WIXLIB

United States Coast GuardRisk ManagementOverviewLCDR David CooperCG-512: Office of Performance Management and AssessmentDavid.w.Cooper@uscg.mil202-372-2588

“Because it is not feasible to secure ourhomeland against every conceivablethreat, we have instituted riskmanagement as the primary basis forpolicy and resource allocation decisionmaking.”» - DHS Strategic Plan 2008-2013

Secretary of Homeland Security“Given the extensive number of vulnerabilities to manmadeand natural disasters and the limitations on resources,determining national priorities and the judicious distributionof resources are a major element of the department’smission. What is the status of risk analysis metrics andwhat is the plan and time frame for setting up a full-blownsystem to govern the establishment of critical infrastructureprograms, the priorities among national planning scenarios,and the distribution of grants to state, local, and tribalentities? More broadly, how can DHS enhance riskmanagement as the basis of decision making?Secretary Napolitano Issues First in a Series of Action Directives 21JAN09

National Strategy for Homeland Security. . . We must apply a risk-basedframework across allhomeland security efforts inorder to identify and assesspotential hazards (includingtheir downstream effects),determine what levels ofrelative risk are acceptable,and prioritize and allocateresources among allhomeland security partners

USCG & Risk Management A Principle of USCG Operations Challenging due to the multi-missionnature of the organization One criteria in USCG decision making Ultimately – an Integrated PerformanceManagement System for Risk, Readiness& ROI

Basic Elements of RiskRiskUnderstandingHow likelyis it?What cango wrong?What arethe impacts?Risk ƒ Likelihood x ConsequenceFoundation for Risk Assessment Historicalexperience Analyticalmethods Knowledgeand intuition

Key Coast Guard Risk Efforts Maritime Security Risk Analysis Model (MSRAM): field level risk analysis tool tosupport terrorism risk management decisions at all levels; integrates national levelthreat with geo-specific vulnerability and consequence data. Ports, Waterways and Coastal Security (PWCS) Outcome measure: Built offMSRAM we utilize a simplified, scenario based, event tree model to calculate theexpected risk reduction of CG operational, regime and domain awareness activities. National Maritime Strategic Risk Assessment (NMSRA): an all hazard / all missionrisk assessment; shows the residual risk or the risk after Coast Guard intervention inthe maritime domain. Risk Management Module: Builds a field level, all mission risk analysis tool based offthe NMSRA to support operational planning, and risk management decisions.Challenges: For terrorism profiles, we have a data-poor problem set with significantuncertainty of expected attack frequencies, and to some extent consequence. Heavy reliance on Subject Matter Expert judgment assessing public “risk tolerance”, accepted/equated values across consequence types and indirect or secondaryimpacts, geographic risk factors, including dealing with threat shifting and changes overtime. Still a burgeoning field

Collaborative Efforts DHS Risk Management and Analysis (RMA) efforts– Homeland Security National Risk Assessment CREATE: Strong partnership to include:– Review of Coast Guard terrorism risk efforts– exchanging ideas and best practices– discussing and sharing methods, models, data, etc Leveraging CREATE strengths in– Risk analysis– Economic assessment, particularly calculation ofindirect/secondary economic impact consequences– Resource allocation methodology

Questions?

Back-up slides

Risk Assessment Phase is focused on defining the “problem”FY11 Risk Assessment Strategic Risk Operational Risk– National Maritime Strategic RiskAssessment Mission Support Risk Institutional Risk

Risk Assessment Methodology Name the undesirable incidents and scenarios within purviewthat cause public loss– Statutes, Mandates, Roles and Missions Scope– Time horizon Consequence Table Describe, for each incident the best way to estimate andrepresent the risk:– Likelihood: Threat * Vulnerability * Consequence Frequency * Consequence Assess the Risk– Systematic approach based on the HAZOP analysis technique– Performed using a team of subject matter experts– Leverages historical incident information and applicable models/studies.

Incidents Grounding Drug smuggling Collision/Allision Illegal migrant entry Flooding/sinking Seasonal conditionsaffecting waterways Fire/explosion Personal injury/illness Oil spills Discharge of debris/sewage Release of HAZMAT Species damaged by marineoperations Interruption of militaryoperations Periodic/expected naturaldisaster Non-maritime incidentaffecting a waterway Nation state attack Invasive speciesintroduction Attack on Port Infrastructure U.S. EEZ encroachment Transfer of Terrorist Fish stock non-sustainability Transfer of WMD

Example Maritime AccidentGrounding of a Container Ship that results in:Deaths/Injuries1 Crew MemberKilled Property Damage 15M of Damage toShip and CargoEnvironmental Impacts5K Barrels of Fuel Oil SpilledRisk assessmentprocess estimates thenational expectedfrequency thatgroundings of containerships result in impactsof each type andseverity level

Facilitated analysisof scenariosEnterprise Data SourcesMethod& ToolNationOilSpillState isSpehingcieDiss Inchatrodrgeuctionof upgWtionatof Merwayilitary OperatioSeanssonal ConditionsFire-ExploIllesiongalMigSperanciet dingSinkinPergsonnelMishapDr ugSmuAttagglingckNaonturaPorl Dit Insasfrastertructureor MTSCollisionForAllisioeignn Illegal FishingProcess OverviewExpert judgment6000500040003000200010000Risk Profiles

OilSpillState ANottacn-MkaritimeDoIncmeidesticntInvIllegasial FveishSpeingcieDiss Inchatrodrgeuctionof ingtionWaterwof Mayilitary OperatioSeanssonal ConditionsFire-ExploIllesiogalnMigraSpent EcieResDntryleaamseageof onnelMishapDr ugSmuAttagglingckNatuonralPorDist Inastfrasertructureor MTSCollisionForAllisioeignn Illegal Fishing2006 Residual Risk ResultsAll incidents (excluding transfer of WMD or terrorists)6000Severity50004000Important Note: These are not suggestedresourcing profiles! Context is required beforethese profiles are able to meaningfully informplanning and budgeting 00013

Transfer ofWTraMDnsfer of TerrorFloistodingSinPerkingsonnelMishapDr ugSAttamugglckingNaontPorural Dit Insasfrastertructureor MTSCollision-AForllisieigonn Illegal FishingOilNaSpitionllState ANon-MttacaritkimDoe InmecidsticentInvIllegasiveal FiSpeshicngiesDischaIntrodurgectioof tintiongWateof Mr wailitayry OperSeaatiosonnsal ConditionsFire-ExploIllesiogalnSpeMigcierant EResDleantryamsageeofdbHAyMZMarinATeOperations2006 Residual Risk ResultsAll incidents35000300002500020000150005000Due to the highly uncertain nature ofterrorism attacks, we conductsensitivity analyses on the crediblerange of frequencies andconsequences for these attacks.Vessels/WateVer sisselsde/SAttachorekVesidsseAelsttaVe/Ackssir celsraft A/Stanttad-ockff itaacel/tioeAn/ExttaIntplockeritanaltioFon/rc eExFaterc ilsit ienalFs/orWceFaatesc ilr siit iedes/AShttackoreFasidc ileAit ies/ttaFaAirckc ilit iecr as /Sft AtanttaFackdc iloffit ies /SWeubap- suonsr 000FromMSRAM013

Uses of NMSRA Risk Information Strategic Planning Direction Commandant’s budget intent Performance target setting process Operational effectiveness modeling Requirements development Mission analysis Resource Proposal development and evaluation Resource allocation

Maritime Security Risk Analysis ModelObjectiveCreate a field-level risk analysis tool to supportrisk management decisions at all levels Support tactical decisions at the field level byenabling users to consider the full spectrum ofterrorist risks to assets within their AOR Support operational and strategic decisions by rollingup of field-level risk assessments to portray riskdensity of targets Sector, District, Area, HQ

How our PWCS / CMT Measure Works1) Assessment of Risk - the 15 Scenarios that cause the most risk Transfer through the Maritime Domain of Terrorists Use of Vessel as Weapon - Exploitation by Internal Forces Transfer through the Maritime Domain of WMD Use of Vessel as Weapon - Exploitation by External Forces Waterside attack on Vessel Waterside attack on Facility Shoreside attack on Vessel Shoreside attack on Facility Aircraft attack on Vessel Aircraft attack on Facility Stand-off Weapons attack on Vessel Stand-off Weapons attack on a Facility CBRNE attack on Vessel Sub Surface attack on a Facility Sub-surface Attack on VesselThreatVulnerabilityXConsequenceX Risk the CGcan Impact(we own)2) Assessment of PerformanceCoast GuardT ReductionXCoast GuardV ReductionRisk we ReducedRisk we can Impact (own) X Coast GuardC ReductionOur AnnualPerformance(% Risk Reduction) 15%2007Risk the CGReduced 20%2008

CMT Strategic Risk ModelA simplified, scenario-based, event tree model used inplanning efforts to: Illustrate the layered security strategy that the USCG provides/couldprovide against each meta-scenario’s continuum to prevent, protect,respond, and recover Define the roles of USCG activities and how they relate to oneanother (e.g., detection, intervention, support) Calculate the magnitude of risk that is being reduced by the layeredsecurity strategy Provide a mechanism for estimating the risk reduction importance ofindividual activities within the layered security strategy for a scenario Estimate the cost associated with performing each activity/groups ofactivities

Step 1 – Define theScenarioLegend:Prevention(Threat Reduction)Protection(Vulnerability Reduction)Response & Recovery(Consequence Reduction)Waterside attack on Vessel Scenario

Step 2 – Identify USCGInterventionsSuspect VesselBoardingWaterside attack on Vessel Scenario1Specialized2Use of ForceEnd GameProsecutionLegend:Prevention(Threat Reduction)Protection(Vulnerability Reduction)Response & Recovery(Consequence Reduction)3EscortVesselIntervene After5Attack - Response4

Step 3 – Identify whichinterventions depend onexternal detectionSuspect VesselBoardingWaterside attack on Vessel ScenarioProvides detectionfunction to cue“dependent” activities1IntelSpecialized2Use of ForceEnd GameProsecutionLegend:Prevention(Threat Reduction)Protection(Vulnerability Reduction)Response & Recovery(Consequence Reduction)3EscortVesselIntervene After5Attack - Response4

Step 4 – Estimate theprobability that the activity failsto perform its roleSuspect VesselBoardingWaterside attack on Vessel Scenario93%Provides detectionfunction to cue“dependent” activities1Intel50%Specialized2Use of Force18%End GameProsecution35%Legend:Prevention(Threat Reduction)Protection(Vulnerability Reduction)Response & Recovery(Consequence Reduction)EscortVesselIntervene After5Attack - Response93%83%4

What types of activities wereassessed? Probability that USCG activities successfullyperform their role:– Detection Activities (e.g., MDA) Probability ofsuccessfully detecting, tracking, and communicatingattack information to dependent activities– Dependent Activities Probability of successfullyintervening given cuing by MDA– Independent Activities Probability of successfullydetecting and intervening