Home » Business Continuity » Disaster Recovery

Understanding Risk, Post-Katrina

FEMA's disastrous handling of Hurricane Katrina's aftermath was all the more galling because the scenario was long foreseen. So what catastrophe should DHS plan for next? We pick apart the risk equation.

When Michael Chertoff took over 11 months ago as the secretary of the Department of Homeland Security, he vowed that the department would adopt a risk-based approach. No one really argued. It made sense to focus resources on the country's biggest risks.

But as the post-Katrina flood waters rose and then fell, it became clear just how daunting a task that would be. Why, wondered an enraged public, was the country so ill-equipped to deal with the situation in New Orleans, when the flooding of that city had long been one of the biggest risks identified by the Federal Emergency Management Agency? And how can citizens be sure that the country isn't neglecting preparations for whatever man-made or natural disasters might be next on the horizon?

CSO set out to explore those risks and get a read on what the government and private sector are doing to address them. In talking with the nation's top experts about the country's risk terrain, post-Katrina, what we found was not encouraging. Not only is there nothing approaching agreement about what those risks are, but experts have not even decided on some basic definitions.

"You don't have agreement to, 'What is risk?'" notes Randall Yim, former director of the Homeland Security Institute, a federally funded research center in Arlington, Va. "And if you asked 10 different people about the country's biggest risks, they would probably rank 10 different priorities, even within a region."

More confounding, those people's answers might be on completely different planes: While one person might rank an avian flu pandemic as a top risk, another might speak more philosophically about the possibility that in an effort to improve security, the United States will destroy the very liberty it is trying to protect.

In light of this lack of consensus, we decided to pick apart the three components that make up a standard risk equation—scenario, probability and consequence—and talk about how they each apply to the nation's risks. What we found is that the first component, scenario, challenges the imagination; and the second, probability, defies knowledge. But the third component of risk—consequence—is the outcome of the first two and the most important place to focus one's energy. Here's why.

Scenario: Why planners need to overcome the availability bias

In risk management, as in the real world, a scenario is simply what might happen: Terrorists might hijack commercial airliners and fly them into buildings. The power might go out in a huge swath of the United States. A Category 4 hurricane might hit a major metropolitan area. When experts talk about the country's biggest risks, like these, they're actually talking about low-probability, high-consequence scenarios—things that aren't likely to happen in any given year, but that, if they did, would be extremely damaging. The problem is, the human mind just isn't equipped to deal with this type of risk.