Awareness that traditional methods of assessing the risk of adversary attack are inadequate seems to be growing. One example is this SRA press release from last month referring to Parnell, Smith, and Moxley’s work. Another example is this DHS announcement.
The problem of assessing the risk of adversary attack is rooted in part in two key principles of conflict and risk identified by Michael Handel in War, Strategy, and Intelligence. The first principle is the reciprocal nature of conflict:
… the reciprocal nature of all action in war means that attempts to grasp its complexities through a static, unilaterally based concept will never succeed…. a realistic approach must consider how one’s adversary interprets the war as well. Thus, perceiving the nature of a war is a reciprocal and dialectic process in which it is important to consider how one side’s perspective and actions affect the other side’s actions and reactions.1
The second principle is what Handel refers to as the “paradoxical nature of the calculus of risk”:
Superficially, it is rational to assume that very high risk strategies, whose apparent chances of success are low, are normally unacceptable whereas lower risks would be readily taken. In reality, such assumptions may be less than rational: an attacker can calculate that because attacking at a certain place or time would involve high costs, his adversary would rationally conclude that the probability of choosing this strategy is extremely low. Paradoxically then, option for a high-risk strategy might be less foolhardy than is first assumed.2
He notes as well that
… the idea that something ‘cannot be done’ is one of the main aids to surprise …. Experts tend to forget that most military problems are soluble provided one is willing to pay the price.’ But once someone is prepared to pay a high price, it may be added, his price is actually reduced. This leads to the following paradox: ‘The greater the risk, the less likely it seems to be, and the less risky it actually becomes. Thus, the greater the risk, the smaller it becomes.’3
Reciprocal net assessment (RNA), is designed to address these issues by explicitly modeling (1) the reciprocal and dynamic nature of conflict and (2) differences between the opponent’s perceptions. RNA is based on hypergame analysis, an extension of game theory in which the players are free to perceive different games. That said, an analyst does not need to understand game theory or hypergame analysis to apply RNA; all that is needed is an understanding of these five basic concepts:
- Any player may perceive or misperceive the other players’ options, preferences, and intent;
- What each player perceives or misperceives influences each player’s intent;
- Perceptions are based on information and awareness;
- Perceptions can be manipulated; and
- A player who perceives an opponent’s misperception secures an advantage.
In the coming months and years I am certain we will see other approaches emerge as decision makers and analysts recognize the problem and acknowledge the limitations of existing methods. Until then, analysts and decision makers must be cautious when applying the results of more traditional risk assessment methods.
Dr. Mark Mateski is the founder of Red Team Journal.
{ 2 comments }
Fred Leland 01.26.10 at 8:01 am
Just getting to this post which i feel is very good and speaks to a very valid and often forgotten aspect of assessing threats. A walking, talking and thinking human being as our adversary. Mindset, motive and intent are the center of gravity and where our focus of effort should be in our efforts to assess threats and prevent violence.
I have written a couple of pieces at my blog with my thoughts on the topic. here are the links http://lesc.net/blog/conflict-violence-and-art-operations-hellipconnecting-end-strategy-means-tactics and http://lesc.net/blog/coffee-and-conversation-interaction-insight-and-imagination-and-initiativehellipthe-building-bl
Your post here is very interesting. I will link to my site as well.
Chris Flaherty 01.27.10 at 7:09 am
My work on 3D tactics and also 3D vulnerability analysis grew out of the need to develop a tactical lexicon about how an attack is thought about in complex space, in order to fill-out the scenario narratives, needed to focus the engineering and security team (as well as the client) on particular vulnerability clusters within urban spaces. This was needed in order to circumvent the need for a threat assessment, where none was forthcoming or could be produced. This is the reasoning behind my article on this web site – Flaherty, C. (12 July 2009) A New Approach to Mass Space. Red Team Journal.com. URL: http://redteamjournal.com/2009/07/a-new-approach-to-mass-space/
Problematically, in general terms the issue of the adversary is becoming increasingly vexed. I say this because we have available at hand, methodologies outside of traditional security risk analysis, such as: (i) red teaming; (ii) threat assessments; or (iii) pre-identification of potential critical targets. All of which, instead of being component methodologies, are becoming compartmentalised competitors in the market for the client dollar. The added issue is that the original distinction between risk management, which looked at all-hazards, and security risk management was that in security risk management the risks are the result of either criminal or malicious human interference (causing the very risk that the security risk manager was trying to mitigate). Problematically, the later issue of focus on ‘human interference’, was not developed because of the nullifying effect of the standard definition of a security risk as – “intent + capability”. Thus, the enemy party so to speak, could be treated as relatively neutral within the assessment process. My view is that, we need to conceptually focus in addition on ‘motive’, because that then brings into play the need to assess a real assailant in the equation.
Comments on this entry are closed.