Slides from a Capitol Technology University webinar presented on March 21, 2024 by Dr. Joshua Sinai. The webinar detailed how to develop a framework to assess risk and looked at the Maui Fires of 2023 and the Hamas attack of Israel, also in 2023. Dr. Sinai, an expert on counterterrorism and risk management looked at the causes of the failtures to anticipate the catastrophes how they should have been counteracted.
Slides CapTechTalks Webinar March 2024 Joshua Sinai.pptx
1. Presented by Dr. Joshua Sinai
Assessing Risk Management
in Global Security
2. Agenda
Bill Gibbs, Host
1. About Capitol Technology University
2. Session Pointers
3. About the Presenter
4. Presentation
5. Q and A
6. Upcoming Webinars
7. Recording, Slides, Certificate
3. About
Established in 1927, we are one
of the few private Universities in
the U.S. specifically dedicated to
STEM-Based
academic programs. The
University offers degrees at the
Associate, Bachelor, Master, and
Doctoral levels
3
4. Nonprofit, Private &
Accredited
Capitol is a nonprofit, private accredited university
located in Laurel, Maryland, USA
Capitol Technology University is
accredited by the Commission on
Higher Education of the Middle
States Association of Colleges and
Schools
The University is authorized by the
State of Maryland to confer
Associate’s (A.A.S.), Bachelor’s (B.S.),
Master’s (M.S., M.B.A., M.Ed, M.Res.,
T.M.B.A, M.Phil.), and Doctoral (D.Sc.,
Ph.D., D.B.A., Ed.D.) degrees.
5. Session Pointers
• We will answer questions at the conclusion of the presentation. At any time, you
can post a question in the text chat and we will answer as many as we can.
• Microphones and webcams are not activated for participants.
• A link to the recording and to the slides will be sent to all registrants and available
on our webinar web page.
• A participation certificate is available by request for both Live Session and On
Demand viewers.
6. Dr. Joshua Sinai
• Professor of Practice in Intelligence and Global Security
Studies for Capitol
• 35+ years experience in international security, national
security and homeland security studies
• Senior Intelligence Analyst, Library of Congress
• In private sector supporting Dept. of Homeland Security,
FBI’s Foreign terrorist Tracking Taskforce
• Author of best-selling book: “Active Shooter: A
Handbook on Prevention” (ASIS International, 2013)
and 50+ scholarly articles
• Ph.D. Columbia University, Political Science
7. Applying Risk Management in Global Security
Dr. Joshua Sinai
Professor of Practice
Intelligence & Global Security Studies
Capitol Technology University
Laurel, MD 20708
www.captechu.edu
March 21, 2024
9. Risk Management in Global Security
I. Define Risk
II. Assess Overall Risk to Determine Risk Tolerance
III. Prioritize Risk Mitigation Measures for ROI
IV. Objective – Attain Overall Resilience
10. Significant Global Risk Categories
Natural Caused Catastrophic Disasters Man-caused Catastrophic Disasters
• Military Aggression by States
• Russia in Ukraine
• Risk Level in January 2022?
• Risk Level in April 2023?
• China Against Taiwan
• Future Attacks?
• Cyber
• Adversarial Targeting Critical Infrastructures?
• Disinformation
• Russian Influence Campaigns in U.S. (2016/2024
presidential campaigns), Britain (Brexit), Election
Result Deniers, etc.
• Satellites
• Rogue states/sub-state actors targeting orbiting
satellites?
• Terrorism
• Organized Groups/Lone Actors
• Surprise Catastrophic Attacks?
• Domestic/Transnational?
• WMD
• Economic Crises
• Financial Crises
• Supply Chain Shortages
• Emergent Technology Risks
• Artificial Intelligence?
Natural Disasters
• Pandemics
Covid-19 Risk in 2019?
Emerging pandemics Risks?
• Severe Climate Change
• Hurricanes, Earthquakes, Water Flooding,
• Droughts, etc.
• Global Warming & Wildfires?
11. What is Risk in Global Security?
• The likelihood and magnitude of severity of the occurrence
of an expected or unexpected future threatening event that
can adversely impact the security of a country, a
population, an organization/company, or other entities.
16. Maui – The Incident
• On August 8, 2023, the Maui wildfires began in the grassy hillside area
above Lahaina, a 13,000-person town on the island’s northwest coast.
• A combination of fast winds by a category 4 Hurricane near the islands,
knocked out power of the state’s biggest utility company, with wind-driven
fires causing widespread damage to drought-filled grassy areas
• At least 115 people killed, 67 injured, more than 2,200 acres were burned,
more than 2,200 buildings, mostly residential, were destroyed, including
many historic landmarks in Lahaina, displacing an estimated 6,000.
• The total damage was reported at $5.5 – $6.0 billion.
• The Wireless Emergency Alert system, which blasts a message to people’s
homes, didn’t function because high winds, power outages and flames took
out the cell service network
17.
18. Maui - Threats
• History
• Climate change had caused the region burned by wildfire to increase fivefold since the 1980s
• The number of fire incidents had increased over the years
• 10,000 acres (2007) to 50,000 acres (2019)
• Hurricane landfalls are rare in Hawaii, but brushes by tropical systems are common.
• Intent
• The combination of strong hurricane winds and dry conditions on the ground served to cause
wildfires
• Capability
• The wind-whipped fires in Maui spread swiftly and created a deadly tinderbox
• Likely Targets
• Grassy hillside area above Lahaina and the drought-filled grassy areas
• Attack Mode
• A combination of strong hurricane winds and dry conditions on the ground
• Local Presence
• Hurricane landfalls are rare in Hawaii, but brushes by tropical systems are common
19. Maui - Vulnerabilities
• Criticality/Attractiveness
• Hot and drought-like weather conditions
• Foothills covered in dry, invasive grasses that are highly inflammable
• Access
• Foothills covered in dry, invasive grasses that are highly inflammable
• Lack of Defense
• Foothills covered in highly inflammable dry, invasive grasses
• Hawaii spends less than other states on wildfire prevention and response
• Annual budgeting $3.2 million, about $2 per resident (versus California’s $21 per resident)
• Lack of Deterrence
• Limited available water supply to put out the wildfires
• Decline in active agriculture land use reduced maintenance and access to roads, water sources, equipment and assistance, which
previously supported firefighting
• Non-Compliance with Laws & Regulations
• Most of Hawaii’s communities lacked well-developed and comprehensive emergency preparedness and disaster
response plans
• Residents never trained on how to leave town in the vent of a fast-evolving wildfire
• Hawaii was the only state without a State Fire Marshal.
• Hawaii Electric lacked maintenance plans for its electric emissions lines which could have avoided power poles
from toppling over
• Flaws in Hawaii’s evacuation plan, particularly early detection and response
20. Maui - Consequences
• Human
- At least 115 people killed, 67 injured
- An estimated 6,000 people were displaced, living in hotels, temporary housing, and tents
• Physical
• More than 2,200 acres were burned, 2,200 buildings destroyed
• Financial Liability
• An estimated $5.5 - $6 billion to rebuild Maui
• Some 800 businesses in the disaster area needed to be rebuilt, providing work for about 7,000
people.
• Legal Liability
• The state of Hawaii and the Hawaiian Electric Industries Inc, faced massive potential liabilities
• As of November 30, 2023, insurance companies paid out more than $1 billion for residential
damage claims
• More than 100 insurance companies filed suit against the state, utilities and landowners for
reimbursement
• Competitive Advantage
• With tourism generating 80% of Maui’s economic revenue (@$5.7 billion), in 2023 there was more
than a 50% decline in tourist visitors compared to 2022.
• National Security
• Negligible impact
21. Maui
Prior to August 2023: RM Problems
• 2021 Maui County report found that
• The island was at severe risk for wildfire
• The number of wildfire incidents had
increased over the years
• 10,000 acres (2007) to 50,000 acres
(2019)
• Foothills covered in highly inflammable dry,
invasive grasses
• No mandatory rule to compel towns and
homeowners to create defensible spaces
and wildfire resistant building codes in
high-risk areas
• In times of emergency
• Limited roads in and out of Maui County
making it difficult to provide emergency
care
• Limited escape routes for residents
• Budgets inadequate for effective fire
prevention and mitigation program
• Sirens only announced tsunami warnings,
not wildfires
RM Solutions
• Improving evacuation plans
• Managing dry vegetation around towns
and homes via defensible space
• Clearing defensible space around
houses
• Promoting strategic undergrounding of
utility lines in priority fire hazard risk
areas
• Cities installing siren networks that also
broadcast pre-recorded voice message
• Cooperate with Public Utilities
Commission and Hawaii State Energy
Office to develop best practices and laws
to upgrade electrical infrastructure and
power lines
• Provide resources for post-fire
rehabilitation efforts
22. Hamas – The Incident
• On October 7, 2023, a Sabbath and a Jewish holiday, at 6:30am, in a coordinated surprise attack,
combining land, air, sea, and rocket assault, an estimated 3,000 Hamas fighters easily breached the
supposedly fortified border fence and attacked the bordering Gush Katif (‘Harvest Bloc) towns and
kibbutzim.
• More than 1,400 Israelis were killed.
• Around 1,500 Hamas attackers were killed by the responding Israeli forces, who arrived several hours
after the attack had begun.
• 240 Israeli hostages were taken into Gaza.
• Reportedly, Hamas’s leaders were surprised by the weakness of Israel’s defenses.
• The attack represented for Hamas a strategic, operational and tactical paradigm transformation
• Previously, fired rockets into Israel or sent cells or radicalized lone actors in the West Bank to carry
out low level firearm/knifing attacks.
• In response, Israel’s cabinet declared war on Hamas, now in its sixth month.
23. Hamas - Threats
• History
• Israel – Hamas Conflicts 2007 – 2023
• Dec 2008 – Jan 2009; Nov 2012, June-July 2014, May 2021
• Intent
• The attack might have been intended to provoke a disproportionate response from Israel that would:
• Lead to Hamas’s regional allies, such as Iran, Hizballah and Houtis, to join the war against Israel
• Disrupt Arab-Israeli normalization initiatives
• Bolster Hamas’s domestic, regional and international position
• Use Israeli hostages as leverage for the release of Palestinian security prisoners
• Capability
• Hamas reportedly had some 30,000 fighters with large arsenal of rockets, firearms, and drones
• Previously, Hamas fired rockets into Israel or sent combat cells or radicalized lone actors in the West Bank to
carry out low level firearm attacks
• Hamas was known to construct a massive network of underground tunnels, including several leading into Israel
• Codenamed “Strong Pillar” by Ismail Haniyeh, a coalition of several Palestinian armed factions affiliated with
Hamas, carried out several war games-style exercises beginning in 2020, which closely resembled the tactics
used in the October 7 assault, including at a site some 0.6 miles from the barrier with Israel – and posted them on
social media
• The fighters practiced storming a mock Israeli military base
• On September 12, 2023, the last exercise was held, practicing hostage-taking, raiding compounds and breaching
Israel’s defenses.
• Local Presence
• Hamas ruled the Gaza Strip
• Hamas had a militant infrastructure in the West Bank
24. Israel - Vulnerabilities
• Attractiveness/Criticality
• The Netanyahu’s coalition government’s focus on undermining the independence of the country’s
judicial system led to months of domestic political turmoil
• For Hamas, massively attacking Gush Katif and its residents represented a relatively easy way to
severely punish Israel and achieve its overall objectives
• Access
• With Israel’s security forces focusing on defending the country’s West Bank settlements, there was
inadequate security presence along the Gaza border, enabling the Hamas fighters to easily breach
the security fence and gain access to the neighboring towns and kibbutzim.
• Lack of Defense
• A dependence on ‘high-tech’ surveillance technologies to provide early warning alerts led to
complacency and insufficient deployment of troops to protect the border fence at all times
• Israel’s surveillance technologies were bypassed by Hamas’s leaders and operatives
communicating offline
• Due to the Jewish holiday and the Sabbath many Israeli troops were at home, while others were
relocated to support military operations in the West Bank and around the al Aqsa Mosque in
Jerusalem
• Lack of Deterrence
• It took 6-8 hours for Israeli troops to arrive in Gush Katif to defeat and neutralize the attacking
Hamas operatives
25. Israel - Consequences
Human
• With 1,160 people, mostly civilians, killed by the Hamas fighters on October 7, since then an additional
250 IDF soldiers have died in the fighting, as of early March 2024. An estimated 3,030 soldiers have been
wounded
• More than 100 Israeli hostages continue to be held by Hamas, with some of them dead
• An estimated 200,000-250,000 Israelis have been internally displaced who had lived in the communities
near the Gaza Strip and along the border with Lebanon
Financial/Economic Liability
• Devastating impact on the Israeli economy, costing it $600 million a week due to factors such as military
reserve duty leading to work absences, equivalent to about 6% of the weekly GDP. Sharp decline in
tourism. The absence of some 125,000 Palestinian and foreign workers has led to decline in output in
the agricultural and construction sectors.
Legal Liability
• In its January 26 decision, the International Court of Justice (ICJ) ordered Israel to prevent acts of
genocide in Gaza. Nations considering arresting IDF soldiers visiting their countries
National Security
• Israel accustomed to waging relatively quick wars; this is the first time it has been forced to fight a six-
month+ war without securing a quick and decisive victory against its adversaries
• Israeli deterrence still unable to pressure Hamas to release the remaining hostages
26. Hamas’s 10/7 Attack
• Prior to 10/7: RM Problems
• RM Framework not used in national security
• More than a year before Hamas’s attack, the IDF gained
possession of its attack plan
• The translated 40-page battle plan, code named “Jericho
Wall”, detailed the hypothetical Hamas attack on Israel’s
southern communities
• Hamas’s plan was dismissed as too difficult for it to carry
out.
• Top IDF commanders ignored and played down warnings
• Brig. Gen. Amit Sa’ar, head of the IDF’s Intelligence Branch,
wrote an emergency warning letter just prior to October 7 about
a potential attack by Hamas, Hizballah, and Iran, that was meant
to be sent to PM and National Security Cabinet, but was not
sent
• Weeks before the attacks, female surveillance soldiers near the
Gaza border, reportedly warned – but were ignored – of
unusually high drone activity and that Hamas was training to
take over the observation posts.
• Some six hours prior to the attack, the IDF detected that
hundreds of Hamas terrorists switched to Israeli SIM cards, but
this report was downplayed.
• Despite Israeli intelligence warnings, the IDF didn’t warn and
evacuate the Nova Festival organizers or the several hundred
party-goers.
• RM Solutions
• Applying a RM framework is crucial
to prevent future 10/7 catastrophes
along all counterterrorism fronts
• The IDF’s military operation in Gaza
requires the political echelon to
formulate a strategic end-state
27. Artificial Intelligence - Risks
• Critical Infrastructure Security
• Adversarial targeting of inter-connected CI sectors might disable power, water supplies, communications, etc.
• Over-reliance on AI might lead to misuse of CI (e.g., GPS misrouting car routes, traffic jams, etc.)
• Digital Security
• AI dual role in security
• Distortion of individual data/information, private data used without consumers’ consent; PII data not securely stored
• Economic/Financial Security
• Trading algorithms incorrectly interpret new market circumstances (e.g., flash stock crash):volatile markets
• Adverse pricing decisions that misjudge consumer demand, leading to poor production decisions
• Legal & Compliance Security
• Liability and intellectual property rights: copyright infringement of paid content; AI firms demanding compensation for use of their AI
data in users’ patents; faulty legal briefs
• National Security
• Malicious State/Non-State Actors utilizing AI cyber tools for cyber breaches, AI-enabled autonomous weapons (e.g., drones, etc.)
• Physical Safety
• Autonomous-vehicle malfunction leading to injury or death
• Overreliance on equipment predictive-maintenance decisions leading to worker injury
• Machine-learning models misdiagnose medical conditions
• Political Security
• Deep fakes spreading disinformation to distort and manipulate political reality to weaken targeted society
• Transparency and Accountability
• Lack of transparency and accountability in AI decision-making
• Bias and discrimination in facial recognition?
28. Calculating Overall Risk – Several Formulas
• Risk = Threat x Vulnerability x Consequence
• Risk = T (1-5) x V (1-5) x C (1-5) = 125 (highest possible risk total)
• Risk = Threat + Vulnerability + Consequence
• Risk = T (1 - 33 1/3) + V (1 - 33 1/3) + C (1 - 33 1/3) = 100 (highest possible
risk total)
• Other formulas…
• DHS, USCG Risk ID Number = Threat (attack probability %) X
Consequences in $ X Vulnerability (in Likelihood of Attack
Success %)
29. Calculating Risk Tolerance
To the Country/Organization Leadership: Given the Risk Analysis
presented, how should it accept or mitigate the prioritized risk?
• First, assess the risk categories challenging an entity
• Formulate possible risk category scenarios
• Second, prioritize how significant those risks are to the entity’s capability to
function efficiently
• If a negative event were to happen, how much of an impact would it have?
• Third, calculate the entity’s risk tolerance by establishing a threshold for how much
damage impact from the assessed risk is acceptable or unacceptable
• Fourth, revisit risk tolerance framework on regular basis to track new risks and if
former risks change
30. Prioritizing Mitigation of Risks
• Strategic Mitigation
• Government level mitigation strategies & policies
• National Strategies
• Operational Mitigation
• Government agencies/private sector security departments, etc.
• Tactical Mitigation
• Practical defensive measures
• Cyber security, emergency operations plans, hardening border fences, surveillance/arrests of
suspicious persons, counter-disinformation narratives, etc.
Where possible assess effectiveness and cost of
mitigation and estimate ROI
31. Objective: Attaining Resilience Following
Disasters
• Resilience = Being prepared to effectively respond to and recover from expected
and unforeseen catastrophic events in a way that will not disrupt the continual
functioning of a threatened entity.
• Resilience results from effectively managing the four phases of the mitigation
cycle:
• Anticipation (of threats)
• Preparation (to defend against potential threats)
• Responding (to potential attacks)
• Recovering (from attacks)
https://www.hstoday.us/subject-matter-areas/cybersecurity/a-resilience-framework-for-businesses-to-recover-from-a-pandemic-outbreak/
32. Objective: Attaining Resilience Following Disasters
1. Crisis communications
2. Cybersecurity
3. Disaster management
4. Financial security
5. Human capital
6. Legal and regulatory compliance
7. Physical security
8. Socio-economic ecosystem
9. Strategic innovation
10. Supply chain and procurement
https://www.hstoday.us/subject-matter-areas/cybersecurity/a-resilience-framework-for-businesses-to-recover-from-a-pandemic-outbreak/
33. Risk Management Framework - Benefits
• Structured framework for informing decision making to assess overall risk, risk
appetite, and prioritize the allocation of resources to mitigate them for ROI.
• Prioritizing potential risk categories and mitigation measures demonstrates due
diligence and compliance with government laws, regulations, and industry
standards.
• Generates cost-benefit return-on-investment.
• Lowers insurance risk premiums
• Maintain competitive national security/business advantage
• In the best-case scenario, effectively applying this framework will substantially
upgrade the overall resilience of the threatened country, society, corporation,
organization, or another entity that engage in risk management and risk mitigation.
34. Questions?
Dr. Joshua Sinai
Professor of Practice
Intelligence & Global Security Studies
Capitol Technology University
Laurel, MD 20708
Email: jbsinai@captechu.edu
37. Capitol offers regionally accredited
online undergraduate, masters,
and doctoral degrees in
Counterterrorism
and
Intelligence & Global Security.
Join us for Master’s and Doctoral
Virtual Information Sessions. Held
monthly. To learn more:
Email: gradadmit@captechu.edu •
Phone: 1- 800-950-1992
Hinweis der Redaktion
risk score helps your security team take proactive steps to reduce your attack surface.
It also helps you comply with regulatory frameworks that require you to identify and prioritize
all vulnerabilities.
Unlike other vendors, Armis provides risk scores for all assets automatically. There is nothing that
you need to enter into the system—
The transformative power of AI will be beneficial, but might also result in risks.