Help with Homework
HM502
Unit 1 DQ (Only has a Topic 2, NO TOPIC #1)
Part 1
Topic 2: Risk Assessment Methods (Respond)
The Department of Homeland Security (DHS) has enormous responsibilities. The missions of DHS are:
1. Preventing terrorism and enhancing security
2. Securing and managing borders
3. Enforcing and administering immigration laws
4. Safeguarding and securing cyberspace
5. Ensuring resilience to disasters
As a result of this broad, expansive, and complex set of missions, the DHS must assess risks from a range of threats to homeland security. Also, in some cases, the DHS shares responsibility with other entities, states, cities, or tribes, for assessing risks and creating plans to prepare for, respond to, and recover from man-made or natural disasters, threats, or hazards. These diverse and multi-faceted risk assessments are used in the process of risk management by decision makers to mitigate these challenges.
Unfortunately, there is not just one risk assessment methodology that is or can be employed by all the agencies within the DHS. Consequently, there are several methodologies currently in use throughout the DHS to varying degrees of effectiveness. Two measures of the effectiveness of these methodologies are their validity and reliability (National Research Council (NRC), 2010). Essentially, do these methodologies assess what you want to assess accurately (valid) and do these methodologies consistently/precisely measure what the assessment intends them to measure (reliable)?
After reading about each of the different risk assessment methodologies, what are the strengths and weaknesses of each methodology?
What are some of the application and implementation challenges that each method currently faces?
As you discuss the various attributes of each risk assessment method, consider the validity and reliability of each method as they relate to the threat, vulnerability, and consequence assessment capabilities of the method.
Reference:
National Research Council. (2010). Review of the Department of Homeland Security's approach to risk analysis . National Academies Press. Retrieved from http://www.nap.edu/catalog.php?record_id=12972
Part 2
Topic 2: Student Response #1 (Respond to Skyler)
Skyler Fry
Terrorism Risk Assessment and Management (TRAM)
TRAM is a computer program that was developed by FEMA to compare risk against assets within specific geographical boundaries (Stromgren & Ryan, 2008). TRAM identifies and prioritizes upgrades in security, protection, response and recovery in order to minimize the risks associated with a potential threat (Stromgren & Ryan, 2008). A major benefit of TRAM is its availability to various jurisdictions and across the many levels of government. TRAM is focused on future threat analysis and risk associated with facilities rather than populations, therefore, the program is limited as to the extent of effectiveness in regards to population threats (Stromgren & Ryan, 2008).
Biological Threat Risk Assessment (BTRA)
BTRA is a strategic event tree based program that requires subject matter expert level of understanding to be utilized effectively (National Research Council, 2010). The model used is 17 steps and very information based with "Frequency of initiation by terrorist group, Target selection, Bioagent selection, Mode of dissemination (also determines wet or dry dispersal form), Mode of agent acquisition, Interdiction during acquisition, Location of production and processing, Mode of agent production, Preprocessing and concentration, Drying and processing, Additives, Interdiction during production and processing, Mode of transport and storage, Interdiction during transport and storage, Interdiction during attack, Potential for multiple attacks, and Event detection" all needing to be identified in order to formulate the risk associated with a specific potential event (National Research Council, 2010). The BTRA is best utilized at the upper echelons of government with highest probabilities being shared with potential target areas. BTRA is not as useful for local governments as a biological threat is much less likely when compared to other threats and would distract resources that could be used more efficiently elsewhere.
Threat and Hazards Identification and Risk Assessment (THIRA)
The THIRA model is the best and most applicable across the board as it doesn't deal with non realistic or low probability threats and hazards but instead focuses on those that are more likely to happen that would challenge the capabilities of a specific jurisdiction. Based on model outcomes, a specific location all the way up to the national level can identify what capabilities will be needed in order to combat or mitigate against possible outcomes (National Research Council, 2010). THIRA is made up of four main components; risks and associated impacts, capability targets, current capabilities, and gaps (FEMA, 2019). The risks and associated impacts component identifies and assesses threats and hazards(FEMA, 2019). The capability targets component utilizes likely impacts to create capability goals in order to combat the potential threat or hazard(FEMA, 2019). The current capabilities component measures the current capabilities compared to needed capabilities based on possible threats and hazards(FEMA, 2019). The gaps component identifies current gaps that would hinder an effective response and assists in development of strategies to close the gaps(FEMA, 2019).
National Research Council. (2010) Review of the Department of Homeland Security's Approach to Risk Analysis. Washington, DC: The National Academies Press. https://doi.org/10.17226/12972.
FEMA. (2019). 2019 National Threat and Hazard Identification and Risk Assessment (THIRA). Federal Emergency Management Agency. https://www.fema.gov/sites/default/files/2020-06/fema_national-thira-overview-methodology_2019_0.pdf.
Stromgren, C., & Ryan, K. (2008). Introduction to the Terrorism Risk Assessment and Management (TRAM) Methodology. Calhoun. https://calhoun.nps.edu/bitstream/handle/10945/51764/Stromgren_Ryan_Introduction_to_the_Terrorism_Risk_CIP_Metrics_Tools_2008.pdf?sequence=1&isAllowed=y.
Topic 2: Student Response #2 (Respond to Sunday)
Sunday Akinwunmi
Though risk management does not prevent events from occurring, it does assist the department in focusing on the occurrences of the more destructive events and assisting in the avoidance or mitigation efforts. Risk management produces analysis, which creates a better platform for decision making. The potential perils are identified in terms of their likelihood to occur to assist decision-makers in selecting, implementing, and evaluating risk management alternatives. Different assessment methods, such as TRAM, BTRA, and THIRA, are used to assess and analyse threats, whether they are man-made or naturally occurring (Ezell, et al., 2017). Scholars have criticized these tools because terrorists can adapt to the preventive measures developed, and the terrorist may be focused on maximizing a specific consequence rather than all.
TRAM is a model that focuses on determining the threat, capability, and intent of a terrorist attack. TRAM evaluates critical scenarios. The framework of the model uses ratings from various SMs to project the vulnerability and the consequences of a potential threat. As a result, TRAM focuses on identifying the critical infrastructure to be protected, as well as the infrastructure's vulnerability and the consequences of the risk if it occurs. However, the model is untrustworthy due to its complicity, making effective employability and evaluation difficult.
TRAM has a number of flaws, including the fact that the analysis process is extremely complex, and that comparing the minimum experience of the SMs on training makes determining the exact target value difficult. Second, the process of developing the criticality of risk assessment factors lacks transparency, which can lead to misleading criticality assessments. Finally, there is the uncertainty of estimating the factors used to calculate venerability. As a result, it is conclusive that TRAM reliability is not certain because its complicity makes it extremely difficult to use effectively while evaluating the model.
The model has advantages, such as the outputs being useful in conceptualizing the risk space. Second, it discusses risk mitigation options and how they affect the various ranks, thereby improving cost-benefit analyses. The model also lowers the risk of purchasing because it has the ability to improve security systems in the various organizations that use it.
Using BTRA involves employing the logic tree, also known as an event tree model. This assessment tool divides a complex assessment into smaller and simpler segments that can be addressed fully and effectively. There are two methods in the tool: probability, event, and decision trees, as well as fault, attack, and successful trees. Branches and nodes make up probability, event, and decision trees.
The limitation of BTRA as a terrorism risk assessment tool, according to Ezell et al. (2010), is the level of uncertainty, incompleteness, and the fact that it is not static. The incompleteness and uncertainty of the data collected make it difficult to develop exact probabilities. For example, a terrorist may plan to produce virus A in order to cause the greatest number of casualties possible because the same virus is optimal for virus B. However, because biological systems are complex, such an attack may fail. Terrorists, being intelligent, examine the US defensive mechanism and adapt to it while developing new attack tactics. Understanding terrorist motivations, intent, and capabilities is the most important strategy for preventing attacks. As a result of the aforementioned flaws, the model is only a snapshot of a specific time period.
References
James F. Broder, & Gene Tucker. (2012). Risk Analysis and the Security Survey: Vol. 4th ed. Butterworth-Heinemann.
Ezell, B., Bennett, S. P., Winterfeldt, D. V., Sokolowski, J., & Collins, A. J. (2017). Probabilistic Risk Analysis and Terrorism Risk. Improving Homeland Security Decisions, 5-31. doi:10.1017/9781316676714.002