Report calls for change of thinking on defending against bioterror

Three professors at the United States Military Academy at West Point will release a new study next month that shows the standard risk analysis used by security risk analysts based on probabilities of uncertain hazards may not, in fact, capture the impact of an intelligent attacker's intent.

“Intelligent Adversary Risk Analysis: A Bioterrorism Risk Management Model,” was written by Gregory S. Parnell, Ph.D, Professor of Systems Engineering, Department of Systems Engineering; U.S. Army Major Christopher M. Smith, an instructor in the Department of Mathematical Sciences; and Frederick I. Moxley, Ph.D, Director of Research for Network Science, Department of Electrical Engineering and Computer Science.

"We show that treating adversary decisions as uncertain hazards is inappropriate because it can provide a different risk ranking and may underestimate the risk,” Parnell told “Unlike uncertain hazards, terrorists and hostile states are intelligent adversaries who can observe our vulnerabilities and dynamically adapt their plans and actions to achieve their objectives.” He said modeling adversary objectives “will provide greater insight into the possible actions of opponents rather than exhaustively enumerating probabilities on all the possible actions they could take.”

The report says that using historical data does not necessarily provide a valid estimate for futrue threats because the intent and capability of terrorist is always changing.

“Both uncertain hazard risks of occurrence and geographical risk can be narrowed down and identified concretely," the report says. "Intelligent adversary targets vary by the goals of the adversary and can be vastly dissimilar between adversary attacks.”

The report also says that there are so many potential forms of terrorist attack that they cannot realistically be defended, responded to, or recovered from.

Rather than use the older "intelligent adversaries" model of risk analysis, the report puts forward a "defender-attacker-defender" model that is based on attacker intent culled from information and defender decisions revealed over time.

“Use of our defender-attacker-defender model does not require a major intelligent adversary research program, it requires only the willingness to change” perspectives, the report says. “Assessing probabilities of attacker decisions will not increase our security, but defender-attacker-defender decision analysis models can provide a sound assessment of risk and the essential information our nation needs to make risk-informed decisions.”