The events of September 11, 2001 changed perceptions, rearranged national priorities, and produced significant new government entities, including the U.S. Department of Homeland Security (DHS) created in 2003. While the principal mission of DHS is to lead efforts to secure the nation against those forces that wish to do harm, the department also has responsibilities in regard to preparation for and response to other hazards and disasters, such as floods, earthquakes, and other "natural" disasters. Whether in the context of preparedness, response or recovery from terrorism, illegal entry to the country, or natural disasters, DHS is committed to processes and methods that feature risk assessment as a critical component for making better-informed decisions. Review of the Department of Homeland Security's Approach to Risk Analysis explores how DHS is building its capabilities in risk analysis to inform decision making. The department uses risk analysis to inform decisions ranging from high-level policy choices to fine-scale protocols that guide the minute-by-minute actions of DHS employees. Although DHS is responsible for mitigating a range of threats, natural disasters, and pandemics, its risk analysis efforts are weighted heavily toward terrorism. In addition to assessing the capability of DHS risk analysis methods to support decision-making, the book evaluates the quality of the current approach to estimating risk and discusses how to improve current risk analysis procedures. Review of the Department of Homeland Security's Approach to Risk Analysis recommends that DHS continue to build its integrated risk management framework. It also suggests that the department improve the way models are developed and used and follow time-tested scientific practices, among other recommendations.

The mission of Department of Homeland Security Bioterrorism Risk Assessment: A Call for Change, the book published in December 2008, is to independently and scientifically review the methodology that led to the 2006 Department of Homeland Security report, Bioterrorism Risk Assessment (BTRA) and provide a foundation for future updates. This book identifies a number of fundamental concerns with the BTRA of 2006, ranging from mathematical and statistical mistakes that have corrupted results, to unnecessarily complicated probability models and models with fidelity far exceeding existing data, to more basic questions about how terrorist behavior should be modeled. Rather than merely criticizing what was done in the BTRA of 2006, this new NRC book consults outside experts and collects a number of proposed alternatives that could improve DHS's ability to assess potential terrorist behavior as a key element of risk-informed decision making, and it explains these alternatives in the specific context of the BTRA and the bioterrorism threat.

As early as his Senate confirmation hearing, Department of Homeland Security (DHS) Secretary Michael Chertoff advocated a risk-based approach to homeland security. Secretary Chertoff has stated "DHS must base its work on priorities driven by risk" and, increasingly, risk assessment and subsequent risk mitigation have influenced all of the department's efforts intended to enhance our nation's ability to prevent, respond to, and recover from future terrorist attacks and natural disasters. While the practice of risk analysis may be advanced in the insurance and financial industries, it is relatively less developed in the homeland security field. Although there are numerous reasons that account for this dynamic, two primary reasons include (1) the dynamic nature of terrorism and ability of terrorists to adapt to successful countermeasures, and (2) the lack of a rich historical database of terrorist attacks, which necessitates a reliance on intelligence and terrorist experts for probabilistic assessments of types of terrorist attacks against critical assets and/or regions. This report begins with an overview of the evolution of risk assessment methodologies from the Department of Justice in FY2002 to DHS in FY2007, and then discusses the discipline of risk management and risk assessment as applied to Homeland Security Grant Program (HSGP). Terrorism risk analysis and assessment do not exist in a vacuum. Risk is analyzed and assessed as a means to mitigate or "buy down" risk over time by developing certain capabilities across the country. At DHS, the State Homeland Security Grant Program is the primary tool the agency has to influence the behavior of State and local partners to take actions that reduce what both parties agree are the risks of a terrorist attack and to respond effectively to such an attack, or other catastrophe. Regardless of the complexity of the risk assessment methodology, due to the inherent uncertainties associated with assessing risk in a dynamic counterterrorism context, some level of flexibility in managing risk may be necessary. Empirical data on historical terrorist attacks in the United States may, therefore, continue to play an important role in resource allocation to reduce risk. This report presents several risk assessment and related grant program options for congressional consideration: (1) maintain the status quo in the inextricably linked areas of risk assessment and grant allocation, (2) draft a national impact assessment to understand return on investment of the approximately $12 billion of HSGP spent by FY2008, (3) enhance the transparency of the risk allocation methodology to state and local governments, and (4) develop a comprehensive and long-term strategy for managing, assessing and mitigating risk. To achieve these goals, the department could opt to consider procedural or organizational changes. Possible approaches are discussed in the report's final section. This report may be updated.

Outlines the essential components of risk assessment and management, which entail the following sequential tasks: Critical infrastructure and key asset inventory; Criticality assessment; Threat assessment; Vulnerability assessment; Risk calculation; and Countermeasure identification. Risk assessment and management concepts and methodologies are evolving rapidly. Here, each component is defined and briefly examined. Protocols are supplied to quantify/calculate criticality, threat, vulnerability, and risk. Experience with risk assessment and management are limited in many law enforcement agencies. To assist in reversing this situation, this report supplies capacity building info. that includes promising programs, software, and training references.