Upload
global-risk-forum-grfdavos
View
239
Download
1
Embed Size (px)
Citation preview
Managing the Unimaginable:Lessons from Terrorism Security and
Disaster Response Planning
Henry H. WillisJune 2, 2010
International Disaster and Risk ConferenceDavos, Switzerland
2
Terrorism Security and Disaster Response Involve Many Different Activities
Protecting Emergency Responders
Inspecting Containers
Countering MANPADs
Defending Infrastructure
Improving Public Health Preparedness
3
Benefit-Cost Analysis Is a Standard Way of Assessing Whether Activities Are Justified
Risk Reduction > Cost
Benefit > Cost
Risk Before Effort – Risk After Effort > Cost
4
Assessing Terrorism Risk and Risk Reduction Requires Answering Difficult Questions
• Where, when, and how will terrorists attack?
• Do countermeasures deter terrorists?
• Do terrorists shift to different targets or types of attacks?
• How long will terrorists be unable to circumvent security?
• How catastrophic will consequences be?
5
Container Security Policy Provides Examples of How Analysis of These Issues Can Guide Security Policy
• How does container inspection contribute to national security?
– Used game theory to assess radiation detection?
• Are investments in inspection technologies justified?
– Used cost-benefit analysis to assess container scanning using radiography
6
Containerized Shipping Helps to Drive the U.S. Economy
• 25% of U.S. exports and imports by value
• $500 billion worth of goods annually
• More than 12 million containers annually
7
Container Shipping System Reaches Acrossthe Entire United States . . .
8
… and the System Moves Quickly
9
Port Security Uses Many Approaches toPrevent Nuclear Terrorism
• Deploying radiation portal monitors
• Using handheld detectors
• Developing advanced detector systems
• Considering role of retaliation in security posture
10
Game Theory Provides Insights Into How Detection Technologies Contribute to Deterrence
• Analysis assumes that terrorist decisions based on terrorist perceptions of:
– Benefits of a nuclear attack (V)
– Consequences of retaliation (Sa and Fa)
– Cost of an attack (Ca) and number of weapons (M)
– Number of containers inspected (n)– Effectiveness of detection technologies (p)
• How do defender choices (n, p, Sa, and Fa ) influence a terrorist seeking to maximize their expected utility?
Source: Bier et al 2010
11
Analysis Suggests That Detection Capability Alone Cannot Reliably Deter a Nuclear Terrorist
Assumes:• Terrorist group
strongly prefers intended target
• Defense policy specifies retaliation only following a successful attack
• Terrorists only have a single weapon
Source: Bier et al 2010
12
However, Detection May Deter When Paired With A Strong Policy of Retaliation
Assumes:• Terrorist group
strongly prefers intended target
• Defense policy specifies retaliation following a successful or failed attack
• Cost of weapons is less than $1 billion
But Are These Investments Like This Worthwhile?
Source: Bier et al 2010
13
Container Security Policy Provides Examples of How These Approaches Can Guide Security Policy
• How does container inspection contribute to national security?
– Used game theory to assess radiation detection?
• Are investments in inspection technologies justified?
– Used cost-benefit analysis to assess container scanning using radiography
14
Containers Enter a Multi-step Scanning Process on Arrival at U.S. Ports
Most SearchesResult in
False Positives
~12 million
Number of Containers Unloaded
in U.S. Ports
~11.5 million
Not Selected forScanning
~500,000
Number of Containers Selected
for Scanning
~5%
~475,000
Not Selected forHand-Searching
~25,000
Number of Containers Selectedfor Hand-Searching
~5%
Note: This example is not radiation detection scanning
Source: Martonosi et al 2005
15
Case Study: Under What Scenarios Is 100% Container Inspection Viable?
• What would 100% scanning do to costs and delays?
• What technological and operational improvements would help the most?
16
We Assessed Viability of Decision to Switch to One of Three Alternative Policies
Baseline Policy
• Current X-ray technology
• 5% inspection
Policy 1: Increase Inspection
• Current X-ray technology
• 100% inspection
Policy 2: Improved Technology
• Current Gamma-Ray technology
• 100% inspection
Policy 3: Greatly Improved Technology
• Same as in Policy 2• But decrease in false
positive rate
Source: Martonosi et al 2005
17
We Took a Cost/Benefit Approach to Evaluate Proposed Security Measure Policy Choice
• Compared costs/benefits of proposed policy to baseline
• Threshold probability for switching to proposed policy
Baseline) - (Proposed
Baseline) - (Proposed
Rate Detection in Change *Cost AttackCostsPolicy in Change
)Attack( =P
18
Analysis Addressed Uncertainty in Several Model Parameters
• Volume of containers shipped– U.S. total, large port, and small ports considered
• Technology cost and performance– Capital, operations, and maintenance– Inspection, detection, and false positive rates
• Labor costs for inspections
• Costs of container delays
• Cost of terrorist attacks: from $1 billion to $1 trillion
19
We Considered Both a National and an Individual Port Perspective
Delay Cost$0-$60 per cont., per hr.
Attack Cost$1 billion - $1 trillion
Attack sizes considered were:• Larger than ’93 WTC and ’95
OK City• On par with natural disasters• Range of estimates for 9/11 or
nuclear attack50 TEU/hr.
Small Port:
“Miami”
365 TEU/hr.Large Port:
“Los Angeles”
1474 TEU/hr., over 157 ports
U.S.
Arrival RateLocation
Source: Martonosi et al 2005
20
We Compared Three Policies to the Base Case
5555Hand Inspectors per Team
4.8 cont./day4.8 cont./day1 cont./day1 cont./day
Hand Searching Rate
4444Operators per Scanner
$90,000$90,000$200,000$200,000Maintenance Costs
$1 million$1 million$4.5 million$4.5 million
Equipment Cost
1%5%5%5%False Positive Rate
30 TEU/hr.30 TEU/hr.20 TEU/hr.20 TEU/hr.
Scanning Rate
100% inspection, Greatly Improved Tech. (Policy 3)
100% inspection, Slightly Improved Tech. (Policy 2)
100% Inspection, Same Tech.
(Policy 1)
Base Policy 5%
Parameter
Based on X-ray technology
Based on gamma-ray technology
Source: Martonosi et al 2005
21
100% Inspection Is Only Cost Effective for Large Attacks or with Improved Technology
1,000
100
10
1
Greatly Improved
TechnologyImproved
TechnologyCurrent
Technology
AttackCosts
($ Billion)
Source: Martonosi et al 2005
22
Nationwide Implementation Depends onAttack Costs and Probability of Attack
0
20
40
60
80
100
0 6 60
Delay Cost ($/TEU-hr)
Annual Threshold Chance of Attack (%)
$1 Billion
$10 Billion
$100 Billion
$1 Trillion
AttackCost
Source: Martonosi et al 2005
23
Improved Technology Increases Viability of 100% Inspection at Lower Threat Levels
Source: Martonosi et al 2005
0
20
40
60
80
100
0 6 60
Delay Cost ($/TEU-hr)
0
20
40
60
80
100
0 6 60
Delay Cost ($/TEU-hr)
$1 Billion
$10 Billion
$100 Billion
$1 Trillion
Attack Cost
24
But by Other Parameters, Some Cases Are Infeasible
1,000
100
10
1
Greatly Improved
TechnologyImproved
TechnologyCurrent
Technology
AttackCosts
($ Billion)
!
!
!
!
!
Source: Martonosi et al 2005
25
Personnel Requirements at Large Ports May BeInfeasible with Current/Improved Technology
0
100
200
300
400
500
Current Improved Greatly Improved
Hand Search Stations Required at Port of LAby Policy Alternative
Nu
mb
er o
f H
and
Sea
rch
Sta
tio
ns
Approximate Current Number of Hand Search Stations
Source: Martonosi et al 2005
26
These Examples Suggest Ways AnalysisCan Improve Policy
• Terrorism security policy most confront deep uncertainty and extreme events
• In some cases, analysis can structure and help to focus decisions on critical assumptions
• Similar challenges are present for other disaster-related scenarios, for example,
– Managing risks of pandemic influenza– Adapting to consequences of climate change