This article describes the anti-terrorism risk-based decision aid (ARDA), a risk-based decision-making approach for prioritizing anti-terrorism measures. The ARDA model was developed as part of a larger effort to assess investments for protecting U.S. Navy assets at risk and determine whether the most effective anti-terrorism alternatives are being used to reduce the risk to the facilities and war-fighting assets. With ARDA and some support from subject matter experts, we examine thousands of scenarios composed of 15 attack modes against 160 facility types on two installations and hundreds of portfolios of 22 mitigation alternatives. ARDA uses multiattribute utility theory to solve some of the commonly identified challenges in security risk analysis. This article describes the process and documents lessons learned from applying the ARDA model for this application.
Invited Response to Cox's Comment: Improving Risk‐Based Decision Making for Terrorism Applications
First, we would like to thank Dr. Cox for his time and insight to further the discussion of resource allocation for counterterrorism. Dr. Cox in his comment claims that allocation systems based on risk reduction measures are less effective than optimizationbased methods. We agree with Dr. Cox that several of the items articulated (such as secrecy and deception) may not be captured in a risk scoring method, but in those cases, we believe that different tools are best suited for different problems, and the assumptions made about the decisionmaker, the countermeasures, and the threat intentions will be critical in determining the best approach. We also believe that Dr. Cox has mischaracterized Antiterrorism Risk-Based Decision Aid (ARDA) as being simply a "risk scoring" method. We promote the use of risk measures that reflect logical, thought processes, and we developed ARDA to avoid Risk = Threat × Vulnerability × Consequence measures in favor of a carefully elicited risk measure. Additionally, we recommend reevaluating all decisions and their end effect, considering that the adversary would update his or her intentions as a reaction to a defensive move. Accordingly, we think that a binary categorization of pure risk scoring versus optimizationbased is misleading.We would like to emphasize that our support for risk scoring methods is specifically focused on those that evaluate and prioritize risk reduction efforts, not simply rank the greatest risks. We believe that focusing resources on efforts that have the greatest risk reduction in many cases will provide the same answers as the methods advocated by Dr. Cox. In cases where the results are different, it is often a difference in assumptions regarding threat intention, capabilities, countermeasure characteristics, or decisionmaker preferences.When examining Dr. Cox's examples, we found the appropriateness of the model to be very sensitive to the assumptions made, in particular about threat behavior. We reflected on how the ARDA approach would apply to Dr. Cox's examples to see how we perceive ARDA would perform. Dr. Cox's first example suggests a random strategy is better than either a risk scoring method or an optimization-based method for a sample scenario with one attack (as was the context for our analysis). We agree with Dr. Cox that analysts should evaluate whether random strategies apply when considering modeling techniques. In this example, an optimization-based strategy would protect the two big ships because the attacker would know that there was an unprotected big ship if any other strategy is taken. Similarly, with ARDA, if the decisionmaker allocated resources sequentially (as in our case), he or she would protect the first big ship. After adjusting for adversary intentions, the unprotected big ship remains an even more attractive target, raising the risk reduction benefits of protecting the second ship. As Dr. Cox points out, a random strategy is a better strategy in this problem, but only because secrecy and deception are possible. The nature of our...
Risk is the potential for loss or harm due to the likelihood of an unwanted scenario and its potential adverse consequences. Risk analysis, encompassing risk assessment and risk management, has been widely adopted as the proper analytic construct for evaluating the terrorist threat and efficiently allocating finite resources to counter intelligent adversaries who adapt their behaviors in response to our own actions. Although there are numerous definitions of risk concepts in use in the risk analysis community, the great majority of these definitions recognize the same common elements. We focus on these essential elements to develop straightforward definitions of risk, risk analysis, risk assessment, risk management, threat, vulnerability, and consequence. To further clarify these terms, we also discuss the relationships among them. We also expand some of the classic questions addressed by risk assessment and risk management to more explicitly address terrorism. A framework is a conceptual or procedural structure used to address complex issues. A risk framework can facilitate both internal and external risk communication and enable risk analysis involving diverse threats and multiple participants. We analyze a selection of risk frameworks to develop a set of tasks that would be included in a comprehensive framework and against which a particular framework could be evaluated: (i) identify goals and objectives, (ii) define system, (iii) assess threats, (iv) assess vulnerabilities, (v) assess consequences, (vi) assess baseline risk, (vii) identify risk management options, (viii) analyze benefits and costs, (ix) make decisions, (x) communicate risks, (xi) implement risk management actions, and (xii) monitor risk management actions.
We define an innovation process that was designed for the provision of analytic services and software products. Our iterative process, which is based on design thinking, captures the need to both create value and accelerate value creation. The four steps in our iterative process include illuminate, ideate, create, and evaluate. We present a case study for which we used this process in the successful creation of a conversational non‐player character within a virtual training environment for the Army.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
