return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Multisourcing: belated recovery of forgotten first principles, part 2 ]

Multisourcing: belated recovery of forgotten first principles, part 2


Part 1

For those of us that come from a background of a Counterterrorism (CT) and Counterintelligence (CI) threat analysis, a Governance Model that Gartner belatedly embraces is the essence of effective performance definition, and the Design Basis Threat (DBT) becomes an integral, inseparable part of that governance model as the mechanism that informs the Command or Senior management of the types of threats it may face over time and allows them to define the threats that are in or out of scope, the level of deflection or defense that will be committed to each threat, and the cost for that level of deflection or defense. The commercial side could learn much the military in essential risk management starting with Field Manual FM 100-14, Risk Management, which is the commander's principal risk reduction process to identify and control hazards and make informed decisions:

  • Identify hazards
  • Assess hazards
  • Develop controls and make risk decisions
  • Implement controls
  • Supervise and evaluate

The discriminator in DBT design is that almost all conventional DBTs are a scenario-based risk process instead of a rigorous procedural analysis that:

  • Defines risk management objectives under an integrated Command vision
  • Balances efficiency vs. security
  • Provides exportable and testable guidelines
  • Mandates periodic review under changing threats

The false complacency that scenarios instill is so great that I am compelled to beat the drum one more time:

Scenario-based responses are dangerously omissive, driving clients to extraordinary cost and diversion, often without merit, but is prevalent in part because it is simple. It requires no procedural rigor or grounding in fact, only the ability to ask "What if?" endlessly, yet is virtually ineffective for deferring, deflecting, or interdicting an adversary's preparation.

Witness the events of the July 2005 mass transit bombings in London where the UK had had a thirty-year history of dealing with a variety of terrorist attacks and bombings, the "scenario" and "lessons learned" from the earlier transit attacks in Madrid, Spain, were well-known, yet proved little benefit to the British in interdicting the London attacks of July 2005.

Scenario-spinning has no logical end and provides no threat assessment, vulnerability assessment, or risk assessment that would normally be enshrined in a firm's Governance Model.

Scenarios were an Army staple until the terrorist truck bomb attack along the northern perimeter of Khobar Towers, Dhahran, Saudi Arabia, on June 25, 1996. (Khobar Towers was a facility housing U.S. and allied forces supporting Operation SOUTHERN WATCH, coalition air operations over Iraq.) The report by Wayne A. Downing, General, U.S. Army (Retired) which has become known as the Downing Report (Introductory Letter, Preface and Report), reinvigorated the uphill effort to substitute procedurally consistent threat and vulnerability analyses in place of scenario generation.

Without guiding bounds, scenarios proliferate endlessly, often crippling most well-intended, protective efforts (paralysis by analysis). Defenders must define a coherent view of their risk tolerance before they can craft a response strategy that can reasonably and consistently respond to the threats on offer.

Risk Management
FM 100-14
Field Manual Headquarters
No. 100- 14 Department of the Army
Washington, DC, 23 April 1998

Report to the President and Congress on the Protection of U.S. Forces Deployed Abroad
ANNEX A - The Downing Investigation Report
Downing Assessment Task Force
NMCC Room 2C890, The Pentagon
Washington, DC 20310
August 30, 1996
Annex A consists of following three documents:
The Introductory Letter - A two page letter from Downing.
The Preface
The Report - 68 pages of text and tables.

Gordon Housworth

InfoT Public  Intellectual Property Theft Public  Risk Containment and Pricing Public  Strategic Risk Public  


  discuss this article

<<  |  July 2020  |  >>
view our rss feed