The United States homeland security environment is complex and filled with competing requirements, interests, and incentives that must be balanced and managed effectively to ensure the achievement of key national objectives. The key objective of applying risk management is to build security, safety, and resiliency into all aspects of Homeland Security planning. How does the Department of Homeland Security decide exactly what needs protecting and to what level the protection shall be? It all starts with the risk assessment formula and properly applying risk management principals.
Risk management plays a role in Homeland Security due to the wide array of threats and hazards out there. There is an ongoing debate about where we should direct our attention to (high probability/low consequence or low probability/high consequence) and where limited resources should be directed. This is something that DHS deals on a regular basis. First, Risk management is “the process of identifying, analyzing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken. (DHS) The key principles for effective risk management includes Unity of Effort, transparency, adaptability, practicality, and customization. The safety, security, and resilience of the Nation are threatened by an array of hazards, including acts of terrorism, malicious activity in cyberspace, pandemics, manmade accidents, transnational crime, and natural disasters. Leaders in DHS and their partners in the homeland security enterprise must practice foresight and work to understand known and uncertain risks, as best they can, in order to make sound management decisions. Addressing these risks is a shared responsibility among all resources at all levels; Federal, state, local, tribal, territorial governments, private sectors, and every day citizens. Once certain risks are under consideration, “they should be properly documented, communicated to all stake holders, and then implemented into all supporting activities (such as strategic planning, budget development, resource acquisition and allocation, education and training, and creating partnerships, to name a few)” (APUS) The practice of risk management is useful in a way that we can see what kind of approaches is more effective and implement it when we need it. Risk management applications and planning includes strategic planning, Capabilities-based planning, resource decisions, operational planning, exercise planning, real-world events, and research and development. According to the Homeland Security Risk Management Process is comprised of the following: “Define the Context, Identify Potential Risk, Assess and Analyze Risk, Develop Alternatives, Decide and Implement, and Evaluate and Monitor.” (Homeland Security, p. 15) We also need to be aware that risk not only are from external sources, but we can have risk internally as well. Examples would be personnel reliability or systems reliability. Like I stated previously, the best way we can improve risk management is from collecting data that has brought us success which is vital when it comes to implementing a secure plan. This is utilized by the risk assessment formula which is R (Risk) = T (Threat) x V (Vulnerability) x C (Consequences). Which brings us back to high probability/low consequence risks or low probability/high consequence risks. This process plays a very important role because this is where we can determine where we can focus our resources on, threat anticipation, cost of damages, fatalities, how to avoid threats, and also budgeting.
Cybersecurity plays a huge role in our everyday life. Federal agencies and our nation’s critical infrastructures- such as energy, transportation systems, communications networks, and financial services- are dependent on computerized (cyber) information systems and electronic data to process, maintain, and report essential information, and to operate and control physical processes. Critical infrastructure describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. “CISA (Cybersecurity and Infrastructure Security Agency) coordinates security and resilience efforts using trusted partnerships across private and public sectors, and delivers technical assistance and assessments to federal stakeholders as well as to infrastructure owners and operate nationwide.” (DHS) Not only does CISA facilitates Critical Infrastructure vulnerability assessments, but they also provide training, and fostering sector partnership and international engagements. The Department of Homeland Security has laid out their seven guiding principles for accomplishing their cyber-security goals; risk prioritization, cost-effectiveness, innovation and agility, collaboration, global approach, balanced equities and nation values. Cyber-attacks are one of the new issues that our nation faces and I believe to be the most vulnerable. Every day, our enemies try to find a way to find a way to hack our nation’s defense through the internet and create chaos to the nation and our defense. Since this threat is basically still a new thing not only to this country but to the whole World, risk management/assessment plays a huge part to taking necessary steps in helping find ways to improve cyber-security. It is important that we continue to continually assess all the different threats to our nation.
Risk Management and Cyber Security both plays a huge role and goes hand in hand in accomplishing the mission for the nation. The nation’s Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery. “The policy of the United States to enhance the security and resilience of the nation’s critical infrastructure and to maintain a cyber-environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties” (Obama, 2013) It is almost impossible to eliminate a threat that you can’t see or know their approach to attack but with the risk management steps in place, formula, and procedures that the DHS has in place, we will be able to evaluate and take precautions to avoid certain situations.
- Homeland Security (2010) DHS Risk Lexicon Retrieved from https://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf
- APUS (n .d.) Lesson 5: Risk Assessment and Management in Homeland Security Retrieved from https://apus.realizeithome.com/
- DHS (n.d.) Critical Infrastructure Security Retrieved from https://www.dhs.gov/topic/critical-infrastructure-security
- Homeland Security (2011) Risk Management Fundamentals Retrieved from https://www.dhs.gov/sites/default/files/publications/rma-risk-management-fundamentals.pdf
- Obama, B.(2013b). Presidential Policy Directive—Critical Infrastructure Security and Resilience. Retrieved from https://www.whitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-