"The first responder capacity built in the Nation with grant funds is undeniable. Unfortunately, there is no assessment in place that clearly demonstrates the Nation's readiness posture and what gaps in capability remain. A lack of a demonstrable measure of effectiveness has made funding to build readiness capability susceptible to reductions."

SARMA's 5th Annual Conference, held earlier this month at George Mason University School of Law's Center for Infrastructure Protection and Homeland Security, marked the continuation of a growing tradition of insightful exchanges, though-provoking keynote addresses, and valuable opportunities for professional networking.

Over the next few months, The Risk Communicator will highlight some of the key panel discussions and speeches from the conference. This month, we take a closer look at the question of adaptive adversaries: how can risk planners anticipate and respond to the tactical and strategic moves of terrorist adversaries in response to defensive adaptation, and how can risk modeling help?

Panel participants: Rich Adler of DecisionPath, Tony Barrett of ABS Consulting, and Barry Ezell of Innovative Decisions.

Rich Adler began the discussion of adaptive adversaries by highlighting its role in the work DecisionPath is doing for the Coast Guard with the Dynamic Risk Management Model (DRMM). "Our core focus is risk-informed allocation of resources," Dr. Adler explained. "We're working with the Coast Guard, they have a risk analysis model [MSRAM] which takes that risk analysis data and uses it to make resource decisions. We use scenario-based, what-if simulations and we project forward that if we make these investments how is it going to reduce costs and how is it going to reduce risks."

The DRMM model relies on a number of key premises, according to Dr. Adler, most importantly the assumption that "the adversary is adaptive to change in our defensive strategy." But the environment is key as well, as the Arab Spring has shown by putting al-Qaeda on the defensive. Not that the adversary responds immediately, Dr. Adler said, but a stimulus-response action forces him to go through a "portfolio-based quasi-rational decision-making process." Thus, DRMM responds to changes in the Coast Guard's defensive posture by changing the value of various threat components. If the number of boat patrols is increased at a particular port, for instance, then the value of a single-boat attack decreases but that of a multiple-boat attack increases.

Nevertheless, because making judgments about the adversary's thinking process is inherently subjective, Dr. Adler emphasized that DRMM is a tool for thinking things through but not a predictive model. "We try to develop plausible responsive strategies and what would be the impact of counter-response. But our efforts are not predictive: we don't have the data or science to do prediction in any hard-core sense."

Tony Barrett of ABS Consulting continued the discussion by noting the importance of developing mathematical models for adversaries' options. While more labor intensive, random utility modeling and probabilistic inversions can, in combination, "do elicitations scaling up or down depending on resources available and level of detail required." Utility models, Dr. Barrett explained, can provide information on the relative attractiveness of various attack scenarios as well as partial rankings of potential targets. For instance, if one has 50 possible target cities, one can rate a limited selection of them and provide partial data for those that share similar characteristics.
   
Barry Ezell of Innovative Decisions wrapped up the panel by pointing out that modeling adaptive behavior has a long history pre-dating the terrorism age, most notably in such efforts as conventional and nuclear force modernization projects. Nevertheless, terrorism poses a unique challenge in the lack of reliable data about the adversaries' capabilities and intentions, and so it is important to "use lots of different disciplines to capture them and understand their influences" by using plural models and aggregating across models. A next-generation systems engineering approach, he said, will be critical to handling the varied streams of data necessary to arrive at reliable judgments about adaptive adversaries.   

8th Annual RMIA Conference

The Risk Management Institution of Australasia (RMIA) will be holding its annual conference 20-22 November 2011 in Melbourne, Australia. As in years past, the event promises to offer insightful and groundbreaking discussion of risk management and security analysis, with lectures and roundtables from the industry's leading professionals. Highlights include:

• CPRM masterclass: climate change & managing the implementation of the Australian Government's carbon tax.

• Corporate risk managers roundtable.

• Risk policy forum on Australian & international standards, policies & guidelines.

• Chief Risk Officer forum: the major challenges facing Chief Risk Officers -- what keeps them awake at night?

• Insurance market update: does the insurance market have the capability to fund future business needs?

• Young risk professionals forum.

• Women in risk management forum.

For more information, please visit the RMIA Conference website.