The Role of Decision Analysis in Risk Analysis: A Retrospective.

In commemorating the 40th anniversary of Risk Analysis, this article takes a retrospective look at some of the ways in which decision analysis (as a "sibling field") has contributed to the development both of the journal, and of risk analysis as a field. I begin with some early foundational papers from the first decade of the journal's history. I then review a number of papers that have applied decision analysis to risk problems over the years, including applications of related methods such as influence diagrams, multicriteria decision analysis, and risk matrices. The article then reviews some recent trends, from roughly the last five years, and concludes with observations about the parallel evolution of risk analysis and decision analysis over the decades-especially with regard to the importance of representing multiple stakeholder perspectives, and the importance of behavioral realism in decision models. Overall, the extensive literature surveyed here supports the view that the incorporation of decision-analytic perspectives has improved the practice of risk analysis.

Risk Analysis: Celebrating the Accomplishments and Embracing Ongoing Challenges.

As part of the celebration of the 40th anniversary of the Society for Risk Analysis and Risk Analysis: An International Journal, this essay reviews the 10 most important accomplishments of risk analysis from 1980 to 2010, outlines major accomplishments in three major categories from 2011 to 2019, discusses how editors circulate authors' accomplishments, and proposes 10 major risk-related challenges for 2020-2030. Authors conclude that the next decade will severely test the field of risk analysis.

Measuring and Achieving Equity in Multiperiod Emergency Material Allocation.

Emergency material allocation is an important part of postdisaster emergency logistics that is significant for improving rescue effectiveness and reducing disaster losses. However, the traditional single-period allocation model often causes local surpluses or shortages and high cost, and prevents the system from achieving an equitable or optimal multiperiod allocation. To achieve equitable allocation of emergency materials in the case of serious shortages relative to the demand by victims, this article introduces a multiperiod model for allocation of emergency materials to multiple affected locations (using an exponential utility function to reflect the disutility loss due to material shortfalls), and illustrates the relationship between equity of allocations and the cost of emergency response. Finally, numerical examples are presented to demonstrate both the feasibility and the usefulness of the proposed model for achieving multiperiod equitable allocation of emergency material among multiple disaster locations. The results indicate that the introduction of a nonlinear utility function to reflect the disutility of large shortfalls can make the material allocation fairer, and minimize large losses due to shortfalls. We found that achieving equity has a significant but not unreasonable impact on emergency costs. We also illustrate that using differing utility functions for different types of materials adds an important dimension of flexibility.

Two Types of Vigilance Are Essential to Effective Hazard Management: Maintaining Both Together Is Difficult.

Flexibility and adaptability are key capabilities for coping with persistent and pervasive uncertainties. The systematic organization of these capabilities is often called "adaptive management"; it is key to effective hazard management and important in risk governance. Vigilance is a requirement for effective adaptation. However, two distinct types of vigilance are necessary. Type 1 vigilance directly supports adaptive management. It is vigilance when you know what you are looking for: warning signals, filling gaps in knowledge, making sure that systems are working, etc. Vigilance of another sort, type 2 vigilance, is needed to address the surprises and institutional failures that are not part of orderly adaptive planning. Type 2 vigilance is vigilance when you don't know what to look for: observing and reflecting on confusing signals, anomalies, unacknowledged responsibilities, and surprises. The two types of vigilance require different institutional capabilities, and hence may work against each other in practice. Type 1 vigilance requires focus and a strong, knowledge-based organizing framework. Type 2 vigilance, in contrast, requires defocusing and a questioning approach to both observations and concepts. This dilemma, coupled with demands for flexibility, is a severe challenge for organizations. There are a variety of actions and arrangements at various levels of societal organization that could maintain and enhance vigilance in managing hazards. Necessary, however, is the societal and institutional recognition that vigilance of more than one type is an essential part of hazard management and the commitment to follow through. Maintaining vigilance requires effort and must be an ongoing process.

Import Security: Assessing the Risks of Imported Food.

We use data on food import violations from the FDA Operational and Administrative System for Import Support (OASIS) to address rising concerns associated with imported food, quantify import risks by product and by country of origin, and explore the usefulness of OASIS data for risk assessment. In particular, we assess whether there are significant trends in violations, whether import violations can be used to quantify risks by country and by product, and how import risks depend on economic factors of the country of origin. The results show that normalizing import violations by volume of imports provides a meaningful indicator of risk. We then use regression analysis to characterize import risks.  Using this model, we analyze import risks by product type, violation type, and economic factors of the country of origin.  We find that OASIS data are useful in quantifying food import risks, and that the rate of refusals provides a useful decision tool for risk management.  Furthermore, we find that some economic factors are significant indicators of food import risk by country.

Quantifying Adversary Capabilities to Inform Defensive Resource Allocation.

We propose a Bayesian Stackelberg game capable of analyzing the joint effects of both attacker intent and capabilities on optimal defensive strategies. The novel feature of our model is the use of contest success functions from economics to capture the extent to which the success of an attack is attributable to the adversary's capability (as well as the level of defensive investment), rather than pure luck. Results of a two-target example suggest that precise assessment of attacker intent may not be necessary if we have poor estimates of attacker capability.

On the treatment of uncertainty and variability in making decisions about risk.

Much attention has been paid to the treatment of dependence and to the characterization of uncertainty and variability (including the issue of dependence among inputs) in performing risk assessments to avoid misleading results. However, with relatively little progress in communicating about the effects and implications of dependence, the effort involved in performing relatively sophisticated risk analyses (e.g., two-dimensional Monte Carlo analyses that separate variability from uncertainty) may be largely wasted, if the implications of those analyses are not clearly understood by decisionmakers. This article emphasizes that epistemic uncertainty can introduce dependence among related risks (e.g., risks to different individuals, or at different facilities), and illustrates the potential importance of such dependence in the context of two important types of decisions--evaluations of risk acceptability for a single technology, and comparisons of the risks for two or more technologies. We also present some preliminary ideas on how to communicate the effects of dependence to decisionmakers in a clear and easily comprehensible manner, and suggest future research directions in this area.

Risk assessment can be a game-changing information technology--but too often it isn't.

The printing press was a game-changing information technology. Risk assessment could be also. At present, risk assessments are commonly used as one-time decision aids: they provide justification for a particular decision, and afterwards usually sit on a shelf. However, when viewed as information technologies, their potential uses are much broader. Risk assessments: (1) are repositories of structured information and a medium for communication; (2) embody evaluative structures for setting priorities; (3) can preserve information over time and permit asynchronous communication, thus encouraging learning and adaptation; and (4) explicitly address uncertain futures. Moreover, because of their "what-if" capabilities, risk assessments can serve as a platform for constructive discussion among parties that hold different values. The evolution of risk assessment in the nuclear industry shows how such attributes have been used to lower core-melt risks substantially through improved templates for maintenance and more effective coordination with regulators (although risk assessment has been less commonly used in improving emergency-response capabilities). The end result of this evolution in the nuclear industry has been the development of "living" risk assessments that are updated more or less in real time to answer even routine operational questions. Similar but untapped opportunities abound for the use of living risk assessments to reduce risks in small operational decisions as well as large policy decisions in other areas of hazard management. They can also help improve understanding of and communication about risks, and future risk assessment and management. Realization of these opportunities will require significant changes in incentives and active promotion by the risk analytic community.

Should the model for risk-informed regulation be game theory rather than decision theory?

Risk analysts frequently view the regulation of risks as being largely a matter of decision theory. According to this view, risk analysis methods provide information on the likelihood and severity of various possible outcomes; this information should then be assessed using a decision-theoretic approach (such as cost/benefit analysis) to determine whether the risks are acceptable, and whether additional regulation is warranted. However, this view ignores the fact that in many industries (particularly industries that are technologically sophisticated and employ specialized risk and safety experts), risk analyses may be done by regulated firms, not by the regulator. Moreover, those firms may have more knowledge about the levels of safety at their own facilities than the regulator does. This creates a situation in which the regulated firm has both the opportunity-and often also the motive-to provide inaccurate (in particular, favorably biased) risk information to the regulator, and hence the regulator has reason to doubt the accuracy of the risk information provided by regulated parties. Researchers have argued that decision theory is capable of dealing with many such strategic interactions as well as game theory can. This is especially true in two-player, two-stage games in which the follower has a unique best strategy in response to the leader's strategy, as appears to be the case in the situation analyzed in this article. However, even in such cases, we agree with Cox that game-theoretic methods and concepts can still be useful. In particular, the tools of mechanism design, and especially the revelation principle, can simplify the analysis of such games because the revelation principle provides rigorous assurance that it is sufficient to analyze only games in which licensees truthfully report their risk levels, making the problem more manageable. Without that, it would generally be necessary to consider much more complicated forms of strategic behavior (including deception), to identify optimal regulatory strategies. Therefore, we believe that the types of regulatory interactions analyzed in this article are better modeled using game theory rather than decision theory. In particular, the goals of this article are to review the relevant literature in game theory and regulatory economics (to stimulate interest in this area among risk analysts), and to present illustrative results showing how the application of game theory can provide useful insights into the theory and practice of risk-informed regulation.

Reasons for secrecy and deception in homeland-security resource allocation.

In this article, we explore reasons that a defender might prefer secrecy or deception about her defensive resource allocations, rather than disclosure, in a homeland-security context. Our observations not only summarize and synthesize the results of existing game-theoretic work, but also provide intuitions about promising future research directions.

Securing passenger aircraft from the threat of man-portable air defense systems (MANPADS).

In this article, we develop a model for the expected maximum hit probability of an attack on a commercial aircraft using MANPADS, as a function of the (random) location of the attacker. We also explore the sensitivity of the expected maximum hit probability to the parameters of the model, including both attacker parameters (such as weapon characteristics) and defender parameters (such as the size of the secure region around the airport). We conclude that having a large secure region around an airport offers some protection against MANPADS, and that installing onboard countermeasures reduces the success probability of a MANPADS attack.

Optimal resource allocation for defense of targets based on differing measures of attractiveness.

This article describes the results of applying a rigorous computational model to the problem of the optimal defensive resource allocation among potential terrorist targets. In particular, our study explores how the optimal budget allocation depends on the cost effectiveness of security investments, the defender's valuations of the various targets, and the extent of the defender's uncertainty about the attacker's target valuations. We use expected property damage, expected fatalities, and two metrics of critical infrastructure (airports and bridges) as our measures of target attractiveness. Our results show that the cost effectiveness of security investment has a large impact on the optimal budget allocation. Also, different measures of target attractiveness yield different optimal budget allocations, emphasizing the importance of developing more realistic terrorist objective functions for use in budget allocation decisions for homeland security.

Choosing what to protect.

We study a strategic model in which a defender must allocate defensive resources to a collection of locations, and an attacker must choose a location to attack. The defender does not know the attacker's preferences, while the attacker observes the defender's resource allocation. The defender's problem gives rise to negative externalities, in the sense that increasing the resources allocated to one location increases the likelihood of an attack at other locations. In equilibrium, the defender exploits these externalities to manipulate the attacker's behavior, sometimes optimally leaving a location undefended, and sometimes preferring a higher vulnerability at a particular location even if a lower risk could be achieved at zero cost. Key results of our model are as follows: (1) the defender prefers to allocate resources in a centralized (rather than decentralized) manner; (2) as the number of locations to be defended grows, the defender can cost effectively reduce the probability of a successful attack only if the number of valuable targets is bounded; (3) the optimal allocation of resources can be nonmonotonic in the relative value of the attacker's outside option; and (4) the defender prefers his or her defensive allocation to be public rather than secret.