Schneier on Security
A blog covering security and security technology.
« Flying Without ID |
| The Risk of Anthrax »
August 13, 2008
UK National Risk Register
The UK has made public its previously classified National Risk Register.
The National Risk Register is intended to capture the range of emergencies that might have a major impact on all, or significant parts of, the UK. It provides a national picture of the risks we face, and is designed to complement Community Risk Registers, already produced and published locally by emergency planners. The driver for this work is the Civil Contingencies Act 2004, which also defines what we mean by emergencies, and what responsibilities are placed on emergency responders in order to prepare for them. Further information about the Act can be found on the UK Resilience website.
Seems like the greatest threat to national security is a flu pandemic.
Posted on August 13, 2008 at 11:05 AM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"Seems like the greatest threat to national security is a flu pandemic."
There is considerable uncertainty as to just how bad a serious flu outbreak might be these days.
The 1918 outbreak killed more people world wide that the "great war" worse than the numbers where those most likley to die. In that outbreak it was those with the healthiest imune systems that were most suceptable (ie young adults to middle aged).
The current fears about a varient on the H5N1 avian bird flu may not be unjustified.
However the way SARS did not become pandemic and the lack of H5N1 transmisability from human to human may well bode well.
However it is interesting to see how many experts in the field are quietly stocking up on anti virals and statins etc.
One interesting factor that did come from the 1918 pandemic was the number of times that it came back to an area. This sugests that a "hide yourself away" or "anti viral" methodology may well not be effective in protecting a population...
The greatest threat to national security? I didn't read that into it at all. The National Risk Register covers all risks, not just threats to national security.
"2.94 Stringent security measures are applied at airports. Rail and underground networks, however, are open systems, which is likely to make them attractive potential targets for terrorist attacks. As a result, there have been several successful attacks on rail networks worldwide."
But whilst 2.95 mentions the London Underground in 2007, Moscow 04 and Madrid 04, 2.96 lists Lockerbie, WTC and the shoebomber attempt; 4 attempts for rail, 3 for aviation, each including one failed attempt.
That doesn't seem to suggest a great disparity between the open and the closed systems.... 9/11 may have had a relatively large loss of life, but this report still rates rail as more "attractive" than aviation due to its openness.
"Seems like the greatest threat to national security is a flu pandemic."
Perhaps, or not.
The document a great start. It is very informative and the X/Y graph on page 5 might be assumed to be a good indicator of "greatest threat".
First, a top-impact risk occurring on its own many more times with a lower relative impact is not necessarily a lesser threat. In addition (pun not intended), a series of more likely risks with lesser impact could have a combined effect greater than a single higher impact risk less likely to occur.
In other words, a set of seriously broken infrastructure (compromised water, power, and transportation) could calculate into a higher score than flu pandemic.
Moreover, I do not see any "transfer" data relative to the chart. When calculating risk we should factor in the likelihood and presence of risk transfer options. I see this called resilience by some, insurance by others.
The flu pandemic might, for example, have few options in place today to minimize full effect whereas infrastructure usually (excluding water) has a number of fail-safe options that have been engineered at great expense.
This brings to mind the topic we discussed several years ago:
Disclaimer: my perception of UK contingency planning will forever reflect back on the day the wrong type of snow attacked London.
"Train services this morning are being heavily delayed because engines are being affected by the wrong type of snow."
It's OK, us Brits are on the case. As of 01/01/09 all viruses crossing UK borders will be required to present ID cards.
In the netherlands this type of risk cards is available for the whole country since 2005. An example can be found at http://www.drenthe.info/kaarten/website/...
The map is intended for public and policymakers to assess risks, and includes all types of "dangerous" objects and situations. There is no indication on how this map is used for risk assessments, and how effective it is though.
The assessment sensibly takes a broad view of what "national security" is supposed to achieve. Neither flu viruses nor international terrorists have the power to replace our system of government with one of their choosing, so neither is a direct threat to the nation-state itself. The assessment quite rightly judges that if we're being blown up then we're "insecure", and also that if we're dying in our millions of flu then we're "insecure".
That's not to say that I'm able to comment on their results, but I approve of the broad approach. The temptation for the government might be to force the answer it wants by restricting the terms of inquiry - if they wanted the answer "terrorism", then they could say "we define national security to exclude public health and natural disasters, and to only include terrorism, civil insurrection, and occupation by a foreign power". In a victory of common sense, this assessment has avoided that impulse.
does the US have one of these or aren't we allowed to know that the man regards dissent, privacy and freedom of speech and the othr civil liberties and their advocates as the greatest risk to an orderly, placid, managed society?
"my perception of UK contingency planning will forever reflect back on the day the wrong type of snow attacked London."
I remember it well, I was one of those "fed up" commuters that resorted to walking up the tracks... (yup I know silly to put it mildly).
The real problem turned out to actually be the wrong type of "varnish" on the windings of the motors...
Apparently the accountants saved something like a couple of dollars a motor using the less costly insulation. Apparently the cost just to change each motor was over 5000 dolars, and that's not including the rewinding and other measures required to repair the motors...
Perhaps this is why I hate Accountants as much as I do, even though my father was one (and no I did not hate him, he sadly died before the "wrong snow" happened I think it would have amused him alot).
On another not around that time we had Maggie Thatcher in power and the "Irish troubles" were at their hight. It was decided at a very high level that "services" (gas water electricity) would be at risk therefore manhole covers and other access points had to be sealed. Guess the major nationality of the workers tasked with doing it?
Yup it was the Irish, who God bless´em worked many long hours to carry out this "essential task" without incident of any kind.
It is interesting that it shows Electronic Attacks as second highest on relative likelihood but lowest on relative impact.
I guess this make sense as there is an ongoing threat environment with constant threats circulating on the Net. Presumably the impact is after mitigation and reflects the fact that there is a large, tho' incomplete, attempt to prevent attacks succeeding.
What about the risks of appointing a PR happy lawyer to run the country?
Or worse a personality free automaton with an economics degree?
Can someone tell me how to add a pic on the left of my post, and how to edit my signature.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.