Assessing and Managing the Terrorism Threat

7/27/2019 Assessing and Managing the Terrorism Threat

1/29

U.S. Department of JusticeOffice of Justice Programs

Bureau of Justice Assistance

Assessing and/

Bureau of

Justice Assistance

Managing theTerrorism Threat

NEW

REALI

TIES

Law

EnforcementinthePo

st-911Era


2/29

U.S. Department of JusticeOffice of Justice Programs

810 Seventh Street NW.Washington,DC 20531Alberto R. Gonzales

Attorney GeneralRegina B. Schofield

Assistant Attorney GeneralDomingo S. Herraiz

Director,Bureau of Justice AssistanceOffice of Justice Programs

Partnerships for Safer Communitieswww.ojp.usdoj.gov

Bureau of Justice Assistancewww.ojp.usdoj.gov/BJA

NCJ 210680Written by Col. Joel Leson

This document was prepared by the International Association of Chiefs of Police,under cooperativeagreement number 2003DDBXK002,awarded by the Bureau of Justice Assistance,Office of

Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions orrecommendations expressed in this document are those of the authors and do not necessarilyrepresent the official position or policies of the U.S.Department of Justice.

The Bureau of Justice Assistance is a component of the Office of Justice Programs,which alsoincludes the Bureau of Justice Statistics,the National Institute of Justice,the Office of Juvenile

Justice and Delinquency Prevention,and the Office for Victims of Crime.


3/29

Assessing andManaging theTerrorism Threat

September 2005NCJ 210680

Bureau of

Justice Assistance


4/29

Acknowledgments

Post-9/11 Policing Project Staff

The Post-9/11 Policing Project is the work of the International Association of Chiefs of Police (IACP),National SheriffsAssociation (NSA),NationalOrganization of Black Law Enforcement Executives(NOBLE),Major Cities Chiefs Association (MCCA),and Police Foundation. Jerry Needle,Director ofPrograms and Research,IACP,provided overallproject direction.s International Association of Chiefs of Police

Phil Lynn served as IACPs Project Director,managed development and publication of the fourPromising Practices Briefs,and authoredMutualAid:Multijurisdictional Partnerships for MeetingRegional Threats.Andrew Morabito coauthoredEngaging the Private Sector to Promote HomelandSecurity:Law Enforcement-Private SecurityPartnershipsand analyzed Post-9/11 survey data.Col. Joel Leson,Director,IACP Center for PoliceLeadership,

authored this monographAssessing

and Managing the Terrorism Threat.Walter Tangelserved as initial Project Director.

Dr. Ellen Scrivner,Deputy Superintendent,Bureauof Administrative Services,ChicagoPoliceDepartment,contributed to all phasesofproject design and cofacilitated the Post-9/11Roundtables with Jerry Needle. Marilyn Peterson,Management SpecialistIntelligence,New JerseyDivision of Criminal Justice,authoredIntelligence-Led Policing:The New Intelligence Architecture.

s National SheriffsAssociationFred Wilson,Director of Training,directed NSAproject activities,organized and managed Post-9/11Roundtables,and worked closely with IACP staffthroughout the course of the project. NSA projectconsultants included Chris Tutko,Director of NSAsNeighborhood Watch Project; John Matthews; andDr. Jeff Walker,University of Arkansas,LittleRock.

s National Organization of Black LawEnforcement Executives

Jessie Lee,Executive Director,served as NOBLEsProject Director and conducted most staff work.

s Major Cities Chiefs AssociationDr. Phyllis McDonald,Division of Public SafetyLeadership,Johns Hopkins University,directed thework of the Major Cities Chiefs Association. The

MCCA team included Denis OKeefe,Consultant;Corinne Martin,Program Coordinator; andShannon Feldpush.Dr. Sheldon Greenberg,Director of the Division ofPublic Safety Leadership,coauthoredEngaging thePrivate Sector to Promote Homeland Security:LawEnforcement-Private Security Partnerships.

s The Police FoundationEdwin Hamilton directed Police Foundation project

activities and managed Post-9/11 survey formattingand analysis,assisted by Rob Davis. Foundationconsultants included Inspector Garth den Heyer ofthe New Zealand Police and Steve Johnson of theWashington State Patrol.

Promising Practices ReviewsPromising Practices drafts were critiqued and enrichedby a series of practitioners/content experts,includingRichard Cashdollar,Executive Director of PublicSafety,City of Mobile,AL; George Franscell,Attorney-at-Law,Franscell,Strickland,Roberts andLawrence,Los Angeles,CA; Mary Beth Michos,StateMutual Aid Coordinator,Prince William County,VA; David Bostrom,Manager,Community PolicingConsortium,IACP; John P. Chase,Chief of Staff,Information Analysis & Infrastructure Protection,Department of Homeland Security; John M. Clark,Assistant Vice President/Chief of Police,BurlingtonNorthern Santa Fe Railroad; John A. LeCours,

iii


5/29

Director/Intelligence,Transport Canada; Ronald W.Olin,Chief of Police,Lawrence,KS; Ed Jopeck,Analyst,Veridian; Jerry Marynik,Administrator,StateTerrorism Threat Assessment Center,CaliforniaDepartment of Justice; and Bart Johnson,Office ofCounter-Terrorism,New York State Police.The Bureau of Justice Assistance,IACP,and each ofthe partner organizations in the Post-9/11 PolicingProject wish to acknowledge and thank Ms. MelissaSmislova,Chief,Homeland Infrastructure Threat andRisk Analysis Center at the U.S. Department ofHomeland Security for her review and input intoAssessing and Managing the Terrorism Threatonbehalf of the department.

Executive OversightThe Post-9/11 Policing Project was initiallyconceptualized by the Office of Justice Programs,U.S. Department of Justice. Since its inception,theproject has beenguided throughout by the chiefexecutive officers of the partner associations:s Daniel N. Rosenblatt,Executive Director,

International Association of Chiefs of Police

iv

s Thomas N. Faust,Executive Director,NationalSheriffsAssociation

s Jessie Lee,Executive Director,National Organi-zation of Black Law Enforcement Executives

s Thomas C. Frazier,Executive Director,MajorCities Chiefs Association

s Hubert Williams,President,The Police Foundation

Bureau of Justice AssistanceGuidanceWe gratefully acknowledge the technical guidanceandpatient cooperation of executives and programmanagers who helped fashion project work:James H.Burch II,

Deputy Director; Michelle Shaw,

Policy

Advisor; and Steven Edwards,Ph.D.,Senior PolicyAdvisor for Law Enforcement.


6/29

Contents

Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .iii

Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .vii

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

Appendix I: Promising Practices/Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Appendix II: Homeland Security Comprehensive Assessment Model (HLSCAM):

Up and Running . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Appendix III: A Promising Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19Appendix IV: Risk Assessment Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

v


7/29

Executive Summary

The continuous threat of terrorism has thrustdomestic preparedness obligations to the very top

of the law enforcement agenda. For todays lawenforcement executive,the capacity to assess andmanage risk is imperative. In the post-September 11era,this capacity must be considered as much a stapleof law enforcement operations as crime analysis,criminal intelligence,and crime prevention. Theconsequences of failing to assess and manage terroristthreats and risk could be incalculable.This document outlines the essential components ofrisk assessment and management,which entail thefollowing sequential tasks:s Critical infrastructure and key asset inventory.s Criticality assessment.s Threat assessment.s Vulnerability assessment.s Risk calculation.s Countermeasure identification.

Risk assessment and management concepts andmethodologies are evolving rapidly. Although modelsdiffer in the definition,labeling,and sequencing ofsteps,there is solid consensus on the essentialcomponents. In this monograph,each component isdefined and briefly examined. Protocols are suppliedto quantify/calculate criticality,threat,vulnerability,and risk.Experience and skill with risk assessment andmanagement are limited in many law enforcement

agencies. To assist in reversing this situation,thisreport supplies capacity-building information thatincludes promising programs,software,and trainingreferences. Capacity acquisitionthrough shared/regional arrangements is not only economicallypractical for many agencies,it promises to leverageeffectiveness for all agencies by pooling andcoordinating information and planning jointcountermeasures.

vii


8/29

Introduction

Surprise,when it happens to a government,islikelyto be a complicated,diffuse,bureaucraticthing. Itincludes neglect of responsibility butresponsibility so poorly defined or so ambiguouslydelegated that action gets lost. It includes gaps inintelligence,but also intelligence that,like a stringof pearls too precious to wear,is too sensitive tothose who need it . . . . It includes, in addition,theinability of individual human beings to rise to theoccasion until they are sure it is the occasionwhich is usually too late . . . . Finally,as at PearlHarbor,surprise may include some measure ofgenuine novelty introduced by the enemy,andpossibly some sheer bad luck.

Thomas C. Schelling,as quoted inPearl Harbor:Warning and Decision

by Roberta Wohlstetter (1962)

The price of living in a free and open Americansociety grew exponentially after the tragic events

of September 11,2001. The scale and method of theterrorist attacks on that day have significantly affectedtheway law enforcement and security operationsmust beconducted to protect critical infrastructure.High-profile incidents such as the World Trade Centerbombing in 1993 and the bombing of the MurrahBuilding in Oklahoma City in 1995 should haveserved as a permanent wake-up call to all Americans.However,the relative speed with which these crimeswere solved,and the perceived isolation in which theywere conceived and executed,caused many to carry onwith business as usual.

Statement of the ProblemForemost among the demands that confront police inthepost-September 11 environment is the ability toeffectively and efficiently collect,assess,disseminate,and act on intelligence information regarding threatsposed by transnational and domestic terrorists. In acountry with nearly 17,000 law enforcement agenciesstaffed by 700,000 sworn police officers,deputysheriffs,and criminal investigators,meeting these

demands is particularly challenging and complex.Classified securityand jurisdictional issues tendto blur lines ofcommunication. The need fortechnological interoperability,standardization,andoperational networking within and among all agencieshas been amplified. These demands,coupled with therequirement that local jurisdictions conduct threat,vulnerability,and needs assessments to qualify forfederal homeland security funding through the StateHomeland Security Assessment and Strategy Program,present clear challenges to law enforcementexecutives.

Progress to DateResults of a recent survey conducted by theInternational Association of Chiefs of Police (IACP)documents that the frequency of information sharingamong federal,state,and local law enforcementagencies has improved since the September 11terrorist attacks (Needle,2004). The U.S Departmentsof Justice (DOJ) and Homeland Security (DHS) arepromoting developments that are improving both thedissemination of intelligence and threat-relatedinformation and the ability to assess risk and reducethe vulnerability of potential targets within the

public and private infrastructure. Guiding theseimprovements is theNational Criminal IntelligenceSharing Plan (NCISP),which was endorsed by bothdepartments and the Federal Bureau of Investigation(FBI) in October 2003. The issuance of the NCISP

has been followed by the development of the FusionCenter Guidelines,which will be issued jointly byDOJ and DHS in coordination with DOJs Global

Justice Information Sharing Initiative (Global),whichrepresents more than 30 independent organizationsspanning the spectrum of law enforcement and otherjustice entities.For example,DHS has expanded its computer-basedcounter-terrorism system to all 50 states,5 territories,theDistrict of Columbia,and 50 major urban areas toimprove the flow of threat information. This relativelynew communications system,called the Homeland

1


9/29

Security Information Network (HSIN),offers statesand major cities real-time,interactive connectivitywith the DHS Homeland Security Operations Center.

Another system,the Regional Information SharingSystems (RISS),was initiated in 1980,and isadministered by the U.S. Department of Justice,OfficeofJustice ProgramsBureau of Justice Assistance. Itconsists of six regional centers that share intelligenceandcoordinate efforts against criminal networks thatcross jurisdictional lines. RISS serves more than 7,500law enforcement agencies and their branches in 50states,the District of Columbia,Canada,Australia,theUnited Kingdom,Guam,the U.S. Virgin Islands,andPuerto Rico. The FBI has created the National Joint Terrorism Task Force (NJTTF),and it supports FBIfield office-based JTTFs to expedite the exchange ofthreat information. In July 2003,the DHS Office ofDomestic Preparedness (ODP) announced a majorrefinement of the State Homeland Security Assessmentand Strategy (SHSAS) Process,which was establishedin fiscal year 1999 to assess threats,vulnerabilities,capabilities,and preparedness related to weapons ofmass destruction and terrorism incidents at the stateand local levels. ODP continues to support state andlocal jurisdictions by providing technical assistance toensure that SHSAS is fully implemented throughoutthe United States.

These major efforts to improve the flow of terroristand criminal intelligence,coupled with the operationof newly formed regional law enforcement intelligencefusion centers in strategic locations throughout thecountry,hold great promise for law enforcementscollective ability to effectively acquire and exchangereal-time intelligence and threat information. Whilefederal and state law enforcement agencies have beenactively pursuing improvements in intelligence andinformation flow andrisk assessment,many countyand municipal law enforcement agencies have beendoing the same. They have been improving theirinformation technology capabilities,

organizing or

expanding their criminal intelligence and criticalincident management capabilities,and participatingin regional intelligence consortiums.The attacks of September 11 have brought,andcontinue to bring,changes in the way law enforcementconducts its operations. However,the critical and basic

task of conducting timely,ongoing,and viable threatassessments has not changed.

ObjectivesThis monograph explains risk assessment,how it isconducted,and how it fits into the risk managementprocessa process that all law enforcement executivesshould master in the post-September 11 era. Themonograph defines terms used in risk management,including threat,vulnerability,and criticalityassessment,and provides a utilitarian risk managementmethodology. Finally,it discusses how promising localpractices are being adapted to implement the DHSState Homeland Security Assessment and StrategyProgram.

State of PracticeProfessionals in the private sector and at all levels ofgovernment are unanimous in their opinions that it isnot a question of if another devastating terrorist eventwill occur,but when and where it will occur. In an ongoing study,the Rutgers Center for the Study ofPublic Security is conducting a survey to discoverhowlaw enforcement officials in the United Statesassess their local terrorist threat. Eighty percent of thealmost 1,400 respondents who were surveyed expectaterrorist event to occur in their jurisdiction withinthenext 5 yearsmost likely a cyberterrorism orconventional attack. Almost all respondents reportedthat at least one terrorist group is present in theirjurisdiction.To confront,minimize,and prevent terrorist acts,thelaw enforcement arsenal must include a sophisticatedrisk-management capability. Risk assessment andmanagement must become an essential capacity oflawenforcement agencies. Capacity can reside in-house,atthe government level (e.g.,a city office ofhomeland security),or be acquired from county,regional,or statelaw enforcement and homelandsecurity collaborative groups or agencies. The riskassessment and management capacity of state andlocal law enforcement agencies has not beendocumented,though it is believed that many agencies,if not most,do not possess the required skills. Riskassessment is a relatively new activity for law enforcement agencies,and the art and its vocabulary

2


10/29

are constantly changing. The requirement thatapplications for select homeland security grants beaccompanied by evidence that an agency is workingwith threat assessment also is leading to furtherconceptual and methodological development.

Identifying CriticalInfrastructure: What To ProtectIt is important to consider what can be threatened

and what must be protected by state and local law enforcement agencies and their counterparts whoprovide security in the private sector. The scope andmagnitude of critical infrastructure and assets aredefined in The National Strategy for the PhysicalProtection of Critical Infrastructure and Key Assets(The White House,2003). In initiating this strategy,President George W. Bush stated:

To address the threat posed by those who wish toharm the United States,critical infrastructureowners and operators are assessing theirvulnerabilities and increasing their investment insecurity. State and municipal governments acrossthe country continue to take important steps toidentify and assess the protection of key assets

and services within their jurisdictions. Federaldepartments and agencies are working closely withindustry to take stock of key assets and facilitateprotective actions,while improving the timelyexchange of important security related information.

Since implementation of this national strategy,thecritical infrastructure sectorsthose infrastructuresand assets deemed most critical to national publichealth and safety,governance,economic and nationalsecurity,and retaining public confidencehave beenrefined and expanded.Critical infrastructure now includes:s Agriculture.s Banking and finance.s Chemical and hazardous waste.s Defense industrial base.s Energy.

s Emergency services.s Food.s Government.s Information and telecommunications.s Transportation.s Postal and shipping services.s Public health.s Water.Key assets now include:s

National monuments and icons.

s Nuclear power plants.s Dams.s Government facilities.s Commercial assets.State and local law enforcement executives mustensure that their communitys vulnerability to attack

is properly analyzed by identifying critical facilitiesand functions,and must work to improve theirsecurity. It is understood that complete protection ofevery reservoir,parking garage,mass transit terminal,large building,and other potential targets within ajurisdiction is not possible. It is also understood,however,that the more difficult it is for terrorists tointroduce weapons into a given area or facility,theless likely terrorists are to initiate an attack.Evaluation of critical infrastructure and key assets inthe community should be ongoing. Law enforcementleaders should constantly maintain and update a

database of a jurisdictions critical assets andvulnerable infrastructure points. Appendixes II and IIIprovide tools that law enforcement executives can

use to train personnel and establish a comprehensivedatabase. Specifically,appendix II provides informationon the Homeland Security Comprehensive AssessmentModel (HLSCAM),a software program that the Stateof Florida used to develop and maintain its database ofcritical assets and vulnerable infrastructure locations.

3


11/29

4

This appendix identifies what such a comprehensivedatabase contains and describes the HLSCAMsoftware available to law enforcement and emergencyservice agencies. Although the evaluation andassessment processes may seem overwhelming,lawenforcement agencies must make the risk analysisprocess an inherent part of their law enforcementoperations and present an objective case for improvedpublic safety. Assessments should be made not only onthe basis of routine operation and testing,but also onhow effective the procedures will be in an actualattempted attack.

A Risk Assessment andManagement ApproachA risk assessment and management approach entailsthe following sequential steps:s

Critical infrastructure and key asset inventory.s Criticality assessment.s Threat assessment.s Vulnerability assessment.s Risk calculation.s Countermeasure identification.Literature and agencies differ in how they define,label,and arrange these steps.


12/29

Risk Assessment

Criticality Assessment:Evaluating AssetsDHS defines criticality assessment as follows:

A systematic effort to identify and evaluateimportant or critical assets within a jurisdiction.Criticality assessments help planners determinethe relative importance of assets,helping toprioritize the allocation of resources to the mostcritical assets.

An essential part of the risk equation is consideringthe consequence of the loss of or serious damage to important infrastructure,systems,and other assets.The measure of criticality,or asset value,determinesthe ultimate importance of the asset. Loss of life and damage to essential assets are of paramount concern tolaw enforcement executives. Loss of symbolic targets,which can result in the press coverage terrorists seek,is also important; it can destroy peoples faith in theability of law enforcement and government to protectthe public.

Assessing criticality can at times involve some degreeof subjectivity. Assessments may rely on the intimateknowledge of law enforcement agency professionalsand their colleagues in other government agenciestogauge the importance of each potential target.However,clear objective thought must prevail whenloss of human life is possible. Certain facilities areinherently vulnerable and should be addressedascritical infrastructure or key assets by lawenforcement:s Transportation facilities,terminals,and other areas

with concentrations of persons.s Public utilitieselectricity,water,natural gas,

waste treatment.s Public and government facilities; symbolic sites;

town halls; county buildings; police,fire,andschool buildings; stadiums; museums; andmonuments.

s Financial and banking institutions.s Defense and defense-related industry and research

centers.s Transportation support systemsradar,bridges,

tunnels,piers,and aids to navigation.s Health care facilitiespublic and private.s Cyber/information technology service facilities

andsites.

Calculating Criticality

A five-point scale can be used to estimate the impactof loss of life and property,interruption of facility orother asset use,or gain to be realized by an adversary(Proteus Security Group,1997):s Extreme (5):Substantial loss of life or irreparable,

permanent,or prohibitive costly repair to a facility.Lack of,or loss of,a system or capability wouldprovide invaluable advantage to the adversary(press coverage,the political advantage or tacticaladvantage to carry out further plans).

s High (4):Serious and costly damage to a facility ora positive effect for the adversary. No loss of life.

s Medium (3):Disruptive to facility operations for amoderate period of time; repairsalthoughcostlywould not result in significant loss offacility capability. No loss of life.

s Low (2):Some minor disruption to facilityoperations or capability; does not materiallyadvantage the enemy. No loss of life.

s Negligible (1):Insignificant loss or damage tooperations or budget. No loss of life.

5


13/29

Extreme and high criticality are of greatest concern.When coupled with high threat and high vulnerability,counteraction is required.

Threat AssessmentDHS defines threat assessment as follows:

A systematic effort to identify and evaluateexisting or potential terrorist threats to ajurisdiction and its target assets. Due to thedifficulty in accurately assessing terroristcapabilities,intentions,and tactics,threatassessments may yield only general informationabout potential risks.

These assessments consider the full spectrum ofthreats,such as natural disasters,criminal activity,and major accidents,as well as terrorist activity.Fused IntelligenceThe intelligence process is the foundation of threatassessment. Systematic exploitation of crime-relatedinformation can lead to and support evaluation andanalysis of terrorism and terrorist groups. The who,what,where,when,and how of terrorist groups areclosely related. Intelligence efforts help producereliable,informed responses to these questions.Without such a process,threat assessments can beunpredictable and unreliable.Threat assessments must be compiled fromcomprehensive and rigorous research and analysis.Law enforcement cannot function unilaterally. Threatassessments that do not incorporate the knowledge,assessments,and understanding of state,local,andprivate organizations and agencies with the potentialthreats being assessed are inherently incomplete. Forexample,a threat assessment of water-district facilitiesshould include the most comprehensive data availablefrom local police,sheriff,and fire departments; healthservices; emergency management organizations; andother applicable local,state,and federal agencies thatmay be affected by an attack on the water districtsinfrastructure. The threat assessment should alsoassimilate germane,open-source,or nonproprietarythreat assessments,as well as intelligence information.Lastly,the assessment must provide a high level ofawareness and understanding regarding the changingthreat and threat environment faced by a governmententity.

Essential data to collect for analysis prior toconducting a threat assessment include (NationalEmergency Response and Rescue Training Center,n.d.):s Type of adversary:Terrorist,activist,employee,

other.s Category of adversary:Foreign or domestic,

terrorist or criminal,insider and/or outsider of theorganization.

s Objective of each type of adversary:Theft,sabotage,mass destruction (maximum casualties),sociopolitical statement,other.

s Number of adversaries expected for eachcategory:Individual suicide bomber,grouping orcellsof operatives/terrorists,gangs,other.

s Target selected by adversaries:Criticalinfrastructure,governmental buildings,nationalmonuments,other.

s Type of planning activities required toaccomplish the objective:Long-term casing,photography,monitoring police and security patrolpatterns,other.

s Most likely or worst casetime an adversarycould attack:When facility/location is fullystaffed,at rush hour,at night,other.

s Range of adversary tactics:Stealth,force,deceit,combination,other.

s Capabilities of adversary:Knowledge,motivation,skills,weapons and tools.

To accomplish the intelligence mission of processingathreat assessment,a law enforcement executive mustensure that an officer or unit is trained and assignedtoidentify potential targets and can recommendenhancements for security at those targets. Actionmust be taken by all departments,including thosewithlimited resources. Ideally,the entire patrol forceshould be trained to conduct intelligence gatheringandreporting.Calculating ThreatThreat levels are based on the degree to whichcombinations of these factors are present:

6


14/29

s Existence:A terrorist group is present,or is able togain access to a given locality.

s Capability:The capability of a terrorist group tocarry out an attack has been assessed ordemonstrated.

s Intent:Evidence of terrorist group activity,including stated or assessed intent to conductterrorist activity.

s History:Demonstrated terrorist activity in the past.s Targeting:Current credible information or activity

exists that indicates preparations for specificterrorist operationsintelligence collection by asuspect group,preparation of destructive devices,other actions.

s Security environment:Indicates if and how thepolitical and security posture of the threatenedjurisdiction affects the capability of terroristelements to carry out their intentions. Addresseswhether the jurisdiction is concerned with

terrorism and whether it has taken strong proactivecountermeasures to deal with such a threat.

To gauge the seriousness of a terrorist threat,thecriticality,threat,and vulnerability can be quantified inthe following way (Proteus Security Group,1997):s Critical (5):Existence,capability,and targeting are

present. History and intentions may not be.s High (4):Existence,capability,history,and

intentions are present.s Medium (3):Existence,capability,and history are

present. Intention may not be.s Low (2):Existence and capability are present.

History may not be.s Negligible (1):Existence or capability may not be

present.Identifying a threat is a complex process that is toooften overlooked because the process of threatassessment is not well understood and is often seen as technically unreachable. Many resources are presentwithin and outside of the law enforcement community

to help law enforcement agencies complete this task,and it is important that they be used.

Vulnerability AssessmentDHS defines vulnerability assessment as follows:

The identification of weaknesses in physicalstructures,personnel protection systems,processes,or other areas that may be exploitedby terrorists. The vulnerability assessment alsomay suggest options to eliminate or mitigatethose weaknesses.

Vulnerability is difficult to measure objectively.Progress is being made by agencies such as the National Institute of Justice in partnership with

the U.S. Department of Energys Sandia NationalLaboratories,as well as by studies conducted by theNational Infrastructure Protection Center of DHS,to assist with these assessments. (See the list ofPromising Practices/Resources in appendix I.)Factors to consider when determining vulnerabilityinclude:s Location:Geographic location of potential targets

or facilities,and routes of ingress and egress;location of facility or target relative to public areas,transportation routes,

or easily breached areas.

s Accessibility:How accessible a facility or other

target is to the adversary (i.e.,disruptive,terrorist,or subversive elements); how easy is it for someoneto enter,operate,collect information,and evaderesponse forces?

s Adequacy:Adequacy of storage facilities,protection,and denial of access to valuable orsensitive assets such as hazardous materials,weapons,vehicles or heavy equipment,andexplosives or other materials that some personor organization could use deliberately or in anopportunistic manner to cause harm.

s Availability:Availability of equipment,adequacyof response forces and of general physical securitymeasures.

7


15/29

Calculating Vulnerability

The vulnerability level is determined on a five-pointscale using estimates of the sufficiency of protectionor accessibility listed in the above factors (ProteusSecurity Group,1997).s Highly vulnerable (5):A combination of two or

more of the following with due consideration of thethreat level:s Direct access to asset or facility is possible via

one or more major highway systems. Watersideaccess is open or adjacent land areas are unoccupied,unguarded,or allow free access.

s Asset or facility is open,uncontrolled orunlighted,or security is such that threat elementsmay have unimpeded access with which to

collect intelligence,operate,and evade responseforces. Patrols,electronic monitoring,or alarmsystems are easily defeated or provideincomplete coverage.

s Individual systems within the facility,such ashazardous materials,weapons,explosives,orvehicles,are accessible with minimum force orpossibility of detection.

s Response units provide minimum effective forceto counter the experienced threat level. In-placephysical security measures do not provideprotection commensurate with the anticipatedthreat level.

s Moderately vulnerable (3):A combination of twoof the following:s Direct access to asset or facility is possible via

one or more major highway systems,but roadsystem is restricted or patrolled. Watersideaccess may be open or adjacent land areas unoccupied,but mitigating geographicconditions may be present (e.g.,lengthychannelaccess).

s Asset or facility is open,uncontrolled orunlighted,or security is such that threat elementsmay meet some resistance,be detected,oractivate a remotely monitored alarm. Access tocollect intelligence,operate,and evade responseforces is at least partially hampered. Patrols,

electronic monitoring,or alarm systems may beeasily defeated or provide incomplete coverage.

s Individual items within the facility,such ashazardous materials,weapons,explosives,orvehicles,are accessible with moderate force,ortampering may result in detection.

s Response units provide effective force tocounterthe experienced threat level. Physicalsecurity measures do not provide protectioncommensurate with the anticipated threat level.

s Low vulnerability (1):A combination of two ormore of the following,provided continualawareness of the anticipated threat level ismaintained:s Asset or facility is difficult to access from major

highway or road network,or outside access islimited by geography.

s Asset or facility has adequate,positive accesscontrol. Patrols,cameras,remote sensors,andother reporting systems are sufficient to precludeunauthorized entry,loitering,photography,oraccess to restricted areas.

s Appropriate and reasonable safeguards are takento prevent or hinder access to sensitive materials.Protection is commensurate with degree ofmaterial sensitivity and level of threat.

s Response force is able to answer aninfrastructure or facility breach with appropriatepersonnel,equipment,and timeliness.

Risk Assessment CalculationRisk assessment combines all earlier assessmentscriticality,threat,and vulnerabilityto completethe

portrait of risk to an asset or group of assets.

Numerous techniques are available for calculating risk,ranging from simple qualitative systems to those basedon complex quantitative formulas. A common featureof most methodologies is the input on which they are based. Almost every technique addresses the followingthree questions to aggregate the information obtainedin each of the assessment steps:

8


16/29

s Criticality:Asks what is the likely impact if an identified asset is lost or harmed by one of the identified unwanted events.

s Threat:Asks how likely is it that an adversary willattack those identified assets.

s Vulnerability:Asks what are the most likelyvulnerabilities that the adversary or adversaries

will use to target the identified assets.

The law enforcement executive or individual assignedto undertake these analyses can use the methodsdescribed above to determine the risk of unwantedattack on each asset.The comprehensive results of each of the assessmentscan be summarized into a risk statement with an

adjectival or numerical rating. The risk equation usedin most systems is expressed in this basic formula:

Risk = Threat x Vulnerability x CriticalityIn this equation,risk is defined as the extent to whichan asset is exposed to a hazard or danger. Threat timesvulnerability represents the probability of an unwantedevent occurring,and criticality equals the consequenceof loss or damage to the critical infrastructure or keyasset.Using this methodology in conjunction with anumerical scale or adjectival rating will produce anobjective conclusion regarding the risk to an asset.Consistency in conducting the evaluations will resultin a more accurate decisionmaking process.

9


17/29

Risk Management

Identifying Countermeasures:Where The Risk Competes withThe BudgetCountermeasures are actions,devices,or systemsemployed to eliminate,reduce,or mitigate riskandvulnerability. To assist in making studieddecisions that can be supported over time,multiplecountermeasure packages that recommend appropriateactions should be provided. Options are oftencharacterized as follows (Jopeck,

n.d.):

s Risk averse package:The preferred option,

unconstrained by financial or political considerations.This package provides a point of reference for

the expenditure necessary to minimize risk mosteffectively. This option is designed to reduce risk

to the greatest degree possible.s Risk tolerant package:The option that strikes a

balance between the needs of security andprotection and the financial and political constraintsof a state or municipality.

s Risk acceptance package:The least desiredoption,which typically reflects the highestacceptable amount of risk,but represents the leastpossible cost.

Countermeasures,such as expansion of agencystaffing,installation of equipment and new technology,or target hardening,must be evaluated or testedperiodically to ensure that improvements are actuallyworking as intended. These evaluations and testsshould verify that policies and procedures are in placeto guide how the countermeasures will be used.Countermeasures include physical security (fencing,camera surveillance,seismic monitoring devices,barricades),cyber security (firewalls,antivirussoftware,secure computer networks),personnelsecurity,and other proactive methods that industryuses to secure critical infrastructure. The CaliforniaState Agency Guidance is an outstanding example ofspecific proactive countermeasures that the state is

taking as the Homeland Security Advisory System isimplemented in California.

Building CapacityAs automation technology advances,the processof conducting risk assessment and management isbecoming more sophisticated,as noted in appendixesII and III. Law enforcement executives should availthemselves of the progress being made to ensure theyhave the ability to conduct these critical analyses.

Case Study: A Tale of One CityImagine that you are the chief of police of a communityof 75,000,located not far from a large metropolitanarea. Your mayor has recently returned from a conference for municipal executives where he receiveda briefing on risk management and how to apply it to assets and infrastructure in towns and cities. He asksyou to explain the method you use to assess risk in your community. He tasks you with conducting a riskassessment and documenting the rationale for how itwas done. He wants it completed within 2weeks.Fortunately,you previously assigned a team of yourofficers to attend risk management training. They arealready working with the fire chief,director of publichealth,city engineer,and other key public and privateowners and operators of city infrastructure to prioritizerisk in your jurisdiction. As in most cities,a number ofkey public facilities are of concern. A large electricplant supplies power to half of your state as well as a large portion of three contiguous states. A chemicalplant producing hazardous materials,some of whichmay cause illness or death,is the main employer inyour city. It receives and ships materials by rail,andthe railroads right-of-way traverses through a majorportion of your city. There is a reservoir,constructedfrom a dam on the river that runs through the city,anda pier that receives military ordnance from a navalweapons station in an adjoining county. A regionalhigh school and a number of middle and elementary

11


18/29

12

team,you conclude that the vulnerability level at thechemical plant is low,in part because the owners haveapplied a full array of the safeguards listed in your

schools are located throughout the city. A large hospital that supports the four surrounding counties is withinthe city limits. The city has the normal range ofcommercial and public facilities.

Your special team of trained police officers has beendeveloping a threat assessment in coordination withthe regions Joint Terrorism Task Force and RegionalIntelligence Center. The team has acquired the latestinformation regarding domestic criminal extremistgroups that are active in the area,and have currentintelligence on two international terrorist groups thatteam members them to determine that these groups

are targeting sites within your region. Based on thisintelligence,your region has been operating under anelevated threat level of condition Yellow,as definedby the Homeland Security Advisory System. Using allintelligence data available,in conjunction with the riskassessment steps provided earlier in this monograph,you determine that your community and itssurrounding areas are at a medium threat level.Your assessment team has been working closely withthe critical infrastructure owners and operators withinyour area. Since September 11,security has becomeofgreater concern to private firms. Each hasconducted a risk management assessment and hasworked diligently to implement the necessarycountermeasures. Using the vulnerability assessmenttechniques delineated above and verified by your

vulnerability assessment methodology. In an objectiveseries of assessments,you find that the weapons andammunition pier is moderately vulnerable. Comparedto other assessed facilities,this poses a major concern.A criticality assessment determines that ordnance isbeing transferred through the pier and stored aboardmoored vessels. With a war underway,this createsa level of extreme criticality. You apply the data previously gathered and rate each of the assets andcritical infrastructures in your community against therating system provided above,and find that theordnance pier is a major risk to your community.You present your findings to the mayor,who raisesquestions regarding your risk assessment. Your riskanalysis provides you with the appropriate data tomake an objective case and to delineate requirements.You provide countermeasure proposals,includingcoordination with state and federal authorities,toensure that security improvements are prioritizedwithin the currently identified necessarycountermeasures.With few modifications,the above scenario is onethat actually confronted a chief of police. Withoutconducting a risk analysis,it would have been easy butincorrect to conclude that the chemical plant,in thiscase,was most at risk. Objective assessment revealedthat the exposed ammunition pier was the primary riskto the city and required attention. Actions were taken,accordingly,to improve the security of the pier.


19/29

Summary

On September 11,2001,the country realized themagnitude of the terrorist threat to the homeland.

It took this cataclysmic event for the country to directresources to law enforcement agencies so they couldbegin to build the capacity they need to deal withterrorism. The emergency services community ispositioned to become better prepared to deal with

threat. Law enforcement executives must realize,however,that resources remain limited at all levelsof government. They must also realize that to becomeproficient in the entire gamut of risk management,and to ensure that staff can accomplish these analysesor gain access to those who can,is an operationalimperative.

13


20/29

Appendix I: Promising Practices/Resources

Numerous resources,some more detailed andinvolved than others,are available to help law

enforcement executives and their agencies conduct andgain mastery of risk assessments. The VulnerabilityAssessment Methodologies Report,a comprehensivestudy sponsored by DHS,Office for DomesticPreparedness,provides . . . an analysis of various commercial and government vulnerability assessmentmethodologies which can be used by state and local governments to assess risk associated with their areaof responsibility.The report lists the followinggovernment methodologies for consideration:Draft National Infrastructure Protection Plan(NIPP):The draft NIPP will be published in finalform in fall 2005 by DHS,and will serve as thefoundation of risk assessments for the nations criticalinfrastructure. It will provide specific guidance anddirection to interested parties to produce comprehensiverisk assessments for terrorist attacks in a consistentformat and will provide the framework for integratingcritical infrastructure protection initiatives into a singlenational effort.DHS Assessment and Strategy Development ToolKit:This is the program guideline used by DHS,Office forState and Local Government Coordinationand Preparedness. It applies to all missions and sectorsandhelps identify potential targets. It is also helpfulin conducting vulnerability assessments to use inapplyingfor baseline grant funding for state domesticpreparedness equipment and other federally fundedrequirements. The guideline is available at www.shsasresources.com/documents/state_handbook.pdf.Business Continuity Management (BCM)Methodology:This methodology was createdspecifically for financial institutions. It addressesidentifying and determining the value of an asset;identifying threats to disclosure; calculating theconsequences of loss or disruption; assessing technicaland nontechnical weaknesses or vulnerabilities; andcalculating risk by integrating the threat andvulnerability assessments.

California Highway Patrol Crime Prevention Plan:This plan provides guidelines for awareness,riskassessment,and mitigation actions. It includesquestions for self-assessment and is directed primarilytoward the physical security of law enforcementfacilities.State of Colorado Critical Infrastructure and KeyAsset (CIKA) Assessment Methodology:Thissoftware package is designed for critical infrastructureand key assets. It allows the user to self-assess witha numerical 05 rating scale based on the followingCIKA factors:visibility,value,accessibility,hazard,population,mass casualties,criticality,servicedisruption,primary function,and geographic impact.The total score represents the criticality/vulnerabilityrating for the identified critical infrastructure and keyasset.

Method to Assess the Vulnerability of U.S.Chemical Facilities:This is a prototype vulnerabilityassessment methodology (VAM) developed especially

15

Assessment:

response capability of local health departments andhospitals. It enables users to rate vulnerability on a

for chemical facilities by Sandia National Laboratoriesand the National Institute of Justice. It comparesrelative security risks and allows for development ofrecommended measures to reduce risks.

North Carolina Terrorism Vulnerability Self-

This general guidelines worksheet forstate agencies can be used for all sectors,but isparticularly appropriate for assessing the bioterrorism

scale of 120 (low to high) in the following areas:potential terrorist intentions,specific targeting,visibility,onsite hazards,population,mass casualtypotential,security environment,criticality,high-riskpersonnel (critical to continuity of business andgovernment),communications,security,andemergency response preparedness. This worksheetisavailable at www.nccrimecontrol.org/forms/terrorismselfassessment.htm.


21/29

16

Sandia National Lab Community VulnerabilityAssessment Methodology (VAM):This planappliesto all mission and sector categories,in addition toeducation; recreation venues such as parks,museums,and tourist attractions; emergency facilities; foreign-

represented governments (such as embassies,residences,businesses); and special divisions suchasabortion clinics and religious facilities. Thismethodology was developed as a prototype for theChemical Facility Vulnerability Assessment Projectand lays the foundation for a computer-basedvulnerability assessment tool. Sandia NationalLaboratories uses Dams Security AssessmentMethodology,Water Supply and Treatment VAM,Vulnerability Analyses and Security Design Reviewsfor Correctional Facilities,and VAM for CommunityVulnerability (VAMCF).

s Risk Management:An Essential Guide toProtecting Critical Assets:www.nipc.gov/publications/nipcpub/P-RiskManagement.pdf.

The California State Agency Guide:In this document,published in March 2003,the California GovernorsOffice of Emergency Services integrates the federalHomeland Security Advisory System (HSAS) into the

California HSAS. The 95 protective measuresdescribed for implementing the five color-codedfederal threat conditions are comprehensive and usefulfor all levels of governmental and law enforcementjurisdictions.Orange County Sheriffs Office,Santa Ana,California:Sheriff Mike Corona has developed aformal Threat Assessment Team for Major Countiesand is part of the Integrated Multi-Agency IntelligenceGathering Group. Together,these two groupscoordinate all homeland security activities bygathering and sharing intelligence,assessing possiblethreats,and planning and conducting all homelandsecurity operations.The Red,Gray,and Blue Model:A New Tool toHelp Law Enforcement Executives Address theTransformed Security Environment:This article,published in the February 2002 issue ofPoliceChiefMagazine,provides insights and practicalrecommendations for assessing the threat,theenvironment,and the ability of law enforcementexecutives to operate in the arena of weapons ofmasseffect.


22/29

Appendix II: Homeland SecurityComprehensive Assessment Model(HLSCAM): Up and RunningE

ven though methods for performing threat,risk, s The State of Florida to assess all state-ownedand vulnerability assessments; security analyses; facilities and infrastructure as mandated by state

and security surveys existed previously,few related to statute.one another and the definitions they provided oftenoverlapped or were unclear. HLSCAM is the first s Florida Department of Emergency Managementmodel to integrate assessments and indicate the order to assess all emergency operations centers. Thisof priority in which critical facilities and infrastructure department must use HLSCAM methodology toare assessed. receive grant money for improvements.The HLSCAM methodology was created by the s Various local jurisdictions throughout Florida haveNational Domestic Preparedness Coalition,Inc. been trained and are in the process of completing(NDPCI),a nonprofit,public and private partnership HLSCAM for their areas of responsibility.led by the Orange County (Florida) Sheriffs Office,the West Virginia University School of Medicine,and s Alltel Stadium in Jacksonville,Florida,to bethe West Virginia National Guard. HLSCAM is a assessed for Super Bowl XXXIX using thegrassroots effort developed by emergency responders HLSCAM methodology.for emergency responders.

s The State of West Virginia to use HLSCAM toNDPCI created HLSCAM after recognizing the need assess critical facilities,infrastructure,and eventsfor a uniform,comprehensive, and holistic method ofperforming assessments by federal,state,county,local,and private organizations charged with protectingcitizens,facilities,and infrastructure from terrorismand other hostile criminal activity. HLSCAM

throughout the state.s The National Guard Bureau has adopted the

HLSCAM methodology as the baseline

assessment for the Full Spectrum Vulnerabilitycomplies with all four objectives of Homeland Assessment in all 50 states.Security Presidential Directive 7,the National CriticalInfrastructure Protection Plan,and the National s The National Park Service to use HLSCAM,inIncident Management System (NIMS). conjunction with the Pennsylvania State Police,to

assess Independence National Historical Park,The states of Florida and West Virginia have adopted located in downtown Center City,Philadelphia.the HLSCAM methodology as their assessmentmodels. Plans and accomplishments include the

Methodologyfollowing:HLSCAM is a 5-part continuous process consisting

s Florida Regional Domestic Security Task Force to of the following:assess all seven regions of the state. Individualsfrom all 67 counties have been trained,and the s Threat assessment:Examines and definessecond round of training has been completed. a community; identifies critical facilities,

infrastructures,and events; identifies threats I-Florida Grant Project to assess state-owned groups;and determines the likelihood that,given

bridges. the current intelligence or designated federal,state,or local threat levels,a specific target will be

s Florida Department of Transportation to assess all subject to terrorist or hostile criminal attack.FDOT facilities and infrastructure.

17


23/29

18

s Criticality assessment:Determines the overallimpact of a terrorist attack on a given target and

the adverse effect it has within a community.s M/DSHARPP Matrix:Used to analyze criminal

and/or terrorist targets that have been identifiedthrough the community threat assessment andcriticality assessment. M/DSHARPP furtheranalyzes potential targets using informationobtained in the threat assessment,and looks atthe target through the threat groups perspective.

s Community priority assessment plan:Derived from the criticality assessment and theM/DSHARPP Matrix,used to determine theorder of priority for the vulnerability assessment

of critical facilities,infrastructure,and events asidentified by the community threat assessment.

s Vulnerability assessment:A critical onsite physicalexamination and thorough inspection of an assetsperimeter,property within its perimeter,andexterior and interior building spaces,to include alloperational systems and procedures along with thesecurity of a facility.

Automated HLSCAM

Because of HLSCAMs broad scope ofimplementation,NDPCI partnered with Intelliorg,Inc.,to automate HLSCAM,optimize its application,and enable efficient and accurate training of lawenforcement personnel. The end product,

Automated

HLSCAM,is now available.In June 2004,NDPCI received a grant from theOffice of Domestic Preparedness to demonstrate theHLSCAM methodology and Automated HLSCAMin the states of Florida and Mississippi.

TrainingNDPCI provides classroom training sessions thatcover all aspects of the HLSCAM methodology.Students representing many disciplines andbackgrounds,including all emergency responseproviders,attend these 3-day courses offered at avariety of locations throughout the nation. TheHLSCAM training course provides students,inconjunction with their jurisdictional expertise,withaworking knowledge of the HLSCAM process aswellas tools for using the HLSCAM model in theirparticular community.


24/29

Appendix III: A Promising Program

Operation Archangel: A MajorStep in the Right DirectionOperation Archangel is an initiative being developedby the city and County of Los Angeles,the CaliforniaState Office of Homeland Security,and DHS. Itsprimary focus is to prevent terrorist acts and criticalincidents. It will eventually become applicable andexportable to all levels and sizes of government lawenforcement agencies.Operation Archangel is divided into four distinct,yetintegrated,initiatives:s Identification and Prioritization of Critical

Assets:Archangel has established a criterion,orstandard,for identifying assets that are deemedcritical. The Archangel definition of a critical assetis the product of an indepth,nationwide study ofworking models and publications that involvedsubject matter experts and stakeholders. TheArchangel Critical Asset Definition will be usedduring a comprehensive reinventory of the city of

Los Angeles,and is currently being considered foruse by the California State Office of HomelandSecurity as its statewide standard. This definitionwill be used to help determine resource allocation.

s Critical Asset Assessments (CAAs):Archangelfeatures the following three-tiered template forconducting critical asset assessments from amultiagency perspective:s Conduct appropriate vulnerability assessments

(VAs) to determine and reduce a locationsdegree of vulnerability.s Harvest detailed,location-specific information

(e.g.,names,phone numbers,floor plans,exterior signs/characteristics) in readinessinformation folders (RIFs) for use by preincidentplanners and onsite incident commanders duringcritical incidents.

s Draft site-specific,preincident securityenhancement plans and postoccurrence

action plans to provide planners and incidentcommanders with tactical guidance and insightin the field.

s Archangel Critical Asset Management System(ACAMS):Archangel is working with DHS todevelop an interoperable database to manage thewealth of information associated with criticalassets. The ACAMS development process has been

broken down into three specific informationcollection and planning phases:s Critical asset information,including site-specific

preincident security enhancement plans,for useby strategists to prevent and deter incidents fromoccurring.

s Response information folders containing site-specific facility information.

sSite-specific postoccurrence action plans for the

incident command staff to use should an eventoccur to the asset despite efforts to the contrary.

s Archangel Security Augmentation Teams(SATs):SATs are plainclothes,low-profile teamsofpersonnel specifically trained and uniquelyequipped to provide a comprehensive cloak ofsecurity to a threatened asset. Primarily,a SATwould be deployed when intelligence indicates thata reasonable threat may be directed at a criticalasset or event. However,in the absence of clearintelligence,the SAT would deploy to critical assetsthroughout its area of responsibility,providing alow-key,but nonetheless visible and viable,enhancement to the resident security measures.

19


25/29

Appendix IV: Risk Assessment Training

The courses listed below are available to the lawenforcement community and should be considered

for integration into the training of personnel who aretasked with conducting risk and threat assessments:s Weapons of Mass Destruction:Threat and Risk

Assessment (Local Jurisdiction):DHS,Border andTransportation Security,ODP,offers this course,which is delivered by the National EmergencyResponse and Rescue Training Center,TexasEngineering Extension Services,a member ofNDCPI. The objective of the course is to teachattendees how to conduct comprehensive riskassessments and identify necessary countermeasures.The course is free to eligible jurisdictions,asdetermined by ODP. To enroll in this course,phone18003686498,or go to www.fema.gov/compendium/course.

s Homeland Security Comprehensive AssessmentModel (HLSCAM):HLSCAM is a 5-partcontinuous program that consists of threatassessment,criticality assessment,an analyticaltarget matrix,a community priority assessmentplan,and vulnerability assessment. NDCPI providestraining that teaches students how to use theHLSCAM model in their particular communitiesin conjunction with their jurisdictional expertiseandgives students a working knowledge of theHLSCAM process. For information regardingthiscourse,contact NDCPI at 4072547100 ore-mail [email protected].

s State Strategy Technical Assistance:Under theState and Local Domestic Preparedness TechnicalAssistance Program,ODP has implemented aStateStrategy Technical Assistance componenttohelp states meet the needs assessment andcomprehensive planning required under ODPsFiscal Year 1999 State Domestic PreparednessEquipment Support Program. More specifically,State Strategy Technical Assistance assists states indeveloping and implementing a 3-year state strategyto enhance a jurisdictions preparedness for aterrorist incident involving weapons of mass

destruction. The goals of the program are toenhance the statesand local jurisdictionsunderstanding of the assessment process; theirability to conduct assessments; and their ability todevelop a 3-year state strategy. ODP is providingthree distinct training sessions to better preparestate and local jurisdictions to meet each programgoal. For further information on the HomelandSecurity Preparedness Technical AssistanceProgram,call ODPs Help Line at 18003686498or e-mail [email protected].

s Assessing Terrorism Related Risk Workshop:This workshop,provided by the S2 Safety andIntelligence Institute,aids security and public safetyplanners in developing an effective methodology forevaluating terrorism-related risk. It introduces thevarious types of terrorism-related risks and walksthe students through the process of conducting aqualitative risk assessment. It uses exercises to helpstudents understand the process of risk assessmentand to teach them how to apply risk managementprinciples to anti-terrorism and security planning.

In addition to exploring risk management principles,this workshop introduces students to unique challengesand solutions for evaluating vulnerability in specifictypes of terrorist attack scenarios. Some of thevulnerability assessment methods explored during theprogram include quantitative performance-basedphysical security assessment,qualitative blastvulnerability assessment,and analysis of vehiclebarrier design and performance.The workshop is intended for security managers,facility managers,military force protection officers,emergency planners,and city and government planningofficials,and is restricted to verified security,lawenforcement,and government employees only. CHS-certified practitioners are eligible for 16 hours ofCEU/inservice training credit through the AmericanCollege of Forensic Examiners. Assessing TerrorismRelated Risk is presented in two 8-hour days. Formoreinformation,call 7274610066 or go tohttp://222.s2institute.com.

21


26/29

References

Jopeck,Ed. n.d. Continuous Risk ManagementANext Generation Approach to Security Management.Draft monograph prepared for Veridian-TridentSystems,Alexandria,VA.National Emergency Response and Rescue TrainingCenter. n.d. Assessment and Strategy Development:Introduction to the Assessment Process. Briefing.College Station,TX:Texas Engineering ExtensionService.Needle,Jerome A. 2004. Post September 11 Policing:Best Practices for Managing New Realities.Survey.Alexandria,VA:International Association of Chiefs ofPolice.

Proteus Security Group. 1997.Risk:A Risk Model.Monograph. The Proteus Security Group,Inc.Available online at http://members.aol.com/proteus101/risk.html.The White House. 2003. The National Strategy for thePhysical Protection of Critical Infrastructure and KeyAssets.Washington,DC.Wohlstetter,Roberta. 1962. Foreword to PearlHarbor:

Warning and Decision.

Palo Alto,

CA:

Stanford University Press.

23


27/29

Bibliography

Association of American Railroads. 2002. Terrorism,Risk Analysis and Security Management Plan.Washington,DC.Flynt,Bill,and Ron Olin. 2002. The Red,Gray andBlue Model. The Police Chief Magazine.69(2)(February).Jopeck,Ed,and Geoff French. 2003.Risk Analysisand Risk Management:Considerations for HomelandSecurity. Alexandria,

VA:

Veridian.

Kempfer,Hal. 2002. Threat Assessment ProcessSupporting Risk and Vulnerability Assessments.LongBeach,CA:Knowledge & Intelligence ProgramProfessionals.Marynik,Jerry. 1998. Threat Assessment GuideEvaluating and Civilianizing Criminal ExtremistGroups. Sacramento,CA.:California Department ofJustice.National Institute of Justice. 2002. Chemical Facility

Vulnerability Assessment Methodology.Special Report.U.S. Department of Justice,NCJ 195171.New York State Office of Public Security. n.d. TheNew York State Homeland Security System Definition.Albany,NY.North Carolina Department of Agriculture andConsumer Services. n.d. Terrorism ThreatVulnerability Self Assessment Tool.

Parachini,John. 2000. Combating Terrorism:Assessing Threats,Risk Management,andEstablishing Priorities. Testimony before the HouseSubcommittee on National Security,Veterans Affairs,and International Relations.Major Cities Chiefs Association. 2004. Terrorist AlertPolicy:Local Law Enforcement Threat Guidelines.Prepared for the Office of Domestic Preparedness.Washington,DC:U.S. Department of HomelandSecurity.

Office for Domestic Preparedness. 2003. VulnerabilityAssessment Methodologies Report.Phase I finalreport. Washington,DC:U.S. Department ofHomeland Security.U.S. Department of Homeland Security. 2003.Assessment and Strategy Development Tool Kit.Original edition,U.S. Department of Justice,1999.Washington,DC.

25

Combating

U.S. Department of Homeland Security. n.d.

Homeland Security Advisory System. Available onlineat www.dhs.gov/dhspublic/display?content=3927.U.S. General Accounting Office. 1998.

Terrorism:Threat and Risk Assessments Can HelpPrioritize and Target Program Initiatives.Washington,DC.The White House. 2001.National Strategy forCombating Terrorism. Washington,DC.


28/29

Bureau of Justice AssistanceInformationBJAs mission is to provide leadership and services in grant administration andcriminal justice policy to support local,state,and tribal justice strategies toachieve safer communities. For more indepth information about BJA,itsprograms,and its funding opportunities,contact:Bureau of Justice Assistance810 Seventh Street NW.Washington,DC 205312026166500Fax:2023051367www.ojp.usdoj.gov/BJAE-mail:[email protected] BJA Clearinghouse,a component of the National Criminal Justice ReferenceService,shares BJA program information with federal,state,local,and tribalagencies and community groups across the country. Information specialists provide reference and referral services,publication distribution,participation andsupport for conferences,

and other networking and outreach activities. The

clearinghouse can be contacted at:Bureau of Justice Assistance ClearinghouseP.O. Box 6000

Rockville,MD 20849600018008513420Fax:3015195212www.ncjrs.govSend questions or comments to http://www.ncjrs.gov/App/ContactUs.aspx.Clearinghouse staff are available Monday through Friday,10 a.m. to 6 p.m.eastern time. Ask to be placed on the BJA mailing list. To subscribe to the electronic newsletterJUSTINFOand become a registeredNCJRS user,visit http://ncjrs.gov/subreg.html .


29/29

PRESORTED STANDARD

POSTAGE & FEES PAID

DOJ/BJAPermit No.G91

U.S. Department of JusticeOffice of Justice ProgramsBureau of Justice Assistance *NCJ~210680*Washington,DC 20531Official BusinessPenalty for Private Use $300

Documents

Assessing and Managing the Terrorism Threat