Risk Analysis Methods for Nuclear War and Nuclear Terrorism: Phase II (Expanded Abbreviated Report of the CUI Version) (2024)
Chapter: 2 Risk Analysis
2
Risk Analysis
Risk analysis aims to systematically identify the pathways from present circumstances to future outcomes, and the likelihood of negative consequences occurring. To be reliable, the analysis must include a realistic—and in principle complete—description of all the ways that the current state can lead to those future outcomes of concern. Such an analysis requires consideration of future outcomes, some of which may be hypothetical. It is especially difficult for situations for which there is little or no direct experience—nuclear war and nuclear terrorism being cases in point (Paté-Cornell 2011).
Risk analysis, performed well, encourages participation between those requesting the analysis and those conducting it. The process also helps to inform leadership of the decisions, options, and timelines that can be expected if a harmful event occurs. The principles of a well-conducted risk analysis are outlined in Box 2-1. The risk analysis results can aid in prioritization of different decision outcomes—for example, identifying pathways that are most likely to be more harmful, which therefore must be avoided or mitigated even if at great effort. Additionally, identifying the pathways provides the basis for training and preparation to avoid, minimize, or mitigate the failure modes.
Box 2-1 highlights the importance of characterizing and assessing uncertainties in a well-done risk analysis using scenarios to both span potential outcomes and understand dependencies. One of the challenges in making decisions related to avoiding nuclear weapons use (and its risks) or nuclear terrorism is due to the sparsity of direct experience or statistical evidence and the corresponding large uncertainties.
In some risk analyses, relevant statistical data exist from which one can calculate probabilities (i.e., frequencies of occurrence) for use in the risk assessment. When relevant statistical samples and probabilities based on frequencies in such samples are limited, Bayesian approaches that utilize conditional probabilities can aid in developing a risk analysis. Even if data samples exist, Bayesian approaches can help the risk analyst account for additional information that is known about a system (e.g., information gathered from expert opinions, models, and surrogate data from similar situations) and also reflect aspects of the scenario that may evolve with time (e.g., changes in the adversary, technology, operations). The probability of a scenario can then be computed as a series of conditional probabilities reflecting the scenario description (see NASEM 2023a, Chapters 5 and 6). That assessment captures the dependencies among events, through conditional probabilities.
The same Bayesian logic can be used to assess the analyst’s beliefs about a future risk given new available information, which could include false positives (i.e., a “false alarm”) or false negatives (i.e., a missed warning
or signal). Both types of errors have to be included in the updating of the probability to assess the value of that information as the possible improvements of the decision. This computation allows accounting for the uncertainties both in the events a priori, and in the information, which can be correct but can also include false positives or simply not include signals when it should (false negatives). That logic allows assessing the value and validity of information of a message, which may allow improving a decision involving uncertain events.
The 2013 report of the Institute of Medicine, Environmental Decisions in the Face of Uncertainty, identified types of uncertainties associated with risk analysis to aid decision making within the Environmental Protection Agency (EPA). The report suggests that scenario development be used for events for which little or nothing is known about the event’s impact or likelihood to aid decision makers and risk analysts (IOM 2013). An example of one such a situation is climate change. The Intergovernmental Panel on Climate Change (IPCC) has developed and regularly updates a set of possible scenarios. The aim of the scenarios is not to predict the future but to assess the uncertainties linked to possible climate and socioeconomic futures, which can inform decisions (IPCC 2020).
Finding 2-1: Risk analysis, when conducted well, can provide a systematic and disciplined approach; illuminate threats, vulnerabilities, and consequences; and analyze complex interactive situations and dependencies among events. Good risk analysis has leadership guidance and support, informs leadership, and includes scenarios and exercises.
Finding 2-2: Those in charge of developing policy or strategy ought to be made aware of how risk methods could improve options to mitigate risks of nuclear weapons use or nuclear terrorist attacks, especially at a time when those risks are rapidly evolving.
Finding 2-3: A well-performed risk analysis is decision focused, explicit about objectives, incorporates creative alternatives, addresses relevant outcomes, characterizes uncertainties through development of scenarios and exploration of dependencies, addresses changes to risks over time, and supports transparent discovery and policy deliberation. These define, in part, fundamental principles of risk analysis.
Important details of each of these components of risk analysis are listed in Box 2-1.
Conclusion 2-1: The benefit of a well-performed risk analysis is that it prompts those requesting the analysis, who may have decision-making biases, to work in conjunction with those conducting the risk assessment to develop, for example, a systematic listing of potential outcomes; the pathways that can lead to those outcomes; and underlying assumptions, including correlations (dependencies) between different paths and outcomes.
U.S. GOVERNMENT RISK ANALYSIS METHODS
The committee collected information relevant to its tasking in classified meetings held over 7 months. A full list of the presenters and their affiliations can be found in Appendix C. Throughout its information collection efforts, the committee searched for examples of risk assessment methods (Who is doing what?) and how their results were used to develop strategy and guide policy and decisions.
Tables 2-1 and 2-2 summarize the entities and risk methods presented or provided to the committee as examples of methods used to assess different components of risk of nuclear war and nuclear terrorism. These tables summarize the results of the committee’s information collection; they are not intended to be an exhaustive list of the risk methods used throughout the U.S. government to assess risks of nuclear war and risks of nuclear terrorism. Descriptions of some of the methods listed in the tables are provided in the section titled “Examples of Risk Analysis Methods Within the U.S. Government.”
Table 2-1 provides a list of agencies and organizations that provided information to the committee on risk methods for estimating nuclear war. The column labeled “Threat” includes methods of analysis of the intent of adversaries, their state of information and/or intelligence, and their capability (What do they know? What do they
BOX 2-1
Fundamental Principles of Risk Analysis
Risk analysis encompasses a wide range of activities and methods. According to the Society for Risk Analysis (SRA), risk analysis includes “risk assessment, risk characterization, risk perception, risk communication, risk management, risk governance, and policy relating to risk, in the context of risks of concern to individuals, to public and private-sector organizations, and to society at a local, regional, national, or global level.”a Risk analyses that are high quality and trustworthy are based on the fundamental principles of risk analysis.
Risk analysis of nuclear war is typically conducted at the global and regional levels, considering conflict among two or more nations. Risk analysis of nuclear terrorism typically considers the following: threats from the use of nuclear and radiological weapons; global actors; global, national, and local vulnerabilities; and national, regional, and local consequences. In principle, both will also consider the intent, capabilities, and beliefs of adversaries. Based on SRA principles, committee-member expertise, and testimony provided to the committee, the committee identified the following risk-analysis principles tailored to the requirements and challenges of analyzing the risks of nuclear war and the risks of nuclear terrorism. This short list summarizes components of a high-quality risk analysis.
- Identify the potential risk management decision(s). Risk analysts need to understand the strategy, policy, funding, system acquisition, or system operational decision(s) that the risk analysis could inform so that the risk analysis is scoped to meet the needs of the decision makers and stakeholders. This improves the relevance, effectiveness, and efficiency of the risk analysis results. Some risk analyses could be performed periodically to assess potential risks and inform budget allocations (e.g., risk of nuclear terrorism). Other risk analyses may be performed to inform a particular decision (e.g., a change in operational readiness of nuclear forces).
- Specify the decision objectives. Once the type of decision is determined, the objectives of the decision makers and stakeholders need to be understood by the risk analysts. This can be challenging when policy preferences are not clear or evolving. Obtaining guidance and support from decision makers for analysis can also be challenging. Risk analysts may also need to consider the potential objectives of allies and adversaries, which can be difficult to estimate.
- Identify creative, practical alternatives. For decisions involving significant risks, policy makers need a wide set of possible alternatives to remove, avoid, or mitigate the risks, as possible within time, resource, and capability constraints. Risk analysts should seek to identify these alternatives and include them in their risk analyses. Analysts also should continue to search for better alternatives at all stages of risk analysis.
- Define the potential outcomes. Once the decision and the decision objectives are defined, risk analysts need to identify and assess a broad range of outcomes that reflect the concerns of interested and affected stakeholders, and the relative priorities of those different outcomes. Failure to adequately reflect the values of those making (and affected by) decisions can bias analysis
want? What do they have?). The column labeled “Vulnerability” refers to the methods of analysis of vulnerabilities of the United States, its partners and allies, and deployed forces. The column labeled “Consequences” reflects methods used to estimate the impacts of nuclear war. The column labeled “Strategy” encompasses efforts to pull together risk assessments and/or to develop plans and actions to achieve an objective.
Table 2-2 is similar to the Table 2-1 but focused on risk methods for nuclear terrorism. The “Threat” column includes methods of analysis of the intent of adversaries (i.e., terrorists and terrorist organizations) and their state
- results due to omission of outcomes, or mischaracterization of the priorities of outcomes. The characterization of outcomes is especially challenging for the risks of nuclear war and nuclear terrorism.
-
Assess the relevant uncertainties. There are large uncertainties in the available information related to risks of nuclear terrorism and nuclear war, including adversary objectives and capabilities (nation-state and terrorist), potential attack scenarios, adversary actions and reactions, the performance of existing systems and new technologies for offensive and defensive purposes, the efficacy of security measures (including contributions to deterrence), and the short- and long-term outcomes of the use of nuclear and radiological weapons in a nuclear war or a terrorist attack. The identification and quantitative or qualitative assessment of these uncertainties is an essential task in risk analysis.
- Scenarios. Scenarios are a valuable tool for identifying and analyzing uncertainties. Scenarios allow assessment of risk across a wide and meaningful set of future conditions over which events might occur. Failure to do so can lead to errors through omission of factors that affect adversary decisions, adversary capabilities, or the effectiveness of security measures. Scenarios can be made extremely complex by adding details that may not be fully relevant to the decision objectives, to the point at which their likelihood becomes very small with the addition of each detail or component. Scenario specificity is a balancing act—analysts have to balance identifying groups of scenarios in a description that is simple enough that it can be analyzed and, at the same time, includes all the essential components that will make the results relevant.
- Dependencies. Uncertainty analysis should identify and assess the dependencies among the elements of the scenarios, decisions, adversary actions, and outcomes that could happen in each scenario. These dependencies need to be identified and modeled or assessed—ideally quantitatively. In this case, the probability assigned to an event is conditioned on other dependent events, such as previous decisions of the United States and its adversaries. For example, reducing U.S. vulnerabilities can affect adversary actions.
- Include dynamics. Time is an important consideration in nuclear risk analysis. Risk analysis must be dynamic to reflect how adversaries, scenarios, technologies, options, outcomes, and preferences may change in the future, and it must include a time horizon because, for example, risks of nuclear war and nuclear terrorism are not static.
- Provide transparent analyses. Risk analysts need to present their analyses in a manner that enables inspection and independent review of their assumptions, scenarios, uncertainties, models, outcomes, and results by decision makers, stakeholders, and peer reviewers. The analysis, data, and results need to be clear, traceable, and understandable. This will require significant effort above and beyond simply conducting the analysis, but it is becoming the standard practice for high-quality research.
__________________
a See the Society for Risk Analysis website at http://www.sra.org, accessed July 14, 2023.
of intelligence, and their capability. The “Vulnerability” column refers to methods to assess the vulnerability of the U.S. homeland, including weapons access, material access, transit, targets, insider threats, and know-how. As in Table 2-1, the column labeled “Strategy” encompasses efforts to pull together risk assessments and/or to develop plans and actions to achieve an objective.
TABLE 2-1 Risk Analysis Methods Used by Decision Makers to Assess Risks of Nuclear War
| Threat | Vulnerability | Consequences | Strategy |
|---|---|---|---|
|
NIC (Murphy 2022) <structured analytic techniques> |
|||
|
ICSB (Leslie 2022) <structured analytic techniques> |
|||
|
Department of State (Miles 2022) <contributor> |
|||
|
DoD: MDA (Mays 2022) <testing and simulation> |
|||
|
DoD: Secretary of Defense (Mattis 2022) <consumer> |
|||
|
DoD: DASD (Roberts 2022; Johnson 2023) <intel-driven assessments> |
|||
|
NATO (Gottemoeller 2022) <intel-driven assessments> |
|||
|
Department of State (Nicolaidis et al. 2022) <consumers> |
|||
|
NASEM CISAC (Lowenthal 2022) <discussions with adversaries> |
|||
|
HASC staff (Schneider 2021)* <consumers> |
|||
|
Department of State/Sandia (Caskey 2021)* <expert elicitation> |
|||
|
DoD: DTRA (Sward 2023) <probabilistic and deterministic models> |
|||
|
White House: National Security Council (Vaddi et al. 2022) <intel-driven assessments> |
White House: National Security Council (Vaddi et al. 2022) <intel-driven assessments> |
||
|
DoD: Joint Staff (Weaver 2022) <adversarial decision calculus> |
|||
|
DoD: USSTRATCOM, J5 (Weidner et al. 2022) <RoSDF, including adversarial decision calculus, intel, and signals> |
|||
|
DoD: USSTRATCOM, J3/J7/J8/NEC (Nichols et al. 2022) <TTXs and war games> |
|||
|
DoD: Joint Staff, J5 Strategic Stability (Long 2022) <mostly intel-driven assessments, some scenario-based assessments, TTXs, war games, and adversary decision calculus> |
|||
NOTES: A dark gray background indicates presentations from U.S. government agencies and organizations; a light gray background indicates presentations from retired officials or those outside of the U.S. government. Risk analysis methods are shown in angle brackets. An asterisk (*) indicates the briefing is from Phase I. Acronyms and abbreviations are as follows:
CISAC, Committee on International Security and Arms Control
DASD, Deputy Assistant Secretary of Defense
DoD, Department of Defense
DTRA, Defense Threat Reduction Agency
HASC, House Armed Services Committee
ICSB, Intelligence Community Studies Board
J3, Global Operations
J5, Plans and Policy
J7, Joint Exercises, Training, and Assessments
J8, Capability and Resource Integration
MDA, Missile Defense Agency
NASEM, National Academies of Sciences, Engineering, and Medicine
NATO, North Atlantic Treaty Organization
NEC, Nuclear Command, Control, and Communications and Enterprise Center
NIC, National Intelligence Council
RoSDF, risk of strategic deterrence failure
Sandia, Sandia National Laboratories
TTX, tabletop exercise
USSTRATCOM, U.S. Strategic Command
TABLE 2-2 Risk Analysis Methods Used by Decision Makers to Assess Risks of Nuclear Terrorism
| Threat | Vulnerability | Consequences | Strategy |
|---|---|---|---|
|
NIC (Murphy 2022) <structured analytic techniques> |
|||
|
ODNI: NCTC (Walsh et al. 2023) <structured analytic techniques> |
|||
|
ODNI: NCBC (Murphy 2022; Walsh et al. 2023) <structured analytic techniques> |
|||
|
Department of State (Miles 2022) <contributor> |
|||
|
USNRC (Apostolakis 2021) <PRA expanding to include intent and capabilities> |
|||
|
DoD: Joint Staff (Aeshelman 2022) <TTXs and exercises> |
|||
|
DOE: NMIP (Lucast et al. 2022) <rankings, material attractiveness tables> |
|||
|
DoD: Joint Staff (Aeshelman 2022) <consumers of intel> |
|||
|
DoD: OUSD (Kurtz 2022) <consumer> |
|||
|
Department of State (Nicolaidis 2022; Rothenberg 2022) <consumer> |
|||
|
White House, NSC (Bentz 2022) <intel-driven assessments> |
White House, NSC (Bentz 2022) <intel-driven assessments> |
||
|
FBI analysis (Fullerton 2023) <rankings, physical security infrastructure> |
|||
|
DHS: S&T (Cooper 2023) <PRA, semiquantitative risk assessment, SWIFT, multiattribute; method depends on the request> |
DHS: CWMD Policy (Pavlick 2023) <consumer, GNDA> |
||
|
NNSA: NA-80 (NNSA 2021; Tilden and Boyd 2022)* <expert input into other analyses> |
|||
|
NNSA: DNN (Looney et al. 2021)* <programmatic and funding risk assessments to guide budgetary decisions> |
|||
NOTES: A dark gray background indicates presentations from government agencies and organizations; a light gray background indicates presentations from retired officials or those outside of the U.S. government. Risk analysis methods are shown in angle brackets. An asterisk (*) indicates the briefing is from Phase I. Acronyms and abbreviations are as follows:
CWMD, Countering Weapons of Mass Destruction
DHS, Department of Homeland Security
DNN, Defense Nuclear Nonproliferation
DoD, Department of Defense
FBI, Federal Bureau of Investigation
GNDA, Global Nuclear Detection Architecture
NCBC, National Counter Proliferation and Biodefense Center (previously NCPC)
NCTC, National Counterterrorism Center
NIC, National Intelligence Council
NMIP, Nuclear Materials Information Program
NNSA, National Nuclear Security Administration
NSC, National Security Council
ODNI, Office of the Director of National Intelligence
OUSD, Office of the Under Secretary of Defense
PRA, probabilistic risk analysis
S&T, Science and Technology Directorate
SWIFT, structured what-if technique
TTX, tabletop exercise
USNRC, U.S. Nuclear Regulatory Commission
Differences in Nuclear War and Nuclear Terrorism Risks
Nuclear war and nuclear terrorism risk methods are distinct in important ways. The risk of nuclear war is often assessed by considering nuclear armed adversary decision calculus, while the risk of nuclear terrorism is most often focused on the availability of nuclear materials that might be used by a nonstate actor or state-sponsored terrorist group to obtain a nuclear device or to construct an improvised nuclear device or a radiological dispersal device.1 Two forms of deterrence come into play for both war and terrorism: the power to hurt (i.e., retaliation) and the power to deny (i.e., preventing an adversary from achieving objectives through either defenses or prevention of their capabilities).
For policy analysts and senior decision makers, the threats posed by other nation-states with nuclear weapons often drives decision making in documents such as the Nuclear Posture Review. The Obama administration’s commitment to modernizing the U.S. nuclear deterrent forces accompanying Senate ratification of the 2010 New START Treaty is a good example. Estimating the potential threat posed by a nuclear armed adversary’s capabilities is as critical as examining the impact of U.S. responses to that threat and identifying military threats and diplomatic assurances that could lead to avoiding or ending a nuclear conflict on acceptable terms to reduce further escalation.
In contrast, decision makers in the nuclear terrorism arena are often more focused on nuclear materials attractiveness, availability, and quantity (e.g., based on assessments of the effectiveness of security measures to protect nuclear materials). These assessments can guide considerations of where to focus U.S. nonproliferation and nuclear material security assistance programs and dollars. Furthermore, the role of a nuclear nation-state actor distinguishes programmatic decisions in the nuclear terrorism field from those facing decision makers concerned about nuclear deterrence and nuclear war.
Finding 2-4: Risk analysis is conducted in the U.S. government to address a range of specific and targeted questions related to nuclear war or nuclear terrorism such as threat analysis, vulnerability analysis, and programmatic and budgeting decisions. In these cases, the risk analysis appears to be addressing specific needs identified by decision makers. However, few risk analysis efforts addressing the broader question of overall risks of nuclear war or terrorism were found.
EXAMPLES OF RISK ANALYSIS METHODS WITHIN THE U.S. GOVERNMENT
The U.S. government approaches to assessing risk, shown in Tables 2-1 and 2-2, vary by the goals and objectives of the organizations using them. Organizations interested in understanding threats, such as the intelligence agencies, rely on methods that characterize the intent and capabilities of adversaries who might seek to obtain and use nuclear weapons or devices. Organizations such as the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) focus on securing nuclear weapons and materials, preventing sabotage of nuclear facilities, or preventing successful use of nuclear weapons in an attack. They use methods to identify and assess vulnerabilities to facilities, security systems, and transit pathways. Those who focus on developing responses to the nuclear attack or prioritizing scenarios, such as the Department of Defense’s (DoD’s) Defense Threat Reduction Agency (DTRA), Joint Chiefs of Staff, U.S. Strategic Command (USSTRATCOM), and DHS analyze some (but not all) of the consequences of nuclear detonations.
The committee recognized the use of formalized risk methodologies within the U.S. government. Other than understanding the types of assessments being conducted and the methods they used, the committee did not evaluate the level of quality of the risk assessment outputs or how well the analyses were conducted. If not currently following the principles of a well-conducted risk analysis listed in Box 2-1, any of the examples in Tables 2-1 and 2-2 would likely benefit by adopting them.
Several risk methods and approaches to decision making shown in Tables 2-1 and 2-2 are further described below to highlight a variety of analyses for both nuclear war and nuclear terrorism risks.
___________________
1 The Phase I report addressed the scenarios (Chapter 2), history and literature of risk assessment (Chapter 3) and the use of risk assessment for nuclear war and nuclear terrorism (Chapter 4). These three chapters also highlight the differences between the risk of nuclear war and nuclear terrorism.
Defense Threat Reduction Agency Nuclear Consequence Models
Consequence is one part of a traditional risk equation. DTRA maintains DoD’s nuclear war consequence models. DTRA uses probabilistic models for targeting and damage estimates, including blast, cratering, and ground shock. Human effects that are included in the current models are focused on the ability of troops to conduct their missions. Some estimates of collateral damage to humans are included—prompt, thermal, and air blast effects. Deterministic models have been developed, for example, for the propagation of dust, fire, and ground-level and high-altitude electromagnetic pulse. Political, military, economic, social, information, and infrastructure impacts are not currently included in DTRA’s models. DTRA consequence models are used by DoD, DTRA reach-back teams, the Army, the Air Force, the Navy, and the Missile Defense Agency.2
In the Phase I report, the committee outlined the effects of a nuclear explosion by its immediate, near-term, and long-term effects. DTRA confirmed that its categorization is similar (NASEM 2023a, pp. 4-9, 4-13, and 4-15; quotes are unclassified):
The immediate effects of a nuclear explosion include an intense burst of gamma and neutron radiation; a fireball (anything inside the fireball is likely to be totally consumed); an intense, blinding flash and a pulse of thermal radiation (causing burns and igniting fires); a powerful blast wave, accompanied by intense winds; and an intense electromagnetic pulse (localized for blasts within the atmosphere, but more far-reaching for blasts in space). (p. 4-9)
Near- and long-term effects are wide reaching. In the near term (roughly, 1 hour to 1 week after the event), widespread evacuations and grid instability are possible along with initial radiation effects on humans. In the long term (weeks to several months or years after the event), effects include social and economic unrest, political and governance crises, health effects, infrastructure failures, negative environmental and climate effects, migration, and psychological distress. (p. 4-9)
Updating our Cold War understanding of blast damage in a modern city is another important area of research. The bombings of Hiroshima and Nagasaki demonstrated that the area of glass breakage is nearly 16 times greater than the area of significant structural damage. Injury from broken glass has not previously been well modeled, however, because Cold War planners generally considered it not of military significance (Buddemeier 2010, p. 31). (p. 4-13)
Early studies show that some researchers (and funders) recognized the importance of and were beginning to explore the social and psychological effects of nuclear war. It is noteworthy and disturbing that there has been so little attention to further deepening understanding of these vital impacts since 1986. (p. 4-15)
DTRA consequence modelers are in a “wait and see” mode to be able to address the gaps outlined above. With the exception of electromagnetic pulse effects, DTRA has not been asked to model the other gaps outlined in the committee’s Phase I Conclusion 4-1. Because of DTRA’s dual role to provide combat support as well as testing and training of systems to be deployed (i.e., both an “aider” and “grader”), any effort spent producing or improving a product such as the nuclear war consequence models needs a requirement and a metric. Developing a metric for inclusion of political, military, economic, social, information, and infrastructure impacts in their consequence models, for example, is difficult, especially because no one has issued a requirement for it.
One important point that was raised during the DTRA discussion was that DoD has a requirement via “Chairman Instructions” to produce a written collateral damage estimate before use of conventional weapons (CJCS 2021). The requirement to assess collateral damage and the consequences for the use of nuclear weapons was not as widely scoped. Based on CJCS (2021) and what the committee heard, this is an important gap.
Finding 2-5: Within DoD, DTRA provides estimates of the impact of nuclear weapons. The consequence assessment is focused on prompt effects and military objectives. This results in a partial accounting of the consequences leading to a limited understanding of the breadth of the outcomes.
___________________
2 Other agencies use DTRA models for code comparison (see Interagency Modeling Analysis Committee [IMAC]; Sward 2023). In addition, other agencies and programs within the U.S. government produce or are contributing to consequence models, especially nuclear and radiological infrastructure modeling, including the National Laboratories, EPA, and DHS.
Conclusion 2-2: Current modeling by DoD’s DTRA of the consequences of nuclear explosions resulting from strategic deterrence failure are limited to prompt military effects, especially detonation (blast) and some fallout effects, and does not extend to broader and longer-term effects. This information further supports the committee’s Phase I Conclusion 4-1, that there is a need to better understand other physical effects of nuclear weapons (e.g., fires, damage in modern urban environments, electromagnetic pulse effects, and climatic effects, such as nuclear winter), as well as the assessment and estimation of psychological, societal, and political consequences of nuclear weapons use.
Risk of Strategic Deterrence Failure
A Risk of Strategic Deterrence Failure (RoSDF) assessment is produced for each nuclear-armed adversary. Although strategic, these assessments are refreshed daily to account for global diplomatic, informational, military, and economic conditions. The USSTRATCOM commander summarizes RoSDF assessment outputs (and other information) into a weekly update to the Secretary of Defense and the Chairman of the Joint Chiefs. This assessment informs discussions with the National Command Authority and was briefed directly to the President on at least two occasions early in the Russia–Ukraine crisis. Geographic combatant commands such as the European Command and the Indo-Pacific Command do not develop their own risk assessments of deterrence failure but rather participate in the development of the RoSDF assessment that USSTRATCOM produces for DoD. The RoSDF analysts incorporate information from other agencies—including, for example, the Departments of State and Treasury—to ascertain the diplomatic, economic, and informational impacts on adversary perceptions that drive risk.
“Adversary decision calculus” is a method cited to assess an adversary’s goals, psychology, cultural perspective, information, and reasoning (USSTRATCOM 2021a; Long 2022; Weaver 2022; Weidner et al. 2022). Adversary decision calculus is used within USSTRATCOM’s RoSDF as well as by the Joint Staff (J5). The method can guide U.S. actions to maximize deterrence; adversary’s responses are closely monitored after actions are taken by the United States, such as commencing military exercises, verbal statements made by U.S. officials, or alerting U.S. forces.
However, adversary decision calculus has important weaknesses. Some of these were discussed in the Phase I report (NASEM 2023a). One basic weakness is the contrast with scenario-based methods that are highlighted earlier in this chapter. Scenario-based methods force more attention to interactive behavior and other dependencies that influence potential outcomes.
Risk of Nuclear and Radiological Terrorism
DHS’s Science and Technology (S&T) Directorate is responsible for developing and maintaining the capability to perform terrorism risk assessments of weapons of mass destruction tailored to a variety of different users (DHS 2021). DHS uses probabilistic risk assessment (PRA) methodology to assess risk that uses a set of scenarios with derived data and modeled probabilities and consequences. Risk assessments are scaled to user requirements and can be used to address components of overall risk, or they can be used to assess the overall risks of a nuclear, radiological, chemical, or biological attack on the United States. Recently, the DHS Countering Weapons of Mass Destruction (CWMD) Directorate produced its first chemical, biological, radiological, and nuclear (CBRN) Strategic Rick Assessment Summary (DHS 2022).
In its risk modeling, DHS has identified three categories of terrorist organizations (international organizations, domestic groups, and small groups or lone actors) with a range of financial and technical capabilities; many different target types and dissemination modes; and hundreds of CBRN agents, materials, or devices (DHS 2022). DHS includes in its models the acquisition of a state device by a terrorist organization, but it does not model the specific activities of the state actor. The insider threat of nuclear facilities is not included in the DHS risk model, as it is being addressed by others, including the U.S. Nuclear Regulatory Commission and the Department of Energy.
Another key aspect of DHS’s risk assessment effort is the department’s interface with the consumers of these assessments:
Development of the risk assessments has been an ongoing, community-driven process so as to ensure that the methodology and resultant outputs adequately address the needs of the Homeland Security Enterprise (HSE) and interagency stakeholders. On a regular basis, S&T [and CWMD] meets with other DHS components and interagency partners to gather requirements for risk assessments and to ensure that the results are vetted by the appropriate experts. (DHS, Phase 1, 2021, p. 2)
This is consistent with a well-conducted risk assessment (see Box 2-1).3
Intelligence-Informed Leadership Judgment—or Intel-Driven Assessments
Intelligence assessments follow strict analysis and reporting guidelines (Grabo 2002; DIA 2009) to characterize and understand threats to the United States. For long-standing intelligence oversight reasons, the Intelligence Community (IC) does not collect information on or analyze interactions with U.S. plans and choices, nor does the IC typically assess the consequences or vulnerabilities to the United States or its interests (Murphy 2022). However, those developing strategy may use intelligence reports to develop their own “intel-driven assessments” or “intelligence-informed leadership judgment,”4 as shown in Tables 2-1 and 2-2 (the right-hand column in both tables).
COMMITTEE FINDINGS, CONCLUSIONS, AND A RECOMMENDATION RELATED TO RISK METHODS USED IN U.S. GOVERNMENT
In its review of the variety of risk methods used across the U.S. government to address different aspects of nuclear risks, the committee provides the following additional findings, conclusions, and recommendations.
Finding 2-6: Based on the information collected by this committee, risk analysis is conducted in the U.S. government to address a range of specific and targeted questions related to nuclear war and nuclear terrorism, such as programmatic and budgeting decisions. In these cases, the risk analysis appears to be addressing specific needs identified by decision makers. However, few risk analysis efforts addressing the broader question of overall risks of nuclear war or terrorism were found. One exception is the effort within DHS S&T and Countering Weapons of Mass Destruction (CWMD) directorates focused on assessing CBRN risks. DHS S&T and CWMD, in conjunction with DHS partners and other federal agencies, have developed a risk analysis capability to assess and guide decisions related to terrorism, including nuclear terrorism. Another exception is a recently developed qualitative tool, RoSDF, within USSTRATCOM focused on assessing the risk of strategic deterrence failure, including the risk of nuclear weapons use.
Finding 2-7: RoSDF is a qualitative tool intended to guide integrated deterrence planning and decision making. It was one of the few examples discovered during the committee’s information collection activities of a risk assessment tool focused on risk of nuclear war. To its credit, the RoSDF process combines input from the Combatant Commands, the Intelligence Community, the U.S. interagency, and allies. RoSDF is a nascent cross-government, multidisciplinary analysis of nuclear war risks whose scope is nonetheless defined by a hierarchy of requirements documents and DoD structure. This necessary hierarchy imposed by DoD limits RoSDF assessments to threats to U.S. vital interests posed by nuclear-armed adversaries as identified in Campaign Plans, National Security Strategy, Nuclear Posture Review, and National Defense Strategy. It precludes the incorporation of risks of minor conflicts; integration of emerging technologies and domains (cyber, artificial intelligence, space); contributions from economic, technological, and information risks; and inadvertent or accidental nuclear launch.
___________________
3 The committee had no opportunity to validate this claim.
4 The latter phrase was used by Brad Roberts in his November 2022 briefing to the committee.
Finding 2-8: Sensitive aspects of USSTRATCOM’s RoSDF analysis are understandably classified, including the specific sources and methods used for data collection and RoSDF’s requirements to limit its focus on specific adversaries (as specified in USSTRATCOM’s Campaign Plan). The current methods presented to the committee do not emphasize the kind of interactive scenario-based risk analysis mentioned in this report. However, the general scope and methodology of the RoSDF effort could be made more widely available to enable awareness of RoSDF goals and capabilities across the U.S. government and beyond, as well as critical review by other experts (peer review).
Recommendation 2-1: The U.S. Strategic Command’s risk of strategic deterrence failure (RoSDF) capability to monitor and assess the risk of deterrence failure and to assess the impact of U.S. actions on adversary’s actions should be more widely shared across the U.S. federal agencies and the executive branch. This added transparency and resulting feedback and engagement with others could improve early RoSDF capabilities.
Conclusion 2-3: The main differences between the U.S. government’s nuclear security strategy when it comes to nuclear terrorism risks and nuclear war risks are in their scope, current capability, and use. The risks posed by nuclear and radiological terrorism has received National Security Council (NSC) attention and guidance (NSM 19 2023). A capability to assess overall risks leading to terrorists’ use of nuclear or radiological weapons exists within DHS and appears to meet at least some of the risk analysis best practices outlined in by this committee, but it is not clear how the DHS risk analysis capability is being used to guide interagency strategy. The risks posed by deterrence failure leading to the use of nuclear weapons lacks an NSC-level focus (based on the information that was available to this committee). This leads to a disconnect between integrated-deterrence failure analysis and current capabilities. Both risk analysis capabilities, one residing within DHS for nuclear terrorism and another within USSTRATCOM for nuclear war, were either not known or were dismissed by interagency partners, leading to the possibility that both capabilities are underscrutinized and underutilized.
