Risk Assessment Can Be a Game‐Changing Information Technology—But Too Often It Isn't

The printing press was a game‐changing information technology. Risk assessment could be also. At present, risk assessments are commonly used as one‐time decision aids: they provide justification for a particular decision, and afterwards usually sit on a shelf. However, when viewed as information technologies, their potential uses are much broader. Risk assessments: (1) are repositories of structured information and a medium for communication; (2) embody evaluative structures for setting priorities; (3) can preserve information over time and permit asynchronous communication, thus encouraging learning and adaptation; and (4) explicitly address uncertain futures. Moreover, because of their “what‐if” capabilities, risk assessments can serve as a platform for constructive discussion among parties that hold different values. The evolution of risk assessment in the nuclear industry shows how such attributes have been used to lower core‐melt risks substantially through improved templates for maintenance and more effective coordination with regulators (although risk assessment has been less commonly used in improving emergency‐response capabilities). The end result of this evolution in the nuclear industry has been the development of “living” risk assessments that are updated more or less in real time to answer even routine operational questions. Similar but untapped opportunities abound for the use of living risk assessments to reduce risks in small operational decisions as well as large policy decisions in other areas of hazard management. They can also help improve understanding of and communication about risks, and future risk assessment and management. Realization of these opportunities will require significant changes in incentives and active promotion by the risk analytic community.     

On Decomposition and Aggregation Error in Estimation: Some Basic Principles and Examples

A common strategy in estimation is to decompose the quantity being estimated into several factors, estimate a value for each factor, and then reaggregate these values to obtain an overall estimate. Until now, the extent of decomposition to use has been considered largely a matter of judgment. However, both the extent of decomposition and the manner in which the results are reaggregated can have a significant effect on the resulting estimate. This paper discusses factors affecting the optimum level of decomposition, and presents examples showing that the use of nonoptimal decomposition strategies can lead to significant inaccuracies.     

Choosing What to Protect

We study a strategic model in which a defender must allocate defensive resources to a collection of locations, and an attacker must choose a location to attack. The defender does not know the attacker's preferences, while the attacker observes the defender's resource allocation. The defender's problem gives rise to negative externalities, in the sense that increasing the resources allocated to one location increases the likelihood of an attack at other locations. In equilibrium, the defender exploits these externalities to manipulate the attacker's behavior, sometimes optimally leaving a location undefended, and sometimes preferring a higher vulnerability at a particular location even if a lower risk could be achieved at zero cost. Key results of our model are as follows: (1) the defender prefers to allocate resources in a centralized (rather than decentralized) manner; (2) as the number of locations to be defended grows, the defender can cost effectively reduce the probability of a successful attack only if the number of valuable targets is bounded; (3) the optimal allocation of resources can be nonmonotonic in the relative value of the attacker's outside option; and (4) the defender prefers his or her defensive allocation to be public rather than secret.     

Should the Model for Risk‐Informed Regulation be Game Theory Rather than Decision Theory?

Risk analysts frequently view the regulation of risks as being largely a matter of decision theory. According to this view, risk analysis methods provide information on the likelihood and severity of various possible outcomes; this information should then be assessed using a decision‐theoretic approach (such as cost/benefit analysis) to determine whether the risks are acceptable, and whether additional regulation is warranted. However, this view ignores the fact that in many industries (particularly industries that are technologically sophisticated and employ specialized risk and safety experts), risk analyses may be done by regulated firms, not by the regulator. Moreover, those firms may have more knowledge about the levels of safety at their own facilities than the regulator does. This creates a situation in which the regulated firm has both the opportunity—and often also the motive—to provide inaccurate (in particular, favorably biased) risk information to the regulator, and hence the regulator has reason to doubt the accuracy of the risk information provided by regulated parties. Researchers have argued that decision theory is capable of dealing with many such strategic interactions as well as game theory can. This is especially true in two‐player, two‐stage games in which the follower has a unique best strategy in response to the leader's strategy, as appears to be the case in the situation analyzed in this article. However, even in such cases, we agree with Cox that game‐theoretic methods and concepts can still be useful. In particular, the tools of mechanism design, and especially the revelation principle, can simplify the analysis of such games because the revelation principle provides rigorous assurance that it is sufficient to analyze only games in which licensees truthfully report their risk levels, making the problem more manageable. Without that, it would generally be necessary to consider much more complicated forms of strategic behavior (including deception), to identify optimal regulatory strategies. Therefore, we believe that the types of regulatory interactions analyzed in this article are better modeled using game theory rather than decision theory. In particular, the goals of this article are to review the relevant literature in game theory and regulatory economics (to stimulate interest in this area among risk analysts), and to present illustrative results showing how the application of game theory can provide useful insights into the theory and practice of risk‐informed regulation.     

Reasons for Secrecy and Deception in Homeland‐Security Resource Allocation

In this article, we explore reasons that a defender might prefer secrecy or deception about her defensive resource allocations, rather than disclosure, in a homeland‐security context. Our observations not only summarize and synthesize the results of existing game‐theoretic work, but also provide intuitions about promising future research directions.     

Import Security: Assessing the Risks of Imported Food

We use data on food import violations from the FDA Operational and Administrative System for Import Support (OASIS) to address rising concerns associated with imported food, quantify import risks by product and by country of origin, and explore the usefulness of OASIS data for risk assessment. In particular, we assess whether there are significant trends in violations, whether import violations can be used to quantify risks by country and by product, and how import risks depend on economic factors of the country of origin. The results show that normalizing import violations by volume of imports provides a meaningful indicator of risk. We then use regression analysis to characterize import risks.  Using this model, we analyze import risks by product type, violation type, and economic factors of the country of origin.  We find that OASIS data are useful in quantifying food import risks, and that the rate of refusals provides a useful decision tool for risk management.  Furthermore, we find that some economic factors are significant indicators of food import risk by country.     

On the Treatment of Uncertainty and Variability in Making Decisions About Risk

Much attention has been paid to the treatment of dependence and to the characterization of uncertainty and variability (including the issue of dependence among inputs) in performing risk assessments to avoid misleading results. However, with relatively little progress in communicating about the effects and implications of dependence, the effort involved in performing relatively sophisticated risk analyses (e.g., two‐dimensional Monte Carlo analyses that separate variability from uncertainty) may be largely wasted, if the implications of those analyses are not clearly understood by decisionmakers. This article emphasizes that epistemic uncertainty can introduce dependence among related risks (e.g., risks to different individuals, or at different facilities), and illustrates the potential importance of such dependence in the context of two important types of decisions—evaluations of risk acceptability for a single technology, and comparisons of the risks for two or more technologies. We also present some preliminary ideas on how to communicate the effects of dependence to decisionmakers in a clear and easily comprehensible manner, and suggest future research directions in this area.     

A natural conjugate prior for the non-homogeneous poisson process with a power law intensity function

This paper develops a natural conjugate prior for the non-homogeneous Poisson process (NHPP) with a power law intensity function. This prior allows for dependence between the scale factor and the aging rate of the NHPP. The proposed prior has relatively simple closed-form expressions for its moments, facilitating the assessment of prior parameters. The use of this prior in Bayesian estimation is compared to other estimation approaches using Monte Carlo simulation. The results show that Bayesian estimation using the proposed prior generally performs at least as well as either maximum likelihood estimation or Bayesian estimation using independent prior     

Securing Passenger Aircraft from the Threat of Man‐Portable Air Defense Systems (MANPADS)

In this article, we develop a model for the expected maximum hit probability of an attack on a commercial aircraft using MANPADS, as a function of the (random) location of the attacker. We also explore the sensitivity of the expected maximum hit probability to the parameters of the model, including both attacker parameters (such as weapon characteristics) and defender parameters (such as the size of the secure region around the airport). We conclude that having a large secure region around an airport offers some protection against MANPADS, and that installing onboard countermeasures reduces the success probability of a MANPADS attack.