Contrary to the mechanical notion relied on by DHS to date, "risk” in reality is a purely social construct.  Common sense validates this:  We do not invest any worrying in the “risk” of giant trees falling in the dark recesses of uninhabited rain forests or of avalanches roaring down the slopes of desolate mountains in central Antarctica.  Where there is no effect on people, risk has no meaning.

Despite what common sense suggests, common practice within DHS and other homeland security bureaucracies has been to define “risk” by the following analytical equation:

Risk = Threat x Vulnerability x Consequences

But in social reality—the space where politicians, bureaucrats, investors, business executives, and other real people actually care about and seek to manage “risk”—this definition is incomplete, and thus false in a way that proves to be ironically ‘risky’ in practice.  The right side of the above equation is a statistical compendium of what more accurately should be called “engineering failure,” not “risk.”

A more socially authentic, practical definition of “risk” would go something like this:

Risk = HF(Threat x Vulnerability x Consequences)

where HF is a function of the “soft” human factors that translate the “hard,” physical parameters of engineering failure into human perceptions, emotions, and behavior.

(In theory, the standard equation could be salvaged by incorporating human factors into the 'Consequences' variable.  But in practice, as evidenced in the QHSR draft here, the focus of Consequences usually is on tangible objects, assets, money, etc. rather than intangible thoughts and feelings.  In any case, human aversion to or acceptance of risk may be driven by prospective perceptions of threats or vulnerabilities as well as consequences.)

Prof. Lester Lave of Carnegie-Mellon University is among the thought leaders who have urged public officials to adopt this more realistic understanding of risk, for instance in regard to counter-terrorism:

DHS needs to set priorities by the terror value of an attack, which is not the same as the amount of damage or number of people killed or injured.…

[An] attack that kills people, even a large number of people, need not cause terror. At the same time an attack that killed no one could cause immense terror. Preventing an attack from causing terror requires recognizing that terror is an emotional, not a rational reaction and that people must be prepared for the attack.[i]

A crucial corollary to this social, realistic definition of “risk” is that human perceptions, emotions, and behavior vary among individuals, groups, and populations—and hence that “risk” is very much in the eyes (and hearts and minds as the saying goes) of the beholder.  And that is not just a singular, generic, average beholder but a human ecosystem of diverse beholders, or “stakeholders” in the argot of policy wonks.

It follows that the problem of “risk management” is not one of managing physical assets or infrastructure but of managing human thoughts, feelings, and actions.  That problem ranges from immensely complex to chaotic.  But it is not impossible.  It is, after all, what politicians, public officials, and private sector executives are required to do every day.

 


[i] Lester B. Lave, “Suggestions for Improving DHS Assessment of R&D Priorities,” working paper, July 24, 2005.

 

Why the contribution is important

It is just these human, social dimensions of the task to which the technocrats of the dominant security paradigm are commonly inattentive and often blind.  The practical results of this social apathy have ranged from grave to farcical:

  • Before Hurricane Katrina, official plans for emergency response and incident management focused on evacuating and rescuing people—to the exclusion of pets.  Charged with the mission of saving human lives, tunnel-visioned planners perceived no rational reason to expend resources on rescuing animals.  The result: “Thousands of survivors clung to their pets and refused orders from emergency workers to leave them behind.  The holdouts included a number of older men and women living alone who elected to stay with their animals despite the harrowing conditions, a choice that cost some their lives.”[ii] Emergency management standards were subsequently adapted to this behavioral reality—not on the basis of 'risk analysis' but in reaction to harsh experience and political backlash.
  • A political firestorm erupted in February 2006 when news media reported that an arcane panel of federal technocrats, the Committee on Foreign Investment in the United States (CFIUS), had casually approved the purchase of six major American port facilities from their then-British owner by Dubai Ports World, a firm owned by the government of the Arab emirate of Dubai.  Public outcry led to congressional outrage that resulted in the transaction being stymied, and later revised to assure control of the six ports by a U.S. company.  A number of analysts and government officials reasonably claimed that the backlash insulted a strong U.S. ally in the Arab world, seemed ‘racist,’ and undermined needed foreign investment.[iii] However, they overlooked that the fiasco was generated by the government’s own reliance on the mechanical concept of “risk management”—and its resulting egregious failure at effective “risk communication.”
  • In June 2006, a similar political backlash once again greeted the announcement by DHS that its latest round of anti-terrorism grants under the Urban Area Security Initiative (UASI) would cut funding to New York City and Washington, DC, by some 40 percent—colliding with the near-universal perception that New York and Washington continue to be the prime targets for prospective terror attacks.  Defending the decision—but without naming the members of the secret committee or the secret calculus from which it was derived—Secretary of Homeland Security Michael Chertoff boasted that the results demonstrated his department’s commitment to rational risk management. “What we have to do,” said Chertoff at a Brookings Institution symposium, “is manage the risk, and that means…evaluate consequence, vulnerability, and threat in order to determine what is the most cost-effective way of maximizing security.”[iv] I. Michael Greenberger, director of the Center for Homeland Safety and Security at the University of Maryland, echoed a chorus of analysts, public officials, and congressional leaders when he told a reporter “the plan doesn’t pass the common-sense test.” [v] Indeed, it demonstrated yet again the counterproductive real-world impact of the reliance on utopian, technocratic concepts of risk, risk assessment, risk management, and risk communication.

The United States has not—in the past eight years at least and arguably since the seeming triumph of Operation Desert Storm in 1991—had a serious national conversation about what kind of ‘security’ Americans want, and at what price.  The lack of a coherent rationale of the full spectrum of risks, costs, and benefits that affect the lives, welfare, and future aspirations of the American people has yielded a relationship between security and economy that is riddled with ironies….

  • Some 90,000 people die every year in the United States from infections they acquire while being treated in a hospital for something else. Most of these deaths are preventable at the relatively small cost of getting hospital personnel to wash their hands. Yet the problem goes largely unattended and unsolved.
  • Some 12,000 people are murdered with handguns every year in the United States. Yet the American people evidently have chosen to accept this loss of innocent life rather than pay the political and social cost of eliminating its cause.
  • Meanwhile, the U.S. government has expended hundreds of billions of dollars—and tens of thousands of battle casualties in the Middle East—on what was formerly called the Greater War on Terror, although only a few thousand American lives have been lost to terrorist attacks in the past 20 years.
  • The infamous al Qaeda attacks of September 11, 2001, took nearly 3,000 lives and destroyed tens of billions of dollars of property. In the wake of Hurricane Katrina, the U.S. Army Corps of Engineers confessed that its failures of construction and management of flood control projects had cost over 1,000 lives and tens of billions of dollars of property losses.[vi]

This is not to say that we should not be concerned about terrorist threats, or that we should not be concerned about natural disasters or medical errors or other risks to lives, health, and property. The problem is that we have not had a comprehensive political dialogue about how we, as people, feel about the broad variety of risks we face and the relative priority we prefer in investing limited resources in doing something about them.

Until DHS recognizes, in practice, that risk analysis, risk management, and risk communication are people problems not engineering problems—making a serious commitment to human-factors based analysis and planning—its mechanistic rituals of 'risk analysis' will continue to yield wasteful, ineffective, and even counterproductive results.

[ii] “No Friend Left Behind: The public demands evacuation plans for people and pets,” AARP Bulletin, May 2006.

[iii] For instance, see David Ignatius, “Taste of the Future,” The Washington Post (February 24, 2006); James Jay Carafano and Alane Kochems, “Security and the Sale of Port Facilities,” Heritage Foundation WebMemo #997 (February 22, 2006).

[iv] Brookings Institution transcript of Chertoff remarks on June 1, 2006.

[v] “Anti-terror funding cut in D.C. and New York,” The Washington Post (June 1, 2006; p. A01).  Ridicule of the UASI allocations was further inflamed by the DHS Inspector General’s report noted above [OIG-06-40 (June 20, 2006)] of egregious flaws in the National Asset Database, which is presumed to be used as a basis for such grant decisions.  The New York Times quoted Sen. Charles Schumer (D, NY): “Now we know why the Homeland Security grant formula came out as wacky as it was…. This report is the smoking gun that thoroughly indicts the system.” [Times, loc. cit. (July 12, 2006).]  “That’s what’s discouraging about this list,” noted Sen. Susan Collins (R, ME), chairman of the Senate Government Affairs and Homeland Security Committee, “It does not seem to represent true targets.” [Transcript, Scarborough Country, MSNBC TV (July 12, 2006).]

[vi] “Katrina Report Blames Levees,” CBS News/Associated Press (June 1, 2006).

Please log in to add your rating.

Votes so far:

3.66666666667
3.6 (12 votes - averaged)
scarpe01
Posted by scarpe01 September 29, 2009 at 09:53AM
I have to agree that this is a real issue and is on MANY fronts. Start with the TSA liquid bans and shoe dances, right on down to this patchwork of laws that we have about driving that seem to mostly just be giveaways to the insurance companies (here in MA, not having the registration paper in the car is not only a violation, its surchargeable on insurance). We have created a world where the government is charged with "keeping us safe" from so many things, that nearly everyone is a criminal of some sort (whens the last time you caught the tail of a red light or went over the speed limit, or violated the Lacey act (would you even know... oh that fish is perfectly legal here but you got it in a country where its not legal so its illegal here... perfectly transparent!))

My point is, we have this patchwork of "protections" from the Federal DHS to the state DMV, yet, when is the last time we really talked about whether or how much of any of this is appropriate use of government powers, or our tax dollars?

LSchreibman
Posted by LSchreibman September 29, 2009 at 10:40AM
I think that it is necessary to differentiate between the risk of an occurrence, people's risk aversion and then people's reactions to risk.

I agree that people do not respond to risk rationally. If they did they would be horrified of getting into an automobile, but happy on an airplane. The fact that people do not respond to risk rationally, is no reason that policy makers should not allocate resources rationally. (For some amusing and perhaps enlightening ways of looking at how ordinary people measure risk see The Unthinkable by Amanda Ripley.)

As a result of people not perceiving risks rationally, it is very important that decision makers are taught to think critically about risk. The following is the type of statement that bureaucrats and elected officials need to be able to make, "I agree that people are far more worried about airplane safety than car safety, but as a policy maker I know that fewer than 1,000 people will die in commercial airplanes this year worldwide, whereas 43,000 Americans will die on the road. Therefore, I am willing to direct funds to researching/implementing policies that improve vehicular safety." It recognizes the social context without ignoring the facts.

The field gets murkier when it comes to acceptable levels of risk reduction and hence the right amount of resources to devote to reducing risks. Here there is not the equivalent fact v. perception. For instance, women generally are more risk averse than men, and hence will likely be in favor of spending more to reduce risk than men. Thus, the notion of a social context is more essential when policy makers look at reducing risks than measuring them.

Then there is the most occluded area of the field, how people will actually react in a risky situation and hence how policies should be set up. Past experience, pets, social network, resources all influence when and how people will evacuate. For instance, learning from Katrina, New York City’s hurricane evacuation plan, which relies heavily on mass transit, allows for the transport of pets. (Pets are not allowed on the transit systems at most times.) There may be no way to “proof” every eventuality, but it is necessary to learn from past experiences.
DHahn
Posted by DHahn September 30, 2009 at 09:38AM
LJPerelman has done a good analysis here, but playing devils advocate here, the DHS risk assessment can take the human factor into account as part of consequence and vulnerability.The problem with some of the examples given as to why this point is important seem to all point towards a desire for more government control and relenquishing of Constitutional rights, something I for one do not agree with.

I concur with LSchreibman in his opinion of Amanda's book, it should be required reading. The problem with the risk analysis of the airplane versus the automobile is control. People have control of the vehicle so feel safer versus being as helpless as a newborn in an airplane.

The Department of Homeland Security has a specific job and is part of a team comprised of federal state and local partners in accomplishing that job. A broad definition of risk can certainly be defined differently at different levels to allow the leeway required to achieve security goals.
cluckhut
Posted by cluckhut October 01, 2009 at 02:36PM
I agree in the sense that we seem to go with knee jerk responses by passing new laws & creating panels or czars to address what ever the problem may be ! What has become painfully obvious to me over the last decade or so is that we truly are reaping the results of turning away from a Judao-Christian heritage which this country was built upon! I thought that's what the War of Independence was about breaking the mold the world had set for government ? Now we seem to be allowing under our very noses the world to dictate to us what we should be! Shame on us many have given the ultimate sacrifice only for us to roll over & let it slip away!
JBrewer
Posted by JBrewer October 02, 2009 at 07:09PM
I believe it is important remember that although this forum is open to public commentary and provides information and ideas to flow to and from public users, its primary mission is to garner commentary that will contribute to or inform policy implementation of the DHS. Given this assumption we should add to this discussion that a key driver for asking for risk framework and methodological commentary is the need for more effective resource allocation. There, of course, are a myriad of variables that go into conceptualizing risk and those concepts must “somewhere down the line” be applied to operational decisions. Very important decisions to be sure. Going from concept to policy to implementation and allocation of resources within the authority and bureaucratic constraints of DHS is a fascinating topic.

Discussion about soft human elements can, as mentioned, can be applied to threat, vulnerability and consequence – human perceptions, emotions and behavior exist within all these topics. I believe any intellectual argument we make must end with well-thought recommendations for improving what has been argued is insufficient.

I have read your paper, Shifting Security Paradigms: Toward Resilience, from George Mason University’s CIP Program Discussion Paper Series (www.resilient.com/download/Research_GMU.pdf). You include some helpful recommendations there but did not include them in your comments here. I think they would add to the conversation regarding approaches to risk assessment – to move from concept to application.

tiggger999999999
Posted by tiggger999999999 October 03, 2009 at 11:06AM
Interesting to say the least. I am note going to rate this formulation. More, I would be more interested in the response of U.N. Secratery Rice and even more so on the opinion of her father on this idea.
Please log in to add comments