RAND evaluated a terrorism risk modeling tool developed by the Transportation Security Administration and Boeing to help guide program planning for aviation security. This tool — the Risk Management Analysis Tool, or RMAT — is used by TSA to estimate the terrorism risk-reduction benefits attributable to new and existing security programs, technologies, and procedures.
Modeling Terrorism Risk to the Air Transportation System
An Independent Assessment of TSA's Risk Management Analysis Tool and Associated Methods
Published Nov 26, 2012
Purchase Print Copy
|Add to Cart
- Does the Risk Management Analysis Tool (RMAT) provide results that are valid for the Transportation Security Administration (TSA) risk-assessment needs?
- Are the adversary behavior and air transportation system conceptual models incorporated in the model valid?
- Are the data used as inputs to the model valid and collected reliably?
- Does the RMAT code, as implemented, perform in the way it was designed to?
- Can risk estimates from RMAT be used in the ways TSA intends?
- How should TSA conceptualize the cost-benefits of counterterrorism programs?
RAND evaluated a terrorism risk modeling tool developed by the Transportation Security Administration and Boeing to help guide program planning for aviation security. This tool — the Risk Management Analysis Tool, or RMAT — is used by TSA to estimate the terrorism risk-reduction benefits attributable to new and existing security programs, technologies, and procedures. RMAT simulates terrorist behavior and success in attacking vulnerabilities in the domestic commercial air transportation system, drawing on estimates of terrorist resources, capabilities, preferences, decision processes, intelligence collection, and operational planning. It describes how the layers of security protecting the air transportation system are likely to perform when confronted by more than 60 types of attacks, drawing on detailed blast and other physical modeling to understand the damage produced by different weapons and attacks, and calculating expected loss of life and the direct and indirect economic consequences of that damage. This report describes RAND's conclusions about the validity of RMAT for TSA's intended uses and its recommendations for how TSA should perform cost-benefit analyses of its security programs.
Risk Management Analysis Tool (RMAT) Appears to Capture the Key Features Relevant to Security at Most Airports
- With good information about an adversary's capabilities and intentions, the RMAT defender model can provide credible and useful estimates of the likelihood of detecting and interdicting an adversary.
- RMAT has proven to be of great value to the Transportation Security Administration (TSA) in driving a more sophisticated understanding of terrorism risks to the air transportation system.
The RMAT Model Has Some Gaps
- Even if the conceptual models on which RMAT is built were sound and comprehensive, the input data requirements exceed what subject matter experts or science can estimate with precision, and the imprecision of those estimates is subject to unknown sources and ranges of error.
- RMAT may not be well suited for the kinds of exploratory analysis required for high-stakes decision support, because of its reliance on a large number of uncertain parameters and conceptual models.
- The range of threats, vulnerabilities, attack pathways, and consequence estimate components should be broadened if RMAT is to correctly describe terrorism risk to the U.S. commercial aviation system.
- TSA should not treat RMAT results as credible estimates of terrorism risk to the aviation system but can use those results to better understand the components of terrorism risk and to explore possible influences of system changes on that risk.
- TSA should make RMAT a component of a new exploratory and multiresolution modeling approach for supporting resource allocation and high-level policy questions.