Entries Tagged "risk assessment"

Page 5 of 21

Are We Finally Thinking Sensibly About Terrorism?

This article wonders if we are:

Yet for pretty much the first time there has been a considerable amount of media commentary seeking to put terrorism in context — commentary that concludes, as a Doyle McManus article in the Los Angeles Times put it a day after the attack, “We’re safer than we think.”

Similar tunes were sung by Tom Friedman of the New York Times, Jeff Jacoby of the Boston Globe, David Rothkopf writing for CNN.com, Josh Barro at Bloomberg, John Cassidy at the New Yorker, and Steve Chapman in the Chicago Tribune, even as the Washington Post told us “why terrorism is not scary” and published statistics on its rarity. Bruce Schneier, who has been making these arguments for over a decade, got 360,000 hits doing so for The Atlantic. Even neoconservative Max Boot, a strong advocate of the war in Iraq as a response to 9/11, argues in the Wall Street Journal, “we must do our best to make sure that the terrorists don’t achieve their objective­ — to terrorize us.”

James Carafano of the conservative Heritage Foundation noted in a radio interview that “the odds of you being killed by a terrorist are less than you being hit by a meteorite.” Carafano’s odds may be a bit off, but his basic point isn’t. At present rates, an American’s chance of being killed by a terrorist is about one in 3.5 million per year­ — compared, for example, to a yearly chance of dying in an automobile crash of one in 8,200. That could change, of course, if terrorists suddenly become vastly more capable of inflicting damage­ — as much commentary on terrorism has predicted over the past decade. But we’re not hearing much of that anymore.

In a 60 Minutes interview a decade ago filmmaker Michael Moore noted, “The chances of any of us dying in a terrorist incident is very, very, very small.” Bob Simon, his interlocutor, responded, “No one sees the world like that.”

Both statements were pretty much true then. However, the unprecedented set of articles projecting a more restrained, and broader, perspective suggests that Simon’s wisdom may need some updating, and that Moore is beginning to have some company.

There’s also this; and this, by Andrew Sullivan; and this, by John Cole. And these two polls.

And, of course, President Obama himself declared that “Americans refuse to be terrorized.”

Posted on May 29, 2013 at 11:22 AMView Comments

Nassim Nicholas Taleb on Risk Perception

From his Facebook page:

An illustration of how the news are largely created, bloated and magnified by journalists. I have been in Lebanon for the past 24h, and there were shells falling on a suburb of Beirut. Yet the news did not pass the local *social filter* and did [not] reach me from social sources…. The shelling is the kind of thing that is only discussed in the media because journalists can use it self-servingly to weave a web-worthy attention-grabbing narrative.

It is only through people away from the place discovering it through Google News or something even more stupid, the NYT, that I got the information; these people seemed impelled to inquire about my safety.

What kills people in Lebanon: cigarettes, sugar, coca cola and other chemical monstrosities, iatrogenics, hypochondria, overtreament (Lipitor etc.), refined wheat pita bread, fast cars, lack of exercise, angry husbands (or wives), etc., things that are not interesting enough to make it to Google News.

A Roman citizen 2000 years ago was more calibrated in his risk assessment than an internet user today….

Posted on May 28, 2013 at 12:52 PMView Comments

The Politics of Security in a Democracy

Terrorism causes fear, and we overreact to that fear. Our brains aren’t very good at probability and risk analysis. We tend to exaggerate spectacular, strange and rare events, and downplay ordinary, familiar and common ones. We think rare risks are more common than they are, and we fear them more than probability indicates we should.

Our leaders are just as prone to this overreaction as we are. But aside from basic psychology, there are other reasons that it’s smart politics to exaggerate terrorist threats, and security threats in general.

The first is that we respond to a strong leader. Bill Clinton famously said: “When people feel uncertain, they’d rather have somebody that’s strong and wrong than somebody who’s weak and right.” He’s right.

The second is that doing something — anything — is good politics. A politician wants to be seen as taking charge, demanding answers, fixing things. It just doesn’t look as good to sit back and claim that there’s nothing to do. The logic is along the lines of: “Something must be done. This is something. Therefore, we must do it.”

The third is that the “fear preacher” wins, regardless of the outcome. Imagine two politicians today. One of them preaches fear and draconian security measures. The other is someone like me, who tells people that terrorism is a negligible risk, that risk is part of life, and that while some security is necessary, we should mostly just refuse to be terrorized and get on with our lives.

Fast-forward 10 years. If I’m right and there have been no more terrorist attacks, the fear preacher takes credit for keeping us safe. But if a terrorist attack has occurred, my government career is over. Even if the incidence of terrorism is as ridiculously low as it is today, there’s no benefit for a politician to take my side of that gamble.

The fourth and final reason is money. Every new security technology, from surveillance cameras to high-tech fusion centers to airport full-body scanners, has a for-profit corporation lobbying for its purchase and use. Given the three other reasons above, it’s easy — and probably profitable — for a politician to make them happy and say yes.

For any given politician, the implications of these four reasons are straightforward. Overestimating the threat is better than underestimating it. Doing something about the threat is better than doing nothing. Doing something that is explicitly reactive is better than being proactive. (If you’re proactive and you’re wrong, you’ve wasted money. If you’re proactive and you’re right but no longer in power, whoever is in power is going to get the credit for what you did.) Visible is better than invisible. Creating something new is better than fixing something old.

Those last two maxims are why it’s better for a politician to fund a terrorist fusion center than to pay for more Arabic translators for the National Security Agency. No one’s going to see the additional appropriation in the NSA’s secret budget. On the other hand, a high-tech computerized fusion center is going to make front page news, even if it doesn’t actually do anything useful.

This leads to another phenomenon about security and government. Once a security system is in place, it can be very hard to dislodge it. Imagine a politician who objects to some aspect of airport security: the liquid ban, the shoe removal, something. If he pushes to relax security, he gets the blame if something bad happens as a result. No one wants to roll back a police power and have the lack of that power cause a well-publicized death, even if it’s a one-in-a-billion fluke.

We’re seeing this force at work in the bloated terrorist no-fly and watch lists; agents have lots of incentive to put someone on the list, but absolutely no incentive to take anyone off. We’re also seeing this in the Transportation Security Administration’s attempt to reverse the ban on small blades on airplanes. Twice it tried to make the change, and twice fearful politicians prevented it from going through with it.

Lots of unneeded and ineffective security measures are perpetrated by a government bureaucracy that is primarily concerned about the security of its members’ careers. They know the voters are more likely to punish them more if they fail to secure against a repetition of the last attack, and less if they fail to anticipate the next one.

What can we do? Well, the first step toward solving a problem is recognizing that you have one. These are not iron-clad rules; they’re tendencies. If we can keep these tendencies and their causes in mind, we’re more likely to end up with sensible security measures that are commensurate with the threat, instead of a lot of security theater and draconian police powers that are not.

Our leaders’ job is to resist these tendencies. Our job is to support politicians who do resist.

This essay originally appeared on CNN.com.

EDITED TO ADD (6/4): This essay has been translated into Swedish.

EDITED TO ADD (6/14): A similar essay, on the politics of terrorism defense.

Posted on May 28, 2013 at 5:09 AMView Comments

"The Global Cyber Game"

This 127-page report was just published by the UK Defence Academy. I have not read it yet, but it looks really interesting.

Executive Summary: This report presents a systematic way of thinking about cyberpower and its use by a variety of global players. The urgency of addressing cyberpower in this way is a consequence of the very high value of the Internet and the hazards of its current militarization.

Cyberpower and cyber security are conceptualized as a ‘Global Game’ with a novel ‘Cyber Gameboard’ consisting of a nine-cell grid. The horizontal direction on the grid is divided into three columns representing aspects of information (i.e. cyber): connection, computation and cognition. The vertical direction on the grid is divided into three rows representing types of power: coercion, co-option, and cooperation. The nine cells of the grid represent all the possible combinations of power and information, that is, forms of cyberpower.

The Cyber Gameboard itself is also an abstract representation of the surface of cyberspace, or C-space as defined in this report. C-space is understood as a networked medium capable of conveying various combinations of power and information to produce effects in physical or ‘flow space,’ referred to as F-space in this report. Game play is understood as the projection via C-space of a cyberpower capability existing in any one cell of the gameboard to produce an effect in F-space vis-a-vis another player in any other cell of the gameboard. By default, the Cyber Game is played either actively or passively by all those using network connected computers. The players include states, businesses, NGOs, individuals, non-state political groups, and organized crime, among others. Each player is seen as having a certain level of cyberpower when its capability in each cell is summed across the whole board. In general states have the most cyberpower.

The possible future path of the game is depicted by two scenarios, N-topia and N-crash. These are the stakes for which the Cyber Game is played. N-topia represents the upside potential of the game, in which the full value of a globally connected knowledge society is realized. N-crash represents the downside potential, in which militarization and fragmentation of the Internet cause its value to be substantially destroyed. Which scenario eventuates will be determined largely by the overall pattern of play of the Cyber Game.

States have a high level of responsibility for determining the outcome. The current pattern of play is beginning to resemble traditional state-on-state geopolitical conflict. This puts the civil Internet at risk, and civilian cyber players are already getting caught in the crossfire. As long as the civil Internet remains undefended and easily permeable to cyber attack it will be hard to achieve the N-topia scenario.

Defending the civil Internet in depth, and hardening it by re-architecting will allow its full social and economic value to be realized but will restrict the potential for espionage and surveillance by states. This trade-off is net positive and in accordance with the espoused values of Western-style democracies. It does however call for leadership based on enlightened self-interest by state players.

Posted on May 22, 2013 at 12:05 PMView Comments

Bluetooth-Controlled Door Lock

Here is a new lock that you can control via Bluetooth and an iPhone app.

That’s pretty cool, and I can imagine all sorts of reasons to get one of those. But I’m sure there are all sorts of unforeseen security vulnerabilities in this system. And even worse, a single vulnerability can affect all the locks. Remember that vulnerability found last year in hotel electronic locks?

Anyone care to guess how long before some researcher finds a way to hack this one? And how well the maker anticipated the need to update the firmware to fix the vulnerability once someone finds it?

I’m not saying that you shouldn’t use this lock, only that you understand that new technology brings new security risks, and electronic technology brings new kinds of security risks. Security is a trade-off, and the trade-off is particularly stark in this case.

Posted on May 16, 2013 at 8:45 AMView Comments

Estimating the Probability of Another 9/11

This statistical research says once per decade:

Abstract: Quantities with right-skewed distributions are ubiquitous in complex social systems, including political conflict, economics and social networks, and these systems sometimes produce extremely large events. For instance, the 9/11 terrorist events produced nearly 3000 fatalities, nearly six times more than the next largest event. But, was this enormous loss of life statistically unlikely given modern terrorism’s historical record? Accurately estimating the probability of such an event is complicated by the large fluctuations in the empirical distribution’s upper tail. We present a generic statistical algorithm for making such estimates, which combines semi-parametric models of tail behavior and a non-parametric bootstrap. Applied to a global database of terrorist events, we estimate the worldwide historical probability of observing at least one 9/11-sized or larger event since 1968 to be 11-35%. These results are robust to conditioning on global variations in economic development, domestic versus international events, the type of weapon used and a truncated history that stops at 1998. We then use this procedure to make a data-driven statistical forecast of at least one similar event over the next decade.

Article about the research.

Posted on September 13, 2012 at 1:20 PMView Comments

The Ubiquity of Cyber-Fears

A new study concludes that more people are worried about cyber threats than terrorism.

…the three highest priorities for Americans when it comes to security issues in the presidential campaign are:

  1. Protecting government computer systems against hackers and criminals (74 percent)
  2. Protecting our electric power grid, water utilities and transportation systems against computer or terrorist attacks (73 percent)
  3. Homeland security issues such as terrorism (68 percent)

Posted on May 24, 2012 at 11:31 AMView Comments

Collecting Expert Predictions about Terrorist Attacks

John Mueller has been collecting them:

Some 116 of these Very People were surveyed in 2006 by Foreign Policy magazine in a joint project with the Center for America Progress. The magazine stressed that its survey drew from the “highest echelons of America’s foreign policy establishment” and included the occasional secretary of state and national security adviser, as well as top military commanders, seasoned members of the intelligence community, and academics and journalists of the most “distinguished” nature. Over three-quarters of them had been in government service, 41 percent for over ten years. The musings of this group, it was proposed, could provide “definitive conclusions” about the global war on terror.

The Very People were asked to put forward their considered opinions about how likely it was that “a terrorist attack on the scale of 9/11” would again occur in the United States by the end of 2011 — that is, by last Saturday.

Fully 70 percent found it likely and another 9 percent proclaimed it to be certain. Only 21 percent, correctly as we now know, considered it unlikely.

I’ve never heard this particular quote before, and find it particularly profound:

In 2004, Russell Seitz plausibly proposed that “9/11 could join the Trojan Horse and Pearl Harbor among stratagems so uniquely surprising that their very success precludes their repetition”….

More predictions here.

Posted on January 10, 2012 at 6:56 AMView Comments

Assessing Terrorist Threats to Commercial Aviation

This article on airplane security says many of the same things I’ve been saying for years:

Given the breadth and complexity of threats to commercial aviation, those who criticize the TSA and other aviation security regulatory agencies for reactive policies and overly narrow focus appear to have substantial grounding. Three particularly serious charges can be levied against the TSA: it overemphasizes defending against specific attack vectors (such as hijackings or passenger-borne IEDs) at the expense of others (such as insider threats or attacks on airports); it overemphasizes securing U.S. airports while failing to acknowledge the significantly greater threat posed to flights arriving or departing from foreign airports; and it has failed to be transparent with the American people that certain threats are either extremely difficult or beyond the TSA’s ability to control. Furthermore, the adoption of cumbersome aviation security measures in the wake of failed attacks entails a financial burden on both governments and the airline industry, which has not gone unnoticed by jihadist propagandists and strategists. While the U.S. government has spent some $56 billion on aviation security measures since 9/11, AQAP prominently noted that its 2010 cargo plot cost a total of $4,900.

The author is a former Delta advisor. Wired talked to him:

Brandt says aviation security needs a fundamental overhaul. Not only is the aviation industry failing to keep up with the new terrorist tactics, TSA’s regimen of scanning and groping is causing a public backlash. “From the public’s perspective, this kind of refocusing would reduce the amount of screening they have to put up with in the United States,” Brandt tells Danger Room, “and refocus it where it’s needed.”

[…]

None of this is going to be easy, or cheap. Brandt proposes that the government subsidize airlines for better employee background checks or explosives detection tech. But that’s could strike taxpayers as a bailout.

On the other hand, he and Pistole actually share the same headspace, so it’s possible that TSA will buy his overall critique. “The best defense is still developing solid intelligence on terrorist groups interested in targeting aviation,” Brandt says. Beats treating us all like terrorists.

Or, as I say: investigation, intelligence, and emergency response.

Posted on December 13, 2011 at 12:46 PMView Comments

1 3 4 5 6 7 21

Sidebar photo of Bruce Schneier by Joe MacInnis.