Defining and Assessing Vulnerability of Infrastructure to Terrorist Attack

The Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) of the U.S. Department of Homeland Security (DHS) provides threat, vulnerability, and consequence assessments of terrorist attacks on infrastructure in support of security risk assessments. This paper will describe the components of vulnerability that HITRAC considers and how it integrates those components into an overall vulnerability assessment. The assessment relies on an approach to target selection and preliminary vulnerability identification drawn from observed terrorist methods of operation. The attack methods used as the basis for scenario generation are taken from the 2008 Joint Special Assessment on Potential Terrorist Attack Methods. These are filtered to identify the attack methods most applicable to the facility, asset, or system being assessed. The vulnerability assessment can be used as a stand-alone analysis or feed into a risk model for national or regional assessments.