I never knew this, but the Weather Channel website provides a nice service that estimates the probability of a white christmas at different places across the United States.  A snapshot of the most up-to-date (I wish I could embed) National White Christmas Probability Map is shown below (19 Dec 08, 1344 EST).  The Weather Channel defines a “White Christmas” as one where there is at least 1-inch of snow on the ground on Christmas morning.

From the looks of it, the Weather Channel estimates the chances of a white Christmas in State College, PA to be 50-75%.  Well, unless someone does some heavy duty shoveling around my house AND it warms up quite a bit before next Wednesday, I would have to say that the probability of a white State College Christmas is near one, especially given the imminence of yet another winter weather system hitting Pennsylvania.

Rather than estimate the probability of white Christmas (which is largely for consumers of novelty information), what I think would be more interesting is for the Weather Channel to estimate white Christmas risk, or the chances that snow will dampen a person’s Christmas experience.  The idea of a white Christmas conjures up nostalgic thoughts of holiday cheer, but think about all the work that must happen to clean up the snowy mess enough to maintain transit routes, minimize snow-related accidents, and basically keep public inconvenience to a minimum.  The question at issue here would be to estimate the number of people (% per region, count per square mile normalized by population density, etc.) whose Christmas experience would be disrupted by the White Christmas snow.  At a macro-level,  I see such risk being a function of:

• number of travel disruptions affecting local resident (delayed/canceled departures and arrivals)
• whether the snow is fresh from a new system or leftover from a storm that has already passed (i.e., whether clean-up effort is required)
• whether subsequent weather forecasts insist that the snow be clean-up (e.g., expected high winds, sudden thaw followed by deep freeze)
• whether the expected snow loading poses a disruption threat to local infrastructure (e.g., power)
• whether the affected region has the capacity and will to respond
• the severity of the temperature relative to normal conditions
• and so on

And as we have all been led to believe over and over again in various holiday movies, there might be something to the spirit of Christmas as a risk mitigator.  For example, does holiday cheer increase a person’s risk tolerance or perhaps people’s ability to cope with challenges they face on Christmas day?  Maybe someone did a study on this, but I haven’t checked.

One way to start thinking about such an analysis would be to check out a really old, yet very good, 1967 paper written by Professor J. F. Rooney entitled “The Urban Snow Hazard in the United States: An Appraisal of Disruption” (Geographical Review, Vol. 57, No. 4, pp. 538-559, permalink) or the 1976 paper by Howe and Cochran entitled “A Decision Model for Adjusting to Natural Events with Application to Urban Snow Storms” (Review of Economics and Statistics, Vol. 58, No. 1, pp. 50-58, permalink) or even the OR-oriented 1976 paper by Cook and Alprin entitled “Snow and Ice Removal in an Urban Environment” (Management Science, Vol. 23, No. 3, pp. 227-234, permalink).  For example, Rooney outlines a framework for thinking about the urban snow hazard highlights that snow can impact a variety of activities such as is shown below.

And for grins, below is a process diagram for salt truck operations describe by Cook and Alprin (I include it because it is interesting):

I think next semester or perhaps the year after I will try to recruit a few students to do a White Christmas risk assessment.

Send post as PDF to

From 7-10 December 2008, the Society for Risk Analysis 2008 Annual Meeting will take place at the Westin Boston Waterfront Hotel in Boston, Massachusetts.  As a service to the Security Risk Analysis community, in particular those attending the SRA meeting, I recommend the following sessions (* = my preference):

Monday, 8 December 2008

(*) PLENARY  0830  Three Models of Games and Risks: Some Challenges in Formulation Elisabeth Pate-Cornell, Stanford University

M2-A.1  10:30  Do As I Say, Not As They Do: Addressing Variations in Risk Assessment, Operating Procedures and PPE between Emergency Response Organisations. Rogers MB*; King’s College

M2-A.2  10:50  Motivating disaster preparedness: Effects of anger, guilt, and fear on risk perception and behavioral intentions. Turner MM*, Underhill JC; University of Maryland

(*) M2-J.3  10:50  Constructing risk indices. MacKenzie CA*; STANFORD UNIVERSITY cmackenz@stanford.edu

(*) M2-A.3  11:10  Psychological Effects of Weapons of Mass Disruption (WMD). Pastel R*

M2-E.3  11:10  Risk ranking procedures for fraud signals detected in trade data. Kopustinskas V*, Arsenis S, Perrotta D; Institute for Protection and Security of Citizens, Joint Research Center, European Commission

(*) M2-I.4  11:30  A Stock and Flow Model of the U.S. Blood Supply and Potential Impact of Pandemic Influenza. Walderhaug MO*, Menis M; Center for Biologics Evaluation & Research, U.S. FDA

M2-A.4  11:30  The psychology of strategic terrorism: government and public responses. Sheppard B*; Simfore Ltd

M2-J.5  11:30  Measures of Critical Infrastructure Density around Vulnerable Facilities. Zimmerman R*, Simonoff J, Naphtali Z, Restrepo C, Willis H; NEW YORK UNIVERSITY

M3-I.1  14:00  Designing networks to withstand terrorist attacks. Cox Tony*; Cox Associates & University of Colorado

(*) M3-J.1  14:00  An Interagency Analysis of Terrorism Risk Assessment Disclosure. bagby JW*; Pennsylvania State University

(*) M3-J.2  14:20  Risk Assessment and the Terrorist: Current and Future Directions for Research. Horgan J*

M3-D.2  14:20  Using models to support decision-making: Is your model good enough? Bridges TS*, von Stackelberg K; US Army Engineer Research and Development Center, Harvard Center for Risk Analysis

M3-I.2  14:20  Defending against Terrorism, Natural Disaster, and All Hazards. Hausken K, Bier V, Zhuang J*; University of Stavanger (Hausken); University of Wisconsin-Madison (Bier); SUNY-Buffalo (Zhuang)

M3-I.3  14:40  A Bayesian Model for a Game of Information in Optimal Attack/Defense Strategies. AZAIEZ MN*; King Saud University

(**) M3-J.3  14:40  Just How Confident Are You In Your Analysis?: The Role of Analytic Confidence in Evidence-Based Terrorism Risk Assessments. McGill WL*

(*) M3-J.4  15:00  Observations on the Importance of Risk Communication in Managing Homeland Security Risk. Ross RG*

M3-I.4  15:00  Protecting Complex Infrastructures Against Strategic Attackers. Hausken K*; University of Stavanger

M4-B.1  16:00  Communicating avalanche risk to out-of-bounds skiers and snowboarders. McCammon I*, Haegeli P, Gunn M; SP TECHNOLOGIES

(*) M4-J.1  16:00  Addressing Risks to Earth from Potentially Hazardous Near Earth Objects (NEOs) . Race MS*, Morrison D, Davies R, Harrison AA; SETI Institute, NASA-Ames Research Center, Western Disaster Ctr, Univ.of California Davis

(*) M4-B.4  17:00  Assessing people’s knowledge, perceptions, and decision-making during the 2008 Super Tuesday tornado outbreak. Demuth JL*, Barjenbruch K, Nietfeld D; National Center for Atmospheric Research, National Weather Service, National Weather Service

(*) M4-B.5  17:20  Living with Rockslide Risk. Rod K*; Norwegian University of Science and Tehnology

Tuesday, 9 December 2008

(*) PLENARY 08:30 Wind, Risk and Insurance Kerry Emanuel

(*) T2-I.1  10:30  Comparison Of Homeland Security Risk Assessment Methodologies. Smith CM*, Parnell G; United States Military Academy

T2-J.1  10:30  Worst Case Electricity Scenarios: The Benefits & Costs of Prevention. Apt J*, Lave LB, Morgan MG; Carnegie Mellon University

(*) T2-I.2  10:50  Improving Risk and Intelligence Analyst Collaboration. Baker JC*; HSI

T2-J.3  11:10  Fostering regional resilience in disasters: Setting priorities for mitigation efforts. Longstaff H*, McDaniels T, Hawkins D, Chew G, Chang S; The University of British Columbia

(*) T2-I.3  11:10  Supporting medical countermeasure decision-making in the Federal Government. Bennett SP*; U.S. Department of Homeland Security

(*) T2-I.4  11:30  Homeland Security Risk Management – A Status Report. Ross RG, Gabbrielli T*, Kolasky R; Department of Homeland Security

T2-J.4  11:30  Building regional resilience: characterizing vulnerability of infrastructure systems to an earthquake scenario. McDaniels TL, Chang SE, Fox JA, Dhariwal R*, Reed D, Longstaff H, Chew G; University of British Columbia and University of Washington

(*) T3-J.1  14:00  Modeling electric power outage risk during hurricanes using statistical methods. Guikema SD*, Quiring S; Johns Hopkins University, Texas A&M University

T3-D.3  14:40  Use of Tolerable Risk Guidelines for Infrastructure Management. Halpin EC*, Snorteland ND, Regan PF; US Army Corps of Engineers

T3-E.3  14:40  Valuing mortality risk reductions for homeland security rules. Robinson LA*; Consultant

(*) T3-J.3  14:40  Risk-Based Strategic Homeland Preparedness: Balancing Protection and Resilience in Regional Interdependent Systems. Crowther KG*; University of Virginia

T3-J.4  15:00  Clarification of interdependency associated with a system failure of critical infrastructure networks in views of a seismic risk. Shoji G*, Tabata M; University of Tsukuba

(*) T4-H.1  16:00  Don’t confuse me with the facts! Cain LG*, Hanna C, Linkov I; United States Army Corps of Engineers

T4-I.1  16:00  Estimating the Effects of Counter-Terrorism on Terrorist Threat. John RS*, Rosoff H; University of Southern California

T4-J.1  16:00  General resource allocation for security and protection (GRASP): A framework for public administrators and private managers. Sarkis J*, Azaria C, Ratick S, Meachem B, Thompson G, Goble R; Clark University

(*) T4-H.2  16:20  Scientific knowledge and Mythology. SERBANESCU D*; PRIVATE PARTICIPATION

T4-I.2  16:20  Public response to terrorism: Connecting links between perceived risk and economic impacts. Burns W*; Decision Research

(*) T4-I.3  16:40  Using Risk Analysis and Constructive Simulation to Evaluate Border Security Technologies. MacKenzie C, Willis HH*; Stanford University, RAND Corporation

(*) T4-H.4  17:00  Optimal Design of Qualitative Risk Matrices to Classify Quantitative Risks. Huber WA*, Cox LA; Quantitative Decisions; Cox Associates

T4-I.4  17:00  Defender-Attacker Decision Trees for Terrorism Risk Analysis. von Winterfeldt D*; University of Southern California

T4-J.4  17:00  Multi-criteria frameworks for considering diverse risks in infrastructure design. Thompson G*; Institute for Resource and Security Studies, and Clark University

Wednesday, 10 December 2008

(*) PLENARY 08:30 Risk Regulation: Ideas for the Obama Administration Richard Revesz, Sally Katzen, and John Graham

W2-D.1  10:30  Addressing International Trade in Electronic Waste: Integrating Criminal Justice Strategies into Risk Management. Gibbs C*, McGarrell E; Michigan State University

W2-E.1  10:30  Economic Impacts of the Amerithrax Attacks. Schmitt K*; Concordia University

(*) W2-I.1  10:30  Two structurally different approaches to interval data. Ferson S*; Applied Biomathematics

W2-J.1  10:30  Pandemic Analysis: Incorporating Time Varying Perturbations into the Dynamic Inoperability Input-Output Model . Orsi MJ*, Santos JR; University of Virginia

(*) W2-J.2  10:50  Multi-Objective Network Optimization (MONO) Method for Improving Incident Response of Safety Service Patrol via Route Configuration Modifications: An Extreme Event Analysis. Dickey BD*, Santos JR; University of Virginia

W2-E.2  10:50  Surface Sampling Areas Required to Inform Risk-based Responses to B. anthracis Contamination . Hong T*, Gurian PL; Drexel University

(*) W2-D.3  11:10  Environmental and Security Risk Perception. McGarrell EF*, Gibbs C, Zimmermann CR; Michigan State University

W2-E.3  11:10  An evaluationof the risk threshold for prophylaxis and treatment after an anthrax release. Mitchell-Blackwood J*, O’Donnell C, Gurian P; Drexel University

W2-J.3  11:10  An Index to Measure Risk Co-Relationships in Engineering Enterprise Systems. Garvey PR*, Pinto CP; MITRE, OLD DOMINION UNIVERSITY

(*) W2-J.4  11:30  Delayed bang approach: Risk tradeoff between prevention & preparedness. Pinto CA*, Pathak A; ODU

W2-E.4  11:30  Consequence mitigation of hypothetical medical countermeasures for Anthrax exposure in a bioterrorism attack. Hale TL*, McMillan NJ, Dingus CA, Burns JM, Wheeler ED; Battelle Memorial Institute

(*) W3-I.1  14:00  Climatic consequences of nuclear conflicts. Oman LD*; Johns Hopkins University

W3-I.2  14:20  Catastrophic climate change scenarios. Baum SB*; Pennsylvania State University

(*) W3-J.2  14:20  Case Study: Letter Math vs Number Games. Plum MM, Turk BJ*; Systems Engineers and Economist, Idaho National Laboratory

W3-B.3  14:40  Trust and confidence: The effects of emotional reactions, value similarity and perceived performance on the perception of border security. Cvetkovich GT*, Faucett JF; Western Washington State University

(*) W3-I.3  14:40  Global Risks: A Quantitative Analysis. McCabe TS*; Rensselaer Polytechnic Institute

(*) W4-E.1  16:00  Modeling the Effects of an Intentional Attack on the United States Food Supply. Franz CJ, Ackerley NA, Sertkaya A, Brown B*; U.S. Food and Drug Administration (BB), Eastern Research Group, Inc. (CJF, NAA, AS)

W4-I.1  16:00  A public health response model for radiological terrorism events. Dingus CA*, Carnell RC, Buddemeier BR, Daxon E, Maheras SJ; Battelle Memorial Institute, Lawrence Livermore National Laboratory

W4-E.2  16:20  Decision-support tool exploring the public health system response to a terrorist event in the food supply. Hartnett E*, Schaffner D; 1) Risk Sciences International, Ottawa, Canada; 2) Rutgers University

(*) W4-I.2  16:20  A dose-response model for characterizing radiological exposure in terrorist events. Carnell RC*, Buddemeier BR, Maheras SJ; Battelle Memorial Institute, Lawrence Livermore National Laboratory

(*) W4-I.3  16:40  Public health recognition and response to a radiologic event. Harlander S*, Sholl J, Jaine A; BTsafety, LLC

W4-E.3  16:40  Food Terrorism Mental Models: Factors that Impact Consumer Decision-Making and Experts’ Knowledge of Those Factors. Verrill L*, Choiniere CJ, Thorne S, Butte G, Eggers S; U.S. Food and Drug Administration

(*) W4-I.4  17:00  Updated modeling for nuclear terrorism consequence assessments. Buddemeier BR*, Dombroski MJ, Wheeler RM, Maheras SJ, Carnell RC; Lawrence Livermore National Laboratory, Battelle Memorial Institute

Note that the list above only considers those talks that I believe are relevant to security risk professionals.  There are many more non-security related presentations that will be going on simultaneously.  And not to mention the lunch time presentations, pre-conference workshops, and of course, pleasant conversations with risk professionals.  SRA Annual Meetings are always a good time!

Send post as PDF to

In the course of my searching for good examples for use in my SRA 311 (Risk Management: Assessment and Mitigation) course, I came across the following examples and resources that proved helpful:

• Security and Loss Prevention: An Introduction, 5th Edition (by Philip Purpura, 2007, ISBN: 978-0123725257):  This book, while not my favorite textbook in the world, is one of the few books on security that actually has exercise problems (case problems) at the end of each of its nineteen chapters.

• Practical Risk Analysis: An Approach Through Case Histories (by David Hertz and Howard Thomas, 1984, ISBN: 978-0471101444): Chapter 7 of this book had an excellent case study focused on how an underwriter performed a first-order risk assessment of a company’s computer information systems.  This case study provided a springboard for talking about risk attitudes, the role of insurance, ruin, and so on.  Unfortunately, this book is very out of print, so you will have to order it from a used bookseller to read the case study I am talking about (and all others in the book).

• Risk Management for Security Professionals (by Carl Roper, 1999, ISBN: 978-0750671132): Appendix A of this book offers a near complete security risk analysis exercise through a series of five vignettes (asset ID, threat analysis, vulnerability assessment, risk assessment, and benefit-cost analysis).  But be warned - this case study takes a long time for students to complete, and should be something that extends throughout an entire semester (not a week like I did - yikes!).  The book itself is ok, but like most other security risk management books, it lacks end of chapter exercises.  But at least the case study is good.

Now keep in mind that I sifted through twenty or more books over the course of four hours one very late Monday evening/Tuesday morning on risk analysis, security management, and so on, looking for good examples and case studies to use in my SRA 311 class.  The above three resources are all that I found in this time.  This is not to say I didn’t miss anything - I am sure there are a number of in-chapter worked-out exercises that I could adapt to meet the needs of my class.  But I did do what I thought was a pretty good job looking through these books.  I will spend some time over Christmas break looking through these items again.

Meanwhile, if you are a reader that does security risk analysis, please feel free to suggest sources of problems, exercises, and case studies.  For one, I plan to mine Certified Information Systems Security Professional (CISSP), Certified Protection Professional (CPP), Physical Security Professional (PSP), and Society of Actuaries Exam P exam reference materials for questions.  One goal I have for my class is to ensure that successful students will be able to correctly answer all risk-relevant questions on the CISSP, CPP, PSP, and SOA Exam P exams, or at least be able to take their newly acquired intuition to reason toward the correct answer.

Send post as PDF to

A few weeks ago I came across an excellent book from 1977 entitled An Anatomy of Risk by William Rowe, Sr. (ISBN: 0471019941).  This book provides a thorough technical summary of the state of the art in risk analysis through the mid-1970s.  This includes some of the ground breaking work on risk perception, risk assessment for nuclear power, risk communication, etc.  I believe that this book is one of the first authoritative texts on quantitative risk analysis ever published.  However, since the book was written at a time when risk analysis was a relatively new academic discipline, it was not intended for undergraduate audiences looking to learn the basics of risk.  For me, I intend to use this text as my gateway to the classic research works on risk analysis.

An Anatomy of Risk was previously reviewed by a number of scholars as cited below.  Note that in most cases you must have a subscription to view the actual review.  I also noted the tone of the review on a five-tier scale (SCATHING, UNFAVORABLE, NEUTRAL, FAVORABLE, PRAISING).

• A PRAISING review by P. K. M’Pherson in Cybernetics and Systems, Vol. 8, Nos. 3 & 4, pp. 352-354 (1977) (permalink)
• A FAVORABLE review by L. E.Hill in Technology and Culture, Vol. 19, No. 4, pp. 788-790 (1978) (permalink)
• A PRAISING review by A. R. Unwin in The Journal of the Operational Research Society, Vol. 29, No. 8, pp. 825-826 (1978) (permalink)
• A FAVORABLE review in ACM SIGSIM Simulation Digest, Vol. 10, No. 4, p. 70 (1979) (permalink)
• A SCATHING review by R. G. Easterling in Technometrics, Vol. 22, No. 2, pp. 278-279 (1980) (permalink)
• A FAVORABLE review by M. L. Randolph in Ecology, Vol. 62, No. 4, pp. 1133-1134 (1981) (permalink)

On balance, I would say that the overall take on Dr. Rowe’s book was FAVORABLE++.  I personally recommend that all emerging risk researchers add this title to their Christmas book wish list.

An Anatomy of Risk is no longer available NEW, and can only be purchased used via a used book outlet such as Alibris.com (see here).

Send post as PDF to

In my search for good books on risk management and intelligence, I came across the edited volume entitled Managing Strategic Surprise: Lessons from Risk Management and Risk Assessment (edited by Professor Paul Bracken of Yale University, Dr. Ian Bremmer of the Eurasia Group, and Dr. David Gordon and the US State Department and former deputy director of the National Intelligence Council, ISBN: 9780521709606).  What a great book (and yes it is my bias toward anything risk analysis oriented)!  I haven’t quite finished it yet, but I must highlight that the first two substantive chapters - chapters two and three - really highlight some important issues.

For example, Paul Bracken’s article “How to Build a Warning System” (pp. 16-42) emphasizes that warning is only one piece of an organization’s overall risk management program.  Professor Bracken highlights six general strategies for risk management (the first time I have seen this): [1] isolating uncertainty (e.g., protection), [2] smoothing of uncertainty (e.g., diversification), [3] warning systems, [4] agility (e.g., rapid response), [5] alliances, and [6] environmental shaping.  Professor Bracken highlights warning systems’ role in providing advanced notice of emerging threats while emphasizing that warning can also inform decision makers of emerging opportunities.  Moreover, Professor Bracken emphasizes that there are two dimensions to warning analysis - the analytic component and the organizational component.  Warning analysis can be either informal (as it is most often the case), or highly structured (as national-level warning systems); but in general every individual and organization has some warning analysis capability.  The organizational component is absolutely essential in that without a structure in place to annunciate warning messages, warning is useless (a point emphasized in many intelligence analysis courses).  Professor Bracken suggests a contingency theory for warning:  “there is no one best way to build a warning system; it depends on the dangers” (p. 26).  The nature of the strategic environment and the capacities of an organization to collect, process, and distribute warning shape how any particular warning system functions.  Even within a single organization, multiple warning systems may be necessary to accomodate multitudes of hazards and threats.

The chapter written by former Director of Intelligence for the Israeli Mossad, Professor Uzi Arad’s article “Intelligence Management as Risk Management: The Case of Surprise Attack” (pp. 43-77) generalizes Prof. Brackens claim by suggesting the intelligence analysis is a risk management function.  He defines intelligence as a “national risk management mechanism built to cope with the risk of violent attack” (p. 45).  It should be noted that DNI’s Vision 2015 says that “intelligence helps reduce the degree of uncertainty and risk when critical choices are made” (Ch. 2).  Granted this view is rather limited by its suggestion that an intelligence organization only looks at downside risks.  But I must admit this definition, as intuitive as it is, adds another dimension to the debate over what “intelligence means” (subscribe to the IAFIE listserv to see what I mean).  More interesting is the idea that the intelligence community, perhaps unlike other types of organizations, must actually consider both environmental risks (dominated by external factors) and operational risks (dominated by internal factors) holisitcally rather than separately: external threats seek to exploit the vulnerabilities of an organization’s internal processes to prevent them from properly assessing environmental risks, thus decreasing the target organization’s decision advantage.  I believe this idea is what justifies the existence of counterintelligence and counterdeception analysis - to help mitigate an organization’s vulnerability to surprise.  This begs the question - what is the probability of a surprise afflicting an organization in its particular strategic environment?  Thinking back to Prof. Bracken’s article, an answer to this question requires us to think carefully about the nature of the strategic environment, capabilities of the adversaries, the organization’s internal processes and culture, and so on.  What I would like to see is a generic approach for assessing the risk of strategic surprise.  The remainder of the paper examines each element of the standard intelligence cycle in terms of the factors that contribute to probability of surprise.  This is good stuff.

While I haven’t read them yet, I look forward to reading the remaining chapters.  These include:

• “Nuclear Proliferation Epidemiology: Uncertainty, Surprise and Risk Management” by Ambassador Lewis A. Dunn (DTRA analysts should find this paper interesting)
• “Precaution Against Terrorism” by Dr. Jessica Stern of Harvard’s Kennedy School of Government and Professor Jonathan B. Wiener of the Duke University Law School and current president of the Society for Risk Analysis
• “Defense Planning and Risk Management in the Presence of Deep Uncertainty” by Professor Paul K. Davis of the Pardee RAND Graduate School
  
• “Manging Energy Security Risks in a Changing World” by Professor Coby van der Linde of the University of Groningen
• “What Markets Miss: Political Stability Frameworks and Country Risk” by Dr. Preston Keat of the Eurasia Group
• “The Risk of Failed-State Contagion” by Provost Jeffrey I. Herbst of Miami University of Ohio
• “Conclusion: Managing Strategic Surprise” by the book’s editors Bracken, Bremmer and Gordon

Just for reference, two interesting papers come to mind that are at least partly relevant to this book.  These include the paper “Using Risk Analysis to Inform Intelligence Analysis” (2008) by Dr. Henry H. Willis of RAND and “The Intelligence Cycle as a Model for Political Risk Assessment” (1985) [published in Political Risks in International Business edited by Thomas L. Brewer, ISBN: 0275900665] by Thomas W. Shreeve of the Intelligence Case Methods Program.  Both of these papers relate aspects of risk analysis to intelligence analysis, but neither really get to the heart of the issues as done in Managing Strategic Surprise.

Send post as PDF to

Siambabala Bernard Manyena’s 2006 paper entitled “The Concept of Resilience Revisited” (Disasters, Vol. 30, No. 4, pp. 433-450, doi:10.1111/j.0361-3666.2006.00331.x) provided a nice summary of alternative definitions for the word “resilience” gleaned from a variety of academic publications (copied below; see original paper for citations).  The number of definitions are fewer than that for the word vulnerability as talked about in my previous post.

• Wildavsky (1991) Resilience is the capacity to cope with unanticipated dangers after they have become manifest, learning to bounce back.
• Holling et al., (1995) It is the buffer capacity or the ability of a system to absorb perturbation, or the magnitude of disturbance that can be absorbed before a system changes its structure by changing the variables.
• Horne and Orr (1998) Resilience is a fundamental quality of individuals, groups and organisations, and systems as a whole to respond productively to significant change that disrupts the expected pattern of events without engaging in an extended period of regressive behaviour.
• Mallak (1998) Resilience is the ability of an individual or organisation to expeditiously design and implement positive adaptive behaviours matched to the immediate situation, while enduring minimal stress.
• Miletti (1999) Local resiliency with regard to disasters means that a locale is able to withstand an extreme natural event without suffering devastating losses, damage, diminished productivity, or quality of life without a large amount of assistance from outside the community.
• Comfort (1999) The capacity to adapt existing resources and skills to new systems and operating conditions.
• Paton, Smith and Violanti (2000) Resilience describes an active process of self-righting, learned resourcefulness and growth—the ability to function psychologically at a level far greater than expected given the individual’s
  capabilities and previous experiences.
• Kendra and Wachtendorf (2003) The ability to respond to singular or unique events.
• Cardona (2003) The capacity of the damaged ecosystem or community to absorb negative impacts and recover from these.
• Pelling (2003) The ability of an actor to cope with or adapt to hazard stress.
• Resilience Alliance (2005) Ecosystem resilience is the capacity of an ecosystem to tolerate disturbance without collapsing into a qualitatively different state that is controlled by a different set of processes. A resilient ecosystem can withstand shocks and rebuild itself when necessary. Resilience in social systems has the added capacity of humans to anticipate and plan for the future.
• UNISDR (2005) The capacity of a system, community or society potentially exposed to hazards to adapt, by resisting or changing in order to reach and maintain an acceptable level of functioning and structure. This is determined by the degree to which the social system is capable of organising itself to increase this capacity for learning from past disasters for better future protection and to improve risk reduction measures.

Send post as PDF to

Juergen Weichselgartner’s 2001 paper entitled “Disaster Mitigation: The Concept of Vulnerability Revisited” (Disaster Prevention and Management, Vol. 10, No. 2, pp. 85-94, doi:10.1108/09653560110388609) provided a nice summary of alternative definitions for the word “vulnerability” gleaned from a variety of academic publications (copied below; see original paper for citations).

• Gabor and Griffith (1980) Vulnerability is the threat (to hazardous materials) to which people are exposed (including chemical agents and the ecological situation of the communities and their level of emergency preparedness). Vulnerability is the risk context.
• Timmerman (1981) Vulnerability is the degree to which a system acts adversely to the occurrence of a hazardous event. The degree and quality of the adverse reaction are conditioned by a system’s resilience (a measure of the system’s capacity to absorb and recover from the event)
• UNDRO (1982) Vulnerability is the degree of the loss to a given element or set of elements at risk resulting from the occurrence of a natural phenomenon of a given magnitude
• Petak and Atkisson (1982) The vulnerability element of the risk analysis involved the development of a computer-based exposure model for each hazard and appropriate damage algorithms related to various types of buildings
• Susman et al. (1983) Vulnerability is the degree to which different classes of society are differentially at risk
• Kates (1985) Vulnerability is the “capacity to suffer harm and react adversely”
• Pijawka and Radwan (1985) Vulnerability is the threat or interaction between risk and preparedness. It is the degree to which hazardous materials threaten a particular population (risk) and the capacity of the community to reduce the risk or adverse consequences of hazardous materials releases
• Bogard (1989) Vulnerability is operationally defined as the inability to take effective measures to insure against losses. When applied to individuals, vulnerability is a consequence of the impossibility or improbability of effective mitigation and is a function of our ability to detect hazards
• Mitchell (1989) Vulnerability is the potential for loss
• Liverman (1990) Distinguishes between vulnerability as a biophysical condition and vulnerability as defined by political, social and economic conditions of society. She argues for vulnerability in geographic space (where vulnerable people and places are located) and vulnerability in social space (who in that place is vulnerable)
• Downing (1991) Vulnerability has three connotations: it refers to a consequence (e.g. famine) rather than a cause (e.g. drought); it implies an adverse consequence (e.g., maize yields are sensitive to drought; households are vulnerable to hunger); and it is a relative term that differentiates among socioeconomic groups or regions, rather than an absolute measure or deprivation
• UNDRO (1991) Vulnerability is the degree of the loss to a given element or set of elements at risk resulting from the occurrence of a natural phenomenon of a given magnitude and expressed on a scale from 0 (no damage) to 1 (total loss). In lay terms, it means the degree to which individual, family, community, class or region is at risk from suffering a sudden and serious misfortune
  following an extreme natural event
• Dow (1992) Vulnerability is the differential capacity of groups and individuals to deal with hazards, based on their positions within physical and social worlds
• Smith (1992) Human sensitivity to environmental hazards represents a combination of physical exposure and human vulnerability ± the breadth of social and economic tolerance available at the same site
• Alexander (1993) Human vulnerability is function of the costs and benefits of inhabiting areas at risk from natural disaster
• Cutter (1993) Vulnerability is the likelihood that an individual or group will be exposed to and adversely affected by a hazard. It is the interaction of the hazard of place (risk and mitigation) with the social profile of communities
• Watts and Bohle (1993) Vulnerability is defined in terms of exposure, capacity and potentiality. Accordingly, the prescriptive and normative response to vulnerability is to reduce exposure, enhance coping capacity, strengthen recovery potential and bolster damage control (i.e., minimize destructive consequences) via private and public means
• Blaikie et al. (1994) By vulnerability we mean the characteristics of a person or a group in terms of their capacity to anticipate, cope with, resist and recover from the impact of a natural hazard. It involves a combination of factors that determine the degree to which someone’s life and livelihood are put at risk by a discrete and identifiable event in nature or in society
• Green et al. (1994) Vulnerability to flood disruption is a product of dependence (the degree to which an activity requires a particular good as an input to function normally), transferability (the ability of an activity to respond to a disruptive threat by overcoming dependence either by deferring the activity in time, or by relocation, or by using substitutes), and susceptibility (the probability and extent
  to which the physical presence of flood water will affect inputs or outputs of an activity)
• Bohle et al. (1994) Vulnerability is best defined as an aggregate measure of human welfare that integrates environmental, social, economic and political exposure to a range of potential harmful perturbations. Vulnerability is a multilayered and multidimensional social space defined by the determinate, political, economic and institutional capabilities of people in specific places at specific times
• Dow and Downing (1995) Vulnerability is the differential susceptibility of circumstances contributing to vulnerability. Biophysical, demographic, economic, social and technological factors such as population ages, economic dependency, racism and age of infrastructure are some factors which have been examined in association with natural hazard
• Gilard and Givone (1997) Vulnerability represents the sensitivity of land use to the hazard phenomenon
• Comfort, L. et al. (1999) Vulnerability are those circumstances that place people at risk while reducing their means of response or denying them available protection
• Weichselgartner and Bertens (2000) By vulnerability we mean the condition of a given area with respect to hazard, exposure, preparedness, prevention, and response characteristics to cope with specific natural hazards. It is a measure of capability of this set of elements to withstand events of a certain physical character

Of course, this list is by no means complete; in fact, the definitions from obvious sources such as Webster’s dictionary, Department of Defense doctrine, and a host of other papers were not included.  I leave it to the readers of this blog to discover alternative definitions that are most suited for his or her particular application.  But if one was looking for a really short definition of vulnerability to sum up everything above, consider the following two (my preferences):

Vulnerability is the manifestation of the inherent states of a system that render is susceptible to harm or loss (a paraphrased definition of the notion of vulnerability offered by Prof. Yacov Haimes at the University of Virginia)

The vulnerability of an entity to realizing a specified adverse outcome following the occurrence of a particular triggering or initiating event is measured as the conditional probability of the outcome given the triggering event has occurred (an expanded version of the definition I offer in my SRA 311 class at Penn State)