Skip to Main Content
Have library access? Log in through your library
Modeling Terrorism Risk to the Air Transportation System

Modeling Terrorism Risk to the Air Transportation System: An Independent Assessment of TSA’s Risk Management Analysis Tool and Associated Methods

Andrew R. Morral
Carter C. Price
David S. Ortiz
Bradley Wilson
Tom LaTourrette
Blake W. Mobley
Shawn McKay
Henry H. Willis
Copyright Date: 2012
Published by: RAND Corporation
Pages: 168
  • Cite this Item
  • Book Info
    Modeling Terrorism Risk to the Air Transportation System
    Book Description:

    RAND evaluated a terrorism risk modeling tool developed by the Transportation Security Administration and Boeing to help guide program planning for aviation security. This tool—the Risk Management Analysis Tool, or RMAT—is used by TSA to estimate the terrorism risk-reduction benefits attributable to new and existing security programs, technologies, and procedures.

    eISBN: 978-0-8330-7974-9
    Subjects: Transportation Studies, Political Science

Table of Contents

  1. Front Matter
    (pp. i-ii)
  2. Preface
    (pp. iii-iv)
  3. Table of Contents
    (pp. v-viii)
  4. Figure and Tables
    (pp. ix-x)
  5. Summary
    (pp. xi-xviii)

    To support policy and resource allocation decisions, the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA) have developed a suite of tools and processes for conducting risk assessments. One such tool is the Risk Management Analysis Tool (RMAT) developed by the Boeing Company and TSA in consultation with private sector and governmental members of a risk management working group. In December 2010, TSA asked RAND to evaluate whether RMAT provides results that are valid for TSA’s risk-assessment needs. This report describes RAND’s approach to this assessment and our findings.

    RMAT simulates terrorist behavior and success in attacking...

  6. Acknowledgments
    (pp. xix-xx)
  7. Abbreviations
    (pp. xxi-xxii)
  8. CHAPTER ONE Introduction
    (pp. 1-12)

    In establishing the Department of Homeland Security (DHS) in 2002, Congress directed DHS to develop risk-management principles for protecting critical infrastructure sectors such as transportation. This requirement was elaborated by Homeland Security Presidential Directive 7, the National Infrastructure Protection Plan, and other legislation and policies. These highlighted the importance of developing reliable and valid assessments of security risks that account systematically for the threats, vulnerabilities, and consequences to which transportation systems and other critical infrastructure are exposed.

    Early DHS and Transportation Security Administration (TSA) risk-analysis efforts revealed the complexity of critical infrastructure risks when threats involve intelligent adversaries who may...

  9. CHAPTER TWO RMAT Adversary Model
    (pp. 13-32)

    A core feature of RMAT is an adaptive adversary who weighs the advantages of alternative attack strategies, learns new information about the aviation system, and plans and attempts to execute an attack.¹ This chapter assesses the RMAT conceptualization of terrorist adversaries, with the objective of establishing whether it adequately captures the range of capabilities, decisions, and behaviors of potential adversaries. We first provide an overview of the RMAT adversary model and distill key aspects of the model into ten propositions about adversary behavior. The second section assesses the accuracy of the propositions based on their congruence with the social science...

  10. CHAPTER THREE RMAT Defender Model
    (pp. 33-60)

    RMAT represents terrorism defense in the aviation system in the context of a virtual “world” that matches the aviation system. The world is the operating space for RMAT—all adversary and defender operations occur as agents (people) and weapons move through the world. The RMAT world includes a comprehensive representation of points at which defender and adversary agents and weapons might pass, such as the curbside, checked baggage inspection, passenger screening points, lobbies, airplanes, freight-processing facilities, and catering kitchens. The RMAT world is an abstraction of the U.S. commercial aviation system. The model focuses on standard operating procedures and equipment...

  11. CHAPTER FOUR RMAT Data Requirements and Sources
    (pp. 61-76)

    RMAT has thousands of input variables, which places heavy demands on the identification and validation of accurate parameter values quantifying aspects of airports, security operations, terrorist operations, and attack outcomes and their valuation. To fulfill model data requirements, Boeing and TSA have undertaken extensive and repeated data collection efforts. These collection efforts have relied on elicitations with subject matter experts, assessments of technical and scientific data, review of TSA policies and procedures, and other data sources. Because the model, the system it describes, and threats to it are constantly evolving, the validity of RMAT results depends on the reliability and...

  12. CHAPTER FIVE RMAT Model Performance and Management
    (pp. 77-94)

    To produce valid and useful results, RMAT requires more than just a good conceptual model underlying its source code. It also needs code that faithfully characterizes the conceptual models and change management processes that help to ensure that the code remains faithful through periodic modifications necessary for new case studies of risk, when improvements are made to the conceptual model, or when detected errors are corrected.

    Our study team was permitted to inspect the RMAT source code at Boeing’s facility in Huntsville, Ala., but not to take it back to RAND where we could undertake more leisurely and in-depth analysis...

  13. CHAPTER SIX Supporting TSA Management and Investment Decisions with RMAT
    (pp. 95-122)

    TSA must make high-stakes resource allocation decisions designed to counter threats that are not well known, that are continuously evolving and innovating, and that may intelligently adapt to, evade, or overcome our security measures. If TSA invests in a detection device or imposes a new carry-on restriction, how likely are these countermeasures to reduce overall risk? How should TSA compare countermeasures that affect different risks or that reduce risk to one part of the air transportation system while increasing it elsewhere? Because the risks posed by these threats are shifting and complex, TSA leadership needs analytic tools for understanding the...

  14. CHAPTER SEVEN Conclusions
    (pp. 123-130)

    TSA policies and investment decisions require judgments that consider many competing interests, including effects on

    terrorism risk to the aviation system

    carrier and airport operations and costs

    the costs of implementing and maintaining the policy

    privacy, time burdens, and other concerns of travelers.

    For considering the effects of new policies on system risk, TSA has several important resources, including a risk-management doctrine that recognizes many of the challenges of risk assessment when confronted with an adaptive adversary, such as many sources of deep uncertainty about the adversary’s intentions, capabilities, and methods; the likelihood that counterterrorism measures may not eliminate risks...

  15. APPENDIX Requirements for a TSA Risk Assessment
    (pp. 131-134)
  16. Bibliography
    (pp. 135-146)