Page 26: of Maritime Reporter Magazine (May 2006)

26 Maritime Reporter & Engineering News

By Joe DiRenzo III and Chris Doane

Secretary of Homeland Security

Chertoff and Commandant of the Coast

Guard Admiral Collins both repeatedly express the impossible task of protecting everything from terrorist attack and the need to use a risk-based decision mak- ing processes to determine an effective and efficient employment of finite secu- rity resources. From a macro perspec- tive, this concept is relatively simple, identify those components within a given domain at greatest risk, develop effective interventions to mitigate the risk and implement those interventions.

The "devil is in the details" of agreeing upon the components of risk and how to quantify them.

If you input the terms "risk", "mar- itime risk" and "vulnerability" into a computer search engine you will receive more than 10 million hits…that is a lot of information to digest! In a similar manner ask any ten maritime stakehold- ers located in any one of the 361 mar- itime ports in the United States to define threat, consequence, vulnerability and risk...a similar result occurs, you will get at least ten different responses. So the first step in defining maritime risk is to develop common definitions for these pertinent terms. For the purposes of this article, the following definitions will be used:

Threat "Threats to a target can be measured as the probability that a specific target is attacked in a specific way during a spe- cific period. Thus, a threat might be measured as the annual probability that a city's football stadium will be subject to attack with a radiological weapon." (RAND, xvi)

Consequence "The magnitude and type of damage resulting, given a successful terrorist attack." (Willis et al, xvi)

Vulnerability

The probability that damage occurs given a threat. Damage can be fatalities, injuries, property damage or other con- sequences; each with its own vulnerabil- ity assessment." (Willis et al, xvi)

Risk

Mitchell and Decker define risk [R] as simply equaling threat [T] x vulnerabil- ity [V] x consequence [Co] or R = T x V x Co. This "equation" has been "adopt- ed" by several federal agencies, includ- ing the Coast Guard and the Food and

Drug Administration when explaining risk, threat and vulnerability.

Andrew C. Henrikson Senior Special

Agent with U.S. Immigration and

Customs Enforcement (ICE), assigned to the Joint

Terrorism Task

Force in Seattle,

WA. writing in

Strategic Insights, advocates the use of a threat equation developed at the

National Defense

University by Dr.

Lani Kass, a retired

U.S. Air Force

Colonel. Dr. Kass' equation uses a pseudo-mathemati- cally defined methodology stating that the threat of an attack [T], is a prod- uct of vulnerability [V], terrorism capa- bility [C] and intent [I] concluding that: "The character of T as a product of mul- tiplication has important implications for strategy. If one or more of the vari- ables in the equation increases, T increases. Similarly, if any one of the

Variables V, C, or I approach 0 then the rules of multiplication dictate that T will also approach 0."

Pruitt, Deckro and Chambal with the

Air Force Logistics Management

Agency and Air Force Institute of

Technology respectively, also promote the use of Kass' methodology adding: "Changes to these factors produce changes to the threat to America. Faced with limited resources, it is necessary to mitigate the risks associated with these factors. An examination of America's vulnerabilities and the intentions and capabilities of terrorists can provide great insight into the growing threat of terrorism." (Pruitt, Deckro & Chambal, p.187) In the CATO Institute's Policy

Analysis on response to the threat of smallpox bioterrorism, DeRugy an

Adjunct Scholar, and Peña the former director of Defense Policy Studies, from the CATO Institute also look to Kass for their definition of threat.

If we combine Mitchell and Decker's risk equation, with Kass' definition of threat, we see that the risk of a terrorist attack is a product of terrorist capability, terrorist intent, target vulnerability to attack methods with- in the terrorist's capability and the potential conse- quences that can result from the type of terrorist attack.

To evaluate the risk of terrorist action against a particular target, we must assess each of these risk factors. In regards to terrorist capability, intelli- gence community appears to have a pretty good handle on this and we cer- tainly know the capabilities and intent already demonstrated in previous attacks. For consequence, we can devel- op a fairly precise understanding through analysis by appropriate scien- tists and engineers. To access vulnera- bility, Special Forces personnel certain- ly have the requisite expertise. The greatest difficulty comes in assessing terrorist intent. We know that terrorist want to harm us creating as much dam- age as they can while ensuring a high probability of success. What we don't know is when they plan to turn their intent into action.

To counter this uncertainty in regards to timing of terrorist actions, intelli- gence services around the globe are doing everything within their capabili- ties to detect a pending attack. In addi- tion, maritime security agencies utilize a layered defense combining awareness of the maritime with various screening techniques implemented at various stages along the maritime transportation system to create multiple filters that a terrorist must navigate undetected through to reach their target. While these efforts decrease the probability of a terrorist reaching a target undetected, the reduction is not sufficient to rely upon completely. Hence the need for security systems, infrastructure and pub- lic and private security forces to reduce the vulnerability of individual targets.

After 9-11, security agencies made rapid assessments of vulnerability and consequence in order to assess risk.

Since that time a more deliberate analy- sis of all risk factors as well as effective interventions to mitigate risk is ongoing using subject matter experts. To be suc- cessful these assessments require full, open and honest cooperation of acade- mia, industry and security agencies.

Weaknesses cannot be disguised to pro- tect against closer regulation or more rigorous security requirements, nor can we permit political agendas or other self-serving reasons interfere with the analysis.

A true partnership between federal, state, local and industry communities built on frank communication provides us with the information we need to accu- rately assess risk and effectively spend our security resources, both funds and forces. It also provides us with the means to accurately convey to our polit- ical leadership the level of risk remain- ing and appropriately place in their hands the determination of what is acceptable vulnerabilities. For a suc- cessful maritime homeland security pro- gram it is imperative that there be an agreement amongst all stakeholders on maritime risk, effective mitigation and acceptable vulnerabilities.

About the authors: Joe DiRenzo III and

Chris Doane are both retired Coast

Guard officers, who have written exten- sively for Maritime Reporter and

Marine News. Both are Visiting Fellows at the Joint Forces Staff College in

Norfolk, Va.

Defining "Maritime Risk"

How do "Threat", "Consequence" and "Vulnerability" Interact in the Maritime Homeland Security Strategy

If you input the terms "risk", "maritime risk" and "vulnerability" into a computer search engine you will receive more than 10 million hits

MR MAY2006 #4 (25-32).qxd 5/9/2006 8:02 PM Page 26