Siambabala Bernard Manyena’s 2006 paper entitled “The Concept of Resilience Revisited” (Disasters, Vol. 30, No. 4, pp. 433-450, doi:10.1111/j.0361-3666.2006.00331.x) provided a nice summary of alternative definitions for the word “resilience” gleaned from a variety of academic publications (copied below; see original paper for citations).  The number of definitions are fewer than that for the word vulnerability as talked about in my previous post.

• Wildavsky (1991) Resilience is the capacity to cope with unanticipated dangers after they have become manifest, learning to bounce back.
• Holling et al., (1995) It is the buffer capacity or the ability of a system to absorb perturbation, or the magnitude of disturbance that can be absorbed before a system changes its structure by changing the variables.
• Horne and Orr (1998) Resilience is a fundamental quality of individuals, groups and organisations, and systems as a whole to respond productively to significant change that disrupts the expected pattern of events without engaging in an extended period of regressive behaviour.
• Mallak (1998) Resilience is the ability of an individual or organisation to expeditiously design and implement positive adaptive behaviours matched to the immediate situation, while enduring minimal stress.
• Miletti (1999) Local resiliency with regard to disasters means that a locale is able to withstand an extreme natural event without suffering devastating losses, damage, diminished productivity, or quality of life without a large amount of assistance from outside the community.
• Comfort (1999) The capacity to adapt existing resources and skills to new systems and operating conditions.
• Paton, Smith and Violanti (2000) Resilience describes an active process of self-righting, learned resourcefulness and growth—the ability to function psychologically at a level far greater than expected given the individual’s
  capabilities and previous experiences.
• Kendra and Wachtendorf (2003) The ability to respond to singular or unique events.
• Cardona (2003) The capacity of the damaged ecosystem or community to absorb negative impacts and recover from these.
• Pelling (2003) The ability of an actor to cope with or adapt to hazard stress.
• Resilience Alliance (2005) Ecosystem resilience is the capacity of an ecosystem to tolerate disturbance without collapsing into a qualitatively different state that is controlled by a different set of processes. A resilient ecosystem can withstand shocks and rebuild itself when necessary. Resilience in social systems has the added capacity of humans to anticipate and plan for the future.
• UNISDR (2005) The capacity of a system, community or society potentially exposed to hazards to adapt, by resisting or changing in order to reach and maintain an acceptable level of functioning and structure. This is determined by the degree to which the social system is capable of organising itself to increase this capacity for learning from past disasters for better future protection and to improve risk reduction measures.

Send post as PDF to

Juergen Weichselgartner’s 2001 paper entitled “Disaster Mitigation: The Concept of Vulnerability Revisited” (Disaster Prevention and Management, Vol. 10, No. 2, pp. 85-94, doi:10.1108/09653560110388609) provided a nice summary of alternative definitions for the word “vulnerability” gleaned from a variety of academic publications (copied below; see original paper for citations).

• Gabor and Griffith (1980) Vulnerability is the threat (to hazardous materials) to which people are exposed (including chemical agents and the ecological situation of the communities and their level of emergency preparedness). Vulnerability is the risk context.
• Timmerman (1981) Vulnerability is the degree to which a system acts adversely to the occurrence of a hazardous event. The degree and quality of the adverse reaction are conditioned by a system’s resilience (a measure of the system’s capacity to absorb and recover from the event)
• UNDRO (1982) Vulnerability is the degree of the loss to a given element or set of elements at risk resulting from the occurrence of a natural phenomenon of a given magnitude
• Petak and Atkisson (1982) The vulnerability element of the risk analysis involved the development of a computer-based exposure model for each hazard and appropriate damage algorithms related to various types of buildings
• Susman et al. (1983) Vulnerability is the degree to which different classes of society are differentially at risk
• Kates (1985) Vulnerability is the “capacity to suffer harm and react adversely”
• Pijawka and Radwan (1985) Vulnerability is the threat or interaction between risk and preparedness. It is the degree to which hazardous materials threaten a particular population (risk) and the capacity of the community to reduce the risk or adverse consequences of hazardous materials releases
• Bogard (1989) Vulnerability is operationally defined as the inability to take effective measures to insure against losses. When applied to individuals, vulnerability is a consequence of the impossibility or improbability of effective mitigation and is a function of our ability to detect hazards
• Mitchell (1989) Vulnerability is the potential for loss
• Liverman (1990) Distinguishes between vulnerability as a biophysical condition and vulnerability as defined by political, social and economic conditions of society. She argues for vulnerability in geographic space (where vulnerable people and places are located) and vulnerability in social space (who in that place is vulnerable)
• Downing (1991) Vulnerability has three connotations: it refers to a consequence (e.g. famine) rather than a cause (e.g. drought); it implies an adverse consequence (e.g., maize yields are sensitive to drought; households are vulnerable to hunger); and it is a relative term that differentiates among socioeconomic groups or regions, rather than an absolute measure or deprivation
• UNDRO (1991) Vulnerability is the degree of the loss to a given element or set of elements at risk resulting from the occurrence of a natural phenomenon of a given magnitude and expressed on a scale from 0 (no damage) to 1 (total loss). In lay terms, it means the degree to which individual, family, community, class or region is at risk from suffering a sudden and serious misfortune
  following an extreme natural event
• Dow (1992) Vulnerability is the differential capacity of groups and individuals to deal with hazards, based on their positions within physical and social worlds
• Smith (1992) Human sensitivity to environmental hazards represents a combination of physical exposure and human vulnerability ± the breadth of social and economic tolerance available at the same site
• Alexander (1993) Human vulnerability is function of the costs and benefits of inhabiting areas at risk from natural disaster
• Cutter (1993) Vulnerability is the likelihood that an individual or group will be exposed to and adversely affected by a hazard. It is the interaction of the hazard of place (risk and mitigation) with the social profile of communities
• Watts and Bohle (1993) Vulnerability is defined in terms of exposure, capacity and potentiality. Accordingly, the prescriptive and normative response to vulnerability is to reduce exposure, enhance coping capacity, strengthen recovery potential and bolster damage control (i.e., minimize destructive consequences) via private and public means
• Blaikie et al. (1994) By vulnerability we mean the characteristics of a person or a group in terms of their capacity to anticipate, cope with, resist and recover from the impact of a natural hazard. It involves a combination of factors that determine the degree to which someone’s life and livelihood are put at risk by a discrete and identifiable event in nature or in society
• Green et al. (1994) Vulnerability to flood disruption is a product of dependence (the degree to which an activity requires a particular good as an input to function normally), transferability (the ability of an activity to respond to a disruptive threat by overcoming dependence either by deferring the activity in time, or by relocation, or by using substitutes), and susceptibility (the probability and extent
  to which the physical presence of flood water will affect inputs or outputs of an activity)
• Bohle et al. (1994) Vulnerability is best defined as an aggregate measure of human welfare that integrates environmental, social, economic and political exposure to a range of potential harmful perturbations. Vulnerability is a multilayered and multidimensional social space defined by the determinate, political, economic and institutional capabilities of people in specific places at specific times
• Dow and Downing (1995) Vulnerability is the differential susceptibility of circumstances contributing to vulnerability. Biophysical, demographic, economic, social and technological factors such as population ages, economic dependency, racism and age of infrastructure are some factors which have been examined in association with natural hazard
• Gilard and Givone (1997) Vulnerability represents the sensitivity of land use to the hazard phenomenon
• Comfort, L. et al. (1999) Vulnerability are those circumstances that place people at risk while reducing their means of response or denying them available protection
• Weichselgartner and Bertens (2000) By vulnerability we mean the condition of a given area with respect to hazard, exposure, preparedness, prevention, and response characteristics to cope with specific natural hazards. It is a measure of capability of this set of elements to withstand events of a certain physical character

Of course, this list is by no means complete; in fact, the definitions from obvious sources such as Webster’s dictionary, Department of Defense doctrine, and a host of other papers were not included.  I leave it to the readers of this blog to discover alternative definitions that are most suited for his or her particular application.  But if one was looking for a really short definition of vulnerability to sum up everything above, consider the following two (my preferences):

Vulnerability is the manifestation of the inherent states of a system that render is susceptible to harm or loss (a paraphrased definition of the notion of vulnerability offered by Prof. Yacov Haimes at the University of Virginia)

The vulnerability of an entity to realizing a specified adverse outcome following the occurrence of a particular triggering or initiating event is measured as the conditional probability of the outcome given the triggering event has occurred (an expanded version of the definition I offer in my SRA 311 class at Penn State)

Send post as PDF to

The authors of a book I read recently spoke of the “three D’s” of security: “denial,” “detection,” and “deterrence” (the latter being my personal favorite).  These “three Ds” brought to mind another set of “Ds” I came across while on an ASME Fellowship to the Department of Homeland Security in 2003-2004: “detect,” “delay,” “defend,” and “devalue.”  This post talks about these two different sets of security “D” words, and the extent to which one is or is not better than the other.

To begin this discussion, let’s first consider a logical expression for security vulnerability, which is usually expressed in terms of the probability of adversary success given attempt:

Pr(S) = 1 - Pr(”Detect”)·Pr(”Engage”)·Pr(”Neutralize”)

In words, this equation states that adversary non-success (defender success) requires that the defender detect, engage (which consists of delay and response) then neutralize the adversary (in sequence) - failure to do any one of these will result in adversary success (barring any random things outside the protector’s control that might thwart the adversary’s attempt).

From the point of view of the equation above, DHS is dead on and more.  The equivalence of detection is evident.  In order to engage an adversary, one must respond to the adversary prior to him executing an attack.  Delaying an adversary long enough to respond enables engagement - the longer the delay, the greater likeliness that the defenders will respond in time to do something to stop him.  Defense is essentially equivalent to neutralization in that the objective is to thwart the attacker once engaged.  So, the first three “Ds” of the DHS security quartet correspond to the three parameters of the security vulnerability equation.

But where does devalue fit in?  I must admit that I never heard anyone use the word “devalue” in the context of security prior to my days at DHS.  The focus on devalue is not on improving security, but on improving the resilience or hardness of a system to withstand an attack.  That is, a “devalued” target is one that has been modified in such a way that would result in less loss to the defender (and hence less gain to the adversary) in the event of an attack.  In this sense, devalue seeks to influence adversary target selection by making it intrinsically difficult to achieve the desired gain even when the security system fails.  For example, without doing anything to improve security, the switch to using bleach instead of chlorine in a water treatment facility in effect devalues such a target since bleach is much less harmful to humans in the event of its deliberate release.  Adversaries bent on exploiting infrastructure to harm adjacent communities might be less interested in attack a water treatment plant that made such a shift.

Now consider the security triplet described by Fuqua and Wilson (see my recent post on their 1977 book) in light of the above equation for security vulnerability (i.e., deny, detect, deter).  Fuqua and Wilson essentially looked at the security problem from the point of view of an asset owner (e.g., the “executive”).  Again, the equivalence in the detection term is evident.  “Denial” considers the combination of both engagement and neutralization following detection (such as by a local police force), as well as simple barriers that can’t realistically be overcome (e.g,, 12-foot walls followed by several layers of fences covered in razor-wire), distance or terrain with deadly animals (e.g., attack dogs, flocks of scary geese, alligators in moats), etc.  The focus with denial, though, is more broadly focused on denying success in whichever way possible; detection need not occur for an adversary to be denied opportunity. The combination of detection measures and denial measures (including those that require detection and those that do not) cover the same elements as the equation posed at the beginning of this post, but in a slightly different way as follows:

Pr(S) = 1 - Pr(”Denial”|”Detection”)Pr(”Detection”) - Pr(”Denial”|”No Detection”)Pr(”No Detection”)

(the astute reader might notice that this equation above equates the event “denial” with “adversary failure,” or rather “failure to deny” is the same as “adversary success”).  Obviously, this equation is more general than the one posed initially as the defender still stands a chance at denying the adversary success through non-detection-dependent denial measures.

“Deterrence” (again, my personal favorite) touches on those measures that influence the perceptions of adversaries.  Arguably, all visible security measures have some deterrence value as they shape the adversary’s perceived probability of success.  Measures taken to devalue a target also act as a deterrent in the sense that it lessens the adversary’s perceived gain from success.  Even deceptive measures such as decoys that have no intrinsic “aggressor resistance” have at least a little deterrence value so long as the adversary remains fooled.  If the adversary feels that success is less likely than failure, and that the gain from success is less than desired, the overall likeliness of an event is lower than is success seemed likely and the gain was sufficient.  So, unlike all the other “D” words talked about so far, deterrence is the only term that specifically targets the likeliness of event portion of the risk equation.

So which set of “D” words is better?  It really is hard to say.  Fuqua and Wilson offer a term (”deterrence”) that relates to likeliness of event, while the DHS approach (”devalue”) offers a term that relates to the physical vulnerability portion of the risk equation.  Otherwise, the two sets of “D” words are the same, more or less.  In the end, all these “D” words (as well as words that start with letters other than “D”) are important since they assist security practitioners in thinking through problems.

With all this talk about “D” words, I find myself tempted to write a security-related song about the letter “D” in the spirit of Cookie Monster’s song about the letter “C”.   I call it “D’s are for Security” or the “Security Song:”

D is for denial, to stop you from harming me

D is for detection, to catch my enemies

D is for deterrence, to scare you away from me

Oh, security is all about “Ds.”

Send post as PDF to