Saturday, October 31, 2015

A Morphological Approach for Proactive Risk Management in Civil Aviation Security

By: Hernando Jimenez, Ian C. Stults, and Dimitri N. Mavris


This article discusses a study in which morphological analysis was used in order to create a framework that would proactively assess the rest of a terrorist attack on an air transportation system (ATS). The goal of morphological analysis is to create possible attack scenarios and the likelihood of those scenarios. In this example, profiles of various terror organizations were developed and outlined so that a specific assessment of high-risk scenarios was able to be made. If this method was used by defensive organizations, then they would be capable of quickly assessing the risks of the various terrorist attack scenarios and be able to protect air transportation systems more effectively. This is a very practical example as the commercial aviation system continues to be a very critical part of infrastructure, gets a lot of attention from the media when something occurs, and continues to be a high risk target for terrorist attacks. 

This article also discusses the background of risk management and assessment. According to this article, risk is "the combination of the likelihood of a given event and the consequence or associated outcome of that event if it occurs." When the risk has been characterized and evaluated, then the next step is the mitigation of that risk. The combination of risk assessment and risk mitigation is known as risk management. Risk assessment is when the risk is modeled and quantified by estimating values for risk parameters.

When the risk was assessed in this case, it was determined as a product of probability and a consequence scalar index, then identified within a risk-level matrix that is depicted in the article. This event impact is categorized as low, medium, or high, with corresponding scalar values of 10, 50, and 100. In addition, the low, medium, and high likelihood events are modeled via probability values of 0.1, 0.5, and 1.0. For this example, the values for high risk events scored above 50, the medium risk events scored between 10 and 50, and low risk events scored below 10.

To study the vulnerabilities of the ATS in this example, the system's architecture was explored from a purely operational perspective which means that the only important elements were the ones directly involved in the architecture (i.e. control tower of the airport and the airport itself).In order to do this, morphological analysis was used. What the morphological approach allows analysts to do is to break down the potential attacks into their key components, examine and identify the combinatorial rules between them, and search for specific attacks that would reveal those vulnerabilities. The first step to do this in this specific example was to define an attack model that featured the key elements. In the model, the target is the parts of the ATS that will be primarily affected (i.e. aircraft or parts of an airport), and the tactical objective defines the impact or effect caused by the attacker. There were two limitations in the study however: the model couldn't capture ulterior motives or higher level objectives by the attackers. 

Based on the morphological field that was created by the authors, there were 5,040 different attack scenarios that were created and 1,172 of them were internally consistent. Something to keep in mind with this example, however, is that the authors of this study are not experts on ATS security, so the values and results are notional and meant just for the demonstration of this method. When the results were generated, it was found that explosives are a high-risk weapon, weapons transported in a ground vehicle or in garments or carry-on luggage were particularly interesting, and people who use airports are high-risk targets in comparison to other assets. Because of this, it seems that no single particular area of focus exists and that points of entry in areas that are more accessible and closer to passengers are at a much higher risk.

The results say that the use of morphological analysis was helpful overall. They specifically say that top-level and tactical attack models provide general applicability and show a wide range of scenarios and sensitive security information can be avoided. The fact that the results could be visually represented was also a plus since the authors say that it's vital for adequate assessment and evaluation of potential risks. It was also helpful because the attacker profiles mapped to data filters allowed the generic attack data set to be characterized and refined which then allowed a defense approach tailored to what the entities of interest were.


Overall, I thought this article was beneficial and interesting. In intelligence analysis I can definitely see the value of using a method such as morphological analysis because scenarios are created and then different aspects of them are weighted which isn't an option with some methods. In this particular example, however, there seemed to be a few critiques that could be made which are the fact that the authors who conducted the study were not experts on ATS security which could have affected the scenarios that they were able to come up with and the fact that this method seems to be most useful for tactical analysis. It did provide a good example of a morphological analysis though, so I think it is worth the read.



  1. I think this article really does a good job of highlighting a few of the strengths of morphological analysis. First, the sheer number of scenarios that (computer-based) morphological analysis can create is a huge benefit, particularly for risk analysis or disaster planning activities. Second, this method can also focus on which weapons or targets are the primary threats, helping to direct resource allocation. The weakness that the authors mention, a tactical focus without any higher-level analysis, is only a weakness in certain situations. There are times when a tactical analysis is necessary, and would therefore be a strength.

  2. I agreed with your critique of the article and agree that the weighing of senarios is a great advantage that not all modifers or techniques can offer. Yours is the second article I read that mentioned the studies were not performed with experts when it might have been useful, which I liked that you highlighted and elaborated on. Do you think, in this senario, it would have been a necessity to use experts or just a possible advantage to gaining more thorough results?

  3. I feel that it is of note that this article was not written by experts. Do you feel that they were just trying to preach the methodology of morphological analysis?

  4. I would agree with Dan, the authors are not experts and unless they had consultants who are familiar with the weapon systems, they are likely preaching the methodology. Furthermore, the authors are from the Georgia Institute of Technology, a school that does not deal with weapon systems or military tactics at all.

  5. I also think MA is a great technique in terms of visualizing the overall findings and therefore facilitating capturing the whole study. However, in this study the massive amounts of scenarios came to overloaded. I mean, yes, they may have outlined the possible attack(s). But, which one is going to turn out to be real? I think the real issue lays out in here; which scenario has the highest odds of becoming a real one?