Risk‐based methodology for scenario tracking, intelligence gathering, and analysis for countering terrorism

Disruption of a terrorist attack depends on having information facilitating the identification and location of those involved in supporting, planning, and carrying out the attack. Such information arises from myriad sources, such as human or instrument surveillance by intelligence or law enforcement agencies, a variety of documents concerning transactions, and tips from a wide range of occasional observers. Given the enormous amount of information available, a method is needed to cull and analyze only that which is relevant to the task, confirm its validity, and eliminate the rest. The risk-based methodology for scenario tracking, intelligence gathering, and analysis for countering terrorism builds on the premise that in planning, supporting, and carrying out a terrorist plot, those involved will conduct a series of related activities for which there may be some observables and other acquirable evidence. Those activities taken together constitute a threat scenario. Information consistent with a realistic threat scenario may be useful in thwarting an impending attack. Information not consistent with any such scenario is irrelevant. Thus, the methodology requires a comprehensive set of realistic threat scenarios that would form a systemic process for collecting and analyzing information. It also requires a process for judging the validity and usefulness of such information. The key questions for intelligence gathering and analysis are: how to produce a comprehensive set of threat scenarios, how to winnow that set to a subset of most likely scenarios, what supplementary intelligence is worth pursuing, how to judge the relevance of available information, and how to validate and analyze the information. The methodology presented in this paper can serve as a vehicle with which to enable the intelligence community to better: (a) assess the intent and capabilities of terrorist groups, (b) develop and compare terrorist scenarios from different sources and aggregate the set that should guide decisions on intelligence collection, (c) assess the possible distributions of responsibility for intelligence gathering and analysis across various homeland security agencies at the federal, state, and local levels, and (d) establish effective collection priorities to meet the demands of counterterrorism. Some of the critical issues addressed in this paper include: (1) how to create a reasonably complete set of scenarios and filter it down to a more manageable set to establish intelligence collection priorities, (2) how to integrate the wide variety of intelligence sources associated with monitoring for terrorism and analytically account for the corresponding disparities in information reliability, and (3) how to incorporate these new methodologies into existing information management efforts related to protecting our nation's critical infrastructures. © 2003 Wiley Periodicals, Inc. Syst Eng 6: 152–169, 2003 7

[1]  Hervé Debar,et al.  Aggregation and Correlation of Intrusion-Detection Alerts , 2001, Recent Advances in Intrusion Detection.

[2]  Marc Dacier,et al.  Intrusion detection , 1999, Comput. Networks.

[3]  James H. Lambert,et al.  Risk-Based Methodology for Support of Operations Other Than War , 2002 .

[4]  Jean-Philippe Pouzol,et al.  From Declarative Signatures to Misuse IDS , 2001, Recent Advances in Intrusion Detection.

[5]  H Kunreuther,et al.  Determinants of Priority for Risk Reduction: The Role of Worry , 2000, Risk analysis : an official publication of the Society for Risk Analysis.

[6]  H S Rosenkranz,et al.  Cluster analysis in predicting the carcinogenicity of chemicals using short-term assays. , 1985, Mutation research.

[7]  A. Jøsang Subjective Evidential Reasoning � , 2002 .

[8]  Hendrik I. Frohwein,et al.  Risk of extreme events in multiobjective decision trees. Part 2. Rare events , 2000, Risk analysis : an official publication of the Society for Risk Analysis.

[9]  Ortwin Renn,et al.  Eliciting and Classifying Concerns: A Methodological Critique , 1995 .

[10]  Yacov Y. Haimes,et al.  Multiobjective Decision‐Tree Analysis , 1990 .

[11]  Rebecca Gurley Bace,et al.  Intrusion Detection , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[12]  H S Rosenkranz,et al.  Application of the carcinogenicity prediction and battery selection (CPBS) method to the Gene-Tox data base. , 1985, Mutation research.

[13]  Yacov Y. Haimes,et al.  Multiobjective Decision Making: Theory and Methodology , 1983 .

[14]  Yacov Y. Haimes,et al.  APPROXIMATING CATASTROPHIC RISK THROUGH STATISTICS OF EXTREMES , 1991 .

[15]  S. Kaplan,et al.  On The Quantitative Definition of Risk , 1981 .

[16]  James H. Lambert,et al.  Identification, ranking, and management of risks in a major system acquisition , 2001, Reliab. Eng. Syst. Saf..

[17]  Y.Y. Haimes,et al.  Methodology for large-scale systems , 1978, Proceedings of the IEEE.

[18]  Yacov Y. Haimes,et al.  Hierarchical Multiobjective Analysis of Large-Scale Systems , 1990 .

[19]  Howard Raiffa,et al.  Decision analysis: introductory lectures on choices under uncertainty. 1968. , 1969, M.D.Computing.

[20]  Yacov Y. Haimes,et al.  Risk modeling, assessment, and management , 1998 .

[21]  B. Alberts Human Factors Issues in the National Academies Report Making the Nation Safer : The Role of Science and Technology in Countering Terrorism , 2002 .

[22]  M. Morgan,et al.  Categorizing Risks for Risk Ranking , 2000, Risk analysis : an official publication of the Society for Risk Analysis.

[23]  Yacov Y. Haimes,et al.  Hierarchical Holographic Modeling , 1981, IEEE Transactions on Systems, Man, and Cybernetics.

[24]  G. S. Alʹtshuller,et al.  And Suddenly the Inventor Appeared: TRIZ, the Theory of Inventive Problem Solving , 1996 .

[25]  G. Altshuller Creativity as an exact science : the theory of the solution of inventive problems , 1984 .

[26]  Stan Kaplan,et al.  ‘Expert information’ versus ‘expert opinions’. Another approach to the problem of eliciting/ combining/using expert knowledge in PRA , 1992 .

[27]  R. Keeney,et al.  Acceptable Risk , 1986, IEEE Transactions on Reliability.

[28]  Yacov Y Haimes,et al.  Risk Filtering, Ranking, and Management Framework Using Hierarchical Holographic Modeling , 2002, Risk analysis : an official publication of the Society for Risk Analysis.

[29]  H S Rosenkranz,et al.  The carcinogenicity prediction and battery selection (CPBS) method: a Bayesian approach. , 1985, Mutation research.

[30]  Robert K. Cunningham,et al.  Accurately Detecting Source Code of Attacks That Increase Privilege , 2001, Recent Advances in Intrusion Detection.

[31]  Yacov Y. Haimes,et al.  Hierarchical structures in water resources systems management , 1972 .

[32]  J. Clarence Davies Comparing Environmental Risks: Tools for Setting Government Priorities , 1996 .

[33]  James H. Lambert,et al.  Reducing vulnerability of water supply systems to attack , 1998 .

[34]  B J Garrick,et al.  Fitting Hierarchical Holographic Modeling into the Theory of Scenario Structuring and a Resulting Refinement to the Quantitative Definition of Risk , 2001, Risk analysis : an official publication of the Society for Risk Analysis.

[35]  R R Sokal,et al.  Classification: Purposes, Principles, Progress, Prospects , 1974, Science.

[36]  Alfonso Valdes,et al.  Probabilistic Alert Correlation , 2001, Recent Advances in Intrusion Detection.

[37]  A. D. Hall,et al.  A Methodology for Systems Engineering , 1962 .

[38]  Giovanni Vigna,et al.  Designing a Web of Highly-Configurable Intrusion Detection Sensors , 2001, Recent Advances in Intrusion Detection.

[39]  Stan Kaplan On the inclusion of precursor and near miss events in quantitative risk assessments: A Bayesian point of view and a space shuttle example , 1990 .

[40]  J. Neumann,et al.  Theory of games and economic behavior , 1945, 100 Years of Math Milestones.

[41]  W. Gordon Synectics: The Development of Creative Capacity , 1961 .

[42]  Stan Kaplan Fitting Hierarchical Holographic Modeling (HHM) into the Theory of Scenario Structuring , 2001 .

[43]  Bruce H. Krogh,et al.  The Situation Assessment Problem: Toward a Research Agenda , 1999 .

[44]  A. D. Hall,et al.  Metasystems methodology : a new synthesis and unification , 1989 .