May 2010
| 
|
Need Your Own Copy of The Risk Communicator?
|
|
Write for Us
|
| Have you seen a story you would
like to see included in The Risk Communicator? Do you have a research project you want to share with your colleagues? If so, please contact
the newsletter staff at newsletter@sarma.org. |
Legal Matters
|
Copyright 2010
SARMA
All Rights Reserved
Privacy Policy
The views expressed in The Risk Communicator reflect the views of their authors, and do not neccesarily reflect the views of SARMA, the US Government or the employers or clients of the contributors.
|
|
|
President's Corner
|
| Dear Fellow SARMA Members,
I would like to take this opportunity to alert our members and friends that SARMA has made several significant changes and additions to its schedule of events for 2010.
Most importantly, our Fourth Annual Conference has been moved from mid-June until the fall. This change was necessitated in part by the seven-week postponement of our February 10th conference on information-sharing and risk management that came as a result of the Washington area's unusually severe winter weather. This unforeseen delay required the continual focus of those same individuals who would otherwise have been hard at work on the annual conference.
The decision to move the annual conference was also prompted by a number of exciting new opportunities to expand SARMA's involvement in a dialogue with the US government on several fronts, including the emerging but still vaguely understood issue of resilience as it applies to the management of security risk. One of the corresponding elements of this expanded activity is a newly scheduled one-day conference on Resilience and Risk Management, to be held in conjunction with the George Mason University Center for Infrastructure Protection and Homeland Security in Arlington, Virginia, on what would have been the third and final day of our annual conference: June 17th.
This important new event will focus on the convergence of public and private sector homeland security risk management interests as an essential means of achieving a higher level of national resilience. The symposium will approach this topic in two distinct ways: - A public forum addressing current perspectives, standards development efforts and selected case studies; and
- A subsequent focused conversation among government, industry, and academic thought leaders.
Through a series of speakers, panels and selected case studies, the public forum will provide attendees with a better sense of current government, academic and private sector perspectives; discuss relevant policy perspectives and standards development efforts; and show how public and private sector interests can be collectively served through real-world examples. You can view a draft of the conference agenda here. Or register directly for this important event here.
The exact dates and details of our Fourth Annual Conference are currently being finalized, and I will be sharing those with you very soon. Moreover, SARMA plans to maintain this expanded schedule of events into 2011 and beyond as we continue to play a growing role in a variety of important local, regional, national and international dialogues involving security analysis and risk management. In the meantime, we certainly look forward to seeing you at one or both of this year's remaining events.
In addition to establishing these public forums, SARMA was also recently asked to partner with GMU in submitting a bid to form the U.S. Department of Homeland Security's newest Center of Excellence (COE). The new COE will focus on research and education in risk studies, economics and operations research as they relate to terrorism and other hazards. Decisions on the winning bid are expected later this summer -- more to follow!
Lastly, the deadline for nominations for the SARMA Board of Directors has been extended through May 31st. Because the Board was recently expanded from nine members to 11, a total of six seats are up for election this year. While your Nominating Committee has identified a number of excellent candidates, anyone who is interested in serving or nominating someone to serve is encouraged to contact us. To learn more or submit a nomination, please email us at nominations@sarma.org.
My best,
Kerry
Kerry L. Thomas
President
Security Analysis and Risk Management Association
|
News
|
| FEMA Emphasizes Resilience and Regional Empowerment in Latest Administrator's Intent Report
Strengthening the nation's resilience to attack or disaster will be the first priority of federal emergency responders, Federal Emergency Management Agency chief W. Craig Fugate announced in his latest Administrator's Intent report. The report, which was released in late February, is intended to provide budgeting and programming guidance to FEMA administrators for fiscal years 2012-2016. The decision to prioritize resilience marks the latest in a series of efforts to elevate the concept as a key objective in homeland security planning.
Resilience -- society's ability to withstand and rebuild after a catastrophic event -- emerged as a key goal in DHS's recent Quadrennial Homeland Security Review, which listed "ensuring resilience to disasters" among its top five critical missions. More specifically, it charged the homeland security community to mitigate hazards, enhance preparedness, ensure effective emergency response and improve the nation's ability to recover.
The FEMA Administrator's Intent builds on the QHSR by providing further details about how the agency will comply with the mission in the years ahead. Beginning with the overarching principle of "regional empowerment," the report emphasizes "the idea that the Regional offices must have the staff, funding, and other resources required to implement FEMA programs." The intent, Mr. Fugate said, "is to continue pushing responsibility, authority, and resources to the Regions to enable them to be FEMA's implementers, while Headquarters will focus on developing the guidance and obtaining the resources necessary for the Regions to implement FEMA's programs (i.e., 'rules' and 'tools')."
All of this, Mr. Fugate noted, requires "proactive engagement" with local communities and stakeholders on the ground. At the same time, national planners must be willing to share responsibility as well, an effort that not only integrates local groups and governments but also incentivizes them to be proactive and self-reliant in a crisis. "Local communities must become fully integrated members of the team in making security and emergency management-related decisions to reduce vulnerability and mitigate risk," he said. "By becoming active team members in resilience building efforts, our citizens and our communities will become more capable of collective self care in times of crisis."
Because the Administrator's Intent is a budgeting and planning document, finding objective measures for success in implementing these plans is also a key goal, Mr. Fugate noted. "FEMA intends to deliver consistently substantive and excellent emergency management outcomes, not simply a statistically polished report on process that loses sight of the intent of performance metrics." The metrics -- or high performance priority goals -- to be used include the percentage of shipments correctly delivered; the percent of disaster households able to be temporarily housed within 60 days; and the percent of respondents reporting they are better prepared to deal with disasters and emergencies as a result of training.
|
|
Analysis |
| Unwrapping the Terror of Terrorism
by Ben Sheppard
One objective of terrorism is, as the name clearly implies, to cause terror. The recent failed car bombing incident in New York City is a reminder that attackers seek not just to kill and maim but to bring terror to the streets.
But to what degree is the terror generated by terrorism an effective tool of political coercion? Addressing this requires a detailed understanding of the effects of terrorism, the amount of societal resilience, and the status of measures that augment societal resilience.
Disorientation of the targeted populace is often a main objective of terrorist organizations. In the extreme, a climate of fear caused by terrorism could lead to a closure of society wherein the mere threat of further violence triggers social upheaval and a failure of confidence in the government's ability to maintain public order. Achieving disorientation requires terrorists to instill a fear of uncertainty about the location and timing of the next, inevitable, attack. Even when the populace is not prone to panic, a common consequence of disorientation is avoidance behavior to reduce the perceived risk of succumbing to another attack.
Avoidance behavior can be divided into two categories. The first contains behaviors that have benign effects on the well-being of individuals but have consequences for the local and national economy. This includes, for instance, individuals being less willing to commute to areas previously attacked or refusing to use transportation systems previously targeted. For example, following the 2005 London bombings there were 30 million fewer journeys than expected on the London Underground for that year.
The second category is adverse changes in behaviors and attitudes that are detrimental to the well being of individuals and those around them. During the 2001 anthrax attacks, many Americans needlessly sought prescriptions for antibiotics. While taking unnecessary antibiotics may have alleviated psychological stress in some, the practice may also have contributed to ongoing concerns about antibiotic resistance.
Understanding how societal factors influence disorientation and avoidance behavior requires turning to the field of risk analysis.
Risk Perception
Risk perception helps shed light on how societies respond to the threat of terrorism and the level of disorientation that may occur as a result. It aims to understand why individuals perceive certain risks and activities to be more or less risky than statistics suggest. This in turn provides a basis for improving dialogue with the public (i.e., risk communication) prior to, during and after an attack. Where the perception of risk is greater than the actual risk, individuals tend to overreact despite evidence and reassurances by experts that a particular risk is minimal or unlikely.
Risk Communication
Risk communication is critical to reduce avoidance behaviors, as it can reduce fear and anxiety and elicit desired behavioral responses. For example, after a business or shopping district has been decontaminated and declared safe following a chemical or radiological attack, risk communication could tackle the challenge of workers, customers and businesses believing the perceived risk of re-entering the area may be too great despite assurances of being safe to do so. Government leaders and spokespeople need to have an understanding of the fundamentals of risk communication and of demographic challenges.
Social Amplification of Risk
The social amplification of risk framework recognizes the importance of how social institutions and structures process and respond to risk. The extent of behavioral changes in response to a terrorist threat can be exacerbated -- or reduced -- by how authorities and institutions behave. The effectiveness and capacity of first responders in treating the injured, the ability to provide protection from further attacks, and the effectiveness of communication are just some examples that can influence people's threat perception. For instance, the slow and inadequate emergency services response to the 1995 sarin attack on Tokyo's metro system served to heighten fear and anxiety among those who had been contaminated. At some stations commuters had to flag down cars to ferry the injured to hospital. At one hospital, 80 percent of victims arrived in non-medical vehicles.
Terrorism is a psychological mind game. Understanding how citizens frame risk and act on their perceptions leads to enhanced resilience. If we do not know how the public responds to terrorism in the first place, developing an effective response will be altogether more difficult.
Ben Sheppard is the author of The Psychology of Strategic Terrorism: Government and Public Responses, published by Routledge (2009) and available in paperback. He is an Adjunct Fellow of the Potomac Institute for Policy Studies, Professorial Lecturer at George Washington University, and a Senior Associate at the Institute for Alternative Futures.
|
Events
|
| Risk Management and Info-Sharing Conference -- Part II
On March 30th, SARMA and the George Mason University Center for Infrastructure Protection and Homeland Security co-hosted a conference on The Relevance of Risk Management and Information Sharing to Homeland Security. In the April edition of The Risk Communicator, we presented a summary of the morning panel discussions and presentations. This month we recap the afternoon sessions.
Panel III: Information Sharing
Moderator: Phil Lacombe, President and Chief Operating Officer, Secure Mission Solutions; Board Chairman, SARMA
Panelists: Nathan Sales, Professor, George Mason University School of Law; Kevin F. McCrohan, Professor, George Mason University School of Management; Stewart Baker, Former National Security Agency General Counsel and Former Assistant Secretary (Under Secretary) for Policy, Department of Homeland Security
Dr. McCrohan opened the discussion by providing a tactical perspective on information sharing. The quicker actionable information moves through the system, the more successful the homeland security enterprise will be in developing the proper response. He noted that the private sector generally reacts faster than the public sector, and stressed the need for training to clarify the importance of information sharing and speed communications.
Mr. Baker provided a historical overview of poor communications between the various intelligence agencies, noting that matters had greatly improved since September 11. However, he pointed out that walls that had come down in recent years were slowly being rebuilt, most notably by a Justice Department attempting to try suspected terrorists as criminals. Mr. Baker emphasized the importance of senior leadership compelling agencies to continue the hard work of breaking down communications barriers and preventing their reestablishment.
Mr. Sales echoed the panel's belief that, despite some successes over the past decade, information-sharing continues to face significant obstacles. Jostling between agencies for influence over decision-makers has created a zero-sum game, he said, with military and civilian intelligence agencies worried other agencies free-riding off their work and then getting credit for intelligence breakthroughs. Agencies' self-image as autonomous entities, he said, has created a defensive bias against outside interference that encourages a turf warfare mentality.
Panel IV: Lessons Learned
Moderator: Jack L. Johnson, Principal, PricewaterhouseCoopers
Panelists: John Paczkowski, Vice President for Emergency Management, ICF International; Executive Vice President, SARMA; George W. Foresman, Former Under Secretary for Preparedness, Department of Homeland Security; Director, SARMA; Phil Lacombe (see above); Tina Gabbrielli, Director of Risk Management and Analysis, Department of Homeland Security
Mr. Paczkowski noted that information sharing during crisis response and disaster operations remains a significant problem. The absence of a common architecture and continued challenges in implementing interoperable voice and data systems and interagency protocols makes it difficult for states and localities to develop a common and relevant operating picture and interface effectively with federal agencies to achieve essential collaboration and unity of effort. With so many different channels of communication, he said, information overload sets in and the system can slowly becomes unsustainable in a major multi-jurisdictional crisis. Mr. Paczkowski said that stronger Federal support is needed to develop a unified national architecture and common standards for operational decision-making in crisis situations.
Picking up the discussion from the earlier panels, Mr. Foresman agreed that effective risk management required improved information-sharing, but he also pointed out that information-sharing itself requires benchmarks by which progress can be measured. The issue, he said, is not what needs to get done but how it gets done. He pointed out that planners sometimes overemphasize theory at the expense of practical results, and he emphasized the need for generalists to understand the homeland security enterprise in proper context and from a broader perspective.
Mr. Lacombe took a slightly different approach to the issue, arguing that information-sharing is not a problem/solution issue but a deep-seated cultural one. Back in the mid-1990s, he pointed out, few people even in government talked about homeland security on a daily basis. While this has since changed, many old attitudes remain, he said, calling for improved public education about the importance and role of the nation's homeland security posture. Like many of his colleagues on the day's panels, Mr. Lacombe also emphasized the need for metrics able to gauge success in information-sharing.
Closing out the discussion, Ms. Gabbrielli provided an overview of what DHS has learned about the value of information sharing and risk management and what the Department is doing to achieve both. The recent Quadrennial Homeland Security Review emphasized the importance of risk management to inform strategic, policy and budgeting decisions and called for the development of a homeland security national risk assessment. Ms. Gabbrielli discussed what the Department is doing to establish an integrated approach to risk management, including building a common lexicon, developing guidelines, creating risk data information sharing systems, and building partnerships. These efforts are intended to create a shared understanding of homeland security risk and ensure unity of effort across the homeland security enterprise.
|
Key Reports
|
| GAO: Ongoing Challenges Impact the Federal Protective Service's Ability to Protect Federal FacilitiesIn this recent report, the Government Accountability Office finds that the Federal Protective Service's "ability to use risk management to influence the allocation of resources is limited because resource allocation decisions are the responsibility of [the General Services Administration] and tenant agencies -- in the form of Facility Security Committees (FSC) -- who have at times been unwilling to fund the countermeasures FPS recommends."
Get the report
GAO: DOD Needs to Take Actions to Enhance Interagency Coordination for Its Homeland Defense and Civil Support Missions
The Government Accountability Office finds that, while the Department of Defense "has a number of strategy, policy, and guidance documents related to interagency coordination for its homeland defense and civil support missions [...] DOD entities do not have fully or clearly defined roles and responsibilities because key DOD documents are outdated, are not integrated, or are not comprehensive."
Get the report
Lumension: Federal Cyber Security Outlook For 2010
A survey of more than 200 federal IT decision-makers finds that three-quarters of those working in defense and security offices expect a cyber-attack by a foreign nation in the next year. One-third of the same respondents told Lumension they had experienced a cyber-attack in the previous year.
Get the report
|
Jobs
|
|
SRA: Security Risk Analyst Position
SRA International Inc. is seeking candidates for a security risk analyst position. The successful candidate will use their experience to plan, organize and carry out analytical studies of complex security risk management problems, as well as plan and implement potential technical or programmatic solutions to those problems.
View the notice
DHS: Six Analyst Positions Open at RMA
The Office of Risk Management and Analysis (RMA) has six vacancies for Management and Program Analysts at the GS-11/13 grades.
View the notice
Analyst Position with the Federal Emergency Management Agency (FEMA)
ABS Consulting is seeking a talented professional to provide technical and management consulting services to the federal government, specifically in the area of homeland security risk analysis for grant allocation at FEMA. Education and experience with economics or a related field is a key requirement. An active security clearance is preferred.
View the notice
Corporate Security Analyst Position in Switzerland
SMR Group, an international executive search firm whose global practice is focused exclusively on professional- and executive-level corporate security positions, is seeking candidates for the position of Corporate Security Analyst, located in Switzerland. The Corporate Security Analyst will be responsible for protecting business operations and associates throughout the organization from external threats by the collection, analysis and dissemination of strategic and tactical threat assessments, and production of both analytical and intelligence products designed to support investigations and protective security operations.
View the notice
Infrastructure Analyst Position With the Las Vegas Metropolitan Police Department
The Las Vegas Metropolitan Police Department is seeking candidates for a senior analyst position with their Critical Infrastructure Protection program. Incumbents perform complex and extensive analytical work, formulate recommendations with important policy and operational implications, and/or audit and oversee significant programs, including grant management, in support of senior
management staff. In this position incumbents will oversee the Critical Infrastructure Protection program, which will
require traveling nationally and throughout the state.
View the notice
Risk Analyst Position With Centra Technology
Arlington, VA-based CENTRA Technology, Inc. is seeking talented professionals to provide technical and national security analysis for the U.S. Government, especially in the area of homeland security risk analysis. Successful candidates will perform security risk analysis; threat, vulnerability, and consequence analysis supporting risk analysis; and security risk management. They also will develop, assess, document, institutionalize, and apply risk management processes and methodologies to inform policy and programmatic decisions.
View the notice
|
|
|
|
|
