Focus on the Terrorist Threat, Not the Numbers
How should we assess the threat that terrorism poses?
One approach is to compare its incidence to everyday threats such as getting run over by a car or falling in the bathtub -- with the implication usually being that people should just chill out. I've already written a whole column about why this is problematic. Here's a chart that illustrates one of the main reasons:
To steal from my earlier column:
There are small incidents, but there are also huge ones in which hundreds or thousands of people die. It’s a fat-tailed distribution, in which outliers are really important. It also isn’t stable: Five or 10 or even 50 years of data isn’t necessarily enough to allow one to predict with confidence what’s going to happen next year.
So it's hard to assess terrorism risk using standard quantitative methods. But not putting terrorism in some kind of quantitative context often becomes an excuse to treat the risk as something approaching infinite -- in which case no imaginable response (banning Muslims from entering the country, putting them in camps, you name it) is too extreme. That's not helpful, either.
In search of a better method, I spent some time this morning with a study on "Estimating Terrorism Risk" that the Rand Corporation prepared in 2006. Rand is the Santa Monica, California-based think tank formed by Douglas Aircraft in 1945 to advise the U.S. Air Force on military strategy that soon branched out to offer advice, usually of a quantitatively derived sort, on all manner of topics. On page 10 of the 2006 report, authors Henry H. Willis, Andrew R. Morral, Terrence K. Kelly and Jamison Jo Medby of Rand's Center for Terrorism Risk Management Policy offered this handy formula:
Measure (Terrorism Risk): The expected consequence of an existent threat, which for a given target, attack mode, and damage type can be expressed as
Risk = P(attack occurs)
∗ P(attack results in damage | attack occurs)
∗ E(damage | attack occurs and results in damage)
= Threat ∗Vulnerability ∗Consequence
So that's taken care of now, right? Problem solved.
Just kidding! I don't really understand what all that means, either. The report exhorts decision-makers to assemble "a wide range of future scenarios that could unfold" and then "choose strategies that perform well across a large number of these possible futures, rather than for a single best estimate of the future," which sounds smart enough. But then it devotes most of its pages to an assessment of terrorism risk by U.S. metropolitan area that concludes that the government should allocate terrorism-prevention resources on the basis of density-weighted population. I think I could have figured that out on my own, without a statistical model.
Still, there is a saving grace, in the form of this explanatory paragraph on page 11:
This definition of risk provides a clear mapping between risk and approaches to managing or reducing risk. Intelligence and active defense involving “taking the fight to the enemy” represent an approach to risk management that focuses specifically on threats. Managing risk through vulnerability requires increasing surveillance and detection, hardening targets, or other capabilities that might reduce the success of attempted attacks. Finally, risk can be managed through consequences by increasing preparedness and response that reduces the effects of damage through mitigation or compensation.
So maybe we can't put a number on the risk of terrorism, but we can at least be rational about how we try to reduce that risk. In 2006, much of the concern was about well-orchestrated and massively destructive attacks using nuclear material or chemical weapons, which seemed to necessitate great attention being paid to every element of the trinity of threat, vulnerability and consequence.
We surely should still be concerned about the risk of such attacks, and working to reduce all three aspects of it. The terror attacks of the past few years in Western Europe and the U.S., though, have been of a different sort: angry young men, and the occasional young woman, residing (and often born in) the West, working alone or in small groups, hatching makeshift attacks not far from where they live with whatever deadly devices they can get their hands on -- generally knives and motor vehicles in Europe, guns in the U.S., homemade bombs in both. The vast majority of these attackers subscribe to apocalyptic/nihilistic Islamist ideologies, although a few favor apocalyptic/nihilistic ideologies of other flavors.
It seems like it's going to be hard to do much about the vulnerability and consequence elements of the risk that these largely homegrown terrorists pose. There's no conceivable way to "harden" Western cities to the point that a young man with a gym membership, a van and a sharp knife can't wreak some havoc if he so chooses, and the direct consequences of such incidents seem limited enough (as opposed to, say, a chemical attack) that major efforts on that front don't seem warranted, either. Which leaves the threat: Identifying and stopping would-be attackers, and doing what we can to limit the weapons available to them, should be the priority.
That's a lot easier said than done, of course, and I'm in no position to dole out advice on how to do it. I do have some ideas on how not to do it -- with travel bans targeted at people who don't fit the profile of recent attackers, or sweeping anti-Muslim rhetoric that discourages the cooperation of the neighbors, friends and family most likely to notice a young person's radicalization. But it's probably not going to be all about holding hands and being compassionate, either. Consider how the U.K. targeted its last big terrorist threat, from the Irish Republican Army: with infiltration, undercover violence and suppression of speech.
So no, I still haven't found a good way to put a number on the threat posed by terrorism. But maybe we should be trying harder to put a face on it.
To contact the author of this story:
Justin Fox at firstname.lastname@example.org
To contact the editor responsible for this story:
Brooke Sample at email@example.com