return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ The danger of confusing terrorist interdiction with the consequences of terrorist action ]

The danger of confusing terrorist interdiction with the consequences of terrorist action

  #

It gives me scant comfort to read:

[Los Alamos has] been constructing the most elaborate computer models of the United States ever attempted. There are virtual cities inhabited by millions of virtual individuals who go to work, shopping centers, soccer games and anywhere else their real life counterparts go. And there are virtual power grids, oil and gas lines, water pipelines, airplane and train systems, even a virtual Internet. The scientists build them. And then they destroy them…

The Los Alamos experiments are part of the Homeland Security Department's efforts to harness technology to aid the war on terrorism. Like government "data-mining" projects that use flight itineraries, credit card reports and other data and try to find patterns to predict who might be a likely terrorist, the simulations are attempts to guess the bigger picture.

Furthermore, when these fervently well-intentioned individuals say after "trying to be the best terrorists we can be," that they're "glad we're not terrorists," we can say that they do not need to worry, as from the standpoint of an asymmetrical attacker they are certainly not.

Scenario-based responses are dangerously omissive. Witness the events now unfolding in London where the UK has had a thirty year history of dealing with a variety of terrorist attacks and bombings. The "scenario" and "lessons learned" of bombing mass transit (see Atocha’s Impact) in Madrid, Spain, was recent and well know yet it did the English little good in interdicting the London attack.

Moreover, scenario-spinning has no end since it has no scope-like business risk statement to bound it, and so efforts continue without end, usually crippling most well-intended protective efforts (paralysis by analysis). Defenders must be able to define a coherent view of their risk tolerance before they can craft a response strategy, a function the defense sector calls a Design Basis Threat (see simple overview.) For a more complex example, see Building Design for Homeland Security and look at the units: Asset Value Assessment, Threat/Hazard Assessment, Vulnerability Assessment, and Risk Assessment/Risk Management.

Commenting to a skilled practitioner that we as a nation are in trouble if facilities such as Los Alamos, and the attentive agencies lulled into complacency over their exercises, are scenario spinning instead of building a sound design base threat, his reply was that such efforts get funded for the time and scenarios that they generate, a process made easy by having large amounts of CPU cycles available to absorb massive amounts of variables. The net is that the scenarios are very useful for estimating consequences (direct and indirect costs) should a similar event occur but that they are virtually ineffective for interdicting the adversary's preparation, surveillance and actual attack.

The federal government is using the simulations to provide options in the event of a real terrorist attack. The information is so sensitive that most of the lab's work is classified, and the physical facility is secured with its own experimental technologies. If the simulations got into the wrong hands, the researchers say, they could be used as the ultimate weapon against Americans. "It would be a terrorist recipe for doing something terrible."

Possibly, but less likely than one might assume. Scenarios generated in this manner are almost always too complex and miss the path of least resistance that an asymmetrical adversary will use to achieve their aim at acceptable risk (where their risk is defined as deferring discovery, mission success and not necessarily the survival of the attacker). (See Bioterrorism Drill TOPOFF 2 -- Failing to think like al Qaeda & relearning old lessons.)

A useful comment on the risks and red herrings of scenarios was included in a discussion of the modeling and simulation of epidemic infectious diseases:

An immediate problem facing the United States is whether to reinstitute routine smallpox vaccination of the entire population. Rational alternatives would be to withhold routine vaccination, and use smallpox vaccine only in "ring immunization" of contacts once cases had appeared, or immediately preimmunize some subset of the population and be prepared to implement ring immunization. Critics of modeling argue that models cannot provide clear evidence for or against any option; advocates counter that the purpose of modeling and simulation is not to provide an answer, but to furnish a tool for improving the decision-making process. Indeed, all decisions are based on models (mental or otherwise), but the use of computational models forces all assumptions to be made explicit, and permits a search for nonlinear intervention effects that may not be discovered using intuitive mental models. Particularly in dealing with a hypothetical threat such as smallpox, models and simulations can allow the testing of intervention strategies in silicon that simply cannot be tested in advance, and could never be tested in a real-world bioterrorism emergency.

The 'advocates' in this context again confuse estimating consequences of similar events with early interruption of target surveillance and interdiction of the attack team. As noted in Acting upon knowledge is different from its gathering:

The alternative to scenario planning is to understand the key actors and processes at play, how they might interact (without locking into "the" prediction), especially in a region and culture so different from our own and one in which our own cultural assumptions could lead to under or overrating events, good and bad.

It is dangerous for any agency or individual to assume that there is definitive merit in scenario planning as it will lull some administration and political decision makers into thinking that these well-intentioned efforts have something to say about the interdiction of the adversary - which they do not.

Incidentally, in the US after Atocha, authorities were left scrambling in a less than effective attempt to reinforce a porous commuter rail system that is not appreciably more secure today. In the face of DHS "raising the threat level from code yellow, or elevated, to code orange, high, targeted only to the mass-transit portion of the transportation sector" with no reported threats to US assets, one is left to wonder if another soothing but ineffective "feel good" security measure that we like to call "guns, gates and guards" is in progress.

Britain launches search for bombers
CNN
July 7, 2005; Posted: 3:55 p.m. EDT (19:55 GMT)

British Officials Say They Had No Warning
By DON VAN NATTA Jr.
New York Times
July 7, 2005

Computers Simulate Terrorism's Extremes
By Ariana Eunjung Cha
Washington Post
July 4, 2005

Microbial Threats to Health: Emergence, Detection, and Response
Mark S. Smolinski, Margaret A. Hamburg, and Joshua Lederberg, Editors
Committee on Emerging Microbial Threats to Health in the 21st Century
Board on Global Health
Institute of Medicine (IOM) OF THE NATIONAL ACADEMIES
NATIONAL ACADEMIES PRESS
2003

Instructor Guide
FEMA E155- Building Design for Homeland Security
FEMA
January 2004

Risk Assessment: A How-To Guide to Mitigate Potential Terrorist Attacks
FEMA 452
Complete Guide
STEP 1: THREAT IDENTIFICATION AND RATING
STEP 2: ASSET VALUE ASSESSMENT
STEP 3: VULNERABILITY ASSESSMENT
STEP 4: RISK ASSESSMENT

Gordon Housworth



InfoT Public  Infrastructure Defense Public  Strategic Risk Public  Terrorism Public  

discussion

  discuss this article


<<  |  September 2018  |  >>
SunMonTueWedThuFriSat
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456
view our rss feed