Guiding Resource Allocations Based on Terrorism Risk

Establishing tolerable levels of risk is one of the most contentious and important risk management decisions. With every regulatory or funding decision for a risk management program, society decides whether or not risk is tolerable. The Urban Area Security Initiative (UASI) is a Department of Homeland Security (DHS) grant program designed to enhance security and overall preparedness to prevent, respond to, and recover from acts of terrorism by providing financial assistance for planning, equipment, training, and exercise needs of large urban areas. After briefly reviewing definitions of terrorism risk and rationales for risk-based resource allocation, this article compares estimates of terrorism risk in urban areas that received UASI funding in 2004 to other federal risk management decisions. This comparison suggests that UASI allocations are generally consistent with other federal risk management decisions. However, terrorism risk in several cities that received funding is below levels that are often tolerated in other risk management contexts. There are several reasons why the conclusions about terrorism risk being de minimis in specific cities should be challenged. Some of these surround the means used to estimate terrorism risk for this study. Others involve the comparison that is made to other risk management decisions. However, many of the observations reported are valid even if reported terrorism risk estimates are several orders of magnitude too low. Discussion of resource allocation should be extended to address risk tolerance and include explicit comparisons, like those presented here, to other risk management decisions.     

Augmenting the Deliberative Method for Ranking Risks

The Department of Homeland Security (DHS) characterized and prioritized the physical cross‐border threats and hazards to the nation stemming from terrorism, market‐driven illicit flows of people and goods (illegal immigration, narcotics, funds, counterfeits, and weaponry), and other nonmarket concerns (movement of diseases, pests, and invasive species). These threats and hazards pose a wide diversity of consequences with very different combinations of magnitudes and likelihoods, making it very challenging to prioritize them. This article presents the approach that was used at DHS to arrive at a consensus regarding the threats and hazards that stand out from the rest based on the overall risk they pose. Due to time constraints for the decision analysis, it was not feasible to apply multiattribute methodologies like multiattribute utility theory or the analytic hierarchy process. Using a holistic approach was considered, such as the deliberative method for ranking risks first published in this journal. However, an ordinal ranking alone does not indicate relative or absolute magnitude differences among the risks. Therefore, the use of the deliberative method for ranking risks is not sufficient for deciding whether there is a material difference between the top‐ranked and bottom‐ranked risks, let alone deciding what the stand‐out risks are. To address this limitation of ordinal rankings, the deliberative method for ranking risks was augmented by adding an additional step to transform the ordinal ranking into a ratio scale ranking. This additional step enabled the selection of stand‐out risks to help prioritize further analysis.     

A Methodology for Modeling Regional Terrorism Risk

Over the past decade, terrorism risk has become a prominent consideration in protecting the well‐being of individuals and organizations. More recently, there has been interest in not only quantifying terrorism risk, but also placing it in the context of an all‐hazards environment in which consideration is given to accidents and natural hazards, as well as intentional acts. This article discusses the development of a regional terrorism risk assessment model designed for this purpose. The approach taken is to model terrorism risk as a dependent variable, expressed in expected annual monetary terms, as a function of attributes of population concentration and critical infrastructure. This allows for an assessment of regional terrorism risk in and of itself, as well as in relation to man‐made accident and natural hazard risks, so that mitigation resources can be allocated in an effective manner. The adopted methodology incorporates elements of two terrorism risk modeling approaches (event‐based models and risk indicators), producing results that can be utilized at various jurisdictional levels. The validity, strengths, and limitations of the model are discussed in the context of a case study application within the United States.     

Using Probabilistic Terrorism Risk Modeling for Regulatory Benefit-Cost Analysis: Application to the Western Hemisphere Travel Initiative in the Land Environment

This article presents a framework for using probabilistic terrorism risk modeling in regulatory analysis. We demonstrate the framework with an example application involving a regulation under consideration, the Western Hemisphere Travel Initiative for the Land Environment, (WHTI‐L). First, we estimate annualized loss from terrorist attacks with the Risk Management Solutions (RMS) Probabilistic Terrorism Model. We then estimate the critical risk reduction, which is the risk‐reducing effectiveness of WHTI‐L needed for its benefit, in terms of reduced terrorism loss in the United States, to exceed its cost. Our analysis indicates that the critical risk reduction depends strongly not only on uncertainties in the terrorism risk level, but also on uncertainty in the cost of regulation and how casualties are monetized. For a terrorism risk level based on the RMS standard risk estimate, the baseline regulatory cost estimate for WHTI‐L, and a range of casualty cost estimates based on the willingness‐to‐pay approach, our estimate for the expected annualized loss from terrorism ranges from $2.7 billion to $5.2 billion. For this range in annualized loss, the critical risk reduction for WHTI‐L ranges from 7% to 13%. Basing results on a lower risk level that results in halving the annualized terrorism loss would double the critical risk reduction (14–26%), and basing the results on a higher risk level that results in a doubling of the annualized terrorism loss would cut the critical risk reduction in half (3.5–6.6%). Ideally, decisions about terrorism security regulations and policies would be informed by true benefit‐cost analyses in which the estimated benefits are compared to costs. Such analyses for terrorism security efforts face substantial impediments stemming from the great uncertainty in the terrorist threat and the very low recurrence interval for large attacks. Several approaches can be used to estimate how a terrorism security program or regulation reduces the distribution of risks it is intended to manage. But, continued research to develop additional tools and data is necessary to support application of these approaches. These include refinement of models and simulations, engagement of subject matter experts, implementation of program evaluation, and estimating the costs of casualties from terrorism events.     

How Probabilistic Risk Assessment Can Mislead Terrorism Risk Analysts

Traditional probabilistic risk assessment (PRA), of the type originally developed for engineered systems, is still proposed for terrorism risk analysis. We show that such PRA applications are unjustified in general. The capacity of terrorists to seek and use information and to actively research different attack options before deciding what to do raises unique features of terrorism risk assessment that are not adequately addressed by conventional PRA for natural and engineered systems—in part because decisions based on such PRA estimates do not adequately hedge against the different probabilities that attackers may eventually act upon. These probabilities may differ from the defender's (even if the defender's experts are thoroughly trained, well calibrated, unbiased probability assessors) because they may be conditioned on different information. We illustrate the fundamental differences between PRA and terrorism risk analysis, and suggest use of robust decision analysis for risk management when attackers may know more about some attack options than we do.     

Optimal Security Investments and Extreme Risk

In the aftermath of 9/11, concern over security increased dramatically in both the public and the private sector. Yet, no clear algorithm exists to inform firms on the amount and the timing of security investments to mitigate the impact of catastrophic risks. The goal of this article is to devise an optimum investment strategy for firms to mitigate exposure to catastrophic risks, focusing on how much to invest and when to invest. The latter question addresses the issue of whether postponing a risk mitigating decision is an optimal strategy or not. Accordingly, we develop and estimate both a one‐period model and a multiperiod model within the framework of extreme value theory (EVT). We calibrate these models using probability measures for catastrophic terrorism risks associated with attacks on the food sector. We then compare our findings with the purchase of catastrophic risk insurance.     

Safety Risk Analysis of an Innovative Environmental Technology

The authors describe a decision and risk analysis performed for the cleanup of a large Department of Energy mixed-waste subsurface disposal area governed by the Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA). In a previous study, the authors worked with the site decision makers, state regulators, and U.S. Environmental Protection Agency regional regulators to develop a CERCLA-based multiobjective decision analysis value model and used the model to perform a screening analysis of 28 remedial alternatives. The analysis results identified an innovative technology, in situ vitrification, with high effectiveness versus cost. Since this technology had not been used on this scale before, the major uncertainties were contaminant migration and pressure buildup. Pressure buildup was a safety concern due to the potential risks to worker safety. With the help of environmental technology experts remedial alternative changes were identified to mitigate the concerns about contaminant migration and pressure buildup. The analysis results showed that the probability of an event with a risk to worker safety had been significantly reduced. Based on these results, site decision makers have refocused their test program to examine in situ vitrification and have continued the use of the CERCLA-based decision analysis methodology to analyze remedial alternatives.     

Is Risk Analysis Scientific?

This article discusses to what extent risk analysis is scientific in view of a set of commonly used definitions and criteria. We consider scientific knowledge to be characterized by its subject matter, its success in developing the best available knowledge in its fields of study, and the epistemic norms and values that guide scientific investigations. We proceed to assess the field of risk analysis according to these criteria. For this purpose, we use a model for risk analysis in which science is used as a base for decision making on risks, which covers the five elements evidence, knowledge base, broad risk evaluation, managerial review and judgment, and the decision; and that relates these elements to the domains experts and decisionmakers, and to the domains fact‐based or value‐based. We conclude that risk analysis is a scientific field of study, when understood as consisting primarily of (i) knowledge about risk‐related phenomena, processes, events, etc., and (ii) concepts, theories, frameworks, approaches, principles, methods and models to understand, assess, characterize, communicate, and manage risk, in general and for specific applications (the instrumental part).     

A Resilience-Based Approach to Risk Assessments—Building Resilient Organizations under Arctic Conditions

Reliability and higher levels of safety are thought to be achieved by using systematic approaches to managing risks. The assessment of risks has produced a range of different approaches to assessing these uncertainties, presenting models for how risks affect individuals or organizations. Contemporary risk assessment tools based on this approach have proven difficult for practitioners to use as tools for tactical and operational decision making. This article presents an alternative to these assessments by utilizing a resilience perspective, arguing that complex systems are inclined to variety and uncertainty regarding the results they produce and are therefore prone to systemic failures. A continuous improvement approach is a source of reliability when managing complex systems and is necessary to manage varieties and uncertainties. For an organization to understand how risk events occur, it is necessary to define what is believed to be the equilibrium of the system in time and space. By applying a resilience engineering (RE) perspective to risk assessment, it is possible to manage this complexity by assessing the ability to respond, monitor, learn, and anticipate risks, and in so doing to move away from the flawed frequency and consequences approach. Using a research station network in the Arctic as an example illustrates how an RE approach qualifies assessments by bridging risk assessments with value-creation processes. The article concludes by arguing that a resilience-based risk assessment can improve on current practice, including for organizations located outside the Arctic region.     

考虑风险总关联的项目风险应对策略选择方法

本文针对考虑风险总关联的项目风险应对策略选择问题,首先结合MACBETH方法以及DEMATEL方法分析项目风险总关联;然后,在考虑项目管理者风险态度的基础上,以最大化项目管理者期望效用为目标构建考虑风险总关联的项目风险应对策略选择优化模型;最后,通过实际案例分析验证所提方法和模型的可行性与有效性,并比较分析了不同关联作用对风险应对决策的影响。结果表明：1）存在使项目管理者期望效用达到最大的最优项目风险应对预算;2）项目管理者的风险态度和对风险关联的关注程度对风险应对策略的选择和项目管理者的期望效用均有影响,在实际项目风险应对决策中均应予以考虑;3）在项目风险应对策略选择过程中,项目管理者不仅要考虑风险之间的直接关联还要重视风险之间的间接关联,而风险之间的积极关联则可以忽略。     

Addressing Climate Change as an Emerging Risk to Infrastructure Systems

The consequences that climate change could have on infrastructure systems are potentially severe but highly uncertain. This should make risk analysis a natural framework for climate adaptation in infrastructure systems. However, many aspects of climate change, such as weak background knowledge and societal controversy, make it an emerging risk where traditional approaches for risk assessment and management cannot be confidently employed. A number of research developments aimed at addressing these issues have emerged in recent years, such as the development of probabilistic climate projections, climate services, and robust decision frameworks. However, additional research is needed to improve the suitability of these methods for infrastructure planning. In this perspective, we outline some of the challenges in addressing climate change risks to infrastructure and summarize new developments aimed at meeting these challenges. We end by highlighting needs for future research, many of which could be well‐served by expertise within the risk analysis community.     

Equity in Social Risk: Some Empirical Observations

In societal risk analysis the equity of the distribution of risks is often an important consideration owing to the special nature of health risks. We empirically validate some assumptions about equity that have been discussed in the decision analytic literature. Our results show that the way fatalities are distributed throughout a society is considered along with the number of fatalities in evaluating alternative policies involving mortality risks. The concepts of ex ante equity and ex post equity are both shown to be important in judgments of fairness. We next present a decision model based on multiattribute preference theory incorporating the number of fatalities, as well as ex ante equity and ex post equity. When ex ante equity and ex post equity are positively weighted in this fair-risk model , options with more equal risk distributions are ranked higher. Next we empirically show that the distribution of benefits has an impact on judgments of fairness. The fair-risk model does not include information on the benefits distribution, so it would apply when benefits are distributed equally or when the decision maker wishes to not include benefits in the model. We briefly discuss how the notion of proportional equity can incorporate benefits into judgments of the fairness of risk distributions. We then include benefits in a more general model in which fair risk-benefit combinations are those that are exchange equitable. A key implication of this envy-free risk–benefit model is that an unequal distribution of risks may be preferred if it is accompanied by a compensatory differential in benefits consistent with peoples' preference tradeoffs between received benefits and assumed risks. Finally, we discuss how perceived deservedness may influence judgments about equity. We conclude with a discussion of the implications of research on alternative notions of equity for policy makers dealing with social risks.     

Quantifying Uncertainty in a Risk Assessment Using Human Data

A call for risk assessment approaches that better characterize and quantify uncertainty has been made by the scientific and regulatory community. This paper responds to that call by demonstrating a distributional approach that draws upon human data to derive potency estimates and to identify and quantify important sources of uncertainty. The approach is rooted in the science of decision analysis and employs an influence diagram, a decision tree, probabilistic weights, and a distribution of point estimates of carcinogenic potency. Its results estimate the likelihood of different carcinogenic risks (potencies) for a chemical under a specific scenario. For this exercise, human data on formaldehyde were employed to demonstrate the approach. Sensitivity analyses were performed to determine the relative impact of specific levels and alternatives on the potency distribution. The resulting potency estimates are compared with the results of an exercise using animal data on formaldehyde. The paper demonstrates that distributional risk assessment is readily adapted to situations in which epidemiologic data serve as the basis for potency estimates. Strengths and weaknesses of the distributional approach are discussed. Areas for further application and research are recommended.     

The Role of Quantitative Risk Assessments for Characterizing Risk and Uncertainty and Delineating Appropriate Risk Management Options, with Special Emphasis on Terrorism Risk

The purpose of this article is to discuss the role of quantitative risk assessments for characterizing risk and uncertainty and delineating appropriate risk management options. Our main concern is situations (risk problems) with large potential consequences, large uncertainties, and/or ambiguities (related to the relevance, meaning, and implications of the decision basis; or related to the values to be protected and the priorities to be made), in particular terrorism risk. We look into the scientific basis of the quantitative risk assessments and the boundaries of the assessments in such a context. Based on a risk perspective that defines risk as uncertainty about and severity of the consequences (or outcomes) of an activity with respect to something that humans value we advocate a broad risk assessment approach characterizing uncertainties beyond probabilities and expected values. Key features of this approach are qualitative uncertainty assessment and scenario building instruments.     

Risk and Uncertainty Analysis in Government Safety Decisions

Probabilistic risk analysis (PRA) can be an effective tool to assess risks and uncertainties and to set priorities among safety policy options. Based on systems analysis and Bayesian probability, PRA has been applied to a wide range of cases, three of which are briefly presented here: the maintenance of the tiles of the space shuttle, the management of patient risk in anesthesia, and the choice of seismic provisions of building codes for the San Francisco Bay Area. In the quantification of a risk, a number of problems arise in the public sector where multiple stakeholders are involved. In this article, I describe different approaches to the treatments of uncertainties in risk analysis, their implications for risk ranking, and the role of risk analysis results in the context of a safety decision process. I also discuss the implications of adopting conservative hypotheses before proceeding to what is, in essence, a conditional uncertainty analysis, and I explore some implications of different levels of "conservatism" for the ranking of risk mitigation measures.     

Variability and Uncertainty Meet Risk Management and Risk Communication

In the past decade, the use of probabilistic risk analysis techniques to quantitatively address variability and uncertainty in risks increased in popularity as recommended by the 1994 National Research Council that wrote Science and Judgment in Risk Assessment. Under the 1996 Food Quality Protection Act, for example, the U.S. EPA supported the development of tools that produce distributions of risk demonstrating the variability and/or uncertainty in the results. This paradigm shift away from the use of point estimates creates new challenges for risk managers, who now struggle with decisions about how to use distributions in decision making. The challenges for risk communication, however, have only been minimally explored. This presentation uses the case studies of variability in the risks of dying on the ground from a crashing airplane and from the deployment of motor vehicle airbags to demonstrate how better characterization of variability and uncertainty in the risk assessment lead to better risk communication. Analogies to food safety and environmental risks are also discussed. This presentation demonstrates that probabilistic risk assessment has an impact on both risk management and risk communication, and highlights remaining research issues associated with using improved sensitivity and uncertainty analyses in risk assessment.     

Can a Participatory Approach Contribute to Food Chain Risk Analysis?

We consider food chain risks and specifically address stakeholder participation in the risk analysis process. We combine social and natural science perspectives to explore the participation process in relation to food risks and, in particular, to consider how some specific participation processes might be scientifically evaluated and how stakeholder participation in general might be incorporated into food risk decision making. We have built considerations based on three large integrative case studies that examine aspects of participatory processes. Here we use the case studies collectively to illustrate observations and beliefs concerning the nature of the interaction of stakeholders with established quantitative risk methodologies. This account is not supported by any large volume of analysis. The views in the report are expressed in relation to an accepted risk analysis framework and also with respect to probabilistic modeling of risks and are illustrated where possible with anecdotal reports of actual case study events.     

Measurement and Pricing of Risk in Insurance Markets

The theory and practice of risk measurement provides a point of intersection between risk management, economic theories of choice under risk, financial economics, and actuarial pricing theory. This article provides a review of these interrelationships, from the perspective of an insurance company seeking to price the risks that it underwrites. We examine three distinct approaches to insurance risk pricing, all being contingent on the concept of risk measures. Risk measures can be interpreted as representations of risk orderings, as well as absolute (monetary) quantifiers of risk. The first approach can be called an "axiomatic" one, whereby the price for risks is calculated according to a functional determined by a set of desirable properties. The price of a risk is directly interpreted as a risk measure and may be induced by an economic theory of price under risk. The second approach consists in contextualizing the considerations of the risk bearer by embedding them in the market where risks are traded. Prices are calculated by equilibrium arguments, where each economic agent's optimization problem follows from the minimization of a risk measure. Finally, in the third approach, weaknesses of the equilibrium approach are addressed by invoking alternative valuation techniques, the leading paradigm among which is arbitrage pricing. Such models move the focus from individual decision takers to abstract market price systems and are thus more parsimonious in the amount of information that they require. In this context, risk measures, instead of characterizing individual agents, are used for determining the set of price systems that would be viable in a market.     

How Believing in Ourselves Increases Risk Taking: Perceived Self-Efficacy and Opportunity Recognition

What effect does positive and negative feedback about past risk taking have on the future risk taking of decision makers? The results of an experimental study show that subjects who are led to believe they are very competent at decision making see more opportunities in a risky choice and take more risks. Those who are led to believe they are not very competent see more threats and take fewer risks. The feelings of self-competence and self-confidence on one task did not generalize to a similar task. Perception of opportunities was unexpectedly not related to the perception of threats. As executives bring their personal perceptual biases to firm decision making, our results identify a serious built-in bias in SWOT analysis (the analysis of firms' strengths and weaknesses as related to potential opportunities and threats). Executives who believe that they and their firm are very competent will take more risks and vice versa. Our results also provide evidence that the perceived likelihood of an event depends on whether the event is a loss or a gain. Human decision making is subject to the general bias that outcome expectations are not independent of outcome valuations.