July 2010
| 
|
Need Your Own Copy of The Risk Communicator?
|
|
Write for Us
|
| Have you seen a story you would
like to see included in The Risk Communicator? Do you have a research project you want to share with your colleagues? If so, please contact
the newsletter staff at newsletter@sarma.org. |
Legal Matters
|
Copyright 2010
SARMA
All Rights Reserved
Privacy Policy
The views expressed in The Risk Communicator reflect the views of their authors, and do not neccesarily reflect the views of SARMA, the US Government or the employers or clients of the contributors.
|
|
|
President's Corner
|
| Dear Fellow SARMA Members,
Each summer, those of us who live in the Washington DC area are reminded why building a city on ground formerly occupied by a swamp has its drawbacks. For those of you also suffering through the "dog days" of summer, you have my sympathies!
I did get a break earlier in the month, however, when I had the good fortune of spending this July 4th in another unique American city -- St. Louis, Missouri. When you mention St. Louis to people, it usually evokes thoughts of great blues music, barbeque and beer. Of course, there is also the Gateway Arch. Built between 1963 and 1965, the Gateway Arch forms the centerpiece of the Jefferson National Expansion Memorial in the heart of downtown St. Louis. Intended to commemorate the westward expansion of the United States, it is also considered a masterpiece of modern architecture.
Not surprisingly, the grounds of the Gateway Arch are a focal point of the Independence Day celebrations in St. Louis -- with tens of thousands congregating for air shows, free concerts and fire works. I decided to beat the crowds and see this national icon up close on the Friday before the holiday. As I walked past the bollards ringing the site, down into the museum underneath, I passed a bank of dispensers for hand sanitizer before taking the tram ride to the top. From the observation deck, the flood swollen Mississippi River was on full display below me. The juxtaposition of so many of the hazards we face in today's complex world was inescapable.
In the past, we simply dealt with each of these issues as a discrete problem that could be addressed by the application of targeted resources -- one of the luxuries of living in a wealthy nation. Massive flood walls easily contained the swiftly moving waters of the Mississippi that day. No one appeared sick on my tour, and the bollards preventing unauthorized vehicular access to the site did their job. All well and good, I thought to myself, until resource constraints force you to start making difficult choices.
I believe we are nearing that point, and when we truly cross the threshold, the work you do as professional risk management practitioners will become even more important than it already is. Among business communities, sound risk management is already a part of the daily lexicon. In these challenging economic times, it will become vital to ensuring national resilience. In this regard, the work of SARMA in advancing the profession by maintaining the Common Knowledge Base, establishing training and certification programs, and cultivating the next generation of risk management leaders is essential.
I am pleased to announce others see it that way, as well. During the month of July, SARMA welcomed two new Bronze-level Corporate Patrons: Integration Innovation Inc. (i3) and ICF International. They join a select group of companies as SARMA's flagship sponsors in 2010. The work of the Association would not be possible without this generosity -- I hope you will join me in saying thank you, and also take a moment to consider how you, too, can contribute.
My best, Kerry
Kerry L. Thomas
President
Security Analysis and Risk Management Association
|
Events
|
| 4th Annual SARMA Conference Update
The agenda for SARMA's 4th Annual Conference in early October is taking shape and we wanted to share the latest details.
As we reported last month, our major focus this year will be on the convergence between resilience and risk management. During the two-and-a-half-day conference, over 50 presenters and panelists will discuss various aspects of risk and resilience and will provide fresh perspectives on current policy trends and initiatives, and on advances in risk assessment and management methods and practices.
Our six subject tracks this year are as follows:
- Infrastructure Resilience
- Community Resilience
- Cybersecurity Risk & Resilience
- Public Policy for Risk Management & Resilience
- Resilience Standards
- Risk Methodologies & Practices
We have also extended our deadline for submission of speaker proposals until August 15th, so it's not too late to share your insights and expertise. Please see our application guidelines below for details.
The conference will be held in partnership with the George Mason University School of Law's Center for Infrastructure Protection and Homeland Security (CIP/HS) in Arlington VA, starting on Tuesday, October 5, 2010 at 8:30 am and running through Thursday, October 7, 2010 at 12:00 pm.
What is the deadline for abstracts/papers? August 15 for abstracts; September 7 for full papers or slide presentations. What is the length limit for the abstracts?Minimum 250 words; maximum 500 words. Where should the application be submitted?Email to conference@sarma.org. What is the desired format for the application?
Word document (or use the form provided). No more than two pages total, to contain name, presentation title, presentation abstract, an explanation of how conference attendees will benefit from the presentation, plus a biography and contact details. What are your presentation and panel discussion durations this year?We will have shorter presentations than last year: 45 minutes each rather than one hour. Panel duration will be one hour and 15 minutes (1.5 hrs maximum) with a moderator and three to four panelists on each panel, including time for a question-and-answer period. ---------------------------------------------------- Don't miss your opportunity to present at this exceptional forum for collaboration, information-sharing and networking, and to meet and interact with a wide array of practitioners from federal, state and local governments, private industry and academia. Please remember to submit your application to conference@sarma.org no later than August 15th.
|
| Analysis |
| An Operational Framework for Resilience
by Andrew C. Allen
The current variety of perspectives on resilience suggests a need to translate the many associated concepts, constructs, perspectives and approaches into an integrated and cohesive structure. More specifically, there is a need for a practical and policy-relevant framework, including a set of planning guidelines that can be useful both to DHS and to stakeholders at all levels, public and private, in incorporating resilience into our overall efforts to better safeguard the nation. We see this framework as constructed around three interrelated, mutually reinforcing objectives or end-states that shape the approach to resilience: resistance, absorption and restoration.
In the desired resistance end state, the threat or hazard damage potential is limited. Damage mechanisms employed by human threats are interdicted and defeated and those associated with natural hazards are redirected, avoided or neutralized where possible. As a result, the damage potential of the threat or hazard is attenuated, and the actual amount of damage received by the targeted critical system and its key functions is constrained to the extent feasible (including zero damage, if that is achievable).
In the desired absorption end state, consequence effects are mitigated. In general, this means that the effects on quality and functionality generated by damage within the targeted system are swiftly contained and reduced to the extent feasible. Specifically, this means that the targeted system has maintained its structure and key functions in the face of internal and external change and has recovered quickly from damage or disturbance. If system degradation has been unavoidable, then it has only manifested itself slowly and gracefully.
In the desired restoration end state, the targeted system is remediated. Critical systems' degraded key functions are, as feasible and warranted, rapidly reconstituted and reset to their pre-event state in terms of quality and functionality. Damage to critical systems' most vital nodes and pathways has been quickly repaired. Where necessary, the restoration might yield lower, but acceptable, levels of functionality. Furthermore, key functions could be reestablished at alternative sites and with substitute ways and means. This might, where required, improve restored functions or render them more cost effective. Such an outcome would be consistent with the idea that a resilient system or society should be able, when necessary, to rebound to an enhanced state of function.
To achieve the three resilience objectives, ways and means for preventing, protecting, responding and recovering can be combined to create resilience-related capabilities, both active and passive. Such capabilities can work to thwart or limit the damage potential of emerging threats and hazards, contain or deflect the actual damage received by targeted critical systems and their key functions, and remediate that damage. If these objectives are realized as part of applying practical programs to critical systems and key functions, then these systems and functions will reflect resilience features appropriate to their individual needs.
To ensure that capabilities chosen by planners are appropriate to support achievement of resilience objectives, eight key principles of resilience need to be applied. In brief, these principles are: (1) Threat and Hazard Limitation; (2) Robustness; (3) Consequence Mitigation; (4) Adaptability; (5) Risk-informed planning; (6) Risk-informed investment; (7) Harmonization of Purposes; and (8) Comprehensiveness of Scope.
Resilience needs to be planned in advance of systems receiving damage from threats or hazards. Such planning can be challenging, given varied interpretations of resilience and the concept's inherent complexity. Planners should account for the fact that resilience is both broad and deep. It encompasses "hard" systems (such as infrastructure and assets) as well as "soft" systems (such as communities and individuals). Planners should also observe the following key guidelines when addressing resilience. - Work with Complexity: Account for resilience requirements that cut across homeland security missions.
- Account for Interdependency: Appreciate key risk factors both in your operating environments and your broader strategic context.
- Establish Priorities: Understand and prioritize your systems' strengths, vulnerabilities, roles, responsibilities and relationships to ensure efficient resilience solutions.
- Bound the Problem: Bound and scope resilience plans in order to effectively apply solutions and make progress.
- Enhance Coordination: Enhance resilience planning approaches by ensuring that critical infrastructure protection planning connects with and accounts for other homeland security related planning processes.
- Test Outcomes: Test, practice and evaluate planning solutions through reviews and exercises using a full range of scenarios with special attention paid to rehearsing the adaptability inherent in resilience.
A visually direct technique for assisting resilience planners is to establish a "resilience profile" for key functions within critical systems. In examining the performance of a critical function over time, such a profile provides a curve for the function that accounts for a minimum performance boundary (or how far the function can be allowed to degrade) and a latency limit (or how long the function can be allowed to remain in a degraded condition).
The shape of the function curve in the profile accounts for the effects associated with each resilience objectives. This includes how well application of capabilities supporting resistance has attenuated the damage potential of the threat or hazard. It also reflects how well the use of capabilities supporting absorption has contained or deflected any damage encountered. It further shows how well capabilities supporting restoration have succeeded in remediating damage the system, reconstituting and resetting it to the desired condition.
Planners can use resilience profiles as a tool in designing new systems or retrofitting existing systems to enhance their resilience. Understanding the behavior of a critical function over time in relation to a specific threat or hazard enables rational resource allocation to acquire capabilities and approaches for achieving each of the resilience objectives as makes sense depending on the condition of the system hosting the function and the nature of the threat or hazard of interest.
Investment strategies developed using these profiles can identify cost-effective ways and means to incorporate resilience capabilities across the homeland security mission spectrum for a given system. Operationalizing the resilience framework we present above will not be easy. The potential payoff, however, in terms of the enhanced economic, individual and societal security that such resilience provides can be immense.
Mr. Andrew C. Allen is an employee of the Homeland Security Studies and
Analysis Institute (HSSAI), not the Department of Homeland Security
(DHS), and he therefore does not and cannot speak for DHS. The content
of this summary reflects the views of Mr. Allen and the co-authors of
the 2009 HSSAI Concept Paper "An Operational Framework for Resilience"
and should not be construed as a statement of HSSAI's official
perspective on the topic of resilience. The material this summary
references was prepared by the Analytic Services, Inc. under its
contract with the Department of Homeland Security for the operation of
the Homeland Security Studies and Analysis Institute."
|
Key Reports
|
| GAO: Combatting Nuclear Smuggling
A new report from the Government Accountability Office find that, although it previously recommended that the decision to deploy a new radiation detection monitor at ports of entry be "based on an analysis of both benefits and costs, the Domestic Nuclear Detection office proceeded with testing without fully completing such an analysis."
Get the report
DOE: High Impact, Low Frequency Event Risk to the North American Bulk Power System
A joint report from the Department of Energy and the North America Electric Reliability Corporation looks closely at potential risk management approaches to threats to the continent's power system and finds that "sound management of these and all risks to the sector must take a holistic approach, with specific focus on determining the appropriate balance of resilience, restoration, and protection."
Get the report
RAND: Measuring the Effectiveness of Border Security Between Ports-of-Entry
A new report from RAND lists four criteria for judging border security measures: "Sound: the measures reflect what is important; Reliable: the measures are easy to interpret and are difficult to manipulate; Useful: the measures can be feasibly monitored: General: where possible, the measures can be broadly applied to DHS border-security efforts."
Get the report
|
Jobs
|
| NMR Consulting: Senior Risk Officer
NMR Consulting is seeking candidates for a position responsible for developing and managing a risk management program in support of a large government contract involving infrastructure upgrades and enhancements at Ft. Meade, Maryland.
View the notice
NMR Consulting: Senior Risk Officer
NMR Consulting is seeking candidates for a position responsible for moving a project from Northern Virginia to the Ft. Meade, Maryland area. The successful applicant may also support efforts on other contracts.
View the notice
SRA: Security Risk Analyst Position
SRA International Inc. is seeking candidates for a security risk analyst position. The successful candidate will use their experience to plan, organize and carry out analytical studies of complex security risk management problems, as well as plan and implement potential technical or programmatic solutions to those problems.
View the notice
Analyst Position with the Federal Emergency Management Agency (FEMA)
ABS Consulting is seeking a talented professional to provide technical and management consulting services to the federal government, specifically in the area of homeland security risk analysis for grant allocation at FEMA. Education and experience with economics or a related field is a key requirement. An active security clearance is preferred.
View the notice
Corporate Security Analyst Position in Switzerland
SMR Group, an international executive search firm whose global practice is focused exclusively on professional- and executive-level corporate security positions, is seeking candidates for the position of Corporate Security Analyst, located in Switzerland. The Corporate Security Analyst will be responsible for protecting business operations and associates throughout the organization from external threats by the collection, analysis and dissemination of strategic and tactical threat assessments, and production of both analytical and intelligence products designed to support investigations and protective security operations.
View the notice
Risk Analyst Position With Centra Technology
Arlington, VA-based CENTRA Technology, Inc. is seeking talented professionals to provide technical and national security analysis for the U.S. Government, especially in the area of homeland security risk analysis. Successful candidates will perform security risk analysis; threat, vulnerability, and consequence analysis supporting risk analysis; and security risk management. They also will develop, assess, document, institutionalize, and apply risk management processes and methodologies to inform policy and programmatic decisions.
View the notice
|
|
|
|
|
