...
... For the purpose of guiding strategic decisions, risk formulation must also be comprehensive in scope. Indeed, N U U U CAPRA [11] N N N N CARVER2 [6,15] Y Y N Y CIMS [6,15] U Y N U CIPDSS [6,15] N U N Y CIPMA [6,15] Y U N U CommAspen [6,15] Y N N U COUNTERACT [6] N U U U DECRIS [6] N Y N U EURACOM [6] U U N U FAIT [6,15] Y U N U MDM [6] U N U U MIN [6,15] Y N N U N-ABLE [6,15] Y N U U NEMO [6,15] Y U U U NSRAM [6,15] N U U U RAMCAP-Plus [6] N Y U U RMCIS [6] N N/U N U DHS RMF [3] N N N N RVA [6] N U N U SRAM [6] N N U U Water and Wastewater Systems i n t e r n a t i o n a l j o u r n a l o f c r i t i c a l i n f r a s t r u c t u r e p r o t e c t i o n 7 ( 2 0 1 4 ) 1 6 7 -1 7 7 according to the National Research Council report [14], "vulnerability is much more than physical security; it is a complete systems process consisting at least of exposure, coping capability, and longer term accommodation or adaptation." In other words, risk formulation should address all phases of a disaster, currently identified by the Federal Emergency Management Agency [9] as prevent, protect, mitigate, respond and recover. ...
This paper describes an asset vulnerability model decision support tool (AVM-DST) that is designed to guide strategic investments in critical infrastructure protection. AVM-DST is predicated on previous research on an alternative risk methodology for assessing the current infrastructure protection status, evaluating future protective improvement measures and justifying national investments. AVM-DST is a web-based application that works within the U.S. Department of Homeland Security Risk Management Framework and enables decision makers to view infrastructure assets risk profiles that highlight various features of interest, select protective improvement measures within a given budget based on defined investment strategies or other criteria, and evaluate protective purchases against varying probabilities of attack over a given period of time. In addition to reviewing the concepts and formulations underlying the application, this paper describes the AVM-DST capabilities, functions, features, architecture and performance. © IFIP International Federation for Information Processing 2014.
... The first several result pages were reviewed and many of them were deemed out of scope for this project due to considering only one risk, such as [13][14][15][16], or based on proving a theory, such as [17]. Several related papers were found, such as [18][19][20][21], that provided insightful information. Kappes et al. [18] provides insight into the challenges of analyzing multi-hazard risks. ...
... Owolabi and Sajjad [19] performed a systematic review on multihazard risk assessments and found that most multi-hazard risk assessment work involved landslides. Ayyub et al. [20] provide the most useful information, since it presented a mathematical framework for an all-hazards risk analysis, which included benefit-cost analysis. Liu et al. [21] provided a three-step process to calculate risk caused by natural and technological hazards. ...
The paper describes our project to develop, verify, and deploy an All-Hazards Return of Investment (ROI) model for the U. S. Army Engineer Research and Development Center (ERDC) to provide army installations with a decision support tool for evaluating strategies to make existing installation facilities more resilient. The need for increased resilience to extreme weather caused by climate change was required by U.S. code and DoD guidance, as well as an army strategic plan that stipulated an ROI model to evaluate relevant resilient strategies. During the project, the ERDC integrated the University of Arkansas designed model into a new army installation planning tool and expanded the scope to evaluate resilient options from climate to all hazards. Our methodology included research on policy, data sources, resilient options, and analytical techniques, along with stakeholder interviews and weekly meetings with installation planning tool developers. The ROI model uses standard risk analysis and engineering economics terms and analyzes potential installation hazards and resilient strategies using data in the installation planning tool. The ROI model calculates the expected net present cost without the resilient strategy, the expected net present cost with the resilient strategy, and ROI for each resilient strategy. The minimum viable product ROI model was formulated mathematically, coded in Python, verified using hazard scenarios, and provided to the ERDC for implementation.
... Après l'industrie nucléaire, d'autres industries à risque commencent à adapter ce concept à leurs besoins spécifiques. Elles comprennent l'industrie pétrochimique, l'industrie spatiale, le transport en général, l'énergie d' hydrogène, les problèmes de sécurité, la production et distribution d'énergie, la protection de l'environnement, la sécurité des barrages hydroélectriques, etc. Aven and Vinnem, 2007;ASME, 2009;AIChE, 2013;FERC, 2018;Gharabagh, Asilian, Mortasavi, Mogaddam, Hajizadeh et Khavanin, 2009;Anderson et Mostue, 2012;Papazoglou, Nivolianitou, Anezaris, Christou et Bonanos, 1999;Rahmawati, Whitskon, Foss et Kuntadi, 2012;Suedel, Kin, Clarke et Linkov, 2008 ;U.S. Bureau of Reclamation, 2013 ;Paté-Comell et Dillon, 2001 ;Nordgard, 2012;NASA, 2010, 20 Il ;F AA, 2009;Podofillini, Zio et Vatn, 2006;Kazantzi, Kazantzis et Gerogiannis, 2011 ;Psarros, Skjong et Vanem, 2011 ;Ballis et Dirnitriou, 2010;LaChance, 2009;LaChance, Tchouvelev et Ohi, 2009;McGill, 2008;Willis, 2007;Garrick, Hall, Kilger, McDonald, O' Toole, Probst, Parker, Rosenthal, Trivelpiece, Van Arsdale et Zebroski, 2004;Patterson et Apostolakis, 2007). ...
Modern companies are complex organizations as per their organizational, management and operational structure. They also operate in a complex business and operational environment facing significant uncertainties related to natural, technical, technological, market, organizational, economic, financial, political, etc. influential factors affecting their business, management and operations. The complex business and operational environment also generates new types of risks that were relatively unknown just a few decades ago (e.g. cyber security) and creates favorable conditions for the emerging of extreme and rare events that may seriously disrupt the short and long-term performance of enterprises. Current practices and analyses generally neglect taking into account those risks. Advice and input from technical experts, strategic planners or knowledgeable managers may be insufficient or too narrowly focused to adequately manage the complexity of the systems and structures in a constantly changing and barely predictable environment. It is generally due to a lack of knowledge regarding the type and range of uncertainties, the nature of interconnections, the level of complexity, as well as our low ability to predict future events.
Globalization and strong competition are part of a typical contemporary operational and business environment. The ability of enterprises to create and implement innovative concepts is decisive to meet the demands regarding competitiveness, and to ensure their sustainable operations and further development. During the last two decades, Asset Management (AsM) has become prevalent approach among successful organizations as an effective concept allowing delivering value from assets and ensuring the sustainability of the business and its operations.
The decision-making is essential in AsM. It is influenced by various factors (strategic, technical/technological, economic, organizational, regulatory/legal, safety, markets, competition, etc.). A sound decision-making ought to take into account relevant factors for balancing risks, opportunities, performance, costs, and benefits.
Despite recent progress in better understanding challenges and developing new modeling approaches, asset management programs have not always been successful in avoiding costly losses or even bankruptcies of organizations caused by various economic or non-technical factors discussed above that have not been either understood or adequately considered and addressed in the decision-making process. Practice also shows that inadequate definition of roles and responsibilities and lack of communication also contribute to the inefficiency of the AsM and its decision-making process.
The goal of this thesis is to develop an integral asset management decision-making methodology taking into account the complexity of the business and operational environment.
A holistic three-step Risk-Informed Decision-Making (RIDM) methodology tailored for AsM considering it as a Complex Adaptive System of Systems (CASoS) has been developed in this research work. The research has also developed the method regarding the integration of risks of extreme and rare events into the RIDM through the application of the complexity science and the extreme value theory.
The methodology is successfully applied and validated in the case of three industries: mining, nuclear and electrical utilities. It demonstrates its potential of a large application across various industries through a further development.
Keywords: Asset Management, Complex Adaptive System of Systems (CASoS), Uncertainties, Risk-Informed Decision-Making (RIDM), Risks of Extreme and Rare Events, Risk Analysis, Resilience.
... A 2001 study indicated that 80 percent of risk assessment models are of the event-or threatdriven variety. 22 Threat-driven approaches are supported by decades of experience in safety and reliability engineering using logic trees, influence diagrams, causal loop diagrams, and other methods to model human-initiated events. 23 According to McGill, "threat-driven approaches are appropriate for studying initiating events that are well understood and whose rate of occurrence can be reliably predicted from historical data; however, they ultimately fail to consider emerging or unrecognized threats devised by an innovative adversary…." ...
The 2013 National Infrastructure Protection Plan represents the latest attempt to rectify a faltering program that has suffered from the absence of a viable risk measure. This article introduces an Asset Vulnerability Model (AVM) to overcome recognized challenges and provide strategic direction in the form of (1) baseline analysis, (2) cost-benefit analysis, and (3) decision support tools. AVM is predicated on ?, an attacker's probability of failure based on research in game theory. The ? risk formulation provides a unifying structure within the Department of Homeland Security by combining elements from the Risk Management Framework and National Preparedness System. But critical infrastructure is not the only means of domestic catastrophic attack. Thus this article also proposes a policy framework supported by game theory to extend AVM protection to chemical, biological, radiological, and nuclear stockpiles. In this manner, AVM may account for protective investments and lead the nation towards a unified homeland security strategy.
... A 2001 study indicated that 80 percent of risk assessment models are of the event-or threat-driven variety. 22 Threat-driven approaches are supported by decades of experience in safety and reliability engineering using logic trees, influence diagrams, causal loop diagrams, and other methods to model human-initiated events. 23 According to McGill, "threat-driven approaches are appropriate for studying initiating events that are well understood and whose rate of occurrence can be reliably predicted from historical data; however, they ultimately fail to consider emerging or unrecognized threats devised by an innovative adversary…." ...
A 2010 study by the National Research Council determined that the U.S. Department of Homeland Security (DHS) lacks adequate risk measures to guide strategic investment decisions for protecting the critical infrastructure. Current threat-driven approaches are hampered by a dearth of historical data that could support robust statistical analysis. This paper presents an asset vulnerability model (AVM) that is designed to address the problem and to provide a strategic risk measure. The AVM risk formulation is predicated on ΘΘ, the probability of failure of an attacker, based on earlier work in game theory. Working within the DHS Risk Management Framework, AVM supports baseline analysis, cost–benefit analysis and the development of decision support tools that convey current risk levels, evaluate alternative protection measures, demonstrate risk reduction across multiple assets, and measure and track improvements over time. Moreover, AVM supports a computational approach for evaluating alternative risk reduction strategies. Seven strategies are examined using AVM: least cost, least protected, region protection, sector protection, highest protective gain, highest consequence and random protection. Experimental results indicate that the highest consequence investment strategy achieves the best protection over time. This paper also summarizes AVM research and demonstrates how it can help guide the strategic protection of the critical infrastructure.
The security of any transportation infrastructure can be defined as a combination of threat likelihood, infrastructure resilience, and consequence. In view of their inherently dynamic and highly unpredictable nature, threat likelihood and consequence data is difficult to determine with certainty. Due to this problem, this paper presents a new fuzzy methodology to qualitatively determine the overall security level, in terms of a security rating, for transportation infrastructure by duly considering the uncertainties of the environmental threats it faces, its resilience to damage, and the consequences of the infrastructure damage. The method is useful when data is unavailable or imprecise, allowing the security rating to be determined using a qualitative expert-assigned level that each factor contributes to overall security. The evaluation of the security factors are represented as fuzzy triangular numbers with accompanying membership rules that define the extent of contribution by each factor to overall infrastructure security. Through a case study, the paper applies the methodology to illustrate how general data can be used in the method to determine the overall security of specific infrastructure.
Modern security problems focus on sensibly allocating resources to decrease the magnitude of potential hazards, decrease the chances of adversary success given an attempt, or minimize loss following a successful attack. The focus of this paper is on developing a simple, yet analytically sound tool that facilitates rapid assessments of security system non-performance in terms of probability of adversary success at the facility or asset level using concepts from fuzzy logic. Beginning with a short overview of how security system performance fits within an overall security risk analysis frame-work, this paper presents the basic concepts of fuzzy systems and applies them to develop a model that approximates the true relationship between defensive capabilities and probability of adversary success. A simple example demonstrating the proposed model to support decision making accompanies this discussion. This paper concludes with a strategy for implementation of the proposed model in an operational setting.
It is standard practice within most U.S. regions and locales to mobilize publicly-funded resources to respond to and recover from the effects of potentially harmful events afflicting their citizens. This paper proposes the use of fuzzy systems to characterize the relationship between the performance of regional risk mitigation capabilities (e.g., response and recovery) and the potential for loss attributed to plausible initiating events. In particular, the 37 capabilities described in the Department of Homeland Security's Target Capabilities List v2.0 are leveraged to develop an approximate functional relationship between their individual effectiveness and their collective ability to reduce risk. The details of this model are described and demonstrated via a simple example.
The purpose of this paper is to explore ways of integrating defensive dissuasion into a probabilistic framework for security risk analysis. Dissuasion influences attacker perceptions and choice with the effect of reducing the probability of occurrence for a particular course of action. Presently, few security risk analysis models offer an approach that explicitly incorporates the dissuasive effect of security in their assessments. This paper offers such an approach based on a simple model of attacker choice. This model suggests a number of alternative strategies for dissuading attackers from acting on a particular opportunity that threatens the interests of a protector. When uncertainty about the attacker is severe, this paper suggests an approach for estimating probability of attack that accounts for the dissuasive effects of countermeasures based on a worst-case attacker whose interests mirror the concerns of the protector. In addition, this paper discusses how an approach that explicitly accounts for dissuasion would enable decision makers to assess the benefits of countermeasures aimed solely at influencing attacker behavior in a manner favorable to the protector. This paper concludes by identifying directions for future research.
The threat of airborne pathogenic bacteria as agents of bioterrorism became reality in 2001. Mechanically prepared Bacillus anthracis spores, sent in envelopes through the U.S. mail system, led to 11 confirmed cases and 5 fatalities from inhalational anthrax and to several buildings becoming contaminated with spores. Major challenges in the wake of the attack included decontaminating those buildings and also addressing the risk to people reoccupying those sites. In particular, what is the risk to individuals from inhaling low numbers of spores, such as from decontaminated sites?
In response to the September 11, 2001 terror attacks in the United States, the government policy of Thailand has strengthened its support for reinforced national security and public safety. Infrastructure vulnerability is a crucial element of national security and safety planning since it identifies the exposure of assets to potential threats, the likelihood of these threats, and the severity of consequences arising if the threat is carried out. This paper presents a method for vulnerability assessment of ground transportation infrastructure assets in Thailand. The vulnerability assessment is comprised of three phases, namely pre-assessment which identifies assets and their criticalities, assessment which determines the vulnerability attributes of the assets and identifies specific threats, and post-assessment in which security planning for the most vulnerable assets is performed. Eight components of Thailand's ground transportation infrastructure system including three bridges, three highways, and two railways are analyzed to demonstrate the proposed vulnerability assessment methodology.
Governmental bodies and companies are confronted with the problem of achieving rational consensus in the face of substantial uncertainties. The subject area of this special issue (risk and vulnerability assessments and management of critical infrastructures) might be a good example as are risk management of chemical installations and accident consequence management for nuclear power plants. Decisions with regard to infrastructures functioning and possible malfunctioning must be taken on the basis of predictions of technical and organizational system behaviour. These predictions use mathematical models containing scores of uncertain parameters. Decision makers want to take, and want to be perceived to take, these decisions in a rational manner. The question is, how can this be accomplished in the face of large uncertainties? One available source is experts in the many fields of interest within infrastructures. This paper describes the use of structured expert judgement in a formal manner. The paper refers to the Procedures Guide published by the European Union as EUR 18820. This Procedures Guide addresses two methods for using expert judgements developed at Delft University of Technology. The paired comparisons method is particularly suitable to identify the relative importance of attributes in the risk management arena, while the Classical Model, apt to arrive at subjective probability assessments, is particularly suitable to derive uncertainty distributions over model parameters. Examples will be referred to for further illustration of applications relevant in the field of risk assessment and risk management.
From a homeland security perspective, office, storage and manufacturing buildings are not typically the subject of manmade disasters such as terrorist attacks. Such attacks would typically be limited to critical locations such as key government buildings, so-called ‘symbols of democracy’, transportation centres, nuclear power plants, and locations where ‘products of war’ are manufactured. Nonetheless, standards are emerging for property owners and building managers to assess their sites and facilities’ risk level/vulnerability to a possible terrorist attack. This paper sets forth nine categories of risk assessment on a six-point scale, and a five-level vulnerability rating based on the cumulative score resulting from this rating process.
Engineers and scientists often need to solve complex problems with incomplete information resources, necessitating a proper treatment of uncertainty and a reliance on expert opinions. Uncertainty Modeling and Analysis in Engineering and the Sciences prepares current and future analysts and practitioners to understand the fundamentals of knowledge and ignorance, how to model and analyze uncertainty, and how to select appropriate analytical tools for particular problems. This volume covers primary components of ignorance and their impact on practice and decision making. It provides an overview of the current state of uncertainty modeling and analysis, and reviews emerging theories while emphasizing practical applications in science and engineering. The book introduces fundamental concepts of classical, fuzzy, and rough sets, probability, Bayesian methods, interval analysis, fuzzy arithmetic, interval probabilities, evidence theory, open-world models, sequences, and possibility theory. The authors present these methods to meet the needs of practitioners in many fields, emphasizing the practical use, limitations, advantages, and disadvantages of the methods.
In detecting threats, particularly explosives, the challenge is to design a system with acceptable detection probability and false-alarm rate that does not unduly inconvenience travelers. Ferry passengers, in particular, are less likely than aviation passengers to tolerate extra delays for extensive scrutiny of themselves or their personal belongings. Similarly, substantial purchase and deployment costs of equipment by ferry owners and operators would not be tenable for small improvements in security. Thus, this paper analyzes different approaches to security and how best to combine detection capabilities and people to enhance ferry transportation security without affecting mobility. Several factors must be considered in choosing practical combinations of detectors to provide the best possible security system. Those factors and their interrelationships are examined within the context of different architectures. Besides the throughput analysis, the manuscript presents a general framework to compare security system designs and implement efficient and effective alternatives for ferry transportation.
One of the greatest challenges facing those concerned with health and environmental risks is how to carry on a useful public dialogue on these subjects. In a democracy, it is the public that ultimately makes the key decisions on how these risks will be controlled. The stakes are too high for us not to do our very best. The importance of this subject is what led the Task Force on Environmental Cancer and Heart and Lung Disease to establish an Interagency Group on Public Education and Communication. This volume captures the essence of the "Workshop on the Role of Government in Health Risk Communication and Public Education" held in January 1987. It also includes some valuable appendixes with practical guides to risk communication. As such, it is an important building block in the effort to improve our collective ability to carry on this critical public dialogue. Lee M. Thomas Administrator, U. S. Environmental Protection Agency, and Chairman, The Task Force on Environmental Cancer and Heart and Lung Disease Preface The Task Force on Environmental Cancer and Heart and Lung Disease is an interagency group established by the Clean Air Act Amendments of 1977 (P.L. 95-95). Congress mandated the Task Force to recommend research to determine the relationship between environmental pollutants and human disease and to recommend research aimed at reduc ing the incidence of environment-related disease. The Task Force's Project Group on Public Education and Communication focuses on education as a means of reducing or preventing disease.
On the basis of the event-tree and probability analysis methods, a probabilistic method of nuclear terrorism risk was built, and the risk of terrorism events was analyzed. With the statistical data for and hypothetical data for relative events, the relative probabilities of the four kinds of nuclear terrorism events were obtained, and the relative risks of these four kinds of nuclear terrorism events were calculated by this probabilistic method. The illustrated case shows that the descending sequence of damages from the four kinds of nuclear terrorism events for single event is as following: nuclear explosive and improvised nuclear explosive, nuclear facility attacked, and 'dirty bomb'. Under the hypothetical condition, the descending sequence of possibilities for the four kinds of nuclear terrorism events is as following: 'dirty bomb', nuclear facility attacked, improvised nuclear explosive and nuclear explosive, but the descending sequence of risks is as following: 'dirty bomb', improvised nuclear explosive, nuclear facility attacked, and nuclear explosive.
Based on probability theory the risk theory was applied to the vulnerability assessment of power system. Here, the power system was defined as a vulnerable system and a set of risk indices to assess the power system vulnerability and corresponding algorithm were built, thus the defects of traditional determinsistic security assessment method, which cannot satisfy the requirement of electricity market and complicated power grid, could be overcome. On this basis, a risk theory and risk indices based power system vulnerability assessment software was developed. Taking the New England test system for example, the effectiveness and advanced property of the presented method were proved.
1: Introduction and Basic Risk Models. 1: Introduction. 1.1. Distinguishing Characteristics Of Risk Analysis. 1.2. The Traditional Health Risk Analysis Framework. 1.3. Defining Risks: Source, Target, Effect, Mechanism. 2: Basic Quantitative Risk Models. 2.1. Risk as Probability of a Binary Event. 2.2. A Binary Event with Time: Hazard Rate Models. 2.3. Calculating and Interpreting Hazard Functions. 2.4. Hazard Models for Binary Events. 2.5. Probabilities of Causation for a Binary Event. 2.6. Risk Models with Non-Binary Consequences. 3: Health Risks from Human Activities. 3.1. Risk Management Decision Support Sub-Models. 2: Risk Assessment Modeling. 1: Introduction. 1.1. Approaches to QRA: Probability, Statistical, Engineering. 2: Conditional Probability Framework for Risk Calculations. 2.1. Calculating Average Individual Risks when Individuals Respond. 2.2. Population Risks Modeled by Conditional Probabilities. 2.3. Trees, Risks and Martingales. 2.4. Value of Information in Risk Management Decisions. 3: Basic Engineering Modeling Techniques. 3.1. Compartmental Flow Simulation Models. 3.2. Applications to Pharmacokinetic Models. 3.3. Monte Carlo Uncertainty Analysis. 3.4. Applied Probability and Stochastic Transition Models. 4: Introduction to Exposure Assessment. 5: A Case Study: Simulating Food Safety. 5.1. Background: The Potential Human Health Hazard. 5.2. Risk Management Setting: Many Decisions Affect Risk. 5.3. Methods and Data: Overviewof Simulation Model. 5.4. Results: Baseline and Sensitivity Analysis of Options. 5.5. Uncertainty Analysis and Discussion. 5.6: Conclusions. 3: Statistical Risk Modeling. 1: Introduction. 2: Statistical Dose-Response Modeling. 2.1. Define Exposure and Response Variables, Collect Data. 2.2. Select a Model Form for the Dose-Response Relation. 2.3. Estimate Risk, Confidence Limits, and Model Fit. 2.4. Interpret Results. 3: Progress in Statistical Risk Modeling. 3.1. Dealing with Model Uncertainty and Variable Selection. 3.2. Dealing with Missing Data: New Algorithms and Ideas. 3.3. Mixture Distribution Models for Unobserved Variables. 3.4. Summary of Advances in Statistical Risk Modeling. 4: A Statistical Case Study: Soil Sampling. 4: Causality. 1: Introduction. 2: Statistical vs. Causal Risk Modeling. 3: Criteria for Causation. 3.1. Traditional Epidemiological Criteria for Causation. 3.2. Proposed Criteria for Inferring Probable Causation. 3.3. Bayesian Evidential Reasoning and Refutationism. 4: Testing Causal Graph Models with Data. 4.1. Causal Graph Models and Knowledge Representation. 4.2. Meaning of Causal Graphs. 4.3. Testing Hypothesized Causal Graph Structures. 4.4. Creating Causal Graph Structures from Data. 4.5. Search, Optimization, and Model-Averaging Heuristics. 5: Using Causal Graphs in Risk Analysis. 5.1. Drawing Probabilistic Inferences in DAG Models. 5.2. Applications of DAG Inferences in Risk Assessment. 5.3.
The purpose of this paper is to point out that the general theory of quantitative risk assessment (QRA) applies perfectly well to evaluating and quantifying the risk from terrorism. The main difference occurs during the "scenario identification" part of the risk assessment process. Whereas, in an "ordinary" QRA, we ask the question, "What can go wrong?," in terrorism risk assessment (TQRA) we ask, "If I wanted to, what could I make go wrong?" In answering this new question, the Theory of Scenario Structuring and the use of fault and event trees play the major roles as before. Also, the concept of "resources" now moves to center stage as part of the process of identifying terrorism scenarios. So also does the use of Bayes' theorem, not only to assess a priori the likelihoods of specific terrorism scenarios, but also as a crucial part of surveillance systems that have, potentially, the ability to quantify the likelihoods that such scenarios are in process.
Risk Analysis in Engineering and Economics is required reading for decision making under conditions of uncertainty. The authordescribes the fundamental concepts, techniques, and applications of the subject in a style tailored to meet the needs of students and practitioners of engineering, science, economics, and finance. Drawing on his extensive experience in uncertainty and risk modeling and analysis, the author covers everything from basic theory and key computational algorithms to data needs, sources, and collection. He emphasizes practical use of the methods presented and carefully examines the limitations, advantages, and disadvantages of each to help readers translate the discussed techniques into real-world solutions. This Second Edition: • Introduces the topic of risk finance • Incorporates homeland security applications throughout • Offers additional material on predictive risk management • Includes a wealth of new and updated end-of-chapter problems • Delivers a complementary mix of theoretical background and risk methods • Brings together engineering and economics on balanced terms to enable appropriate decision making • Presents performance segregation and aggregation within a risk framework • Contains contemporary case studies, such as protecting hurricane-prone regions and critical infrastructure • Provides 320+ tables and figures, over 110 diverse examples, numerous end-of-book references, and a bibliography Unlike the classical books on reliability and risk management, Risk Analysis in Engineering and Economics, Second Edition relates underlying concepts to everyday applications, ensuring solid understanding and use of the methods of risk analysis.
Experts, despite their importance and value, can be double-edged swords. They can make valuable contributions from their deep base of knowledge, but those contributions may also contain their own biases and pet theories. Therefore, selecting experts, eliciting their opinions, and aggregating their opinions must be performed and handled carefully, with full recognition of the uncertainties inherent in those opinions. Elicitation of Expert Opinions for Uncertainty and Risks illuminates those uncertainties and builds a foundation of philosophy, background, methods, and guidelines that helps its readers effectively execute the elicitation process. Based on the first-hand experiences of the author, the book is filled with illustrations, examples, case studies, and applications that demonstrate not only the methods and successes of expert opinion elicitation, but also its pitfalls and failures. Studies show that in the future, analysts, engineers, and scientists will need to solve ever more complex problems and reach decisions with limited resources. This will lead to an increased reliance on the proper treatment of uncertainty and on the use of expert opinions. Elicitation of Expert Opinions for Uncertainty and Risks will help prepare you to better understand knowledge and ignorance, to successfully elicit expert opinions, to select appropriate expressions of those opinions, and to use various methods to model and aggregate opinions.
In Dempster-Shafer theory, belief functions induced by distinct pieces of evidence can be combined by Dempster's rule of combination. The concept of distinctness has not been formally defined. We present a tentative definition of the concept of distinctness and compare this definition with the definition of stochastic independence described in probability theory.
Since publication of the first edition, huge developments have taken place in sensory biology research and new insights have been provided in particular by molecular biology. These show the similarities in the molecular architecture and in the physiology of sensory cells across species and across sensory modality and often indicate a common ancestry dating back over half a billion years. Biology of Sensory Systems has thus been completely revised and takes a molecular, evolutionary and comparative approach, providing an overview of sensory systems in vertebrates, invertebrates and prokaryotes, with a strong focus on human senses. Written by a renowned author with extensive teaching experience, the book covers, in six parts, the general features of sensory systems, the mechanosenses, the chemosenses, the senses which detect electromagnetic radiation, other sensory systems including pain, thermosensitivity and some of the minority senses and, finally, provides an outline and discussion of philosophical implications. New in this edition: • Greater emphasis on molecular biology and intracellular mechanisms • New chapter on genomics and sensory systems • Sections on TRP channels, synaptic transmission, evolution of nervous systems, arachnid mechanosensitive sensilla and photoreceptors, electroreception in the Monotremata, language and the FOXP2 gene, mirror neurons and the molecular biology of pain • Updated passages on human olfaction and gustation. Over four hundred illustrations, boxes containing supplementary material and self-assessment questions and a full bibliography at the end of each part make Biology of Sensory Systems essential reading for undergraduate students of biology, zoology, animal physiology, neuroscience, anatomy and physiological psychology. The book is also suitable for postgraduate students in more specialised courses such as vision sciences, optometry, neurophysiology, neuropathology, developmental biology. Praise from the reviews of the first edition: "An excellent advanced undergraduate/postgraduate textbook." ASLIB BOOK GUIDE "The emphasis on comparative biology and evolution is one of the distinguishing features of this self-contained book. .... this is an informative and thought-provoking text" TIMES HIGHER EDUCATIONAL SUPPLEMENT.
The terrorist attacks in the USA on 11 September 2001 necessitated a review of the proven concept of the Design Basis Threat (DBT) for nuclear installations. It can be assumed that revised and upgraded DBT will result in costly technical solutions. Since infrastructure deficits and financial limitations in many countries have already limited the practical application of the DBT, the revised threat assessment is likely to worsen the current unsatisfactory situation. Therefore, a new realism in the use of the DBT concept is proposed based on a three-level approach. This will enable countries to tailor the design of their physical protection systems in accordance with their means by implementing either a minimum required security level protecting only against the most probable threat, or an intermediate protection level reflecting the newly introduced AHARA (As High As Reasonably Achievable) principle, or the optimum protection level based on an externally reviewed, fully comprehensive DBT.
This paper posits that, in the security world, 'risk awareness' should be separated and distinguished from 'risk perception'. It argues that, in the post-modern world, the intelligence function alone no longer fulfils the security requirement to become risk aware. Risk awareness, an inherent feature of security, should be a combination of vulnerability assessment, information-gathering and knowledge management, which provides critical input to the risk identification and risk management process. It suggests that risk awareness should be formally and openly adopted within a corporate security function, and networked with similar processes in other corporate functions. It initiates discussion as to whether a risk awareness capability might usefully fill the gap between inadequate information and the imperative to make decisions.
This paper discusses the need for, and the possibility of, a shared definition of security. This is done by investigating the concept of security in the areas of international relations, crime prevention, risk management, and loss prevention. In particular, it discusses to what extent a common framework of understanding can be applied to investigate the concept in the different areas. One is offered for analysis and discussion.
This paper applies the Transferable Belief Model (TBM) interpretation of the Dempster-Shafer theory of evidence to estimate parameter distributions for probabilistic structural reliability assessment based on information from previous analyses, expert opinion, or qualitative assessments (i.e., evidence). Treating model parameters as credal variables, the suggested approach constructs a set of least-committed belief functions for each parameter defined on a continuous frame of real numbers that represent beliefs induced by the evidence in the credal state, discounts them based on the relevance and reliability of the supporting evidence, and combines them to obtain belief functions that represent the aggregate state of belief in the true value of each parameter. Within the TBM framework, beliefs held in the credal state can then be transformed to a pignistic state where they are represented by pignistic probability distributions. The value of this approach lies in its ability to leverage results from previous analyses to estimate distributions for use within a probabilistic reliability and risk assessment framework. The proposed methodology is demonstrated in an example problem that estimates the physical vulnerability of a notional office building to blast loading.
Risk from an act of terrorism is a combination of the likelihood of an attack, the likelihood of success of the attack, and the consequences of the attack. The considerable epistemic uncertainty in each of these three factors can be addressed using the belief/plausibility measure of uncertainty from the Dempster/Shafer theory of evidence. The adversary determines the likelihood of the attack. The success of the attack and the consequences of the attack are determined by the security system and mitigation measures put in place by the defender. This report documents a process for evaluating risk of terrorist acts using an adversary/defender model with belief/plausibility as the measure of uncertainty. Also, the adversary model is a linguistic model that applies belief/plausibility to fuzzy sets used in an approximate reasoning rule base.
A rationalization of case law is useful to a legal historian in attempting to reveal the stimuli which induced decisions. To one interested in predicting what the courts will do tomorrow -i.e., in stating the law-or in drafting legislation, it likewise is of interest and utility, inasmuch as it furnishes possible bases for cases yet to be decided or for laws yet to be passed. We are here concerned with a rationalization, and while its utility for the former purpose is not denied, we are more particularly concerned with its utility for the latter purpose. Why Holt, J. put his seal of approval on the doctrine of vicarious liability is still a riddle. From whence came the rule and a complete exposition of its pedigree are problems as yet unanswered. The learned attempts made are admittedly ineffectual.2 Similarly, whether the rules of vicarious liability made satisfactory and effective adjustments of the economic and social conflicts in the industrial society out of which they rose is highly significant and as yet unexplored.3 Each of these problems is of great importance to every legal historian, and of immeasurable interest to all who are concerned with the history of the science of jurisprudence. But one of more immediate significance to all legal scholars--teacher, practitioner and judge-and to all social scientists is, what rationale justifies the various rules of vicarious liability in modern society? The importance of the answer to that question is at once apparent when the first court is striving to phrase the rule, when the hundredth variation of the normal situation is up for decision and the court is seeking to delimit the rule, when bases for legislation are sought, and when the economic and social effects of these social regulatory rules are measured.
Using time-series procedures, the authors investigate whether transnational terrorism changed following 9/11 and the subsequent U.S.-led “war on terror.” Perhaps surprising, little has changed in the time series of overall incidents and most of its component series. When 9/11 is prejudged as a break date, the authors find that logistically complex hostage-taking events have fallen as a proportion of all events, while logistically simple, but deadly, bombings have increased as a proportion of deadly incidents. These results hold when they apply the Bai-Perron procedure in which structural breaks are data identified. This procedure locates earlier breaks in the mid-1970s and 1990s. Reasonable out-of-sample forecasts are possible if structural breaks are incorporated fairly rapidly into the model.
In this paper the author presents a modeling approach which makes use of conventional systems engineering techniques; namely, system block diagrams and networks where the transfer functions are expressed in the complex domain using Laplace transforms. Transit times, and times for the intruders and the responding guard force to overcome barriers, are both static and dynamic; the times are either deterministic or probabilistic variables obeying different and mixed probability laws.The solution methods are analytical, yielding measures of effectiveness of the security system. Modeling and solutions are presented for two cases. One case is for the simplified scenario where the reliability, sensitivity and response times of the sensors are assumed to be independent of time. The other is for the generalized case where sensor response times are time dependent and where the guard force encounters multiple barriers when attempting to intercept the intruders.
This paper explores and demonstrates an innovative application of an input-output model for the assessment of the economic consequences of hypothetical disruption events. Such events in a region are first simulated and their affected areas estimated using a GIS-based geo-spatial simulation approach. Then, the consequences of the simulated events on the regional economy are estimated and disaggregated by industry and sub-region. The research is important because it develops a new simulation and input-output model approach to regional and national security analysis that offers promising results. Further, it provides a methodology for assessing the economic consequences of possible disruption events. Knowledge of economic impacts of disruptions is essential for determining and justifying appropriate protection and mitigation policies and measures.
This paper examines 10 sources of uncertainty in any risk-management system and illustrates them in security measures against terrorism. First, any risk assessment is an uncertain knowledge claim about contingent future events that cannot be fully known. Second, only some risks can be selected for attention, and those left unattended are sources of uncertainty. Third, specific decisions in risk management bear the uncertainty of false positives and false negatives. Fourth, risk-management technologies manufacture new uncertainties, some of which pose risks greater than those they were designed to control. Fifth, risk is reactive: as people act on knowledge of risk, they simultaneously change the risk environment and create new uncertainties. Sixth, the complexity of risk-management systems can result in multiple and unexpected failures occurring simultaneously; such "normal accidents" are a source of uncertainty beyond any direct human capacity for control. Seventh, catastrophic failures result in the urge to risk manage everything: intensified surveillance, audit, and regulation increase system complexity and yield more uncertainty. Eighth, risk managers facing an increasingly litigious environment for failures become defensive, focusing more on operational risks that might affect the reputation of their organization than on the real risks they are supposed to manage. Ninth, excessive precaution escalates uncertainty and breeds fear, leading to risk-management measures that are at best misplaced and at worst incubate new risks with catastrophic potential. Tenth, risk-management systems can restrict freedom, invade privacy, discriminate, and exclude populations. Such self-defeating costs and the uncertainties they entail can be minimized only by infusing risk-management systems with value questions about human rights, well-being, prosperity, and solidarity.
The State of Texas leads the other states of the nation in the num ber of major disasters: it is first in tornadoes and devastating floods and second in hurricanes. This article describes how Texas, under its Civil Protection Act of 1951, without setting up an independent state agency, has gone about mobiliz ing and utilizing the resources of the state in time of major disaster. The "Texas Plan" is discussed in detail and attention paid in particular to its cost and financing, the planning of disaster relief, preparedness, and training.—Ed.
The trends leading to the emergent threat of terrorist laser weapons use are that a military weaponry transition from conventional to Directed Energy Weapons is taking place; that laser weapons offer clear tactical and operational advantages over conventional weapons; that laser prices are dropping while laser performance is increasing; that criminals, criminal-soldiers, and foreign militaries have all utilized laser devices and weapons for counteroptical purposes; and that criminal-soldiers are evolving and getting more sophisticated from both an organizational and weaponry use perspective. This article will look at the aforementioned trends, analyze them, and then offer some concluding thoughts concerning terrorist laser weapons use futures.