Few security countermeasures offer as much value-added per unit cost (i.e., high benefit-cost ratios) as strategic signage.  What does signage do in the security sense?  Simply put, security (as well as safety) signage communicates risk or suggests actions to mitigate risk.  For example, advisories about the health hazards associated with the use of a particular product inform potential users about the risks associated with use (e.g., Surgeon General’s warning on cigarette cartons).

As another example, signage is often used to help reduce the probability and severity of accidents by urging a participant in some particular activity to take simple measures to lessen overall risk exposure (e.g., “Hard Hat Area”).

And who could forget the vintage signage of historic WWII operational security (OPSEC) and information security (INFOSEC) campaigns.  The American Merchant Marine at War website provides images of a host of vintage WWII signage for security and other matters (have you ever seen the ones for VD?).  A sampling of my current favorites from among the USMM.org collection is linked below:

Also, one might encounter signs stating that “all employees must display proper identification,” or in weaker form, “authorized personnel only.”  These measures serve to suggest that someone is watching, such policies are enforced, and that bad things might happen if one doesn’t oblige.  These three suggestions, regardless of whether they are in fact true for the particular organization, form a deterrent of sorts that seeks to lessen the probability that an unauthorized individual will attempt to enter into a protected area.  It is also a deterrent for users that are careless about, for example, wearing their ID badge; if the policies suggested by such a sign were enforced, then the trouble of having to wait in line to obtain a temporary badge, having to go through the less efficient visitor’s entrance, or in the worst case having to drive another 1.5-hours in horrible traffic to go home and get it (readers in DC know what I am talking about) might “encourage” people to be careful not to forget their badge when they leave their house in the morning (one could even make the temporary badge bright red and ugly looking to exaggerate self-consciousness, thereby further decreasing the likeliness of future non-compliance).  Thus for this example, signage strengthens security also from the standpoint of encouraging full compliance by those with access to a particular space.

No security professional can deny that strategic signage has value in the sense of lessening the chances of a targeted undesirable security event.  Yet, I have not seen or read about any attempts to actually quantify the deterrence value of strategic signage.  Perhaps this is due to the precarious nature of signage.  Signage only works if the Threat actually believes what is said is true and enforced.  If the adversary has credible information to suggest the sign is providing a false message, then the signage merely asserts an empty threat (save for a slight residual doubt that is closely tied to the credibility of the Threat’s information).

For example, consider a fixed sign affixed to a wall that reads “WARNING: These Premises are Protected by Closed Circuit Television” (see below).  For sake of discussion, let’s assume that this sign is situated nearby what appears to be a sophisticated camera system.  This sign could serve as a deterrent in the sense that a potential human Threat might heed its warning of being detected and recorded and abort any illicit or unauthorized activities.  But what if this sign is actually the most expensive part of a Protector’s security system?  (many organizations have tight budgets, especially when it comes to security).  That is, what if the sign is affixed adjacent to decoy security cameras (see here for an example or google the underlines keywords for a more extensive listing)?  Well, the signage would still be as effective as they would be in the presence of real cameras provided the Threat believed the cameras were real and monitored.  However, absent a good operational security (OPSEC) plan that protects knowledge that the camera is fake renders such signage ineffective and useless.  If an attentive adversary can easily discover your security system is comprised of fake cameras, then what good is a warning sign asserting that the cameras are real?  The precarious nature of deterrence measures such as signage make it difficult, if not near impossible, to quantify its value.

(BTW: I do recognize that decoy cameras are more often used to augment an otherwise real visual surveillance system by creating the appearance of more “eyes on the lookout” than there really are.  But this does not mean that some organization don’t take the use of decoys to the extreme…)

I find the use of signage very interesting, and do appreciate its value as a deterrent in the context of mitigating security risks.  And me being the quantitative type that I am would love to be able to integrate empirical signage performance measures into an overarching security risk analysis framework (I currently have such a model in hand that accommodates deterrence, but without empirical evidence or even credible expert judgment on the effectiveness of a particular deterrence measure, this model is as best conceptual in nature).  But a meaningful quantitative measure of deterrence is elusive, and I suspect it will require a significant amount of research to even beginning talking about how to predict signage effectiveness well enough to inform security investment decision making.

Send article as PDF to

Today’s SRA 311 (Risk Management: Assessment and Mitigation) lecture focused on the topic of “Decision Advantage” and what a risk analysis does to empower decision making (I tend to prefer the phrase “decision empowerment,” but alas Prof. Jennifer Sims’ phrase “decision advantage” is more catchy as evidenced by its adoption in DNI Vision 2015 and its use in caption for an past and upcoming conferences such as that held by DNI and INSA).

My goal for today’s lecture was to get students thinking about what a risk analysis is used for and how to go about establishing the scope of a risk analysis.  I assigned two papers as required reading:

• Aven, T., and Korte, J. (2003). “On the Use of Risk and Decision Analysis to Support Decision Making.” Reliability Engineering & System Safety, Vol. 79, No. 3, pp. 289-299.  doi:10.1016/S0951-8320(02)00203-X. (note: this article served as a basis for the daily critical article review assignment)
• Pate-Cornell, E. (2007). “Probabilistic Risk Analysis versus Decision Analysis: Similarities, Differences and Illustrations.” in Abdellaoui, M. et al. Uncertainty and Risk: Mental, Formal, and Experimental Representations, pp. 223-242.  doi:10.1007/978-3-540-48935-1_13.

The lecture proceeded as follows.  First, I spent some time making announcements (boring, but necessary), then proceeded to review the Eight Elements of Thought and Intellectual Standards and the main ideas from Lecture 2.  The concepts I stressed were as follows:

• Security context (e.g., S=f(P,T,A)Si from Giovanni Manunta’s paper Defining Security), where a security a context only exists if there is a Protector, a Threat, and an Asset (or object of contention) tied together via a Situation.  I made sure that the student’s understood that security risk management is only useful within a security context, and is pointless to do risk management outside a security context.  Accordingly, I urged all students, as their very first step toward their final course projects, to articulate in words the security context that defines their project.  That is, tell me who the Protectors are (there may be more than one) and describe for me their interests, identify the Threats to the Protector’s interests from outside agressors, and identify assets at issue (whether physical, informational, emotional, etc.).
• The SRA 311 working definition of risk as follows:  Risk = Uncertainty about future events of interest.  I added the underlined words to emphasize that events only pose a risk (whether pure or speculative) if the events are of interest to the customers of analysis.  Basically, the inclusion of these words offered a nice segue into the question at issue for the day: “what is the role of risk analysis in the decision making process?”

As I reviewed the second bulleted topic above, I made an interesting observation.  The students in my class knew what a normal distribution was when I drew it, but they were less confident in the meaning of the phrase “expected value.”  One of the assumptions I made explicit at the beginning of the course was that students should be knowledgable in basic statistics as taught in their STAT 200 (Elementary Statistics) course.  I presumed that the idea of “expectation” and “expected value” would be taught.  Well, perhaps it was.  But like most other math-professor-taught math classes, how much does a student really learn in a mathematics course that doesn’t put the material into the context of what the student’s care about?  Expected value, as one might recall, is another way of saying average value, and can be obtained by multiplying the probability of a specified outcome by the valuation of that outcome, then adding up all such products for all outcomes in an mutually exclusive (distinct) and collectively exhaustive (complete) set.  Anyway, I find myself now faced with a challenge – how do I educate my students on the basic idea of risk as expected value (though admittedly, risk is way more than this) when they have a hard time understanding what an expected value is in the first place.  My solution:  hire a knowledgable undergraduate to host several extra-curricular math seminars to go over the basic principles of probability and expected value.  As soon as I devise the curriculum for this seminar, I share it on this blog.

Back to the risk discussion.  As a corollary to my definition of risk, I offered the following point: risk does not exist without uncertainty.  In fact, some people set these two concepts equal.  Frank Knight (the economist/philosopher), however, clearly distinguished between the two in his dissertation Risk, Uncertainty and Profit, though he admitted that the word “risk” in the colloquial sense accomodates both the risk (as he defines in) and uncertainty.

At this point I reviewed three non-taxonomic categories of risk: speculative risk, pure risk, and objective risk.  Speculative risk considers the case of an uncertain future whose context admits both favorable and unfavorable outcomes.  For example, gambling is a risky venture, and is a case of speculative risk since one gambles to attain fortune at the cost of exposing oneself to the possibility of ruin.  Pure risk takes a one-sided view of the problem and only looks at an incertain future whose context only admits non-favorable outcomes.  For example, security risk analysis considers to general classes of future event: a security event happens (=bad, but to different degrees depending on the nature of the event), and a security event does not happen.  Objective risk was a much harder concept to discuss in the absence of strong class footing on the meaning of expected value.  Basically, objective risk is the dispersion about the mean of a loss distribution, where wider dispersions (i.e., higher variance) corresponds to higher objective risk.  Fortunately, we won’t be leveraging too much of this concept in SRA 311; but had we decided to delve more into insurance (or rather, risk transfer) as a risk treatment option, then objective risk would play a much larger role.

Here we are, 30-45 minutes into class, and I was starting to get the feeling that my students were dozing off, focusing on other things, or what have you.  I can’t blame them too much – to me this stuff is fascinating, wheras to them the topics must seem dry and heavy, particularly if I am asking them to recall details from an inadequately-taught subject (STAT 200) in order to make sense of what I’m saying.  Well, I told them on the first day that my number one goal was to help them build “risk intuition”; from my experience the only way to do this is by immersing them in the nitty-gritty details of risk analysis activities.  I will continue to do this, and I suspect that in the end the students will be better off for it.

To get the juices flowing again, I decided to have my students move around a bit in their seats by running a few search terms in Google (you see, much to my chagrin, each student has a computer at their seat in my classroom).  The three search terms I provided were “DNI Vision 2015,” “Jennifer Sims,” and “Decision Advantage.”  My goal was for the students to locate DNI Vision 2015, pull out the tone box on the first page of chapter 2, and read aloud for me what Jennifer Sims has to say about “decision advantage”:

… the key to intelligence-driven victories may not be the collection of objective ‘truth’ so much as the gaining of an information edge or competitive advantage over an adversary. Such an advantage can dissolve a decision-maker’s quandary and allow him to act. This ability to lubricate choice is the real objective of intelligence.

There you have it, intelligence lubricates choice.  Similarly, risk analysis lubricates choice by providing knowledge to the decision maker on the sources of uncertainty present in a given problem (a discussion topic for lecture 11) and how they contribute to our understanding of the nature of future events of interest.  This is our goal as risk analysts: provide the best possible analysis about a system (technological, political, social, economic, etc.), how we think it works, and how it may behave in the future as a function of the decisions we make or do not make.  Risk analysis informs decision making by providing actionable insight on how to improve the chances for desirable outcomes and decrease the chances for undesirable outcomes in light of our admittedly incomplete and uncertain understanding of our system.  Again, if there was no uncertainty, then we would know how the systems we operate in work and how they will behave in the future.  Thus, we would have no risk.  But, in reality we are uncertain about everything, including our knowledge of how systems work, what events can plausibly occur in the future, our descriptions of the plausible events we know about, and the relative likeliness of them all.

There were a couple of other points I wanted to make to the class, but for whatever reason I felt that by making them I would give the appearance of beating a poor horse to death.  Well, these points were really excerpts from the required reading, and for sake of completeness (and future reference) I will pull them out here:

• “Risk analysis is always part of a decision context, whether it is an explicit analytic activity or not” (Aven and Korte).  My comment: All people examine the risks attributed to the actions they decide or decided to take or not take, or the situations they find themselves in or not in.  Formal analysis offers the advantage over intuitive impressions of risk as they lay bare all assumptions, sources of uncertainty, etc. to provide the clearest (and most objective) picture possible of the strategic landscape.
• “For risk related to organizational [or national security, political, etc.] decisions, presentations of consequence and uncertainties [derived] from the risk analysis should be highlighted, rather than synthesized measures of utility gains and losses” (Aven and Korte).  My comment: I, personally, would take this the next step by saying that a well reasoned narrative that explains the spectrum of plausible future events and their relative likeliness is often superior to numbers in terms of providing useful knowledge to decision makers.  The numbers are typically secondary, regardless of what mechanistic approach they come from, and serve only as a decision aid that complements decision maker review, judgment, and negotiations with other stakeholders.
• “In addition to satisfying philosophical and methodological requirements, the analysis must be seen as useful by decision makers.” (Aven and Korte).  My comment: I would add that for the analysis to be accepted by the consume (i.e., decision maker), a level of trust must be established between the judge and the advisor.  This can be done a number of ways, such as producing analysis that subscribes to an acceptable standard of practice, presenting the analysis in a manner that is clear and understandable to the consumer, or simply having the analysis come from the mouth of a trusted advisor (the last one being a bit more dangerous, in my mind).  As one reknown safety researcher once said, in order for risk information to be accepted by a decision maker, it must follow from an accepted process for producing such information.  Decision advantage only happens when the consumer takes in what the analyst has to say, which thus requires the consumer to find such analysis useful and derived from trusthworthy sources and practices.
• “Decision making is a process with formal risk and decision analysis to provide decision support, followed by an informal managerial judgment and review process resulting in a decision.” (Aven and Korte)  My comment: again, this comment echoes the main point that risk (and decision) analysis informs the decision making process.  It does not prescribe decisions for the decision maker.
• “Risk analysis, contrary to decision analysis, is not supposed to include preferences for scenario outcomes, neither explicitly or implicitly.” (Pate-Cornell).  My comment:  While risk analysis must have some understanding of the scope of the outcomes of concern to a decision maker as well as which variables are within the decision maker’s ability to control, the risk analyst shall not attempt to impose personal values and preferences (in the sense of utility) atop of plausible outcomes.  However, when providing actionable recommendations on what can be done to improve the risk situation, the risk analyst must be cognitive of the favored directionality of the relevant consequence dimensions, fewer than more number of lives and dollars lost being an example.
• “Do not perform a [risk] analysis for an organization or individual who is not willing to use the results for decision support, but only to justify decisions already made.” (Pate-Cornell).  My comment: If one does analysis for the sake of justifying already-made decisions, then the analysis isn’t really offering any decision advantage.  Rather, this tactic is used to legitimize a decision that may be the wrong decision or perhaps the right one for the wrong reasons.  The problem is even more acute when the decision maker pressures the analyst to produce results that are consistent with the desired decision and incompatible with alternative options.  Perhaps this is why Prof. Pate-Cornell urges risk analysts to not engage in any analytic activity for the purposes of legitimizing a decision – by avoiding such situations, you are also denying the decision maker any opportunity to influence your results one way or another.
• “[The role of the risk analyst] is to present as exactly as possible the state of knowledge, i.e., the assumptions of the model, the sources of information and the processing of data, in order for future decision makers to exercise their own judgments when using the results.” (Pate-Cornell).  My comment: Again, risk analysis informs decision making.  Note that if you are starting to think the Prof. Pate-Cornell is starting to sound like an intelligence studies scholar, you wouldn’t be too far off the mark.  In fact, Prof. Pate-Cornell has been (and perhaps is still) a member of the President’s Foreign Intelligence Advisory Board, or PFIAB.

Now that the students understand the role of the risk analyst in the decision making context, I decided to end the lecture with an interesting template for articulating the scope of a risk assessment.  Given a security context (again, this is a course for security risk analysis major), one can follow the STEM-V approach to guide their thinking as the scope a particular problem (note that the STEM acronym without the “V” was first presented by the respected risk research Louis Anthony “Tony” Cox, Jr. in his book entitled Risk Analyisis: Foundations, Models and Methods, ISBN: 0792376153):

• Sources of risk
• Targets affected by these sources (i.e., assets in the S=f(P,T,A)Si model)
• Effects of concern
• Mechanism that yield effects from the source via target
• Variables that can be controlled to influence risk one way or the other

Note that I am still in need of an mnemonic for STEM-V to aid in memorization.  Together, the idea of a security context + STEM-V provide good guidance to aid in problem statement and purpose construction.  This is a good place for the students to be in at the end of the second week of the semester.  Unfortunately, I ran out of time this lecture to try STEM-V out as a class exercise, but I will be sure to make it up in Lecture 4.

Send article as PDF to

Today I gave a lecture to my risk management class at Penn State (SRA 311, Risk Management: Assessment and Mitigation) focused on the words of risk analysis (lecture 2 of 31).  As anyone who provides services to any type of client knows, one of the first things you have to do on day one is ensure a common understanding of key words and phrases.  This was part one of my lecture, that is, explaining that people don’t necessarily assign the same meanings to certain words as others, even if they are in the same field.  The remaining parts focused on two words in particular – “security” and “risk” – and sought to explain what “risk” is and how it fits into security activities.  This lecture was fun for me to deliver, but in hindsight, it was probably a bit too densely packed with ideas for students with less background knowledge.  All in all, I think it went ok.

Class Summary

As a backdrop for discussion, I had my students read two articles.  The first article was entitled “Same Words, Different Meanings: The Need for Uniformity of Language and Lexicon in Security Analysis and Management” by Andrew Harter (a good friend of mine) published by the Critical Infrastructure Protection Program of the George Mason University School of Law in the monograph entitled Critical Infrastructure Protection: Elements of Risk (prepared by Liz Jackson, another good friend of mine).  Basically, this article is a call to action in the security analysis and risk management community for establishing a common lexicon through voluntary consensus standards.  For those unfamiliar with this issue, Mr. Harter’s article addresses the question “why is a common lexicon needed?” and “what can be done to make progress toward this goal?”   Though one might argue that alternative viewpoints (e.g., a common lexicon is not needed) were not addressed in this article (which is a “hit” on fairness), the point surely rings true to anyone who plays the security risk analysis game.  Imagine how difficult it is to communicate on risk matters when your definition of risk (e.g., potential for harm) doesn’t match well with mine (e.g, loss following an event).  I’ve experienced hours of time wasted due to a simple misinterpretation of language, and nothing is worse than arguing semantics when other more important issues have yet to be resolved.

Some might argue that definitions don’t matter so much.  After all, risk analysis is a decision support activity, and really all that matters is whether we have empowered the decision maker with “decision advantage.” [I borrow this phrase from the Jennifer Sims at Georgetown University as it is applicable to ALL areas where analysis is done, risk and intelligence in particular].  Accordingly, one might accept the definition of risk as “whatever is appropriate for the decision maker at the time.”  But as the author of my second paper, Giovanni Manunta, might argue, while such a vague definition might be useful in the client-analyst context, it is not helpful if one desires to treat risk as a science and methodically study all the different subtopics that fall under the heading of risk analysis (see the very first text block on the Society for Risk Analysis homepage for their definition of what “risk analysis” entails).  A common understanding of the various “words of risk analysis” is needed in order to speak sensibly about the subject within the community of educators, scholars, and practitioners.  (as an aside, see Professor Kristan Wheaton’s blog for an interesting and related discussion entitled “What is Intelligence?“)

The second paper discussed in my class was entitled “What is Security?” by Dr. Giovanni Manunta and published in the Security Journal, Volume 12, Issue 3, pp. 57-66 (http://dx.doi.org/10.1057/palgrave.sj.8340030).  I chose this paper for three reasons.  First, for me it was a great read and why not share with my students papers I find worthwhile.  In fact, many of Dr. Manunta’s monographs are really worth spending some time reading and absorbing if you are in the security profession.  Second, this paper is a nice complement to the first in that it goes into great depth as to why a commonly accepted conceptual definition for security is needed.  Third, this paper actually does a good job of describing the conceptual underpinnings of security by explaining in detail the three required elements of a security context – namely, a Protector (the entity that desires security), a Threat (the entity that challenges the protector’s security), and an Asset (the object of conflict).  The general formula for security, S, is then S=f(P,T,A)Si, where the Si outside of the parenthesis is a variable that accounts for the situational factors underlying the relationship between P, T, and A.  If any one of P, T, or A are absent in a given situation, you do not have a security context, and as such it makes no sense to speak about managing risks.

At this point I finished discussing (as socratically as I could in the time I had available) the two articles.  Throughout I attempted to elicit from students answers to questions centered on Elder and Paul’s Eight Elements of Thought and Intellectual Standards to encourage critical analysis of who the people writing such articles are, their purpose for writing, points of view, concepts, assumptions, etc.  However, I tried not to stretch this discussion out too long given that I already had my students complete a written assignment that systematically addresses the eight elements and intellectual standards.

The next portion of this lecture centered on how risk management fits within the world of security.  Borrowing from Manunta’s Diogenes Paper No. 1 (ISBN: 0-9501575-4-6), I sought to leverage assumed prerequisite knowledge of Venn Diagrams and Set Theory to explain the concepts of Security and Not Security, where Not Security includes Total Insecurity and all degrees between.  The degrees in-between represents a fuzzy-boundary between security and not security, that is, if one accepts that the state of security is actually a fuzzy set.  The Venn diagram I used is shown below, though in class I actually drew it on a Tablet PC.

The point I stressed is as follows: in a security context, a Protector has finite resources to make progress toward an unbounded objective.  This is where risk management comes in – risk management is used to maximize the efficiency of these resources by applying them in such a way that maximizes our progress toward a state of security.  The balance of risk between what we want to achieve and what we can achieve is known as the residual risk.  Ultimately, given the options available to us to reduce risk in light of available resources, we want to minimize the residual risk.  But as Manunta points out in “What is Security?,” security involves risk management, but managing risk doesn’t necessarily guarantee security.  That is, risk management and security are not the same thing.

I ended the lecture with a light hearted game of “Risk Mad Libs.”  First, I offered a generic definition of risk intended to guide us through our thinking in the rest of the course.  The definition is as follows:

Risk: The uncertainty around future events

We discussed what was meant by the word “uncertainty” in this definition, and examined the different types of uncertainty that we often encounter in risk analysis.  This includes the variability associated with one or another event occurring among a set of mutually exclusive (distinct) and collectively exhaustive (complete) alternatives, the incertitude associated with whether elements in our set are relevant or whether our set of alternative events is complete, and the inherent vagueness in what any particular element of the set really means.  Unfortunately, my extemporaneous nature kept me from explaining the remaining two words – “future” and “events,” but if I could go back in time I would stress that risk has to do with the uncertainty in what will happen and not what has already happened, where the future “events” can be described as a situational description (“mom will get sick”) or in terms of some measures (“1 morbidity” and “$10,000 in medical fees”).

Now that we had a definition of risk to work with, I asked students to break into groups and fill in the blank:

____________________ Risk

where the blank can represent practically any word.  My specific instructions were to select one “serious” word and one “silly” word, fill in the blank with each in turn, and in doing so characterize the nature of what is meant by the resulting phrase (i.e., who would care, what are some causes of concern and what are outcomes of concern).  I started with the serious word “information” to form the phrase “information risk.”  Then I moved onto the word “political” followed by the silly word “dog.”  For each we identified someone who might be considered a stakeholder in such a field (e.g., “dog owner” for “dog”), and brainstormed what events could occur (“dog runs away”) and the spectrum of ensuing outcomes (“dog gets hit by car,” “dog bites pedestrian,” “dog comes home”).  In the remaining 2 minutes of class following the exercise, we had some cool responses, including “computer mouse risk,” “environmental risk,” “body odor risk,” etc.   The basic idea here was to enable students to reason out what is meant when you see a phrase such as “financial risk,” and after this lecture I am confident the students can do this.

Next Up

The next lecture stands to be a fun one – the topic is “The Role of the Risk Analyst and Decision Advantage.”  This lecture is the second of 3 “Philosophy of Risk” analysis lectures; after these, we will be way more applied in the classroom setting (something I am sure the students would appreciate).

Send article as PDF to

For those of you doing research into anything that requires a literature review, it pays to check out the types of work your Chinese research counterparts have published on in the Chinese academic literature.  There are two really good full-text databases out there for Chinese academic journals:

• Wanfang Data: According to the Wanfang data website, “as an affiliate of Chinese Ministry of Science & Technology, Wanfang Data has been the leading information provider in China since 1950s. With a wide range of database resources and value-added services, Wanfang Data has become a gateway to understand Chinese culture, medicine, business, science, etc.”  I personnally find this particular database to be very user friendly and English-language friendly.  The problem is that I don’t know of any scholarly institution with access.
• CNKI – This database is way more comprehensive in scope than Wanfang Data, but is less English-language friendly.  In order to navigate this website well, the user should become well acquainted with Babelfish, but be prepared to do a lot of copy-paste actions from the CNKI browser window to a separate Babelfish window.  Oh, and as it turns out, the Library of Congress has onsite access to this database and much (but not all) of its holdings.

In a literature review search of both Wanfang Data (trial access) and CNKI (at the Library of Congress) I completed in early 2007, I came across the following papers on risk analysis for terrorism and natural hazards published in Chinese journals (citations and abstracts provided, but pardon the grammatical errors as they are just translations).  Let me caveat this list by saying it is by no means guaranteed to be complete; rather, it is limited to hits obtained from those articles that were (a) searchable and available, (b) had english translations of the abstract stored in the database, and (c) retrievable using the small set of english search terms I used.

> Zhang, Z., Wu, Z. and Liu, M. (2004). “A Case Study on Mitigating the Risk of Terror Attack.” China Safety Science Journal, Vol. 14, No. 2, pp. 95-97.

Terrorists usually take advantage of alternative forms of network structure to avoid being monitored and tracked by the security services, and to operate a terror attack by sudden swarm of cluster through immergence of passive supporters. Conventional counter-terrorist forces such as military and police will face a greater challenge in trying to suppress the terrorism with multi-originated feature. East Turkistan terrorist issue is taken as a case to simulate and analyze the evolution mechanism of a given regional terror attack threat, using physical concept of percolation. The feasibility to mitigate the risk of terror attack by non-destructive measures is theoretically analyzed.

> Fan, M. (2002). “The Risk Management in American Security Management System after “9.11″ Event and its Enlightenment to China.” Journal of the Shandong Public Security College, Vol. 14, No. 6, pp. 63-66.

After “911″ event, US government extensively and thoroughly tried to carry out risk management methods in security management system in order to block the security loophole and to prevent terrorism attack. After one year in practice, not only has the counter-terrorism object been achieved, but also obtains good social effects on safe production, crime prevention, and public security enhancement. This is an important enlightenment to our security management in relative areas. [WLM Comment: I must admit, I am intrigued by this abstract; if only I could read the full-text of the paper...]

> Wang, Z. and Liu, M. (2006). “Application of Quantitative Risk Assessment on Terrorist Attack.” China Public Security, Vol. 12, No. 4, pp. 18-22.

In this paper, the development of quantitative risk assessment is reviewed, and the way to quantify and assess the terrorism attack is purposed. In the quantitative assessment procedure, according to the information obtained, the summary of previous similar events, and the expert opinions, the data are quantitatively analyzed to obtain the most likely attack target, the threat characteristics, and attack circumstance. Fault tree and event tree are used to analyze the threat model and the system weakness, respectively, and then the attack consequence and the most weakness of the attack target can be obtained. A theoretical basis is provided for making effective decisions under terrorism threat, and a stadium is analyzed as an example.

> Wu, Z. and Zhang, Z. (2005). “Progress of Risk Assessment for Terror Attacks on Industrial Facilities.” Journal of Safety Science and Technology, Vol. 1, No. 4, pp. 3-7.

While the terrorism actions are getting rampant increasingly all over the world, the terror attack, as an important risk factor, should be studied thoroughly not only for academic profile but also for maintaining social security and stability. The terror attack is planned and issued by the terrorists themselves, and its hazard source – terrorist have their own self-determination. Logically predicting the risk of terror attack has become a new issue in the field of safety science. Both home and abroad progress on related researches were reviewed in detail. It is suggested that security vulnerability assessment and security management system be implemented on important industrial and public facilities.

> Yu, J. and Yang, H. (2004). “Characteristics of Modern Terrorism and Safeguard Strategy.” JOURNAL UNKNOWN, Vol. 6, pp. 11-14.

Modern terrorism has brought severe challenge for the globe. The international society hasn’t come to common for the terrorism law definition. Terrorism in the new period has a series of obvious characteristics. Through analyzing the characteristics, the importance of scientific evaluating on terrorism has been put forward and a series of relative protecting job strategy.

> Zhang, S., Tian, D. and Wu, J. (2006). “Simple Probabilistic Method for Relative Risk Evaluation of Nuclear Terrorism Events.” Nuclear Power Engineering, Vol. 27, No. 6, pp. 74-81.

Based upon event tree and probabilistic methods, a simple probabilistic method for risk evaluation of nuclear terrorism events is purposed in this paper. Four types of damage of a single nuclear terrorism event are analyzed. Since nuclear terrorism events have never happened, relative data of potential nuclear terrorism events are rare. Upon relevant potential events and hypothesis base, relative probabilities and relative risks of four modes causing nuclear terrorism events are deductively analyzed. The analysis results show that these four damage modes are, from severe to mild, using nuclear explosion equipment, using simple nuclear explosion equipment, attacking nuclear facilities, and using “dirty bomb.” According to the hypothetical premise, the probabilities of occurrence from high to low are using “dirty bomb,” attacking nuclear facilities, using simple nuclear explosion equipment, and using nuclear explosion equipment, and the risks of nuclear terrorism events caused by the four modes mentioned above are, from severe to mild, using “dirty bomb,” using simple nuclear explosion equipment, attacking nuclear facilities, and using nuclear explosion equipment.

> Zhao, G., Liu, M., Zhang, Q., Yang, Y. and Wang, L. (2006). “Terror Attack Risk Assessment of Subway Station Based on Game Theory.” Journal of Safety and Environment, Vol. 6, No. 3, pp. 47-50.

The present paper aims to introduce the authors’ analysis of the terrorist attack risks with the 22 stations of certain subway line and the model of the probability estimate of the target losses developed by the paper. As we know, once an attack was attempted, losses would occur with a probability of such and such, and so and so. Such probability of target loss can be worked out through the calculation of the change of the defended resources, which provide optimal allocation of the defended resources to the subway station under study and the structure of the counter-terrorism emergency plan. However, since the terrorist risks differ from the natural disasters for their particular nature of the ill intent of their instigators. As a consequence, game theory can be used as an important analytic tool. And in turn, such attacks on the subway stations can be regarded as zero-sum game between attacker and defender.

> Chen, W., Jiang, Q., Cao, Y. and Han, Z. (2005). “Risk Based Vulnerability Assessment in Complex Power Systems.” Power System Technology, Vol. 29, No. 4, pp. 12-17.

Based on probability theory the risk theory was applied to the vulnerability assessment of power system. Here, the power system was defined as a vulnerable system and a set of risk indices to assess the power system vulnerability and corresponding algorithm were built, thus the defects of traditional deterministic security assessment method, which cannot satosfy the requirement of electricity market and complicated power grid, could be overcome. On this bases, a risk theory and risk indices based power system vulnerability assessment software was developed. Taking the New England test system for example, the effectiveness and advanced property of the presented method were proved.

> Chen, Y., Liu, X. and Ren, F. (2002). “Disaster Risk Analysis of Transportation Infrastructure System.” Journal of Highway and Transportation Research and Development, Vol. 19, No. 4, pp. 79-82.

When natural disaster, atrocious weather or accident happens, transportation system may close down and result in travel cost increasing or some travel being called off. Depending on the structure of user cost and the traffic demanding and distribution model, the estimation method of the unit user cost is proposed in the paper. The sum of the user cost and the remedy cost constitute the disaster loss or consequence, which is the function of closing time, usability of other circuitious road and the remedy measure. Depending on the probability of disaster happening and according consequence, the disaster risk is assessed. In the meantime, several common anti-disaster measures are suggested, which can deduce the road closing probability or according loss. Depending on the cost-benefit analysis of different anti-disaster measures, the anti-disaster plan can be decided.

> Ren, L. (1999). “Advance in Risk Analysis for Natural Hazards.” Advances in Earth Science, Vol. 14, No. 3.

In this paper, the author first discusses the meaning of regional natural disaster’s risk and introduces the possibility risk in detail, pointing out that risk has different meaning in insurance business and disaster study. Then the author reviews the content of risk analysis of regional natural disasters and the mathematical models of risk assessment. The risk analysis is classified into three steps, risk recognition , risk estimation, and risk assessment and the mathematical models into three types, extreme risk model, probability risk model and possibility risk model. Nextly, the possibility risk model for analyzing regional disaster risk are reviewed thoroughly. Finally, the problems to be studied further for regional natural disasters risk analysis , the regional natural disaster mechanism , the method for recognizing regional natural disaster risk, and the method of regional vulnerability analysis, are proposed.

I hope this listing helps better communicate what some Chinese researchers are doing in this area of risk analysis for homeland security.  Note: If anyone is willing to help me translate these papers, send me an email/comment.  Also, if you know of any other Chinese papers on the subject, or perhaps papers on the subject from other non-Western countries, let me know.

Send article as PDF to

What is an “emerging threat”? Or even more generally speaking, what is a “threat” in the first place?

There are numerous definitions proposed and used for the word “threat” and its synonym “hazard”, and I leave it to readers of this blog (and myself) to explore the myriad definitions for such terms as these described in the SARMAPedia just to see what I mean (this website is part of the Security Analysis and Risk Management Association, or SARMA, initiative to develop a common lexicon; participation is encouraged).

For simplicity, let’s go with the following simple and generic definition of threat: a threat is a source of potential harm. Of course whether or not something is harmful is in the eye of the beholder, but for the purposes of this discussion assume that whatever we label as a threat is harmful to you or your interests. Now let’s examine the definitions of threat when qualified by one of four words: “emerging,” “emergent,” “speculative,” and “notional.”

• To qualify a threat as “emerging” insists that it must be “newly formed” or “coming into prominence” (definition for “emerging” taken from Answers.com).
• To qualify a threat as “emergent” means that it is “coming into view, existence, or notice” (definition for “emergent” taken from Answers.com).
• To quality a threat as “speculative” means that it is reasoned from “inconclusive evidence, conjecture, or supposition” (definition for “speculation” taken from Answers.com).
• To qualify a threat as “notional” means that it is “speculative or theoretical” or imaginary (definition for “notional” taken from Answers.com).

According to the above qualifier definitions, it seems to follow that an “emerging threat” or “emergent threat” in the context of terrorism is one for which there is at least a little bit of evidence to support that it is on the minds of potential adversaries. That is, there seems to be this underlying assumption that evidence exists to justify labeling a threat as “newly formed” or “coming into view.” Weaker in form but just as important to be aware of from the standpoint of a defender desiring to defeat surprise is the “speculated threat” or “notional threat” for which there need not be evidence to support it being a considered an option of our enemies. As with anything else in the realm of innovation (a trait that many scholars believe our adversaries possess), it is just a matter of time before an articulated speculative threat becomes an emergent threat – all that is required is for an adversary to entertain the threat as a real option for consideration. In fact, a 2002 Washington Post editorial entitled “They Heard It All Here, and That’s the Trouble” (written by Dennis Pluchinsky, an intelligence professional and well-respected educator) complained that the media pretty much hands ideas to our adversaries on where US vulnerabilities lie and what can be done to exploit them. So, I feel it is safe to assume that a speculative threat written about in open-sources is, or will become in due time, an emerging threat just by the mere fact that such ideas are out in the open for everyone in the world to read. The only thing missing is the documents or testimony to prove that a threat has transcended the threshold between speculative and emergent.

Now, why did I say all this? As I was digging through my database of academic papers, I came across a number of papers on novel terrorist threats, all of which are labeled as emergent. Few of these papers actually provide evidence to the fact that these threats are on the minds of al-Qaeda planners, but they do provide sufficient detail about them to prompt serious consideration if a bad-guy happened to stumble upon them. I decided to list six of these papers, not to make these ideas even more accessible, but to inspire consideration on the part of defenders challenged by a presumed creative and determined adversary. After all, our number one vulnerability is ignorance, and our adversaries seek to identify and exploit this ignorance to achieve surprise against us.

These six papers (with abstracts in bullets) are as follows:

Baird, R. A. (2006). “Pyro-Terrorism: The Threat of Arson-Induced Forest Fires as a Future Terrorist Weapon of Mass Destruction.” Studies in Conflict & Terrorism, Vol. 29, No. 5, pp. 415-428, doi: 10.1080/10576100600698477.

• The United States is at significant risk of a future pyro-terrorist attack – when terrorists unleash the latent energy in the nation’s forests to achieve the effect of a weapon of mass destruction – the threat, must be defined America’s vulnerabilities understood, and action taken to mitigate this danger to the United States.

Borio, L., et al. (2002). “Hemorrhagic Fever Viruses as Biological Weapons.” Journal of the American Medical Association, Vol. 287, No. 18, pp. 2391-2405, url: http://jama.ama-assn.org/cgi/content/full/287/18/2391.

• Weapons disseminating a number of [Hemorrhagic Fever Viruses] HFVs could cause an outbreak of an undifferentiated febrile illness 2 to 21 days later, associated with clinical manifestations that could include rash, hemorrhagic diathesis, and shock. The mode of transmission and clinical course would vary depending on the specific pathogen. Diagnosis may be delayed given clinicians’ unfamiliarity with these diseases, heterogeneous clinical presentation within an infected cohort, and lack of widely available diagnostic tests. Initiation of ribavirin therapy in the early phases of illness may be useful in treatment of some of these viruses, although extensive experience is lacking. There are no licensed vaccines to treat the diseases caused by HFVs.

Bunker, R. J. (2008). “Terrorists and Laser Weapons: An Emergent Threat.” Studies in Conflict & Terrorism, Vol. 31, No. 5, pp. 434-455, doi: 10.1080/10576100801980294.

• The trends leading to the emergent threat of terrorist laser weapons use are that a military weaponry transition from conventional to Directed Energy Weapons is taking place; that laser weapons offer clear tactical and operational advantages over conventional weapons; that laser prices are dropping while laser performance is increasing; that criminals, criminal-soldiers, and foreign militaries have all utilized laser devices and weapons for counteroptical purposes; and that criminal-soldiers are evolving and getting more sophisticated from both an organizational and weaponry use perspective. This article will look at the aforementioned trends, analyze them, and then offer some concluding thoughts concerning terrorist laser weapons use futures.

Lee, R. V., Harbison, R. D., and Draughon, F. A. (2003). “Food as a Weapon.” Food Protection Trends, Vol. 23, No. 8, pp. 664-674 [this article is not available electronically anymore]

• The use of food as a weapon has been practiced since antiquity. Assassination by poisoning food and wine is well documented in history and in literature. Mass casualties because of spontaneous spoilage of grain and meat have been common, but attempts at deliberate adulteration or contamination of foods to produce mass casualties have been only occasionally successful. Nevertheless, the food supply of industrialized nations is vulnerable to terrorist attacks. A major problem is the inability to identify criminal intent rapidly in outbreaks of foodborne illness caused by common pathogens or animal-borne diseases. This review addresses the vulnerability of the food system, motivations for harm, detection of criminal intent and security measures that may minimize risks.

Van Keuren, E., Wilkenfeld, J., and Knighten, J. (1991). “Utilization of High-Power Microwave Sources in Electronic Sabotage and Terrorism.” Proceedings of IEEE Security Technology Conference 1991, pp. 16-20, url: http://ieeexplore.ieee.org/iel2/575/5225/00202184.pdf.

• High-power microwave (HPM) sources have been under investigation for several years as potential weapons for a variety of sabotage, terrorism, counter-security systems and combat applications. To a large extent, work in these areas has been limited to the military community and its contractors. However, in recent years there has been an increasing awareness of HPM as a tool for commercial sabotage and civil terrorism. As such, there is a need for greatly increased attention by the security community. With respect to this security conference, the key points to recognize are the insidious nature of HPM and the many areas in which it can impact on security technology. Computers and other equipments can be damaged without user recognition of the cause. HPM has the capability to penetrate not only radio front ends but also the most minute shielding penetrations throughout the equipment. The potential exists for significant damage to security and other devices and circuits, and even injury to humans. Electronic sabotage and terrorism, and HPM in particular, should be of significant interest to security practitioners.

Parfenov, Y., Zdoukhov, L. N., and Radasky, W. A. (2004). “Conducted IEMI Threats for Commercial Buildings.” IEEE Transactions on Electromagnetic Compatibility, Vol. 46, No. 3, pp. 404-411, doi: 10.1109/TEMC.2004.831883.

• While most of the emphasis has been focused on the radiated threat represented by intentional electromagnetic interference, it is clear that the threat from conducted disturbances should not be neglected. Conducted threats include those that are produced by the cable coupling of radiated fields and from the direct injection of conducted disturbances into the wiring of a building. It is well known that in the majority of cases, cables provide the most efficient means of transporting potentially damaging energy into equipment. The first part of this paper describes how electrical disturbances can impact electronic equipment inside a building through the power and earthing circuits. Measured data are summarized to illustrate how electrical signals propagate through the power and earthing circuits from the outside to the inside and what levels of signals create problems with electronic equipment. With this understanding of the impact of transient waveforms on electronic equipment and how these disturbances can propagate throughout a building, calculations are then used to evaluate different types of conducted threats to buildings.

Send article as PDF to