Content area
Full Text
Introduction
Government strategies advocate reducing risk to critical infrastructure and key resources (CIKR). Academia provides various theories and methodologies to do so. Furthermore, governments and academics have advocated deterrence theories and strategies both prior to and post-9/11, with the post-9/11 advocacy emphasizing CIKR protection in addition to classical deterrence theory. Therefore, with respect to CIKR, there are two areas of study: reducing CIKR risk, and deterring attacks, each of which can trace their theoretical roots back to different sources. Often, these studies address networks of CIKR, beyond just individual infrastructures.
As we will show, lots of government documents and academic articles focus on risk reduction and deterrence, sometimes simultaneously. With limited resources, CIKR stakeholders naturally want decision frameworks to support investments. If the objective is to deter, that may have certain implications for investment, a natural practitioner concern. If the objective is to reduce risk, that may have different implications.
However, the objective might be to account for both deterrence and risk reduction. If CIKR stakeholders understand how deterrence metrics influence risk-reduction efforts, they may view investments differently. In addition, this may have significant implications for risk-reduction metrics reporting.
Taquechel and Saitgalina (2018)1 advocate that those responsible for exploring risk-reduction metrics in antiterrorism programs should assess:
“whether metrics can accommodate quantifiable deterrence/adaptive adversary considerations, network exploitation susceptibility, and/or network effects on consequence and resilience.”2
Research Goals
Given the above problem statement, we want to explore whether we can, given limited resources:
1. Reduce risk to CIKR in an optimal fashion while also maximizing deterrence
2. Optimally increase network resilience while maximizing deterrence
Alternatively, there may necessarily be trade-offs between risk minimization/resilience maximization and deterrence. In other words, these two goals may be complementary or mutually exclusive, depending on the scenarios, modeling assumptions, and data. Findings from exploring these issues may have implications for risk analysts, CIKR protection stakeholders, budget developers, and policymakers.
Before we explore these issues, we provide context from government and academia on these topics. To be clear, the objective of this research is NOT to claim whether deterrence is or is not an important consideration for anti-terrorism policies, programs, or activities. It is difficult to take seriously the proposition that deterring attacks is not important and that we should ignore...