How Should We Measure Terrorism Risk?

Font Size:

A recent PPR seminar discussed changes in how our government analyzes terrorism risks.

Font Size:

Since the terrorist attacks of 9/11, the U.S. government has spent over $650 billion on domestic security. But critical to keeping Americans safe could also be the government’s ability to predict and reduce the chance of future attacks.

In a recent Risk Regulation Seminar hosted by the Penn Program on Regulation, Detlof von Winterfeldt, a professor at University of Southern California, discussed methods used by the Department of Homeland Security to assess terrorism risks.

unspecified-2In the aftermath of 9/11, according to von Winterfeldt, the Department of Homeland Security considered several approaches to assessing the threat posed by terrorism, including probabilistic risk analysis, game theory, possibility theory, and soft risk scoring methods. But in recent years, probabilistic risk analysis has emerged as the predominant approach. Probabilistic risk analysis, or risk analysis, refers to a group of techniques that uses event trees to model possible outcomes that could occur from one initiating event.

Risk analysis is not a new tool: various agencies have previously used risk analysis to determine the most cost-effective responses to various catastrophes. For example, the Environmental Protection Agency has used risk analysis to model the potential health impacts of exposure to varying levels of carcinogens. FEMA has also used risk analysis to model consequences from natural disasters.

Although other agencies have used risk analysis, von Winterfeldt explained that the Department of Homeland Security’s adoption of risk analysis was controversial. Before 9/11, the government had not used risk analysis to assess terrorism threats, and it was unclear whether risk analysis could model terrorism threats effectively.

A major challenge in applying risk analysis to assessing terrorism risk is that it requires researchers to model human actions. Some critics of risk analysis argue that it is impossible to assign probabilities to terrorist events, because probabilities can only be assigned to natural events and not to intentional acts. Critics also argue that adversaries may observe and adapt their behavior to the approach, so that the insights gleaned from the analysis will be ineffective.

Despite these challenges, von Winterfeldt explained that “probabilistic risk analysis is here to stay.”

Security agencies and experts now use risk analysis to solve a variety of problems.


For example, the National Center for Risk and Economic Analysis of Terrorism Events (CREATE), where von Winterfeldt serves as a director, has used risk analysis in order to determine the best way to respond to attempts by terrorists to shoot down commercial planes with surface-to-air missiles. CREATE found that equipping planes with anti-missile technology would not actually increase overall public safety, because the rebels would simply shift their strategy to attacking commercial planes unequipped with the technology. Instead, analysis revealed that foregoing any counter-measures, or perhaps implementing two different countermeasures simultaneously, made more sense on a cost-effective basis.

At the seminar, von Winterfeldt offered several lessons from using risk analysis to evaluate the best counter-terrorism measures.

First, he observed that “knee jerk reactions” to terrorist events, like inputting defensive measures that only prevent a specific event from occurring again, may simply cause terrorists to shift their tactics from more resistant targets to more vulnerable ones. Rather, regulators should consider the broader consequences of their actions in adopting countermeasures. One solution is to use game theory to randomize defenses, and even out vulnerability across different targets, such as airplanes, subway systems, and train networks.


Second, von Winterfeldt suggested that the media and public should respond in proportion to the magnitude of the crisis. He argued that public fear of terrorist events can create large indirect economic impacts, which can perpetuate and aggravate the consequences of the attack itself. For instance, von Winterfeldt gave an example of the 2001 anthrax attacks, for which the public’s fear likely amplified the actual damage caused by the attack.

Finally, von Winterfeldt argued that efforts should continue to improve the use of risk analysis. “Certainly,” he said, “risk analysis remains difficult.” However, he added, “We’re pretty good now at getting rid of the worst solutions.”

Ultimately, any successful model of terrorism risk, argued von Winterfeldt, will use the right experts, including social scientists, journalists, and intelligence analysts, ask the right questions, and use the right procedures.

The Risk Regulation Seminar Series is jointly sponsored by the Penn Program on Regulation and the Wharton Risk Management & Decision Processes Center.  The seminar was moderated by Professor Howard Kunreuther, the Co-Director of the Wharton Risk Center, and a video of the session can be viewed at the Center’s website.