(Note this article references my previous post entitled “Gustav and New Orleans: A Political Risk Assessment for the Republican Decision Maker” dated Saturday, 08-30-08).

Revision of Likeliness Estimates

According to the National Weather Service, National Hurricane Center, Gustav is veering to the right (albeit slightly) of yesterday’s projected storm track centerline (see below).  Moreover, the National Weather Service has deemed it sufficiently likely that Gustav will significantly impact New Orleans that it has issued a Hurricane Warning to the city and points all along the Louisiana and Mississippi coastlines (and a little bit of Alabama too).  Accordingly, I revise my probability estimate for the event that Gustav will afflict New Orleans in an appreciable way (in terms of storm surge) as follows:

• Pr(A1) = 0.75 (increase from yesterday’s 0.50)
• Pr(A2) = 0.25 (corresponding decrease from yesterday)

Note that I did not use Bayes’ Theorem to update my probability estimates, but rather did a complete reassessment of the probability.  Also note I continue to entertain non-zero chances that the storm will not afflict New Orleans since the storm track envelope admits some degree of likeliness to the storm veering to the west.

Now let’s turn out attention to the time Gustav makes landfall.  According to the right-most figure above, the storm center will probably make landfall sometime between 7AM CDT and 7PM CDT on Monday, 08-31-08.  According to the maximum wind speed probability table (NWS advisory 28, dated 10AM CDT, 08-31-08), the chances that Gustav will be a category 3 storm or greater is [37%, 81%].  Since Katrina was a category 3 storm, lets assume that if Gustav is classified as a category 3 storm or greater at landfall AND the storm is one that is slated to yield an appreciable storm surge affecting the New Orleans Hurricane Protection System, then Gustav will be as bad or worse than Katrina.  Otherwise, it will not be.  With this information, I can revise my probability estimates as follows:

• Pr(B1|A1) = [37%, 81%] (probability that Gustav will be as bad or worse than Katrina)
• Pr(B2|A1) = [19%, 63%] (probability that Gustav will not be as bad or worse than Katrina)

Since the other events C1, C2, D1, and D2 have to do with the integrity of the NOHPS (which is assumed to have not changed in the last day) and the consequences to New Orleans in the event of NOHPS failure (also assumed to be unchanged), the revised probability for the scenarios E1 through E7 is as follows:

Revised Consequence Assessment

The press recently reported to Republican decisions that, though most likely pursued for unselfish and humanitarian reasons (as they should), can also be viewed as strategies to decrease the potential for unfavorable outcomes and increase the potential for favorable outcomes.  These are as follows:

• As stated by White House Press Secretary Dana Perino (cited by CNN and elsewhere), President Bush and Vice President Cheney will not attend the Republican National Convention in St. Paul Minnesota in person; instead, Bush may address the convention via satellite.
• As reported by CNN (link), RNC organizers are examining options to change the schedule of the convention, to include delaying opening ceremonies, turning the convention into a massive telethon, or postponing the convention altogether.

In the context of this study, these measures may very well decrease the severity of the resulting political fall-out in the event of a NOHPS failure, but perhaps not by much because after all, the NOHPS failed despite having three years to rebuild.  On the flip side, if Gustav does afflict New Orleans in an appreciable way (again with respect to storm surge along the NOHPS), and the NOHPS successfully protects the city, then the Republicans will surely emphasize the improved ability of the federal government (under the Bush administration) to prepare for and protect against natural perils.  In this case, more of the same might not be viewed as being all that bad with respect to domestic preparedness (and perhaps by extension, homeland security).  But now, in the event that Gustav does not afflict New Orleans, the political fallout is slightly in favor of the Republicans since they are taking preventive measures to protect the Gulf coast across the board, and you can’t deny that doing a good job at this by putting the people first (which I argue they will do) will garner some brownie points from the electorate.

Given the above, I revise my political outcome assessment as follows:

• E1: unchanged at  “–”
• E2: unchanged at “-”
• E3: unchanged at “++”
• E4: unchanged at “–”
• E5: unchanged at “-”
• E6: improved to “++”
• E7: improved to “+” (may change back to “N” if the Democrats can somehow display on a national stage that they are doing something too)

Given the revised likeliness and political outcome assessments above, the revised risk profile over the space of political outcomes is as follows:

Revised Results

Based on the revised risk profile above, we can draw the following revised conclusions:

• The most likely major scenario is that the Republicans will benefit from Gustav [86%, 93%]
• The must less likely scenario is that the Republican campaign will suffer from the effects of Gustave [7%, 14%]
• It seems at this point that Republicans will feel something given that the probability of a neutral or “no effect” outcome is near zero at this stage

From the Democrat perspective, one strategy to mitigate the Democrat risk is to do something that will gain them visibility on the national stage in relation to Gustav preparedness.  A visible substantial effort may serve to transfer some of the Republican benefits resulting from scenario E7 back to the neutral position (I doubt they can do much to pull any support in their favor for this scenario).  But even still, given the probability assessment being what it is, the ordering of the major scenarios will remain unchanged.

CAVEAT: Given the probabilistic nature of my assessment, the only verifiable portion of my assessment is whether or not the neutral outcome is realized.  But this requires me to stand by my assessment in light of new information (which I am sure to come across).  I suspect that I will find myself updating this analysis again sometime in the next day or so.

Note: as stated in my previous post, I assign LOW CONFIDENCE to this analysis given that I am not an expert in hydrodynamics, nor am I an expert in politics and political sentiment.

Send article as PDF to

Recently I received a message from Professor Stephen Marrin (of Mercyhurst College) via the IAFIE (International Association for Intelligence Education) listserv talking about a U.S. presidential election prediction model developed by Professor Allan J. Lichtman of American University.  What was cited by Professor Marrin was the 08-25-08 Washington Post article entitled “In the Quake Model, Rumblings Favor Obama.”  Following the chain, the Washington Post article was really just a summary of Professor Lichtman’s peer-reviewed article entitled “The keys to the white house: An index forecast for 2008″ published in the International Journal of Forecasting, Vol. 24, No. 2, pp. 301-309 (doi: 10.1016/j.ijforecast.2008.02.004).  The abstract for this article is as follows:

The Keys to the White House are an index-based prediction system that retrospectively accounts for the popular-vote winners of every American presidential election from 1860 to 1980, and prospectively forecast the winners of every presidential election from 1984 through 2004 well ahead of time. The Keys give specificity to the theory that presidential election results turn primarily on the performance of the party controlling the White House. The Keys include no polling data and consider a much wider range of performance indicators than economic concerns. Already, the Keys are lining up for 2008, showing how changes in the structure of politics will produce a Democratic victory, in a dramatic reversal from 2004. The Keys also suggest that candidates need not follow the empty scripted campaigns of the recent past, but should instead be liberated to offer forthright discussions of the issues and ideas that will shape America’s future.

While I haven’t yet read this paper in great detail, I am curious as to how it works, and what amount of analytic confidence can be afforded to the model’s output.  What I am particularly curious about is the form of the output – is it an absolute answer, or does the model provide a probability distribution over the space of party candidates?  And what about third parties (or are they just in the noise)?

But what I can say is that, in principle, prediction technologies such as the “keys to the White House” model can be used by any individual or group of individuals (e.g., foreign countries) with a vested interest in the outcome of this or any other US presidential election to assess their environmental (e.g., political) risks, thereby providing a frame with which to evaluate their future decision options.  But do you think the model is robust enough to include the effects of supposed “game changers” (e.g., Ms. Palin’s recent entry into the GOP ticket)?  Keep in mind that if the “keys to the White House” model is, in fact, a credible model, it could also be used, at least to some degree, as a tool to help the otherwise losing party reshape their campaign toward winning, whether by pursuing a target PR campaign, changing policy positions, or whatever else that can influence the underlying “keys” (or rather, indicators) that enable prediction.  So perhaps the choice of Ms. Palin to run as the GOP vice president was targeting one of these keys…  After all, according to Professor Lichtman,

“Not only elections, but also election forecasts have consequences for politics.  The models that we use to predict and understand presidential elections shape the conduct of campaigns, the relationships between candidates and the American people, and ultimately the policies of government.”

Send article as PDF to

The following is an excerpt from an email I received awhile back from a colleague passionate about getting the word out about risks of failure of the U.S. Bulk Power Grid due to solar events.

The U.S. bulk power grid can fail due to a continental wide, common mode failure of many of the large transformers (>= 500KV) that support the grid backbone. This failure is caused by very large geomagnetically induced currents (GIC) that saturate the transformers. These large GICs (hundreds of amps) are induced in the transmission wires due the large rate of change of the magnetic field at the Earth’s surface due to disturbance of the Earth’s magnetosphere. This magnetospheric disturbance is caused when a large Coronal Mass Ejection (CME) interacts with the magnetosphe during a large solar storm.

If the definition of risk is the “probability of occurrence multiplied by the consequences” then the risk of the loss of the bulk power grid is very large.

Some data for the consequences of an electrical blackout can be found in the documentation associated with the blackout in August 2003 (https://reports.energy.gov). The total accumulated cost of this event has been estimated as high as $70 billion. But this was not a long term outage as power was restored within a week and only the North East was affected. The real costs of a continental wide Long Term Outage (LTO) will be a significant fraction of the current Gross National Product $14 trillion!

The probability of occurrence of a damaging solar storm can be estimated by looking at the historical occurrence of these rare types of storms.

In the last 67 years there have been 8 major storms with a magnetic Ap index > 250. Storms of this size are associated with potentially damaging geomagnetically induced currents (GIC) that could cause failures of large 500 kV large transformers. The storms occurred: 3/23/1940, 9/18/1941, 7/15/1959, 3/31/1960 11/12/1960, 10/4/1960, 3/13/1989, and 10/29/2003. These large solar storms appear to be random events and not tied to the eleven year solar cycle. Given the frequency of these solar storms it can be estimated (using the Poisson distribution) that there is a probability of ~5% of a storm occurring. This probability makes the risk very large.

The storms before 1989 were prior to the introduction the 500 kV grid in 1964. The reason why the grid was not damaged before 1989 that the impedance of the grid’s transmission wires was too high to give rise to damaging GICs but the 500 kV transmission wires impedance is very low (~.03 Ohms/mile). The first U.S. transformer damaged occurred during the 1989 march solar storm, was the 500 kV step-up transformer at the Salem New Jersey nuclear plant. Also in the October 2003 Halloween solar storm, fourteen 400 kV transformers in South Africa were damaged and had to be replaced. It should be noted that there are about 216 potentially susceptible U.S. transformers supporting the 500/765 kV backbone grid and most of these were part of the grid system in 1989 and therefore were subjected to the stresses of the 1989 storm. This implies during the next large storm there may be many multiple failures.

As there has been only one documented large transformer failure due to GICs in the history of the U.S. electrical grid in the last one hundred years, the utilities do not have spares as there is no apparent need for spares. Since it takes about two years to order and deliver these large transformers, the grid may be down for an extended time. Theses transformers are no longer manufactured in the USA and the world’s current manufacturing capacity is only 100 per year.

Conclusion: the probability of a grid failure is not low and the risk is large and could be catastrophic. Without the electrical grid the Internet would also go down, Also nobody at the nation’s leadership level appears to be concerned.

I have attached an authoritative reference to this subject. It is the prepared Testimony of John G. Kappenman, Metatech Corp. entitled, “The Vulnerability of the US Electric Power Grid to Space Weather and the Role of Space Weather Forecasting” before the U.S. House Subcommittee on Environment, Technology, and Standards And the Subcommittee Hearing on “What is Space Weather and Who Should Forecast It?” on October 30, 2003.

Perhaps you can help to raise awareness of the problem.

I am curious to hear your feedback on this issue.

Send article as PDF to

At 5PM EST, Saturday, 08/30/08, the National Weather Service, National Hurricane Center released their estimate of probability of storm surge afflicting New Orleans sometime over the next 72 hours (see below):

Mayor Ray Nagin of New Orleans is labeling Gustav as the “mother of all storms.”  Apparently, New Orleans (the brownish colored area amidst the probability contour) has between a 40-60% probability of storm surge (it is hard to tell whether New Orleans is in the yellow, brown, or partial to both).  What was my estimate from the 2PM EST data?  My estimate was 50% that Gustav would result in an appreciable storm surge.  So, I suppose this is confirmation of my initial estimate (perhaps not, but it is nice to think so).  The next question is whether Gustav will result in storm surges as bad or worse than Katrina.  Based on what I am reading, I suspect so, but we shall see.

(note: this post references my previous post from just a few minutes ago)

Send article as PDF to

In light of the temporal intersection of two very significant events – Hurricane Gustav and the Republican National Convention – I can’t help but perform a risk assessment of Gustav from the point of view of the Republican presidential campaign.  While one can speculate on a variety of bad things that could come out of Gustav that could affect Republicans or Democrats, I will focus my attention on the simple questions “will Gustav afflict New Orleans?” and “what if it does?”

What Can Happen?: The Republican Point of View

Let’s begin this analysis by developing a full set of hypotheses and sub-hypotheses for this study that are of interest to the Republican presidential campaign.  The events of concern for this analysis center on Hurricane Gustav and New Orleans.  The outcomes of concern are assessed in terms of “delta-support” for the Republican presidential campaign, that is, whether in the end the situation increases support, decreases support, or does not effect support for the presidential candidate in the time frame immediately following Gustav.  This analysis does not examine whether the “delta-support” can be sustained for the remainder of the election season.

The first question is whether Gustav will afflict New Orleans?  More specifically, will Gustav afflict New Orleans in such a way that causes an appreciable storm surge?  There are two possible answers to this question:

• A1: Gustav will afflict New Orleans
• A2: Gustav will not afflict New Orleans

Since the scope of this risk assessment is on the risks to the Republican party due to Gustav afflicting New Orleans, we will restrict most of our attention to A1.  This hypotheses can be further divided into several sub-hypotheses as follows:

• B1: Gustav will be as bad as or worse than Katrina in terms of intensity
• B2: Gustav will not be as bad as Katrina in terms of intensity

I partitioned A1 into B1 and B2 above for a simple reason: it is easier to make comparisons between Gustav and Katrina if they are similar in intensity than if Gustav is weaker than Katrina.

The next issue to consider is the levees – given that Gustav afflicts New Orleans, we have the following set of hypotheses:

• C1: The hurricane protection system will fail to protect New Orleans
• C2: The hurricane protection system will successfully protect New Orleans

If C1 occurs, then all is well for New Orleans (and as we will see later, potentially very good for the Republicans).  However, if C2 occurs, then we have two more hypotheses to consider:

• D1: The consequences of breach are disastrous
• D2: The consequences of breach are not disastrous

For the purposes of this analysis we need not qualify consequence in terms other than “disastrous” or “not disastrous” as it would not offer any additional insight in light of the cost of a more refined analysis.

Given Ai, Bj, Ck, and Dm, we can construct a possibility tree for this situation as shown below, where there are 7 possible end points, some good, some bad, and some neutral from the Replublican campaign point of view.  This possibility tree defines a complete (i.e., exhaustive) set of distinct (i.e., mutually exclusive) hypotheses relevant to this assessment.

How Likely Is It To Happen? (Likeliness Assessment)

This next phase of the analysis assesses the likeliness of events A1, A2, B1, B2, C1, C2, D1, and D2.  Let’s begin with A1 and A2.  According to the National Weather Service in Advisory 24 released at 2:00pm EST on Saturday 8/30/08, New Orleans falls within the 67% probability envelope of potential hurricane paths (see below).  This means that NWS assigns a 2:1 odds that Gustav’s path will pass within a region shown in white.  The residual 33% of total probability is reserved for the region outside of the white envelope, where there exists hurricane paths also with the potential to afflict New Orleans.

So, what is the probability that Gustav will cause a storm surge to occur that challenges the New Orleans hurricane protection system? If you examine the potential storm track of Gustav, the region to the right of the envelope centerline corresponds to a family of storm tracks that seem to push water toward New Orleans.  The family of storm tracks to the left of the centerline seems to push water toward the coast of western Louisiana and the eastern shore of Texas.  Treating the centerline as the median line, and assuming any storm track to the left of the median will not cause an appreciable storm surge and everything to the right of the centerline will, I assess it to be about even odds (50% chance) that Gustav will afflict New Orleans in an appreciable way.  Thus:

• Pr(A1) = 0.5
• Pr(A2) = 0.5

From the historical record maintained by the NOAA Coastal Services Center Historical Hurricane Tracks database, note that Katrina’s path (shown below), too, seemed to push water toward New Orleans.

To answer the question whether Gustav is poised to be as bad or worse than Katrina given that Gustav causes an appreciable storm surge, let’s compare the projected storm track of Gustav with that of Katrina.

What does this tell us?  First, note that starting at some point in time when Katrina was north of the western tip of Cuba, Katrina transitioned into a category 4 storm.  Similarly, Gustav as of the time of this image (at the Orange circle), too was a category 4 storm.  For both Katrina and Gustav, the paths between the point of transition of the estimated point of landfall more or less allowed for free movement over a body of water more than willing to fuel the storm’s intensity.   Much like Katrina, I suspect that Gustav will trudge along the Gulf of Mexico toward land, picking up speed along the way.

Also from this figure, the worst part of Gustav (in terms of wind speed) will happen with chances 67% or greater sometime between 8AM EST Monday 9/2/08 and 8AM EST Tuesday 9/3/08.  To see this, just see where the coastline intersects the white uncertainty envelope.  According to National Weather Service Advisory 24, the probability that the storm is a category 3 in or higher storm is 25% or greater.  However, I would argue that were Gustav to follow a trajectory to the left of the storm track centerline, the probability of occurrence would be much higher for category 3 and higher.  But since I lack this information at present, I will settle for the following probability judgement expressed in terms of probability intervals:

• Pr(B1|A1) = [0.25 1.00]
• Pr(B2|A1) = [0.00 0.75]

Now on to the integrity of the New Orleans Hurricane Protection System (NOHPS).  This question is the true object of contention with respect to the purpose of this risk assessment.  Given that Gustav strikes New Orleans, will the NOHPS hold up?  The answer to this question depends on the two factors: the intensity of the storm surge resulting from Gustav, and the structural resistance of the NOHPS with respect to this storm surge.  According to an article in the Seattle Times summarizing US Army Corps of Engineers progress toward upgrading the NOHPS, the $15-billion NOHPS upgrade scheduled for completion in 2011 is only 20% complete.  Of course, one doesn’t improve a system as immense as the NOHPS uniformly, but rather in discrete chunks.  So it is reasonable to assume that 20% project completion means 80% of the length of levees and flood walls in New Orleans is left “as good as old” where “old” = “Pre-Katrina.”  But because the USACE has a lot of smart people engaged in this project, we should assume that the project scheduled fortification of the most vulnerable sections first, leaving fortification of the less vulnerable lengths for later on in the project.  So, this 20% complete might very well mean that the weakest sections have been fixed, with less weak sections on the schedule for future improvement.

That said, I am going to go with the following (admittedly waggish) probability estimates:

• Pr(C1|A1,B1) = 0.20 (20% chance the NOHPS will fail if the storm surge is as bad or worse than Katrina)
• Pr(C2|A1,B1) = 0.80 (80% chance the NOHPS will not fail if the storm surge is bad or worst than Katrina)
• Pr(C1|A1,B2) = 0.05 (small chance that the NOHPS will fail if the storm surge is not as bas as Katrina)
• Pr(C2|A1,B2) = 0.95 (very high probability that the NOHPS will not fail if the storm surge is not as bad as Katrina)

What remains is to assess the likeliness of D1 and D2.  If the NOHPS fails under conditions as bad or worse than Katrina, it is reasonable to assume that the impacts to New Orleans would be perceived as disastrous (though perhaps not as disastrous as Katrina given Gov. Jindal’s preparedness efforts).  Now, if the NOHPS fails under storm surge conditions not as bad as Katrina, I admit a small chance to the whole thing not turning out to be a disaster, say 10%.  Thus we have:

• Pr(D1|A1,B1,C1) = 1.00 (certain that it will be a disaster if the NOHPS fails and the effects of Gustav are as bad or worse than Katrina)
• Pr(D2|A1,B1,C1) = 0.00 (ditto above)
• Pr(D1|A1,B2,C1) = 0.90 (see comment for the very next probability)
• Pr(D2|A1,B2,C1) = 0.10 (my admission of a small probability that failure of the NOHPS under conditions not as bad as Katrina will not yield a “disaster”)

At this point I have all the probabilities I need and can now calculate the probability for each scenario E1 through E7 as follows (expressed as percentages).  Please ignore the decimal precision as it is a by product of multiplying otherwise imprecise, representative numbers.

What Are the Political Outcomes?

This final step of the risk assessment examines each of the 7 end scenarios and attempts to assess whether each scenario will increase support for the Republican party, decrease support, or have no effect.  A five-level ordinal consequence scale is constructed for expressing outcomes as shown in the table below.

Now let’s rate even scenario E1 through E7 according to how it will impact near term public support for the Republican candidate.

• E1: No one can deny that if Gustav turns out to be Katrina-like or worse AND the NOHPS fails, then the Democrats are in a strong position to argue that the Republican party once again failed to protect New Orleans even when it had 3 years to do so since Katrina.  My bet is that Obama will argue that McCain will just offer “more of the same.”  Thus, I assess the political outcome from this scenario will be “- -” (two minuses, or a score of -2).
• E2: However unlikely this scenario might be, if Gustav turns out to be as bad or worse than Katrina, and the NOHPS fails to protect New Orleans, the immediate political outcome is unfavorable to the Republicans even if the event does not turn into a disaster.  But because Gustav did not result in a disaster, technically the situation is not as bad as E1.  Thus, I assess the political outcome from this scenario to be “-” (one minus, or a score of -1).
• E3: If Gustav turns out to produce a storm surge that is as bad or worse than Katrina, the fact that the NOHPS system protects New Orleans against a disaster stemming from flooding can be spun to mean that the Bush administration took the necessary steps to protect against hurricanes in the wake of Katrina.  The Republicans can (and will) play this up as a policy success.  Thus, I assess the political outcome from this scenario will be “++” (two pluses, or a score of +2).
• E4: If Gustav turns out to not be as bad as Katrina, yet the NOHPS fails to protect New Orleans against disaster, the Republicans should run and hide.  This situation can be spun as if the NOHPS, after several billion-dollars investment toward upgrades by the Bush Administration, is actually worse now than it was before Katrina (an arguable position, true, but one that seems likely to come from election opposition).  Thus, I assess the political outcome from this scenario will be “- -” (two minuses, or a score of -2).
• E5: If Gustav turns out to not be as bad as Katrina, yet the NOHPS fails to protect New Orleans, it really doesn’t matter what the outcome is (disaster or not).  This situation can be spun as if the NOHPS, after several billion-dollars investment toward upgrades by the Bush Administration, is actually worse now than it was before Katrina (an arguable position, true, but one that seems likely to come from election opposition).  But the discussion of whether New Orleans should be inhabited at all will likely rise to the forefront, and it is for me to credibly speculate on which party (or candidate) will offer the best (or most palatable) advice.  Thus, I assess the net political outcome from this scenario will not favor the Republicans, so I give it a “-” (one minus, or a score of -1).
• E6: If Gustav turns out to not be as bad as Katrina, and the NOHPS does its job successfully, then the Republicans can tout that they are doing a good job making progress toward a safer New Orleans.  While not nearly as strong as E3, the Republicans can, and probably will, squeeze out some brownie points for their effort.  Thus, I assess the political outcome from this scenario will be “+” (one plus, or a score of +1).
• E7: If Gustav does not appreciably affect New Orleans, then really there is nothing to worry about.  This does not mean that the topic of domestic preparedness will not come up during the remainder of the election season; rather, all I am claiming is that neither party can leverage Gustav to their benefit in any substantial way.  Thus, I assess the political outcome from this scenario to be “N” (neutral, or a score of 0).

With this consequence assessment in hand, the probabilities from the previous section can be used to construct a discrete probability distribution over the space of five political outcomes as shown below.  This figure communicates political risk, or rather, the uncertainty surrounding future political outcomes.  Again, ignore the apparent precision in the probability numbers – the interval actually makes them imprecise, but even so the digits past the decimal points are only a biproduct of arithmetic.  In the next section, you will see that the digits really don’t matter.

Summary of Results

Based on this assessment and without getting too detailed, we can arrange the three major outcomes in order of decreasing likeliness as follows:

• Neutral, or no affect [50%]
• Favorable political outcomes for the Republicans [~38%, 47.5%]
• Unfavorable political outcomes for the Republicans [2.5%, ~12%]

I think if I were the Republican campaign manager and I trusted this analysis, I would be excited and would be preparing myself with press statements and political advertisements aimed at bolstering the Republican candidate.  In contrast, if I were the Democratic campaign manager, I would start investing resources now in an effective press release aimed at mitigating the extent of any Republican political advantage following this event.

IMPORTANT CAVEAT: All things considered, and admitting that I am not learned in storm surge hydrodynamics nor do I fully appreciate the complexities of politics and political spin, I assign an overall analytic confidence of LOW (25% confidence, or a 67% chance that my analysis is valid).  Also, I am not saying what will happen one way or the other; rather my analysis just produced a subjective probability distribution over the space of potential political outcomes.  So, if a disaster does occur, my analysis is still not wrong.  After all, I never said disaster was impossible…

Afterthought

I could also do such an assessment from the Democrat point of view, but in this case the Republican’s loss is the Democrat’s gain (though admittedly the third parties may also absorb some of the benefit, so it is not quite a conceptual zero-sum game).  The conclusions would remain unchanged, however.

Send article as PDF to

ALERT: Hurricane Gustav is fast approaching the Gulf Coast.  According to the National Weather Service, National Hurricane Center, the center of this storm may make landfall Tuesday morning.   As of right this second (as reported via CNN Breaking News), the maximum sustained windspeed at some measured point in the storm system is 145 mph, thus making it a Category 4 storm according to the Saffir-Simpson hurricane intensity scale.  In terms of damage from wind and not including the effects of any ensuing storm surge, a category 4 storm can be qualitatively described as one that “produces more extensive curtainwall failures, with some complete roof structural failure on small residences. Heavy, irreparable damage and near complete destruction of gas station canopies and other wide span overhang type structures are also common. Mobile and manufactured homes are leveled. These hurricanes cause major erosion of beach areas and terrain may be flooded well inland as well” (as described on Wikipedia).

So, can we label Gustav as a natural peril?  What about as a natural hazard or natural disaster?  How can we classify Gustav right now?

A Comparison of Phrases for Bad Things

By its very nature, any tropical cyclone, hurricanes being a class of meterological events, is a natural peril.  According to the first few definitions that popup for the word “peril” on Answers.com, a peril is an “exposure to possible harm” or “something that endangers.”  Simply put, a peril is an event that can yield undesired outcomes to an individual or group of individuals exposed to its effects (whether to their person or their interests).  Irrespective of whether any particular hurricane afflicts some degree of harm on any particular individual, a hurricane is always a peril since its harmful agents (e.g., wind, water) are inherently damaging.  That is, whether or not a particular event is a peril depends on the characteristics of the event itself, and not of the individuals in its path.

In slight contrast, a “hazard” is a “possible source of danger” (also taken from Answers.com), where the word “possible” means that such an event can occur without indicating any degree of probability and the word danger indicates the event is an “instance of peril” (i.e., exposure in a specific context).  Whether or not an natural peril is also labeled as a natural hazard is a human-centric decision that depends on whether such an event can possibly afflict the individual charged with passing such judgment.  For example, in the eye of a New Orleans decision maker, a hurricane is, in fact, a natural hazard since past experience has proven such events to cause significant amounts of damage.  In contrast, a Mineapolis decision maker might not label hurricanes as a natural hazard in their decision space due to their infrequency in occurrence, and even if they did, the event would be of such low intensity that would make it indistinguishable from a routine thunderstorm.  Yet in both cases, a hurricane is still a natural peril.

At this point, I will restate that a natural peril is a naturally-occuring event whose characteristics would cause damage to an exposed asset, and a natural hazard is a naturally occuring event with the potential to cause harm to a particular individual.  Whether a naturally-occuring event is a peril depends on its objective characteristics, and whether it is a natural hazard depends on whether a particular individual is exposed to its effects and the individual’s subjective judgment of whether its effects are in fact damaging.  (bear in mind that I am using the word individual rather loosely, where it may be a single person or a person speaking on behalf of a number of people).

As with natural hazards, whether or not an event is a natural disaster is also in the eye of the person afflicted by the occurrence of such events.  The key difference between natural hazards and natural disasters is time – a natural disaster is typically a label assigned to a specific event that has actually caused “disastrous” damage (again, a subjective judgment), whereas a natural hazard is a label assigned to a event that has not yet afflicted the individual.

The Gustav Example

So let’s look at Hurricane Gustav from the point of view of a New Orleans decision maker (NODM).  As with any hurricane, by its very nature Gustav is a natural peril.  From the point of view of the NODM, Gustav is a natural hazard in that it is a possible source of danger to New Orleans given its current position and estimated trajectory.  In contrast, decision makers in Raleigh might not label Gustav a natural hazard since the chances are near-zero percent that its effects will afflict North Carolinan interests.  But can the NODM label Gustav as a natural disaster?  The answer is no, well, at least not yet.  Gustav has yet to afflict any damage, let alone damage of disastrous proportions on New Orleans.  Thus it is not (yet) a natural disaster from the NODM point of view.

But it is sensible to assign a probability to Gustav becoming a natural disaster based on the estimates of its trajectory and energy profile (from NWS) and the resistance of the New Orleans “system” to Gustav’s damage inducing effects.  In the particular example of New Orleans, the questions that will enable such an assessment is how high the ensuing storm surge at points along the hurricane protection system (i.e., levees, flood walls, and gates) will be (a function of storm position and intensity), the resistance of the HPS to the load imparted by the storm surge, whether the gates will actually be closed and whether the pumps will actually work, and what property and how many people are within the path of flood waters resulting from a breach.  Let me tell you, this is not an easy analysis (and I am speaking from experience having participated in the modeling and risk assessment of the New Orleans system as part of the Interagency Performance Evaluation Task Force, where I think my title was something like “Risk Modeler”).

Afterthought

Given where we are in time right now, I can’t help but speculate on the impact Gustav will have on the upcoming US presidential election.  Three outcomes are possible – Gustav will have no effect, Gustav will have a positive effect on the Republican platform (irrespective of candidate), or Gustav will have a negative effect on the Republican platform.  But at this point I wrote more than enough, and I defer this discussion to a later post.

Next up… Gustav and New Orleans: A Political Risk Assessment for the Republican Decision Maker.

Send article as PDF to

The other day I ran an exercise in my risk management class where I asked students to fill in the blank for “______ risk” and describe for me what could be meant by the resulting phrase in terms of who would care, events of concern, and outcomes of concern.  In light of recent frustrating events, I feel compelled to offer yet another example as follows:

California EIT License Risk

(Note that EIT = Engineer in Training).

Backstory

In October 2000, I, like many other 4th-year engineering undergraduate students and professionals throughout the nation, had the painful experience of taking the EIT exam.  Since I was a engineering student at the University of Southern California, I naturally took my exam in California.  Consequently, my success led to my EIT “license” (if you could call it a license) being granted by the California Board for Professional Engineers.

Soon thereafter I graduated and left California to pursue a variety of career options in the Washington, DC area with absolutely no intentions to return to California for work.  Accordingly, from May 2001 onward, I was no longer a California resident.  In fact, since that time I spent no more than one calendar month (cumulative) in California visiting family, vacationing, etc.  With several years engineering experience + a masters degree, I successfully earned my professional engineer license in the State of Maryland, which effectively trumps the EIT (you see, EIT is a necessary stepping stone toward a PE in the engineering world, but once you earn your PE the EIT becomes irrelevant).

Now spring forward to 2005/2006 (I forget the exact month and date).  One day I received a strange letter from the State of California Franchise Tax Board demanding that I file a CA-state income tax return.  Basically, since I held an “active license” with the State of California, the State felt that I must be earning money as either a CA resident or as a person doing business in CA under a CA-license.  Well, I can see this being a plausible inference for most licenses, but for the EIT?  Technically, the EIT entitles you to nothing save for the “right” to make progress toward a PE.  And it has no expiration date and no means of termination except in cases of ethical or criminal misconduct; this means that once you are an EIT, you are effectively always an EIT regardless of where you live.  Moreover, since the EIT is given based on results from a nationally-accredited examination, States recognize EITs granted in other states; this fact leaves little incentive to transfer an EIT between states, if even one could do such a thing.  Fortunately, after a short, but hard-fought battle with a live CA tax representative, I convinced them that they were in error and asked them to ensure that I don’t receive such a letter again.  For two years this worked.

Now in 2008 (about a week ago), I received yet another letter from CA demanding I file a tax return with the state.  (apparently, CA’s aggresive pursuit of tax $$ has led them to develop a filing enforcement program).  Again, CA stated that since I hold an “active license” with the Board for Professional Engineers in the State of California, I must be earning money there, and thus am required to file a tax return.  This time, they hedged a little bit and offered a way out for people who were issued the demand in error.  But this wiggle room came at a cost: unlike my previous experience, finding a live person to talk to was hard to do, so hard in fact that I failed to find an approriate mechanism to speak with a CA tax person on this issue.  The only means available for me to correct this error was to fill out a form they provided, state under penalty of perjury my 2006 family taxable income, and pay for the stamp to return the form to CA.  And if I don’t return the form by mid-Sep, then bad things could happen, such as CA sending me a bill for unpaid taxes on money they estimate I should have earned + interest for two years.  Or worse, I could enter in a very costly multi-year legal battle with CA over an issue in which they never really had jurisdiction.

Me being the risk averse person that I am with such matters, fronted the $0.42 to mail back the form, but I decided to not include my taxable income.  After all, I did nothing wrong, so technically I am not required to tell CA anything at all.  Who gave them the right to ask and then demand that I answer less they fine me, or worse, threaten legal action?  Can they arbitrarily claim jurisdiction over me despite me not having resided in the state for over 7 years?  In the grand scheme of things, I provided sufficient other information on the form to make it clear that I owe nothing, and figured that $0.42 is a very small price to pay to avoid having to engage in a never-ending battle with the California bureaucracy.  But man was I furious.

California EIT Risk

So back to my original purpose.  It seems that for whatever reason, CA recognizes CA-EIT holders as holders of a professional license (although again, though it is important, it isn’t really a license).  That said:

Who Cares? Holders of a CA EIT that moved, or are planning to move, away from CA on a long term basis, and without any intention to do work for a CA-based business.

Events of Concern? California not paying attention to this fact, and thus sending you threatening “Demand for Tax Return Letters” at your new non-CA home (wherever that is).  Note: Since $$ is at stake, California will find you.

Outcomes of Concern? Having to bow down to CA-state pressure to prove your innocence less having to face the wrath of the CA bureaucracy.  Of course, I have no evidence for what CA would really do if one doesn’t respond, but who really wants to find that out.

Admittedly, I am taking a narrow view on this, and one could consider a slew of other events and outcomes of concern.  One, for example, might be that CA misplaces or deletes any record of you having earned an EIT, thus making it more difficult when the time comes to apply for your PE.  But I figured I would keep it simple by focusing on the lesser known events/outcomes that should be on the minds on the thousands of EIT engineers originally “licensed” in CA.

Send article as PDF to

Today I gave a lecture to my risk management class at Penn State (SRA 311, Risk Management: Assessment and Mitigation) focused on the words of risk analysis (lecture 2 of 31).  As anyone who provides services to any type of client knows, one of the first things you have to do on day one is ensure a common understanding of key words and phrases.  This was part one of my lecture, that is, explaining that people don’t necessarily assign the same meanings to certain words as others, even if they are in the same field.  The remaining parts focused on two words in particular – “security” and “risk” – and sought to explain what “risk” is and how it fits into security activities.  This lecture was fun for me to deliver, but in hindsight, it was probably a bit too densely packed with ideas for students with less background knowledge.  All in all, I think it went ok.

Class Summary

As a backdrop for discussion, I had my students read two articles.  The first article was entitled “Same Words, Different Meanings: The Need for Uniformity of Language and Lexicon in Security Analysis and Management” by Andrew Harter (a good friend of mine) published by the Critical Infrastructure Protection Program of the George Mason University School of Law in the monograph entitled Critical Infrastructure Protection: Elements of Risk (prepared by Liz Jackson, another good friend of mine).  Basically, this article is a call to action in the security analysis and risk management community for establishing a common lexicon through voluntary consensus standards.  For those unfamiliar with this issue, Mr. Harter’s article addresses the question “why is a common lexicon needed?” and “what can be done to make progress toward this goal?”   Though one might argue that alternative viewpoints (e.g., a common lexicon is not needed) were not addressed in this article (which is a “hit” on fairness), the point surely rings true to anyone who plays the security risk analysis game.  Imagine how difficult it is to communicate on risk matters when your definition of risk (e.g., potential for harm) doesn’t match well with mine (e.g, loss following an event).  I’ve experienced hours of time wasted due to a simple misinterpretation of language, and nothing is worse than arguing semantics when other more important issues have yet to be resolved.

Some might argue that definitions don’t matter so much.  After all, risk analysis is a decision support activity, and really all that matters is whether we have empowered the decision maker with “decision advantage.” [I borrow this phrase from the Jennifer Sims at Georgetown University as it is applicable to ALL areas where analysis is done, risk and intelligence in particular].  Accordingly, one might accept the definition of risk as “whatever is appropriate for the decision maker at the time.”  But as the author of my second paper, Giovanni Manunta, might argue, while such a vague definition might be useful in the client-analyst context, it is not helpful if one desires to treat risk as a science and methodically study all the different subtopics that fall under the heading of risk analysis (see the very first text block on the Society for Risk Analysis homepage for their definition of what “risk analysis” entails).  A common understanding of the various “words of risk analysis” is needed in order to speak sensibly about the subject within the community of educators, scholars, and practitioners.  (as an aside, see Professor Kristan Wheaton’s blog for an interesting and related discussion entitled “What is Intelligence?“)

The second paper discussed in my class was entitled “What is Security?” by Dr. Giovanni Manunta and published in the Security Journal, Volume 12, Issue 3, pp. 57-66 (http://dx.doi.org/10.1057/palgrave.sj.8340030).  I chose this paper for three reasons.  First, for me it was a great read and why not share with my students papers I find worthwhile.  In fact, many of Dr. Manunta’s monographs are really worth spending some time reading and absorbing if you are in the security profession.  Second, this paper is a nice complement to the first in that it goes into great depth as to why a commonly accepted conceptual definition for security is needed.  Third, this paper actually does a good job of describing the conceptual underpinnings of security by explaining in detail the three required elements of a security context – namely, a Protector (the entity that desires security), a Threat (the entity that challenges the protector’s security), and an Asset (the object of conflict).  The general formula for security, S, is then S=f(P,T,A)Si, where the Si outside of the parenthesis is a variable that accounts for the situational factors underlying the relationship between P, T, and A.  If any one of P, T, or A are absent in a given situation, you do not have a security context, and as such it makes no sense to speak about managing risks.

At this point I finished discussing (as socratically as I could in the time I had available) the two articles.  Throughout I attempted to elicit from students answers to questions centered on Elder and Paul’s Eight Elements of Thought and Intellectual Standards to encourage critical analysis of who the people writing such articles are, their purpose for writing, points of view, concepts, assumptions, etc.  However, I tried not to stretch this discussion out too long given that I already had my students complete a written assignment that systematically addresses the eight elements and intellectual standards.

The next portion of this lecture centered on how risk management fits within the world of security.  Borrowing from Manunta’s Diogenes Paper No. 1 (ISBN: 0-9501575-4-6), I sought to leverage assumed prerequisite knowledge of Venn Diagrams and Set Theory to explain the concepts of Security and Not Security, where Not Security includes Total Insecurity and all degrees between.  The degrees in-between represents a fuzzy-boundary between security and not security, that is, if one accepts that the state of security is actually a fuzzy set.  The Venn diagram I used is shown below, though in class I actually drew it on a Tablet PC.

The point I stressed is as follows: in a security context, a Protector has finite resources to make progress toward an unbounded objective.  This is where risk management comes in – risk management is used to maximize the efficiency of these resources by applying them in such a way that maximizes our progress toward a state of security.  The balance of risk between what we want to achieve and what we can achieve is known as the residual risk.  Ultimately, given the options available to us to reduce risk in light of available resources, we want to minimize the residual risk.  But as Manunta points out in “What is Security?,” security involves risk management, but managing risk doesn’t necessarily guarantee security.  That is, risk management and security are not the same thing.

I ended the lecture with a light hearted game of “Risk Mad Libs.”  First, I offered a generic definition of risk intended to guide us through our thinking in the rest of the course.  The definition is as follows:

Risk: The uncertainty around future events

We discussed what was meant by the word “uncertainty” in this definition, and examined the different types of uncertainty that we often encounter in risk analysis.  This includes the variability associated with one or another event occurring among a set of mutually exclusive (distinct) and collectively exhaustive (complete) alternatives, the incertitude associated with whether elements in our set are relevant or whether our set of alternative events is complete, and the inherent vagueness in what any particular element of the set really means.  Unfortunately, my extemporaneous nature kept me from explaining the remaining two words – “future” and “events,” but if I could go back in time I would stress that risk has to do with the uncertainty in what will happen and not what has already happened, where the future “events” can be described as a situational description (“mom will get sick”) or in terms of some measures (“1 morbidity” and “$10,000 in medical fees”).

Now that we had a definition of risk to work with, I asked students to break into groups and fill in the blank:

____________________ Risk

where the blank can represent practically any word.  My specific instructions were to select one “serious” word and one “silly” word, fill in the blank with each in turn, and in doing so characterize the nature of what is meant by the resulting phrase (i.e., who would care, what are some causes of concern and what are outcomes of concern).  I started with the serious word “information” to form the phrase “information risk.”  Then I moved onto the word “political” followed by the silly word “dog.”  For each we identified someone who might be considered a stakeholder in such a field (e.g., “dog owner” for “dog”), and brainstormed what events could occur (“dog runs away”) and the spectrum of ensuing outcomes (“dog gets hit by car,” “dog bites pedestrian,” “dog comes home”).  In the remaining 2 minutes of class following the exercise, we had some cool responses, including “computer mouse risk,” “environmental risk,” “body odor risk,” etc.   The basic idea here was to enable students to reason out what is meant when you see a phrase such as “financial risk,” and after this lecture I am confident the students can do this.

Next Up

The next lecture stands to be a fun one – the topic is “The Role of the Risk Analyst and Decision Advantage.”  This lecture is the second of 3 “Philosophy of Risk” analysis lectures; after these, we will be way more applied in the classroom setting (something I am sure the students would appreciate).

Send article as PDF to