More on DHS ‘risk’ assessment
By: Lyle FearnleyHomeland Security Watch, a blog run by CSIS-type Washington policy analysts, should be added to our radar. A recent post announced the publication of a Congressional Research Service report on Homeland Security’s application of “risk-based” grant distribution. The author of the post described Congressional concern with the application of risk analysis to ‘vital systems security’ problems: “Terrorism offers neither the trend lines nor the depth of historical data (thank goodness) needed to design a reliable methodology that risk assessment demands in other cases, such as hurricanes or car accidents.” While I haven’t had a chance to read it, the full report can be found here.
February 22nd, 2007 at 8:17 am
There has been an interesting debate on the problem of “ranking vital targets” since the controversy over the Urban Area Security Initiative Grants in the summer 2006. DHS is gradually trying to articulate a “risk-based” method of assessment that seems to derive from fields like engineering and decision analysis. But there remains a tremendous lack of clarity about how they are evaluating risk – abetted by an inclination to classify their lists. Here is a helpful article from the Washington Post from July 2006 summarizing the story up to that stage:
U.S. Struggles to Rank Potential Terror Targets Securing All Sites Is Not Financially Feasible, but
Choices Are Fraught With Uncertainty
By Spencer S. Hsu
Washington Post Staff Writer
Sunday, July 16, 2006; A09
The U.S. government has made limited headway in identifying and securing the domestic targets whose destruction would pose the greatest threat to American lives and national defense, experts and former government officials said.
The Department of Homeland Security’s inspector general reported last week that a department target list has grown exponentially — from 160 in 2003 to 28,000 in 2004 to 77,069 today — but it is filled with bean festivals, car dealerships, small-town parades and check-cashing stores.
Indiana has the most potential terrorism targets in the National Asset Database: 8,591, nearly three times as many as California. Washington state lists 65 national monuments and icons, nearly twice as many as the District of Columbia.
“It is absurd that at least 32,000 of the 77,000-plus assets in our National Asset Database are sites of no national significance,” said Sen. Barbara Boxer
(D-Calif.).
Boxer led the Senate on Thursday to bar certain DHS officials from spending on travel until they correct what she called “gross mismanagement.”
The uproar over the list echoed that following the department’s decision in May to slash risk-based
grants to New York and Washington by about 40 percent, while increasing awards to cities such as
Sacramento and Louisville.
The twin controversies highlight the government’s latest struggle toward accomplishing the fundamental tasks of identifying targets most vital to the nation’s health, economy and security; ranking them; and deciding how to secure them using scarce tax
dollars.
President Bill Clinton signed a White House directive in 1998 that called for the country to come up with a plan to defend its vital infrastructure from attack by 2003. President Bush called again for a national plan in December 2003.
Yet, despite $18 billion a year in government spending, “It appears that DHS is not yet able to
base its critical infrastructure resource allocations on risk analyzed in a systematic manner,” the
Congressional Research Service said this spring.
Former security officials say the failure to produce such a document borders on irresponsibility.
“It doesn’t seem we have made progress in the last eight years,” said Michael A. Vatis, appointed the first director of the National Infrastructure Protection Center by Clinton. “I don’t think this
aspect of the homeland security mission has ever been given any sort of real priority or high-level
attention.”
Retired Coast Guard Admiral James M. Loy, deputy secretary of homeland security from 2003 to 2005, agreed. “Even in the face of how hard this is . . . we are working on the fifth year after 9/11 — one would think that window of time would be adequate,”
Loy said.
“When you’re dealing with 1,000 priorities, . . . this is one that would certainly be among the top
10,” he said. “It does sort of fall back on the accountability of leaders in DHS and the Homeland
Security Council to keep the pressure on.”
Homeland Security officials largely blame the delay on the profound challenge of terrorism. In an open society, how does one defend a seemingly infinite number of targets, knowing that terrorists will adjust to hit evolving weak spots? And at what point does the defense prove more costly than an actual attack?
Resolving those questions requires enormous amounts of data and politically sensitive judgment calls, they said. At the same time, Bush administration officials disagree over how much to regulate private industries that control 85 percent of vital assets, such as power plants and air, sea and rail networks.
Private firms are reluctant to share security information, and federal agencies and states have
been sluggish to cooperate.
Robert B. Stephan, assistant secretary for infrastructure protection, said Homeland Security
relies on the 77,000-item database only as an information source for more refined analyses of
critical targets. For example, in 2004 the department identified a subset of 1,849 key installations,
although it later deemed that list to be unreliably subjective and weighted too heavily toward mass
gathering places such as arenas and stadiums.
Still, department officials defend the database, which also included petting zoos, doughnut shops,
popcorn stands and ice cream parlors.
“What happens the very first day that al-Qaeda attacks a convenience store chain times a dozen
across the country?” Stephan said. “If al-Qaeda switches to golf courses or amusement parks or
whatever, we better have some of those things in the database so that we know what that universe of things is that we have to worry about.”
Using more rigorous formulas, the DHS now focuses on about 600 sites and is spending $125 million over two years to secure the nation’s 103 nuclear power plants
and 273 largest chemical plants.
Reviews have been done for about 40 nuclear plants and chemical facilities around Detroit. Plans should be done for Chicago and Los Angeles by September, and Houston, northern New Jersey and the lower Delaware River next year, Stephan said.
The department will turn next to liquefied natural gas facilities, oil refineries and pipelines, dams
and mass transit, he said. Still, those targets account for only about a third of the 17 sectors
identified by the national security community. “This is going to be a continuing, evolving analysis,”
Stephan said.
The department recently delivered a National Infrastructure Protection Plan, due in 2004 under
Bush’s order, but it awaits more detail by year’s end, he acknowledged. That feeds criticism from
congressional analysts that the NIPP “represents the plan for developing a plan.”
“In all fairness to DHS, it really is just a very challenging . . . exercise,” said Christine E.
Wormuth, a senior fellow at the Center for Strategic and International Studies. But she said she hoped administration leaders do not view the homeland as
indefensible.
“I don’t think you can just opt out of the problem,”