The Ethical Foundations of Risk Analysis

In the field of risk analysis, the normative value systems underlying accepted methodology are rarely explicitly discussed. This perspective provides a critique of the various ethical frameworks that can be used in risk assessments and risk management decisions. The goal is to acknowledge philosophical weaknesses that should be considered and communicated in order to improve the public acceptance of the work of risk analysts.     

Artifactual Uncertainty in Risk Analysis

The field of comparative risk analysis of electrical energy alternatives has traditionally been plagued by highly uncertain estimates of risk rates, and consequently by conflicting judgements of relative risk. To the extent that this uncertainty arises from traditional sources–imperfect observations or actual variance in the data–it can be brought within a Bayesian statistical framework which allows policy conclusions to be formulted and tested at different levels of confidence. It is shown that there are important methodological or "artifactual" sources of uncertainty, however, that cannot be treated by statistical means; these require conceptual advances for their resolution. By identifying these sources of uncertainty in simple thought experiments and examples, it is shown in what ways the concept of attributable risk, which is the policy-maker's chief concern, must be sharpened and refined to have unambiguous meaning. The conventional "multilinear" formula for calculating risk indices is challenged as a measure of attributable risk, and directions for further research to improve the methodological foundations of comparative risk analysis are identified.     

From Ideal to Real Risk: Philosophy of Causation Meets Risk Analysis

A question has been raised in recent years as to whether the risk field, including analysis, assessment, and management, ought to be considered a discipline on its own. As suggested by Terje Aven, unification of the risk field would require a common understanding of basic concepts, such as risk and probability; hence, more discussion is needed of what he calls “foundational issues.” In this article, we show that causation is a foundational issue of risk, and that a proper understanding of it is crucial. We propose that some old ideas about the nature of causation must be abandoned in order to overcome certain persisting challenges facing risk experts over the last decade. In particular, we discuss the challenge of including causally relevant knowledge from the local context when studying risk. Although it is uncontroversial that the receptor plays an important role for risk evaluations, we show how the implementation of receptor‐based frameworks is hindered by methodological shortcomings that can be traced back to Humean orthodoxies about causation. We argue that the first step toward the development of frameworks better suited to make realistic risk predictions is to reconceptualize causation, by examining a philosophical alternative to the Humean understanding. In this article, we show how our preferred account, causal dispositionalism, offers a different perspective in how risk is evaluated and understood.     

Hazard Analysis and Safety Requirements for Small Drone Operations: To What Extent Do Popular Drones Embed Safety?

Currently, published risk analyses for drones refer mainly to commercial systems, use data from civil aviation, and are based on probabilistic approaches without suggesting an inclusive list of hazards and respective requirements. Within this context, this article presents: (1) a set of safety requirements generated from the application of the systems theoretic process analysis (STPA) technique on a generic small drone system; (2) a gap analysis between the set of safety requirements and the ones met by 19 popular drone models; (3) the extent of the differences between those models, their manufacturers, and the countries of origin; and (4) the association of drone prices with the extent they meet the requirements derived by STPA. The application of STPA resulted in 70 safety requirements distributed across the authority, manufacturer, end user, or drone automation levels. A gap analysis showed high dissimilarities regarding the extent to which the 19 drones meet the same safety requirements. Statistical results suggested a positive correlation between drone prices and the extent that the 19 drones studied herein met the safety requirements generated by STPA, and significant differences were identified among the manufacturers. This work complements the existing risk assessment frameworks for small drones, and contributes to the establishment of a commonly endorsed international risk analysis framework. Such a framework will support the development of a holistic and methodologically justified standardization scheme for small drone flights.     

An Adversarial Risk Analysis Framework for Cybersecurity

Risk analysis is an essential methodology for cybersecurity as it allows organizations to deal with cyber threats potentially affecting them, prioritize the defense of their assets, and decide what security controls should be implemented. Many risk analysis methods are present in cybersecurity models, compliance frameworks, and international standards. However, most of them employ risk matrices, which suffer shortcomings that may lead to suboptimal resource allocations. We propose a comprehensive framework for cybersecurity risk analysis, covering the presence of both intentional and nonintentional threats and the use of insurance as part of the security portfolio. A simplified case study illustrates the proposed framework, serving as template for more complex problems.     

An Emerging New Risk Analysis Science: Foundations and Implications

To solve real‐life problems—such as those related to technology, health, security, or climate change—and make suitable decisions, risk is nearly always a main issue. Different types of sciences are often supporting the work, for example, statistics, natural sciences, and social sciences. Risk analysis approaches and methods are also commonly used, but risk analysis is not broadly accepted as a science in itself. A key problem is the lack of explanatory power and large uncertainties when assessing risk. This article presents an emerging new risk analysis science based on novel ideas and theories on risk analysis developed in recent years by the risk analysis community. It builds on a fundamental change in thinking, from the search for accurate predictions and risk estimates, to knowledge generation related to concepts, theories, frameworks, approaches, principles, methods, and models to understand, assess, characterize, communicate, and (in a broad sense) manage risk. Examples are used to illustrate the importance of this distinct/separate risk analysis science for solving risk problems, supporting science in general and other disciplines in particular.     

Sensitivity Analysis of a Two-Dimensional Probabilistic Risk Assessment Model Using Analysis of Variance

This article demonstrates application of sensitivity analysis to risk assessment models with two-dimensional probabilistic frameworks that distinguish between variability and uncertainty. A microbial food safety process risk (MFSPR) model is used as a test bed. The process of identifying key controllable inputs and key sources of uncertainty using sensitivity analysis is challenged by typical characteristics of MFSPR models such as nonlinearity, thresholds, interactions, and categorical inputs. Among many available sensitivity analysis methods, analysis of variance (ANOVA) is evaluated in comparison to commonly used methods based on correlation coefficients. In a two-dimensional risk model, the identification of key controllable inputs that can be prioritized with respect to risk management is confounded by uncertainty. However, as shown here, ANOVA provided robust insights regarding controllable inputs most likely to lead to effective risk reduction despite uncertainty. ANOVA appropriately selected the top six important inputs, while correlation-based methods provided misleading insights. Bootstrap simulation is used to quantify uncertainty in ranks of inputs due to sampling error. For the selected sample size, differences in F values of 60% or more were associated with clear differences in rank order between inputs. Sensitivity analysis results identified inputs related to the storage of ground beef servings at home as the most important. Risk management recommendations are suggested in the form of a consumer advisory for better handling and storage practices.     

Principles for Conduct of Pest Risk Analyses: Report of an Expert Workshop

The North American Free Trade Agreement (NAFTA) and the General Agreement on Tariffs and Trade (GATT) have focused attention on risk assessment of potential insect, weed, and animal pests and diseases of livestock. These risks have traditionally been addressed through quarantine protocols ranging from limits on the geographical areas from which a product may originate, postharvest disinfestation procedures like fumigation, and inspections at points of export and import, to outright bans. To ensure that plant and animal protection measures are not used as nontariff trade barriers, GATT and NAFTA require pest risk analysis (PRA) to support quarantine decisions. The increased emphasis on PRA has spurred multiple efforts at the national and international level to design frameworks for the conduct of these analyses. As approaches to pest risk analysis proliferate, and the importance of the analyses grows, concerns have arisen about the scientific and technical conduct of pest risk analysis. In January of 1997, the Harvard Center for Risk Analysis (HCRA) held an invitation-only workshop in Washington, D.C. to bring experts in risk analysis and pest characterization together to develop general principles for pest risk analysis. Workshop participants examined current frameworks for PRA, discussed strengths and weaknesses of the approaches, and formulated principles, based on years of experience with risk analysis in other setting and knowledge of the issues specific to analysis of pests. The principles developed highlight the both the similarities of pest risk analysis to other forms of risk analysis, and its unique attributes.     

Risk as Analysis and Risk as Feelings: Some Thoughts about Affect, Reason, Risk, and Rationality

Modern theories in cognitive psychology and neuroscience indicate that there are two fundamental ways in which human beings comprehend risk. The “analytic system” uses algorithms and normative rules, such as probability calculus, formal logic, and risk assessment. It is relatively slow, effortful, and requires conscious control. The “experiential system” is intuitive, fast, mostly automatic, and not very accessible to conscious awareness. The experiential system enabled human beings to survive during their long period of evolution and remains today the most natural and most common way to respond to risk. It relies on images and associations, linked by experience to emotion and affect (a feeling that something is good or bad). This system represents risk as a feeling that tells us whether it is safe to walk down this dark street or drink this strange‐smelling water. Proponents of formal risk analysis tend to view affective responses to risk as irrational. Current wisdom disputes this view. The rational and the experiential systems operate in parallel and each seems to depend on the other for guidance. Studies have demonstrated that analytic reasoning cannot be effective unless it is guided by emotion and affect. Rational decision making requires proper integration of both modes of thought. Both systems have their advantages, biases, and limitations. Now that we are beginning to understand the complex interplay between emotion and reason that is essential to rational behavior, the challenge before us is to think creatively about what this means for managing risk. On the one hand, how do we apply reason to temper the strong emotions engendered by some risk events? On the other hand, how do we infuse needed “doses of feeling” into circumstances where lack of experience may otherwise leave us too “coldly rational”? This article addresses these important questions.     

Perception and Communication of Flood Risks: A Systematic Review of Empirical Research

Flood hazards are the most common and destructive of all natural disasters. For decades, experts have been examining how flood losses can be mitigated. Just as in other risk domains, the study of risk perception and risk communication has gained increasing interest in flood risk management. Because of this research growth, a review of the state of the art in this domain is believed necessary. The review comprises 57 empirically based peer‐reviewed articles on flood risk perception and communication from the Web of Science and Scopus databases. The characteristics of these articles are listed in a comprehensive table, presenting research design, research variables, and key findings. From this review, it follows that the majority of studies are of exploratory nature and have not applied any of the theoretical frameworks that are available in social science research. Consequently, a methodological standardization in measuring and analyzing people's flood risk perceptions and their adaptive behaviors is hardly present. This heterogeneity leads to difficulties in comparing results among studies. It is also shown that theoretical and empirical studies on flood risk communication are nearly nonexistent. The article concludes with a summary on methodological issues in the fields of flood‐risk perception and flood‐risk communication and proposes an agenda for future research.     

Efficient or Fair? Operationalizing Ethical Principles in Flood Risk Management: A Case Study on the Dutch-German Rhine

Flood risk management decisions in many countries are based on decision-support frameworks which rely on cost-benefit analyses. Such frameworks are seldom informative about the geographical distribution of risk, raising questions on the fairness of the proposed policies. In the present work, we propose a new decision criterion that accounts for the distribution of risk reduction and apply it to support flood risk management decisions on a transboundary stretch of the Rhine River. Three types of interventions are considered: embankment heightening, making Room for the River, and changing the discharge distribution of the river branches. The analysis involves solving a flood risk management problem according to four alternative formulations, based on different ethical principles. Formulations based on cost optimization lead to very poor performances in some areas for the sake of reducing the overall aggregated costs. Formulations that also include equity criteria have different results depending on how these are defined. When risk reduction is distributed equally, very poor economic performance is achieved. When risk is distributed equally, results are in line with formulations based on cost optimization, while a fairer risk distribution is achieved. Risk reduction measures also differ, with the cost optimization approach strongly favoring the leverage of changing the discharge distribution and the alternative formulations spending more on embankment heightening and Room for the River, to rebalance inequalities in risk levels. The proposed method advances risk-based decision-making by allowing to consider risk distribution aspects and their impacts on the choice of risk reduction measures.     

Multiobjective Decision-Tree Analysis1

Single-objective-based decision-tree analysis has been extensively and successfully used in numerous decision-making problems since its formal introduction by Howard Raiffa more than two decades ago. This paper extends the traditional methodology to incorporate multiple noncommensurate objective functions and use of the conditional expected value of the risk of extreme and catastrophic events. The proposed methodology considers the cases where (a) a finite number of actions are available at each decision node and (b) discrete or continuous states of nature can be presented at each chance node. The proposed extension of decision-tree analysis is introduced through an example problem that leads the reader step-by-step into the methodological procedure. The example problem builds on flood warning systems. Two noncommensurate objectives—the loss of lives and the loss of property (including monetary costs of the flood warning system)–are incorporated into the decision tree. In addition, two risk measures—the common expected value and the conditional expected value of extreme and catastrophic events—are quantified and are also incorporated into the decision-making process. Theoretical difficulties associated with the stage-wise calculation of conditional expected values are identified and certain simplifying assumptions are made for computational tractibility. In particular, it is revealed that decisions concerning experimentation have a very interesting impact on the noninferior solution set of options—a phenomenon that has no equivalence in the single-objective case.     

Is Risk Analysis Scientific?

This article discusses to what extent risk analysis is scientific in view of a set of commonly used definitions and criteria. We consider scientific knowledge to be characterized by its subject matter, its success in developing the best available knowledge in its fields of study, and the epistemic norms and values that guide scientific investigations. We proceed to assess the field of risk analysis according to these criteria. For this purpose, we use a model for risk analysis in which science is used as a base for decision making on risks, which covers the five elements evidence, knowledge base, broad risk evaluation, managerial review and judgment, and the decision; and that relates these elements to the domains experts and decisionmakers, and to the domains fact‐based or value‐based. We conclude that risk analysis is a scientific field of study, when understood as consisting primarily of (i) knowledge about risk‐related phenomena, processes, events, etc., and (ii) concepts, theories, frameworks, approaches, principles, methods and models to understand, assess, characterize, communicate, and manage risk, in general and for specific applications (the instrumental part).     

Analysis of Affordance,Time, and Adaptation in the Assessment of Industrial Control System Cybersecurity Risk

Industrial control systems increasingly use standard communication protocols and are increasingly connected to public networks—creating substantial cybersecurity risks, especially when used in critical infrastructures such as electricity and water distribution systems. Methods of assessing risk in such systems have recognized for some time the way in which the strategies of potential adversaries and risk managers interact in defining the risk to which such systems are exposed. But it is also important to consider the adaptations of the systems’ operators and other legitimate users to risk controls, adaptations that often appear to undermine these controls, or shift the risk from one part of a system to another. Unlike the case with adversarial risk analysis, the adaptations of system users are typically orthogonal to the objective of minimizing or maximizing risk in the system. We argue that this need to analyze potential adaptations to risk controls is true for risk problems more generally, and we develop a framework for incorporating such adaptations into an assessment process. The method is based on the principle of affordances, and we show how this can be incorporated in an iterative procedure based on raising the minimum period of risk materialization above some threshold. We apply the method in a case study of a small European utility provider and discuss the observations arising from this.     

Addressing Climate Change as an Emerging Risk to Infrastructure Systems

The consequences that climate change could have on infrastructure systems are potentially severe but highly uncertain. This should make risk analysis a natural framework for climate adaptation in infrastructure systems. However, many aspects of climate change, such as weak background knowledge and societal controversy, make it an emerging risk where traditional approaches for risk assessment and management cannot be confidently employed. A number of research developments aimed at addressing these issues have emerged in recent years, such as the development of probabilistic climate projections, climate services, and robust decision frameworks. However, additional research is needed to improve the suitability of these methods for infrastructure planning. In this perspective, we outline some of the challenges in addressing climate change risks to infrastructure and summarize new developments aimed at meeting these challenges. We end by highlighting needs for future research, many of which could be well‐served by expertise within the risk analysis community.     

Biosecurity Policy and the Use of Geospatial Predictive Tools to Address Invasive Plants: Updating the Risk Analysis Toolbox

International and national biosecurity policies consider risk assessment a critical component of overall plant health risk analysis. The Agreement on the Application of Sanitary and Phytosanitary Measures, the International Plant Protection Convention, and the Convention on Biological Diversity all provide guidelines and recommendations on how to use risk assessment. This article discusses how these instruments address risk assessment, and makes recommendations on how the risk assessment process needs to incorporate current geospatial predictive science and geographic information systems into the plant health biosecurity risk analysis toolbox.     

An Approach to Vulnerability Analysis of Complex Industrial Systems

The concept of vulnerability of complex industrial systems is defined and discussed in relation to risk and system survivability. The discussion is illustrated by referring to a number of previous industrial accidents. The various risk factors, or threats, influencing an industrial system's vulnerability are classified and discussed. Both internal and external threats are covered. The general scope of vulnerability analysis is compared to traditional risk analysis approaches and main differences are illustrated. A general procedure for vulnerability analysis in two steps, including building of scenarios and preparation of relevant worksheets, is described and discussed.     

Development of Economic Consequence Methodology for Process Risk Analysis

A comprehensive methodology for economic consequence analysis with appropriate models for risk analysis of process systems is proposed. This methodology uses loss functions to relate process deviations in a given scenario to economic losses. It consists of four steps: definition of a scenario, identification of losses, quantification of losses, and integration of losses. In this methodology, the process deviations that contribute to a given accident scenario are identified and mapped to assess potential consequences. Losses are assessed with an appropriate loss function (revised Taguchi, modified inverted normal) for each type of loss. The total loss is quantified by integrating different loss functions. The proposed methodology has been examined on two industrial case studies. Implementation of this new economic consequence methodology in quantitative risk assessment will provide better understanding and quantification of risk. This will improve design, decision making, and risk management strategies.     

Protecting From Malware Obfuscation Attacks Through Adversarial Risk Analysis

Malware constitutes a major global risk affecting millions of users each year. Standard algorithms in detection systems perform insufficiently when dealing with malware passed through obfuscation tools. We illustrate this studying in detail an open source metamorphic software, making use of a hybrid framework to obtain the relevant features from binaries. We then provide an improved alternative solution based on adversarial risk analysis which we illustrate describe with an example.