Who hasn’t heard this answer to a curly question “We’ll carry the risk“? Yeah, that’s nice but who’ll be accepting the responsibility?

Introduction

This is the first in a series that will progress throughout 2010. The idea comes from Dean at Travels with Shiloh who has invited a group of commentators to discuss the twelve questions asked in this article Changing Homeland Security: Twelve Questions From 2009 from the Homeland Security Affairs Journal (HSAJ). Yours truly is one of those privileged to be invited to contribute to this discussion.

The first question is Why is it so difficult to make risk-based decisions in homeland security? Other contributions on this question so far are:

Risk based decisions in homeland security issues

I’ve been working on this for over a week and, to be honest, have really struggled with it. What follows is still tortorously prolonged but I’ve left it ‘as is’ to show the process by which I got to the answer. In a couple of weeks, I will rework it into something a little more coherent.

Before launching into discussion on the topic at hand, I first thought it would be an idea to define my interpretation of the terms in the question.

• Difficult is the opposite of easy although it may be more correct to swap out ‘difficult’ for ‘simple’ and the degree of difficulty is directly linked to the level of complexity now common in such equations.

• I cast the net pretty wide to define risk-based decisions. Although there were few, if any, military or HLS examples in first 100 hits when I searched ‘risk-based decisions’ on Bing; the most common seemed to those relating to auditing, insurance, health and event management. There was enough material there for me to comfortable with the R = T x V x C; Risk is the product of Threat, Vulnerability, and Consequence equation in the original HSAJ article.

• Homeland Security is very much a US term with specific definition, membership and connotations. For our more global audience, I am using ‘HLS’ as the collective grouping of domestic, i.e. non-expeditionary,  military, security, intelligence, law enforcement, and emergency management agencies. I don’t believe that the establishment or not of an overarching agency like HLS affects the decision making process either way.

The Question

My first thought is whether it is actually difficult or, as implied in the question, if it is correct that risk-based decisions are not being made in homeland security. I would argue that they actually are, across our nations, thousands and thousands of them daily.

One approach I have found very useful when working through issues relating to the Contemporary Operating Environment (COE) by establishing a comparison with the more traditional and conventional environment that many of us are still more comfortable with or in.

If we were gearing up for yet another defence of the Fulda Gap at the operational level or even analysing intentions at the state on state level, such assessments are relatively simple and we still get them wrong with monotonous regularity, as Argentina found soon after taking Port Stanley in 1982, and Saddam found after reclaiming Kuwait in 1990. Characteristics of assessments at this level and in this environment might include:

• Limited number and type of threats.

• Gradual build-up and lead-in indicators.

• Motivators/catalysts are usually understood strategies, policies and philosophies.

• Most players are known values.

• Big hands, big arrows, small maps.

• Platform-based i.e focused on tracking ships, units, and formed groups; less focus on personality than major capability.

• Unified organisations on both sides.

• Geographic areas and boundaries are well defined.

• The three organisational functions/groups derived from Clausewitz (people, leadership, action arm) are clearly defined and visible.

‘Simple’ as used in the paragraph above does not necessarily mean easy, just less complex in comparison to today’s environment.

Compare then this model against that faced in the HLS environment. The most obvious change is that we now need to track individuals a la the Scheiern model, not just those that we know might be players or even those who might be, but also those who might just have had a bad day, or just have had ‘enough’. The most recent example of this might be the shootings in Ft Hood and Seattle last year. Although some commentators immediately heralded the Ft Hood incident as the beginning of a domestic 4GW campaign, there has been no evidence to support such claims. Both incidents instead are illustrative of both the unpredictable and micro natures of the domestic environment.

HLS organisations are also not formed and formal organisations like the DoD, NATO, or even the Warsaw Pact. At best it is a bureaucratic umbrella sitting over a diverse collection of agencies all with their own priorities and outputs, and generally very tactically focused. Certainly there is not the same degree, not even a hint thereof, of the command and control arrangements to be found in a single agency in its own right or a large organisation like the DoD with defined roles and responsibilities

Mix in with this nature’s fickleness, for example, earthquakes in Haiti, bush fires in Australia and snow in the Washington DC area. Although the probablity of such incidents is a given, assessment of incidence and severity leans more to the arcane than the scientific: for now, Poughkeepsie Phil probably remains our best indicator for seasonal change.

To use a household analogy, you used to have three dogs and a couple of cats that normally got on with each other. The causes of discord were well-known and it wasn’t too much of a task to prevent major conflict. Then Great Aunt Anastasia dies and left you her ant farm and  ‘tame’ wasp hive; for various reasons, and as tempting as it is at times, investing in a couple of gallons of Raid is not a socially acceptable option. You’re stuck with it. You’re not impressed, the dogs and the cats aren’t impressed, and most likely the ants and wasps aren’t that thrilled either. Oh, and the boiler’s sprung a leak, taxes have just gone up, and old Mrs Grey next door has just lopped off her leg with a chainsaw. Welcome to the world of homeland security – please start your risk-based decision-making process HERE.

HLS as an entity will always find it difficult at best to conduct risk assessment as we and Third Shock Army (8th Guards for some folk) understand them from the Fulda Gap. But that is not to say that risk based assessment does not occur daily across the spectrum of homeland defence in law enforcement, emergency response, security and intelligence fields. I doubt that there are any agencies under the homeland security umbrella where the staff just sit back, bite into another donut, sip on their lattes and just wait around for something to happen. Just because it doesn’t happen in the comfortable macro format that many of us are used to, doesn’t mean that it doesn’t happen…it just happens at the micro level necessary for these agencies to fulfill their primary roles

At that’s the thing, most homeland security agencies have local or regional responsibilities and meeting these is their main priority. Unlike perhaps military organisations which generally devote a reasonably large proportion of time and resources to things that might happen, most HLS agencies are fully committed to meeting real-time outputs like catching bad guys, saving lives, fighting fires and rescuing kittens (think that last one isn’t important? – try telling that to old Mrs Smyth and still keep ‘the people’ on side). Most of them do this well.

Their world may be too complex for precise prediction but something else they also do well is respond. Within those contingencies that they know from past experience are most likely, these agencies can and do turn out and perform credibly thousands of time every day…and against these contingencies there is quite robust risk-based assessment and decision-making…why do police surge for New Years Eve activities, firejumpers have winter leave and paramedics specific tools and treatments over others? These people think, with some justification, that they are quite good at such decisions within their respective areas of expertise and responsibility.

Where they are weaker perhaps in in working and interfacing with each other beyond local relationships, especially where there may be issues of command and control or jurisdiction. HLS is never going to be the uber-C2 construct that DoD is – I think that FEMA perhaps tried this and we all saw how well that worked. Where HLS might begin to add real value is in championing the interoperability cause and facilitating communications, cultural awareness and information sharing between agencies.

An interesting insight from the 2004 Manawatu flooding (look it up – it made the top ten natural disaster list for the year) is that the civil defence plan went out the window only 30 seconds after the state of emergency was declared. BUT the value of the plan was in the planning; in bringing the various agencies together prior so that at least key staff had met, there was a general awareness of potential resources, and an awareness of issues from other perspectives. We saw the same again when the Mt Ruapehu lahar (finally) went in 2007. The event itself was almost anticlimatic because all the agencies involved (none of whom could agree on the probability or severity of the lahar happening) had been required to hammer out their difference and develop a collective response to the threat.

Where risk-based decisions really are difficult in HLS is on the terrorism side of the house. This won’t be news to Europeans, most of whom have endured domestic and/or third-party terrorist acts on their territory for decades. Terrorism itself is still subject to the same variables of complexity and uncertainty found across the HLS functional spectrum. What changes with terrorism is the false assumption that terrorist attacks can be prevented and the resulting pressure upon to HLS make this so. King Canute might offer some topical observations on this after his seashore experiments went wrong.

The Answer

The R = T x V x C equation for risk-based decision making is of little value so long the only acceptable answer is zero. Risk based decisions are made thousands of times every day in HLS – we’re just not interested in the answers. Perhaps the question that should have been asked is not Why is it so difficult to make risk-based decisions in homeland security? but When will we learn to accept risk in HLS?