Accepting risk

Who hasn’t heard this answer to a curly question “We’ll carry the risk“? Yeah, that’s nice but who’ll be accepting the responsibility?


This is the first in a series that will progress throughout 2010. The idea comes from Dean at Travels with Shiloh who has invited a group of commentators to discuss the twelve questions asked in this article Changing Homeland Security: Twelve Questions From 2009 from the Homeland Security Affairs Journal (HSAJ). Yours truly is one of those privileged to be invited to contribute to this discussion.

The first question is Why is it so difficult to make risk-based decisions in homeland security? Other contributions on this question so far are:

Risk based decisions in homeland security issues

I’ve been working on this for over a week and, to be honest, have really struggled with it. What follows is still tortorously prolonged but I’ve left it ‘as is’ to show the process by which I got to the answer. In a couple of weeks, I will rework it into something a little more coherent.

Defining the question

Before launching into discussion on the topic at hand, I first thought it would be an idea to define my interpretation of the terms in the question.

  • Difficult is the opposite of easy although it may be more correct to swap out ‘difficult’ for ‘simple’ and the degree of difficulty is directly linked to the level of complexity now common in such equations.
  • I cast the net pretty wide to define risk-based decisions. Although there were few, if any, military or HLS examples in first 100 hits when I searched ‘risk-based decisions’ on Bing; the most common seemed to those relating to auditing, insurance, health and event management. There was enough material there for me to comfortable with the R = T x V x C; Risk is the product of Threat, Vulnerability, and Consequence equation in the original HSAJ article.
  • Homeland Security is very much a US term with specific definition, membership and connotations. For our more global audience, I am using ‘HLS’ as the collective grouping of domestic, i.e. non-expeditionary,  military, security, intelligence, law enforcement, and emergency management agencies. I don’t believe that the establishment or not of an overarching agency like HLS affects the decision making process either way.

The Question

My first thought is whether it is actually difficult or, as implied in the question, if it is correct that risk-based decisions are not being made in homeland security. I would argue that they actually are, across our nations, thousands and thousands of them daily.

One approach I have found very useful when working through issues relating to the Contemporary Operating Environment (COE) by establishing a comparison with the more traditional and conventional environment that many of us are still more comfortable with or in.

If we were gearing up for yet another defence of the Fulda Gap at the operational level or even analysing intentions at the state on state level, such assessments are relatively simple and we still get them wrong with monotonous regularity, as Argentina found soon after taking Port Stanley in 1982, and Saddam found after reclaiming Kuwait in 1990. Characteristics of assessments at this level and in this environment might include:

  • Limited number and type of threats.
  • Gradual build-up and lead-in indicators.
  • Motivators/catalysts are usually understood strategies, policies and philosophies.
  • Most players are known values.
  • Big hands, big arrows, small maps.
  • Platform-based i.e focused on tracking ships, units, and formed groups; less focus on personality than major capability.
  • Unified organisations on both sides.
  • Geographic areas and boundaries are well defined.
  • The three organisational functions/groups derived from Clausewitz (people, leadership, action arm) are clearly defined and visible.

‘Simple’ as used in the paragraph above does not necessarily mean easy, just less complex in comparison to today’s environment.

Compare then this model against that faced in the HLS environment. The most obvious change is that we now need to track individuals a la the Scheiern model, not just those that we know might be players or even those who might be, but also those who might just have had a bad day, or just have had ‘enough’. The most recent example of this might be the shootings in Ft Hood and Seattle last year. Although some commentators immediately heralded the Ft Hood incident as the beginning of a domestic 4GW campaign, there has been no evidence to support such claims. Both incidents instead are illustrative of both the unpredictable and micro natures of the domestic environment.

HLS organisations are also not formed and formal organisations like the DoD, NATO, or even the Warsaw Pact. At best it is a bureaucratic umbrella sitting over a diverse collection of agencies all with their own priorities and outputs, and generally very tactically focused. Certainly there is not the same degree, not even a hint thereof, of the command and control arrangements to be found in a single agency in its own right or a large organisation like the DoD with defined roles and responsibilities

Mix in with this nature’s fickleness, for example, earthquakes in Haiti, bush fires in Australia and snow in the Washington DC area. Although the probablity of such incidents is a given, assessment of incidence and severity leans more to the arcane than the scientific: for now, Poughkeepsie Phil probably remains our best indicator for seasonal change.

To use a household analogy, you used to have three dogs and a couple of cats that normally got on with each other. The causes of discord were well-known and it wasn’t too much of a task to prevent major conflict. Then Great Aunt Anastasia dies and left you her ant farm and  ‘tame’ wasp hive; for various reasons, and as tempting as it is at times, investing in a couple of gallons of Raid is not a socially acceptable option. You’re stuck with it. You’re not impressed, the dogs and the cats aren’t impressed, and most likely the ants and wasps aren’t that thrilled either. Oh, and the boiler’s sprung a leak, taxes have just gone up, and old Mrs Grey next door has just lopped off her leg with a chainsaw. Welcome to the world of homeland security – please start your risk-based decision-making process HERE.

HLS as an entity will always find it difficult at best to conduct risk assessment as we and Third Shock Army (8th Guards for some folk) understand them from the Fulda Gap. But that is not to say that risk based assessment does not occur daily across the spectrum of homeland defence in law enforcement, emergency response, security and intelligence fields. I doubt that there are any agencies under the homeland security umbrella where the staff just sit back, bite into another donut, sip on their lattes and just wait around for something to happen. Just because it doesn’t happen in the comfortable macro format that many of us are used to, doesn’t mean that it doesn’t happen…it just happens at the micro level necessary for these agencies to fulfill their primary roles

At that’s the thing, most homeland security agencies have local or regional responsibilities and meeting these is their main priority. Unlike perhaps military organisations which generally devote a reasonably large proportion of time and resources to things that might happen, most HLS agencies are fully committed to meeting real-time outputs like catching bad guys, saving lives, fighting fires and rescuing kittens (think that last one isn’t important? – try telling that to old Mrs Smyth and still keep ‘the people’ on side). Most of them do this well.

Their world may be too complex for precise prediction but something else they also do well is respond. Within those contingencies that they know from past experience are most likely, these agencies can and do turn out and perform credibly thousands of time every day…and against these contingencies there is quite robust risk-based assessment and decision-making…why do police surge for New Years Eve activities, firejumpers have winter leave and paramedics specific tools and treatments over others? These people think, with some justification, that they are quite good at such decisions within their respective areas of expertise and responsibility.

Where they are weaker perhaps in in working and interfacing with each other beyond local relationships, especially where there may be issues of command and control or jurisdiction. HLS is never going to be the uber-C2 construct that DoD is – I think that FEMA perhaps tried this and we all saw how well that worked. Where HLS might begin to add real value is in championing the interoperability cause and facilitating communications, cultural awareness and information sharing between agencies.

An interesting insight from the 2004 Manawatu flooding (look it up – it made the top ten natural disaster list for the year) is that the civil defence plan went out the window only 30 seconds after the state of emergency was declared. BUT the value of the plan was in the planning; in bringing the various agencies together prior so that at least key staff had met, there was a general awareness of potential resources, and an awareness of issues from other perspectives. We saw the same again when the Mt Ruapehu lahar (finally) went in 2007. The event itself was almost anticlimatic because all the agencies involved (none of whom could agree on the probability or severity of the lahar happening) had been required to hammer out their difference and develop a collective response to the threat.

Where risk-based decisions really are difficult in HLS is on the terrorism side of the house. This won’t be news to Europeans, most of whom have endured domestic and/or third-party terrorist acts on their territory for decades. Terrorism itself is still subject to the same variables of complexity and uncertainty found across the HLS functional spectrum. What changes with terrorism is the false assumption that terrorist attacks can be prevented and the resulting pressure upon to HLS make this so. King Canute might offer some topical observations on this after his seashore experiments went wrong.

The Answer

The R = T x V x C equation for risk-based decision making is of little value so long the only acceptable answer is zero. Risk based decisions are made thousands of times every day in HLS – we’re just not interested in the answers. Perhaps the question that should have been asked is not Why is it so difficult to make risk-based decisions in homeland security? but When will we learn to accept risk in HLS?

3 thoughts on “Accepting risk

  1. Pingback: Accepting risk « The World According to Me… | JAENUDIN TAUFIK PERSONAL BLOG

  2. Simon,

    Great post. Love the homeowner analogy. That needs to be in your hall of fame when you get around to making one.

    I can see we tackled the question from slightly different perspectives (in addition to you giving a much more thorough answer than I). I tried to look at evidence for risk based decision making in terms of resource allocation (believing that old axiom about money talking and BS walking) whereas you, if I read you correctly, are looking at evidence of risk based decision making in terms of observable behavior.

    I totally agree that risk-based decisions are made every day, especially by first responders. And also, there is a lot of forward planning (increased presence when there’s a chance the local sports team is about to win the championship) in response to ‘traditional’ events/threats.

    I just have two quibbles:

    1) While I agree that your statement: “Just because it doesn’t happen in the comfortable macro format that many of us are used to, doesn’t mean that it doesn’t happen…it just happens at the micro level necessary for these agencies to fulfill their primary roles”. I think far too many organizations claim to do the macro level work when, in fact, they remain focus on the micro stuff. I think this is a function of the way we hand out HLS money, in the form of a) grants for doing macro stuff and b) based on elected representatives wresting money out of the central government to be spent on things local agencies may not even need.

    2)I also agree (always look out when I start off saying I agree with you) that “these agencies can and do turn out and perform credibly thousands of time every day”. Absolutely. I’d argue, however, that the decisions about which crimes and crime types to focus on (looking at law enforcement here, obviously) is often NOT risk based but rather reactive and based upon political considerations and public pressure. Rarely (at least in the U.S.) does an agency undertake even a rudimentary assessment of the threats within their jurisdiction and then take action at the most serious (let alone define what constitutes ‘serious’ and ‘threat’). I’m not talking about responses to street crime or emergency calls here but rather where and how such organizations decide to spend their scarce resources.

    And yet, there are far too many threats out there for any agency to address them all so some sort of prioritization must occur. Too often though, operations are undertaken because 1) they’re convenient 2) that’s what the agency is used to doing 3) that’s what the elected leadership demands or 4) they’ve made no effort to identify other threats.

    As an example, street gangs in the U.S. attracted the attention of many agencies here in the U.S. over the past 10 or so years. It’s not clear to me that they’re the most dangerous threat everywhere but they do offer agencies a clearly identifiable target with significant resonance among the public. Some agencies have, therefore been drawn to street gangs like moths to a flame and have lost awareness of other aspects of the threats in their operating environment. Again (hoping I’m not sounding like a broken record) in many cases, that fixation on street gangs is the result of a perceived threat rather than any attempt to identify and prioritize threats in any sort of systematic way.

    So…I’d offer that the question in the original article may not have been precise enough (consensus through blaming the other guy!) He didn’t really specify what he meant by risk-based decision making. Was he talking broadly, trying to encompass the whole field, policy making, resource allocation, tactical response or what?

    Finally, I’m not familiar with ‘the Scheiern model’. What is that?


  3. Pingback: More on Risk-based decision making in homeland security « Travels with Shiloh

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.