Select Page

risk_management.pdf

homeland_security_defense_organization.pdf

Don't use plagiarized sources. Get Your Custom Essay on
Homeland Security Research Paper
Just from \$10/Page

key_assets_and_infastructure.pdf

intelligence_support.pdf

Unformatted Attachment Preview

Print view Index of pages
Back
Next
Lessons  WEEK 4: Risk Managment and Homeland Security/Homeland Defense 
Lesson
WEEK 4: Risk Managment and Homeland Security/Homeland Defense
Lesson
If you think about it, almost everything we do involves risk. When one makes a decision to cross the street,
drive a car, use an airplane or take a medicine, they are engaging in risk management. When looking at
homeland security, the concept of risk management continues to carry through.
The Government Accountability Office (GAO) has developed a model for a risk management framework, which is
shown in figure below (GAO, 2008, p. 4). In this framework, one starts with the strategic goal, objectives, and
constraints. Looking back on the material in Week Two’s lesson, one can begin to see the development of this
information. The strategic plans serve to set the goals, objective and constrains that the government has
identified.
The second stage of the risk management model is the actual risk assessment. The basic formula for assessing
risk is that of R = ƒ(T*V*C). In this formula, R is the level of risk and ƒ stands for function. So, if you read just
R = ƒ, it reads “Risk is a function of”. The question now becomes a function of what? The answer is of T, V, and
C taken together. In mathematics, “ƒ” means something is a function of/dependent upon. So, here, it means
that the value of R is dependent upon the values of T, V, and C.
Taking a look at each of the variables, the first identified is that of threat (T). The threat is that event which is
any event which can cause a loss. It is the likelihood that a specific target will suffer an attack or disaster from a
specific weapon. The value of T is normally expressed as a percentage figure that represents the probability of
that particular threat/event occurring. Week one examined some of the threats that are posed to the nation’s
homeland security.
The second variable is vulnerability (V). Vulnerability is basically an assessment of how weak a target is, how
likely it would be for an attack against that target to succeed. A simple example of this would be one’s home. If
a house was built with openings for doors and windows, but no doors or windows were installed, the likelihood
of someone entering that house would be pretty high. As doors, windows, locks, fences, etc. are added to the
perimeter of the house, it becomes increasingly more difficult to gain entry to the house. The house is becoming
less vulnerable to unauthorized entry. A point to take here is that vulnerability can be a general assessment
(how secure is the house) to a more specific assessment (how secure is the house against an attempt to enter
with the use of a pry bar). For this variable, V is normally expressed as a percentage, where 100 percent is a
target that is viewed as not being able to be successfully attacked.
The last variable is consequence (C), which is simply the effect of an attack on a particular target. These effects
could be to the public health, the economy, government action, public confidence in our institutions, loss of life
or any of a number of other items. One of the key issues with consequence is the need to develop a value that
can be representative of all the various outcomes that could arise from a successful attack. The value normally
used to express consequence is that of money, and within the United States that would be a dollar figure.
The equation above is a basic risk equation. The equation can be made more complex to provide the event more
fidelity in the risk value attained. An example of a more complex formula could be something such
as: C (consequence) x T1 (probability an attack will occur) x T2 (probability the attack will use a certain
weapon) x V (probability the attack will be successful) (U.S. Library of Congress, 2005, p. 10).
The next stage of the risk management model is that of Alternative Evaluation. Here one begins to try and
calculate the impact of applying various resources or the impact of other changes, such as stronger doors on the
house, on the variables of the risk equation discussed previously. This is a complex endeavor as exact
relationships are often not readily apparent. How much does the addition of one police vehicle reduce the
probability of a terrorist attack?
Once an understanding has been made of how various alternatives can impact the risk equation, there comes
the need to determine which of the alternatives to employ. This is what the GAO model refers to as the step of
Management Selection, which is how one will allocate and employ their resources. Closing the loop on the risk
framework model is the need to implement the actions identified from the management selection step. This
could be the hardening of a target, increased resources applied to deter and detect activities, changes in the
environment or structure that seek to mitigate consequences or any of a number of other actions. The key in
this step is that one must have a method to gauge the effectiveness of the change that was implemented and
how that change has impacted the final risk valuation. Hopefully, in the management selection phase metrics
were used to identify the selection of the change agent and those metrics can be applied at this stage. However,
the other element is to how that change has impacted the ability of the organization to achieve its strategic
goals and objectives. This last action leads one back to the start of the risk management model and the cycle
repeats.
Adding to all of this is the human element as risk analysis becomes a more complex endeavor when the human
element is injected, because of the nature of the psyche of the human being – as a collector, as an analyzer, as
a promulgator, and as a reactor to intelligence info. It is interesting to look and see what a people or population
will do in the face of an actual attack. Remember, the bad guys want to engender fear. And fear of the unknown
is one of their most affected tactics. When the unknown becomes known, most people can deal with it. Through
a good risk management program there is the ability to convey factual information that can help people make
more informed opinions as well as having a system that can respond to changes in the threat.
As a closing discussion, there is the need to explore the earlier observation on measuring consequences. As
stated, the use of dollar amounts tends to provide a common denominator for this measure, but it brings with it
the controversy of the value of a human life. There are some who would say that you cannot measure the value
of a life and what I am going to tell you is that private industry and government have been putting dollar figures
on the value of a human life for a long time. As individuals, we have all made a determination on the value of
life when we elect to accept a higher degree of risk rather than pay for additional safety features in our cars,
houses, etc. The issue is that society has limited resources and it must maximize the benefit of each dollar
spent (Brannon, 2004). To do this, a value is placed on life and trade-offs made to minimize the loss of life by
addressing the greatest risks with the resources available.
References
Brannon, Ike. (2004). What is a life worth? Regulation 27(4), 60-63.
Taquechel, E. F. & Lewis, T. G. (2016, September). More options for quantifying deterrence and reducing critical
https://www.hsaj.org/articles/12007
U.S. Government Accountability Office. (2008). Strengthening the Use of Risk Management Principles
http://www.gao.gov/assets/130/120506.pdf
U.S. Library of Congress. Congressional Research Service. (2005, February 4 ). Risk Management and Critical
Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and
Consequences, by John Moteff. CRS Report RL325621. Washington, DC: Office of Congressional
BACK
NEXT
Print view Index of pages
Back
Next
Lessons  WEEK 2: Homeland Security/Homeland Defense Organization  Lesson
WEEK 2: Homeland Security/Homeland Defense Organization
Lesson
In 2002, the Homeland Security Act created the Department of Homeland Security (DHS). The Homeland
Security Act has, as a most noble cause, securing the homeland against terrorists. Interestingly, the Act
contains no definition of the term “homeland security.” As was discussed in last week’s lessons, the lack of a
singular definition continues to exist. As with most things, when one lacks a clear definition, there can be
problems in meeting expectations or executing a plan. As was stated last week, “. . . policy makers continue to
grapple with the definition of homeland security” (U.S. Library of Congress, Congressional Research Service,
2012, p. 1). In their quadrennial review, DHS defined homeland security as “. . . concerted national effort to
ensure a homeland that is safe, secure, and resilient against terrorism and other hazards where American
interests, aspirations, and way of life can thrive” (U.S. Department of Homeland Security, 2010, p. 13). The
issue here is that absent a formal legal definition, DHS has, at times, taken a more inclusive view that may
dilute its focus and adversely impact the organization (Kettl, 2007).
Donald Kettl (2007) observed that “Designing and managing an effective homeland security system poses many
difficulties, and the consequences of failure can be dire” (p. 22). When an organization is created, it can be
structured as one that responds to past, present, or future operating environments or some combination of
environments. Regardless of the operating environment elected, organizations are designed with the intent that
they will enhance the efficiency and effectiveness of those organizations. However, while there may be no one
best way to organize, not every way of organizing is equally effective (Scott, 2003, p. 96).
As noted above, organizational structure is created to maximize the efficiency and effectiveness of the
organization. To achieve this, an organization must have a clear understanding of its mission. In the case of
DHS, The Homeland Security Act of 2002 identified the primary missions of the Department as those of (1)
preventing terrorist attacks, (2) reducing vulnerability to terrorism, (3) minimize damage and aid in recovery
from terrorist attacks, (4) carry out the functions of agencies transferred to the department in regards to natural
and manmade crisis and emergency planning, (5) ensure the Department executes the functional
responsibilities of the agencies transferred to it, (6) ensure that efforts to secure the homeland do not impact or
diminish the economic security of the nation, and (7) monitor connections between drug trafficking and
terrorism and contribute to the efforts to interdict illegal drug traffickers. These legislative missions have been
interpreted in DHS’ strategic plan as being the missions of (1) preventing terrorism and enhancing security, (2)
securing and managing our borders, (3) enforcing and administering our immigration laws, (4) safeguarding and
securing cyberspace, and (5) ensuring resilience to disasters. Are the legislated missions the same as those
identified by the Department?
Adaptive organizations seek to build an organizational structure that is responsive and aligned to succeed in
future worlds, regardless of what that future world may be. The course objective over the next few weeks is to
hone your skills to interpret, analyze, evaluate and make inference of ill-defined homeland security issues and
problems. Understanding these issues and problems will provide you with a better understanding of the
environment that comprises the area of homeland security and better allow you to assess the organizational
effectiveness of DHS.
Linda Kiltz noted the concept of viewing homeland security through different lenses. The first lens is viewing
terrorism as a crime and the lens is the criminal justice system. The second lens is that of viewing terrorism as
an act of war; therefore, the lens is one of international relations. The third lens is terrorism is a network that
gives a focus on the issue of organizational design
gives a focus on the issue of organizational design.
Looking at the homeland security organization, one could take the view that the Department of Homeland
Security is the entity being talked about and that would be true to a large extent. However, the nation’s
homeland security organization is really a compilation of individual nodes that are joined together as a network
organization, providing a diverse suite of capabilities to counter the myriad threats posed. In DHS’ (2014)
quadrennial report, the Department identified 33 distinct stakeholders or groups of stakeholders, ranging from
other government agencies to communities. If you view these stakeholders as a network, DHS would be the
core of the network. As the core, they provide operational capabilities; sponsor or conduct research and
development; establish rules, regulations, policy and other strategic guidance documents; and funding, through
grant programs, to aid state and local agencies in enhancing their homeland security capabilities.
A group of stakeholders DHS identified as key to providing for the nation’s security are those of private industry
setting roles and responsibilities for owners and operators of critical infrastructure, major and multinational
corporations, and small businesses. Understanding the role of the private sector in homeland security efforts is
vital to understanding how the nation can be made more secure. The government has noted that approximately
85% of the nation’s critical infrastructure is privately owned. It likely is really is not much different then where
you live. In your community, you have government provided services from police, fire, streets, water and the
like. However, the stores you shop in, the vehicles on the road, the security system on your home are all private
enterprise. Just like the local community you live in, the national community must work together to provide for
the collective security of the community. In 2015, President Barack Obama released the National Security
Strategy in which he combined the objectives to integrate the various security components to create a unified
plan.
These challenges and issues in the homeland security organization demonstrate impact on the environment on
shaping policy and better allow you to assess the organizational effectiveness of DHS.
References
Homeland Security Act of 2002. Public Law 107-296. U.S. Statutes at Large 116 (2002): 2135. Codified at U.S.
Code 6 (2003), § 101 et seq.
Kettl, D. F. (2007). System under stress: Homeland security and American politics. 2nd ed. Washington, DC: CQ
Press.
Scott, W. R. (2003). Organizations: Rational, natural, and open system. 5th ed. Upper Saddle River, NJ: Prentice
Hall.
U.S. Department of Homeland Security. (2014). Quadrennial homeland security review report: A strategic
framework for a secure homeland. Washington, DC: Government Printing Office.
BACK
NEXT
Print view Index of pages
Back
Next
Lessons  WEEK 5: Critical Infrastructure, Key Resource and Cyber Security  Lesson
WEEK 5: Critical Infrastructure, Key Resource and Cyber Security
Lesson
Over the next few weeks, the focus of the class will be on identifying the key components of critical
infrastructure protection and key assets, border and cyber security, incident management and emergency
management. The readings this week focus on the areas of critical infrastructure and key assets, and cyber
security.
Critical Infrastructure
What is a critical infrastructure? It is defined as anything, physical or virtual, so vital that its incapacitation,
exploitation, or destruction, through terrorist attack, could have a debilitating effect on security and economic
well-being (U.S. President, 2003, p. 1). The Homeland Security Presidential Directive (HSPD) – 7 is the essential
services that underpin American society. The Nation possesses numerous key resources, whose exploitation or
destruction by terrorists could cause catastrophic health effects or mass casualties comparable to those from the
use of a weapon of mass destruction, or could profoundly affect our national prestige and morale. The critical
infrastructure of the U.S. is set forth in the National Infrastructure Protection Plan which identifies eighteen
sectors within the U. S.
The security of America’s critical infrastructure requires the partnership of the public and private sectors. In fact,
it requires a whole-of-community approach. The use of a government only approach ignores that 85% of the
Nation’s critical infrastructure is owned or operated by the private and non-profit sectors (Executive Office of the
President, 2007, p. 4). This fact likely influenced former Secretary of the Department of Homeland Security,
Michael Chertoff, who observed that a government only approach to preserving CI/KR was not as desirable as
that of making the business community an equal partner in the effort (Chertoff, 2008).
Even employing a whole-of-community approach to identifying and hardening targets against a terrorist attack,
there are certain lessons that have been learned, one of which is that some targets are inherently difficult to
harden. There is a twofold reason for this: first, there are so many of them, and; second, they are so accessible
(meaning that people can get into and out of them very easily, not merely get to them easily). In other words,
forget about making every single one of these targets hardened to the point where they could absolutely,
positively, guaranteed, stop 100% of the possible terrorist attacks using 100% of all weapons available. What
you CAN do is making the target APPEAR to be hard to such an extent that it deters a particular attack on a
particular location. Knowing that the community will not be able to protect the Nation’s critical infrastructure
against all attacks, the government’s strategic plans call upon the community to engage in activities that “. . .
reduce or eliminate long-term effects to people and their property from hazards and to respond to and recover
from major incidents” (U.S. President, 2010, p. 18). The next section will talk to this concept of resilience.
In the past century in this country, there has been a very definite move for people to move closer to other
people. The result has been a concentration of the population. In fact, almost half of the population lives in only
nine states. And, in terms of infrastructure, that infrastructure has also become just as concentrated. This is
bad, per se, but rather a logical attempt to move the infrastructure as close to the population centers as
possible. Some of the figures are rather startling. 6.8% of all community water supplies serve 45% of the
population and the proportions are similar for wastewater treatment systems. Of 225 petroleum refineries, 54%
are located in only four states – Texas, California, Louisiana, and Pennsylvania. Of 2,776 electric power plants,
51.4% are located in 11 states. What this all means is that there are some very lucrative infrastructure targets
for terrorists and increase the vulnerability to attack. Therefore, our homeland security effort must include plans
y
,
y
p
to recover if a critical infrastructure is attacked.
Resilience
The ability to recover from an attack and optimize the community’s operations during a disaster is part of what
the concept of resilience aims to provide our communities. What is resilience? “Presidential Decision Directive –
8” defines resilience as “. . . the ability to adapt to cha …