Homeland Security Risk Assessment Report
Homeland Security Enterprise utilizes risk management in day to day operations. The analysis designates asset allocation such as resources and manpower. Risk assessment goes beyond this also; the designation and distribution of federal funds are directed based on risk assessment.
Introduction
The Department of Homeland Security is tasked with detecting, deterring and annihilating a plethora of hazards not only to the America people, but to critical infrastructure that keeps the country running. The department is constantly on alert and ready to respond to incidents involving terrorism, natural catastrophes. pandemics such influenza, international criminal activities, and cyberspace risks on variable scales. The Department of Homeland Security, unfortunately, does not have an endless supply of resources or money; therefore, must use sensible planning to ensure its mission is successful. With the realization of such a factor, it is essential to triage capabilities. Using a risk management approach allows for the Department to make decisions and accomplish its mission. Hurricane Katrina and 9/11 revealed to not only Congress, but the nation how susceptible to attacks from terrorism and natural disasters the country was. These events also told the nation how unprepared it was.
Risk Management
The Department of Homeland Security defines risk management as “the process for identifying, analyzing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken. ” This process is crucial as it supports the myriad of tasks that Homeland Security encounters. The analysis of risk determines how “homeland security functions can be best used to prevent, protect, mitigate, respond to, and recover from hazards to the Nation”. The constant evaluation of risk allows for the Department to identify, assess and understand potential and known threats. With this knowledge, the agency is able to deter and even halt foreign and domestic terrorist operations. The Strategic National Risk Assessment (SNRA) which was created to support Presidential Policy on national readiness, targeted security and resiliency by stringent measures. This allowed for greater resiliency to negative consequences that could occur in the United States by not only categorizing information based on how high a risk factor was but how to develop capabilities to support the readiness of the nation. The creation of the Department of Homeland Security, then tasking them with the role of risk management; gave the various levels of Government a thorough understanding of current hazards and threats of the nation. This knowledge set up each level of Government for success. This created a universal plan which allowed them to operate collaboratively and independently. The SNRA accomplished this enormous task by combining data utilizing existing Government databases from multiple agencies, risk management experts, and historical data. This task identified the risk of incidents and broke them down further. How often these events occurred and what was the result of their occurrence if a hazard or event occurred. The SNRA is concerned with a multitude of threats within the Homeland. Natural threats such as Floods or Earthquakes, Tsunamis, and Wildfires; Accidental threats such as chemical spills and food contamination; Terrorist threats such as explosive attacks, hijackings and cyber threats.
Why Risk Management is Important
The continuous and changing variables need constant evaluation which influences Homeland Security on how it proceeds with certain tasks. Risk management allows the Department of Homeland Security analyze data and determine how likely a threat to the nation will occur. This helps dictate Homeland Security and guide practice on how to tackle a certain risk with special consideration to response, recovery, protection and prevention goals. This aids in the development of strategic planning and sustainment of risk management. Risk management is also essential for this strategic planning to identify possible weakness in the capabilities of a particular department or sector at a time of crisis. These capabilities should be thoroughly tested. Which each test a new weakness could be identified possibly allowing for a resolution further strengthening the nation's plan. It is of fundamental importance that accurate results are being documented in risk analysis. As previously mentioned, there is not unlimited assets or resources to achieve mission success. Accurate reporting allows for the designation of federal funds and grants to be allocated to the appropriate areas. By utilizing risk management, these agencies can have realistic expectations and “fund projects that bring the greatest return on investment, describe desired outcomes and how they will mitigate risk, and explain the rationale behind those decisions in clear, objective, and transparent terms”. The use of Risk Management is beneficial financially allowing for the department to identify possible opportunity. According to Decker (2001), to amplify the success of risk management there are primary elements of threat assessments that should be considered. The first is a threat assessment, then a vulnerability assessment, and a criticality assessment. When discussing threats, it is important to understand the threat in its entirety. This will allow the agencies to formulate a plan based on action need. When the threat is a nuclear or biological hazard, it would be crucial to have a universal plan in place across multiple agencies in every part of the nation. When everyone is on the same page, the chances of success are increased; the critical infrastructure is protected and financial loss is decreased. By analyzing risk, the department can assign a value to a specific event or likelihood of an occurrence for the objective of “informing priorities, developing or comparing courses of action, and informing decision making”.
Risk Management Assessments
A threat assessment is used by the Department of Homeland Security to gauge and determine how likely a terrorist event at a specific target or location is to happen. Variables such as known intention, known capabilities, amount of access are considered. Multiple law enforcement and intelligence assets share information allowing homeland security to gain insight on how severe or not a threat is. This teamwork is crucial as it minimizes the guessing on worst-case or what-if scenarios to guide planning and resource allocation.
A vulnerability assessment is designed to identify potential flaws in security assessments, protection plans, and even weaknesses on structures such as buildings or military installations, highways and bridges. Terrorists and criminal enterprises are constantly enticed to explore weakness in government infrastructure – both cyber and physical; therefore, it is essential that they are found by law enforcement enterprise first. An example of this was a case within the U. S. Army Criminal Investigation Division which utilized a vulnerability assessment and identified security flaws in the ammunition compound in Fort Lewis, WA. This vulnerability could have allowed access into the Unit arms room where thousands of rounds of M-4 ammunition were housed. The Arms room code key was viewable to almost anyone. From the assessment by law enforcement, more stringent measures were put in place, and soldiers were retrained on how to secure the compound. Vulnerability studies for natural hazards have small differences from those used for terrorism risks. In the case of a natural threat, to discuss vulnerability would reference elements such as fire, loose dirt, the volume of water and so on pertaining to the particular area. Applying this to terrorism, to discuss vulnerability, would be to talk about the impact of an explosion. It should be noted Government agencies are not the only ones to benefit from risk analysis. Private corporations utilize vulnerability assessments on a regular basis to determine how secure their network is. Lastly, the criticality assessment is utilized to determine what assets are considered critical. This may seem like an obvious task; however, not everything can be considered a critical infrastructure. Various factors can actually downgrade something once labeled as critical such as a sporting arena or particular location based on the functionality of the structure or even its location. Computer networks, nuclear plants, are considered critical as their functionality is important to the security and maintenance of the country. The Critical assessment is critical as it allows for the Department of Homeland Security to identify which assets or location demand priority over others, the amount of manpower or financial amount to maintain the said entity. Also, Decker (2001) notes that one assessment is not a good foundation and that all three should be done when determining crucial government resources should be allocated to reduce risk to people and property.
Determining Risk
When it comes to risk assessment the Department of Homeland Security utilizes the risk analysis that risk is equal to a function of threat, multiplied by threat, vulnerabilities, and consequences; or Risk = f(T, V, C). Exploring this equation, the level of Risk is calculated by analyzing different variables in the equation. T stands for Threat which represents the likelihood an event will occur from a particular group or weapon. V represents the vulnerability of an attack; how susceptible is the particular item or person to infrastructure to a hazard or threat? In the Protective Services world, information pertaining to the Bosses location; their distance from a protective shelter or emergency services would be taken into account. The end result or consequences from a particular threat are represented by C. These consequences could be how many people die, the amount of damage to a particular infrastructure, or even how much of a financial loss would incur. The managing of risk is equivalent to juggling a million variables at once. Since this would be an impossible task, an easier method must be integrated so the resources are utilized in the most productive manner. When plugging the certain variables into the equation a result would determine how much risk there was in a particular situation. It is important to note that this is not to be used alone when determining risk. Intelligence and subject matter experts should also be utilized. This assessment in the simplest terms allows for the Department of Homeland Security to get the most out of what it has.
The Department of Homeland Security is primarily accountable for vindicating an array of threats to the nation; however, currently, its risk analysis is weighted heavily toward terrorism. Experience is the reason for this it lacks both “historical validating data and sociological theory on which to base quantitative models”. The Department has had much more involvement with natural disasters than it has had with terrorism. The historical data can guide future decisions. It important to note this formula is not a constant or absolute. There are so many moving parts to risk assessment with little being static.
Conclusion
To sum risk up in a nice neat package would be fantastic, but realistically, impossible. Assessing risk on a national scale is a complex task reliant on teamwork and excellent communication and structure. The truly inspirational and complex work that Homeland Security accomplish by attempting to minimize risk is truly amazing. There will never be a perfect risk model or analysis; however, utilizing historical data, scientific data, and data from intelligence and law enforcement agencies, the Department can narrow down risk. This also allows for the identification of weakness in the system allowing for exploitations to be squashed. Life is not static and the agency knows this. The constant Risk = (T, V, C) was abolished as the agency realized each variable is independent when it came to an analysis on terrorism. With a nation of over 300 million people, knowing where to allocate funding, assets and direct federal agencies during a time of need is absolutely critical for a successful mission. Reducing risk allows the for the Department of Homeland Security to secure the homeland.
References
- Decker, Raymond (2001). Homeland Security Key Elements of a Risk Management Approach. General Accounting Office. Retrieved 8 Feb 2018, from https://www. gao. gov/assets/110/109027. pdf
- DHS Risk Lexicon (2010), Dhs. gov. Retrieved 11 February 2018, from https://www. dhs. gov/sites/default/files/publications/dhs-risk-lexicon-2010_0. pdf
- Review of the Department of Homeland Security's Approach to Risk Analysis (2010) Fema. gov. Retrieved 11 February 2018, from https://www. fema. gov/pdf/government/grant/2011/fy11_hsgp_risk. pdf
- Risk Management Fundamentals (2011). Dhs. gov. Retrieved 11 February 2018, from https://www. dhs. gov/xlibrary/assets/rma-risk-management-fundamentals. pdf
- Strategic National Risk Assessment (2011). Dhs. gov. Retrieved 11 February 2018, from https://www. dhs. gov/xlibrary/assets/rma-strategic-national-risk-assessment-ppd8. pdf