Amid concern about the dual challenges of quantifying and mitigating risk on a national scale, President Bush may issue a Homleand Security Presidential Directive (HSPD) on the matter, according to Joel B. Bagnal, deputy assistant to the president for homeland security.
Bagnal, who has served as a White House homeland security advisor since December 2001, addressed the topic Tuesday in the keynote speech at the National Conference on Security Analysis and Risk Management, held at the Arlington, Virginia, campus of George Mason University (GMU).
Begnal said the broader problem of risk may require establishment of a "comprehensive risk management paradigm."
"I think this is an area that's going to require some presidential direction," Begnal said.
An HSPD would not establish that paradigm but would instead instruct a federal agency or agencies to do so.
The 2006 National Infrastructure Protection Plan (NIPP) establishes a national risk management framework governing the country's 18 critical infrastructure sectors—a list expanded earlier this year to include the non-defense manufacturing sector.
In the NIPP, the Department of Homeland Security (DHS) defines risk as a product of threat, vulnerability, and consequence. The document lays out six elements for critical infrastructure risk management: identify infrastructure, set security goals, assess risk, prioritize assets, implement security measures, and measure performance. Under the plan each of the simultaneous, open-ended steps informs the others.
DHS, however, has wrestled with disparate risk assessment methodologies and metrics. And while strict regulation of sectors such as nuclear, chemical, and civil aviation serves to limit risk, the question of how to mitigate risks faced by soft, mostly private infrastructures, like commercial facilities and the healthcare sector, remains an open one.