Guest Post – Why is it so difficult to make risk-based decisions in homeland security?

Today this post is by guest blogger KR who addresses the first question of the Homeland Security Round Table centering around an article in the recent issue of Homeland Security Affairs.

Ok, first I should introduce myself I am not a security, military or defense professional. I am a certified financial planner who, as an American citizen has a vested interest in this dialogue. My objective here is to broaden my knowledge on these subjects,  explore and clarify my opinions and hopefully, share some thoughts of a lay person with the more educated members of the group.

As a financial planner, I’d qualify a large part of my job as risk management. I do this by seeking both concrete and anecdotal information about variables that contribute to an overall premise on market, sector and specific holding performance expectations. This is a top down assessment starting at the economic level, eventually reaching the local or company-specific data. It seems remarkably similar to the risk management associated with anti-terrorism activities and threat assessment. There however, are some significant differences which tie in directly with Mr. Bellavita’s questions (numbers 1 and 5 in particular).

Axiom or law, I think we have to start with the premise: Risk is either held, shared or transferred, increased or decreased. It is never, ever eliminated.

In financial risk management, we have a firm concept of acceptable losses. There is never an expectation of only gains or zero losses. That’s understood to be unrealistic and in fact, pursuing those misinformed objectives actually incurs significant risk and expense. Fortunately, in my business, many theories and actual practices are tested, retested and back-tested to measure effectiveness. Quantifiable results are just that, quantifiable. Part of the issue confronting homeland security is the non-quantifiable nature of success, failure and ongoing performance. Politics, psychology and general culture play heavily into those definitions.

I’ve heard more than once, that, “Counter-terrorism activities have to be successful all of the time, terrorists only have to succeed once.” Frankly, I find that concept dangerous and misleading. It sets up everyone involved for failure. That statement is true when considering the execution of a terrorist act. But it would be unwise to consider that completion to be a failure of a homeland security system. By leading people to believe that any terrorist activity is a failure, and the converse, that the only success of homeland security is zero terrorist activity, we create an environment that ironically benefits the terrorists. By mismanaging their expectations, our population is more susceptible to fear and disappointment. The professionals are subject to criticism, policy shifts and general turnover (typically as a result of political responses).   Homeland security is a defensive, reactive activity. That’s not to say it’s passive. Merely that it’s goal is to counter the objectives of those engaged in hostile, terrorist acts agains the US. So what is success for a terrorist? I think the real definition of success by a terrorist is the changing of a culture or general set of policies to coincide with the specific goals of the terrorist organization. It is not the death or destruction of a particular target for its own sake. These groups and individuals want to have impact, whether by spreading a message, changing our attitudes and ways, or actually changing US policies. If that is true, success for homeland security should be the disruption or mitigation of enough activities to prevent those cultural or policy changes.

In my business, I determine a targeted risk level, or concept of ‘acceptable losses’ for each client. My worst client is one who expects to never lose a penny. I cannot help that client and can either educate them or fire them. I admit, it can be difficult to do the prior, but when it works, the change is usually dramatic. Instead of focusing on the occasional losses, we focus on their financial goals. Those in reality are their priority.   In the homeland security arena, it seems the American citizens are being trained to expect perfection. I think that is a product of both our political environment and our cultural belief that we can have everything, all the time, at no cost, now. I’ll summarize that notion simply as ‘short sightedness’ for simplicity sake. While we cannot ‘fire’ our way out of this relationship with our fellow citizens, we absolutely hav eto edicate them on the follow of that false expectation.

Homeland security is a process, not an event. It needs to be viewed similarly to our national education system, the population’s general health and wellness, our overall transportation infrastructure or similar issues of long term, national importance which may be subject to event risk, but are actually systems, not discrete events, locations or organizations. Instead, our national discussion seems focused on the granular level  how did which person get onto what plane. By looking so closely without the larger context we seem to repeatedly miss the forest for the trees.

Similar to my own risk management processes, when considering the homeland security situation, I again approach from a top down perspective. At a high level there is the question: what can be done to prevent terrorism. At a lower, more tactical level, there is the question of how do we prevent terrorist acts. I do believe that addressing the first question is fundamental to a long term American solution. Obviously, the better we do there, the fewer incidents we will have to address at the lower level. However, the reality of the present situation calls for us to address them both simultaneously. Mr. Bellavita seems focus primarily on the tactical level.   I think the first step in dealing with risk-based decsion making, and all decision making for that matter, is to accept the situation. The real, honest situation. These acts will be attempted. And some, despite our best efforts, will be executed as planned. We also must realize, that is very different from saying that the terrorists have succeeded.   And, in my opinion, therein lies part of the difficulty in making risk-based decisions. That very acceptance is untennable from a political standpoint. It is far better for any individual’s career to pretend that perfection exists, despite how stunting it is to our capability to address the situation, than to speak plainly about costs, consequences and long term goals with the American public.   ===============================   Here are a couple questions for those more educated that I on these matters. Please forgive me if they are not directly related to the first question on our list.   We’ve had extremist, militant groups in this country for quite some time. We’ve investigated and  infiltrated them, tracked their leadership, mapped their organizations and, at times, taken direct actions against them. We’ve had some terrible events such as the 1993 World Trade Center and 1995 Oklahoma City bombings. Are the strategies and methods of dealing with these homegrown radicals so different than the ways we should approach terrorists from outside of the country? I realize that the specific agencies and resources employed, and degrees of local cooperation and competence will impact implementation, but my question is regarding the actual practices. If we consider our domestic counter-terrorism activities to be successful (even without a 100% event-free history), shouldn’t we map those activities (and definitions of success) to the global scene?

As a lay person, I see homeland security largely as a police activity. That is not to say it should be performed solely by police departments, rather it is more similar to police work than say, military or emergency response work. Activities center around information gathering, investigation, analysis, apprehension, prevention and disruption. It seems that the inclusion of emergency response functions are a separate matter that only get involved when a threat is identified or action has taken place. Is that a gross oversimplification?


9 responses to “Guest Post – Why is it so difficult to make risk-based decisions in homeland security?

  1. Answer to Question #1. Yes, if nothing else we might at least then be talking a similar language – just watch how definition of success in Afghanistan have mutated in the last six months.

    Answer to Question #2. Partially. What is less visible is the ongoing work establishing and then maintaining and enhancing interoperability in just about everything with the myriad of individual first response, law enforcement and military agencies with a finger in the HLS pie. Now, just a quick jump on the soapbox to promote CWID as one of the annual forums and activities that works towards that interoperability.

  2. FYI,


    CWID is a Joint Chiefs of Staff-directed annual event that engages cutting-edge information technology focused on criteria defined by combatant commanders. Technologies are approved for participation because they address a new information sharing capability or might improve an existing capability in support of articulated demonstration objectives released as a Federal Business Opportunity (FBO) (

    The demonstration evaluates technologies and capabilities for exchanging information among coalition partners, military services, government agencies, first responders and U.S. combatant commanders, especially the 2009 host, U.S. Joint Forces Command (USJFCOM). Information sharing technologies leverage decision-making and operational flexibility on the battlefield and during crisis response on the home front.

  3. Thanks for posting the link, Dean

    Unfortunately most of the PR material that CWID puts out is pretty unstimulating and sounds pretty geeky…how it works is that each June for three weeks, teams of operators/warfighters are assembled at sites like SPAWAR, Dahlgren, NORCOM and Hanscomb in the US to give the selected apps and tools a good thrashing and to report on their performance or not as the case may be. They are supported by a large technical and evaluation team that captures and collates the results, keeps the networks up and running and breaks up fights between incompatible apps. About now the single services will be starting to look for volunteers for the various sites and CWID is one of the things where volunteers are rare and not usually turned away so long as you can find the right points of contact…Each site also has an open day/days in the final week which is usually a bit of a dog and pony show but gives you an idea of the capabilities and potentials of the various tools…

    Before things get anywhere the eval phase, some 6-7 months prior, there has been a rigorous selection phases that compares vendors/developers claims against identified capability gaps from both op and tech perspectives. Each app has to have at least one sponsor before it can proceed and it must conform to the tech standards as well – a lot of vapourware is found and binned in this stage. Between selection and evaluation there is a lot of handshaking and coord activity between vendors sponsors and there are usually a few more apps drop off along the way.

    Some of the apps I have been involved with in my time with CWID have been as diverse as UAS flight control systems, imagery analysis tools, various tools for transferring info between hi/lo security domains, biometric collation and database systems, simulations like VBS2, real time translation/transcription tools, digital C2 and situational awareness tools, and comms interoperability systems that allow you to plug in and link all the various comms systems that might be in use in an AO or incident site. The greatest value I found in CWID both as a warfighter operator and later as a national lead and lead assessor was the exposure to cutting edge and emerging technologies and my resulting awareness of what solutions might actually be available rather just being able to say ‘I wish we had something that would do X.’….knowledge that can they be put work in your own work place in developing user requirements, proposing solutions, etc etc…some times just knowing that something is actually possible and available makes a great difference….

    Leaps off soapbox…

    (If I haven’t scared everyone off, I’m more than happy to field any questions re CWID directly, or through this or my blog)


  4. And allow me to try to address those questions as well:

    #1 Are the strategies and methods of dealing with these homegrown radicals so different than the ways we should approach terrorists from outside of the country?

    Well, it depends. It depends on what we mean when we attach the label ‘terrorists’ on people. We now throw it around rather liberally so that it includes people who not that long ago would have been called ‘guerrillas’ and the term is frequently used interchangeably with ‘insurgents’. That’s a shame because those terms mean very different things.

    It also depends on where those terrorists are. Domestic terrorists are within the jurisdiction of the U.S. government and so legal means are available to target them. But what if Timothy McVeigh didn’t live in the U.S. but managed to escape to another country which was not inclined to allow the U.S. to operate within their borders? Then we need to make a political decision: Do we want to pursue this person? Will it further or hinder our long term goals? Is it worth the potential cost? If the decision is made that we do want to go after him (or her!) then we might engage in all sorts of behavior that would be illegal domestically.

    #2: If we consider our domestic counter-terrorism activities to be successful (even without a 100% event-free history), shouldn’t we map those activities (and definitions of success) to the global scene?

    Again, I’d have to say that this might not be a question if we had been a bit more precise with our terminology over the past 8 years. Our past practice of labeling everyone who didn’t agree with us as either a terrorist, a sympathizer or an appeaser doesn’t really allow us much flexibility. Fortunately, that’s been changing but I suspect those nuances won’t trickle down to the public for a long time (thanks MSM!)

    The other problem is that the ‘global scene’ can be much, much more complicated that anything going on within our borders and so while our successes may transfer in some places there’s probably not some uber-template we can apply everywhere.

    Of course, that leads to another frustration which is the reluctance to seriously consider the responses of other nations and see what, if anything, is applicable to our situation. I hate to keep harping on it but if even if you’re a regular consumer of news you probably won’t know that a number of European nations have had some pretty good successes in addressing the terrorist problem (as distinct from the immigration/integration problem, even though some would like to combine the two). That’s not to say those conversations aren’t occurring anywhere but I believe our citizenry should at least be aware of the complexities of the issue without having to be a think-tank groupie.

    (Simon – thanks for the soapbox)

  5. “Our past practice of labeling everyone who didn’t agree with us as either a terrorist, a sympathizer or an appeaser doesn’t really allow us much flexibility. Fortunately, that’s been changing but I suspect those nuances won’t trickle down to the public for a long time (thanks MSM!)”

    That’s an interesting insight: very takfiri – I think that we need to shed our fixation with Islamist takfir jihadist threats, to broaden it to include all takfir i.e. those who practice and attempt to inflict a ‘our way or the highway’ philosophy on others. Those I think are the real threat for the next decade, not just the current high profile flavour which happens to be Islamic. Maybe if we wound back some of the fundamentalist Christian and Jewish movements (as examples – some of those ‘haves’ who run the mega-corps and banks might be another group) we might be able to inflict stability on other parts of the world as well…?

    Who’s “MSM”?

    No worries for the soap box – a decent-sized soap box is hard to come by these days since they started shipping that soap powder concentrate…

  6. Ah…MSM=Mainstream Media. I don’t usually like using the term because frequently it’s a derisive term that translates to “news stories that don’t jive with my ideology” but here I use it irrespective of ideology since all of the major news sources here do such a poor job.

    I had to think about your takfiri comment a bit but it occurred to me that a very similar argument was made in the BBC special ‘The Power of Nightmares’ which tried to demonstrate a parallel evolution between al-Qaeda and neo-conservatism. I’m not sure if I agree with all the details but it is a very interesting way to view the past 40+ years as well as the puzzling trend to declare everything a war and ratchet up every threat to be an existential one.

    I recommend it very highly:

    It’s a 3 part series with each episode being about an hour long.

  7. Pingback: Threats, resilliance and strategy « Travels with Shiloh

  8. Pingback: Accepting risk « The World According to Me…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s