|
Overview
The US Army’s Homeland Infrastructure Security Threats Office (HISTO)
was tasked to develop a vulnerability assessment tool that was
ubiquitous across all critical infrastructures, allowing
infrastructure owners to better understand the risk presented by the
current terrorist threat. CARVER was originally developed as a
targeting tool for used by US Special Operations Forces to quickly
and thoroughly analyze enemy critical infrastructure to identify a
critical node against which a small, well-trained force can launch
an attack to disable or destroy that infrastructure.
With this in mind, we selected the
CARVER targeting tool and reversed engineered it as a vulnerability
assessment tool. This tool, known as the CARVER+Shock Vulnerability
Assessment Tool was developed by HISTO leadership and was almost
immediately put to use in protecting America's Critical
Infrastructure. Over the past three years this methodology has been
used to uncover previously unidentified weaknesses in multiple
agriculture commodities, food, power, energy, and transportation
infrastructures. Listed below are organizations that have
successfully used the tool under our supervision.
-
The White House Homeland Security
Council, Bio Security Team
-
The US Department of Agriculture
-
US Department of Health and Human
Services
-
Food and Drug Administration Center
for Food Safety and Applied Nutrition (CFSAN)
-
Government of Mexico Food and
Agriculture Officials
-
Privately owned Nuclear Power Plants
-
National Pork Producers Council
-
Various Port and Airlift facilities
-
US NORTHERN COMMAND
-
US SPACE COMMAND
-
Private Oil and Chemical Companies
-
Wind Power Companies
That said, let’s see how the tool works.
Using The CARVER+Shock Vulnerability
Assessment Tool
-
Know Yourself: To Know
Yourself, we must understand the entire project and all of its
subsystems, complexes and individual components henceforth
called the Target System (See Targeting System Characterization)
These components are the sources of consequence in our model.
They are the tangible items that comprise your system and are
broken down into service providers, infrastructure and
equipment, consumables, and cyber.
-
Know Your Enemy: To Know Our
Enemy, we must understand the level of motivation and capability
of those who pose a threat to the Target System, to include
their reasons for threatening the system; their desired outcomes
or objectives; and their levels of training, equipment,
financing, and recruiting.
-
Know Your Environment: What
we currently have on hand to protect these components determines
our level of vulnerability. T Knowing Our Environment requires
us to understand the effects of the geography, climate,
politics, economics, and religion of those areas and how they
influence the Target System.
TARGET SYSTEM
CHARACTERIZATION
Target System:
A target system is all the targets
situated in a particular geographic area that are functionally
related. It also can be a group of targets so related that their
destruction or degradation will produce a particular effect desired
by the attacker. It may be international in scope (e.g.,
international banking) and may include modifying behavior or
influencing and altering attitudes vice destruction. Examples of
target systems include:
|
Air transportation systems |
Port facilities |
|
Highways |
Railways |
|
|
Communications networks |
|
Bulk electric power systems |
Bulk water systems |
|
Public attitudes |
Bulk petroleum, oil, and
lubricants (POL) supplies |
|
Political infrastructure |
Economic infrastructure |
|
Social welfare
infrastructure |
Health services
infrastructure |
|
Food Production |
|
Target
Subsystem: A target subsystem is a major
element of a target system. For example, generation, transmission,
and distribution are subsystems of a bulk electric power system.
Target Complex:
A target complex is a concentrated,
integrated series of targets. A target complex may be a subset of a
target subsystem. It consists of related facilities and activities
that are close to each other in physical or cyberspace. Within a
target complex, individual targets will be identified. Ports,
airfields, and electric generating plants are examples of target
complexes.
Target Component: Target components are parts
of the target that are necessary to the operation of the target as a
whole. Target components are broken down into four separate types
which include:
-
Service Providers. This is any
living thing that is a part of your system. It might be a
computer operator, a driver, or supervisor. It may also be
a service dog or a horse used for crowd control.
-
Infrastructure and Equipment.
This is anything piece of equipment necessary for the system to
operate that is not consumed in the process. Examples
include buildings, storage facilities, processing equipment,
vehicles, and transformers.
-
Consumables. These include any
tangible substance that is consumed in your systems operating
process. Examples include fuel, fresh/potable water,
breathable air, chemicals, electricity, and food.
-
Cyber and Communications. We have expanded cyber
to include communications equipment and networks. In
short, include anything that transmits information.
Internet, workstations, database software and records. e-mail,
radios, repeaters, and telephones.
Critical Node: A single point of failure for a specific node, preferably one that is
critical to the remainder of the target system.
Developing
CARVER+Shock Definitions
As I have
negligently failed to provide additional literature on this tool
since introducing it in 2003, most groups that use the tool use the
same set of definitions. This is not an effective use of the
tool nor will it give you the results you seek. As we stated
in previous sections, you have to establish bookends for your
definitions. The standing criticality definition states a
death toll of 10,000 people. If your system cannot make that
level of impact, then you need to adjust the 9-10 definition for
what ever that top level is. Another example is recognizability,
if your entire system is within a guarded building, then you need to
drastically adjust the scale or you end up giving every component a
score between 1-4. Remember, the goal is to determine risk to
each component in relation to the other components within your
system, not an absolute set of standards. Real
security experts should know this, but well, who knows what a real
security expert is?
One you have
listed all of your systems, sub-systems, complexes and components,
you need to develop definitions for each factor in the CARVER+Shock
acronym. There are some things you must consider when
developing definitions and assigning values. Here are the ones
I have encountered most.
-
Many team
members will have some issues with accepting mortality.
Most businesses are driven to a zero tolerance for accidents let
alone deaths. You need to be considerate and talk these
folks through this decision. The bottom line is that any
company will react differently to the loss of one employee as
opposed to the loss of 75 employees. I do not care what
the COO says, the reaction is noticeably different.
-
The values you
assign should all be used in the assessment. This means
there should be some 1's and there should be some 10's in each
category. if not, your definitions are not sensitive
enough and you may be masking some vulnerability. Do not
be afraid to go back and change some of your definitions if this
is the case..
-
If you have a
certain category that is receiving the same score in all
components, you will soon render that factor irrelevant.
The definitions are not sensitive enough and should be
reevaluated.
-
Be
cautious of a team member setting values too low or too high to
either simulate vulnerability in an attempt to gain funding or
to hide vulnerability to avoid accountability.
-
If you are
doing a tactical assessment (a single facility or complex), you
may not always use the shock factor. Just drop it from the
spread sheet as the entity being assessed may not have a
significant enough impact on society to register relevant Shock
scores.
-
You can use
Effect in two ways. The first is to measure the actual
tangible loss as a result of the attack in percentage of
production, output etc. The second is to measure the long
term effects such as an act of war, new legislation, effect on
the environment etc. The examples below demonstrate both
methods.
Here are a few sets of
definitions. the first one is for a private corporation, the
second is for a more strategic assessment in the agriculture
industry.
|
Criticality |
|
|
•Target (s) consequence value is high (Morbidity, mortality,
economics, environmental) |
|
|
•To what degree would a successful attack allow the threat
to realize their objective |
|
|
•Is the target crucial to the success of the rest of the
system, does it make the target safe? (i.e. pasteurization
facilities for milk) |
|
|
Criteria |
Scale |
|
Potential for loss of over 10 lives; Costs greater than $1
billion; Environmental Impact Severe |
9 – 10 |
|
Potential for loss of life is between 6-10; Costs between
$100 million - $1 billion ; Environmental Impact High |
7 – 8 |
|
Potential for loss of life between 1-5; Costs between
$10-100 million; Environmental Impact Moderate |
5 – 6 |
|
No loss of life but significant injury or kidnapping; Costs
between $1-10 million; Environmental Impact Low |
3 – 4 |
|
No loss of life; Minor injuries or intimidation of
employees; Costs less than $1 million; Environmental Impact
Minimal to none |
1 – 2 |
|
|
|
|
Accessibility |
|
|
•Openness of the target to the threat |
|
|
•Conduct/Gather Intelligence, Surveillance, and
Reconnaissance (consider virtual reconnaissance, Internet) |
|
|
•Conduct the attack |
|
|
•Egress from the target undetected |
|
|
•Casual observation of processes/Resources |
|
|
•Unauthorized access to facilities |
|
|
•Indirect approaches to facilities (Physical and Virtual) |
|
|
Criteria |
Scale |
|
Easily Accessible 10km or less from shore. No physical or
human barrier or observation, observable at 1000 meters or
more. Attacker has immediate access from the ground to main
entrances. Multiple specific Internet sources of
information. Computer security for networks, users and
applications is considered inadequate. |
9 – 10 |
|
Accessible 10-15 kms offshore. Either human observation or
limited physical barrier, but no means of intervention.
Observable between 500-1000 meters. Attacker has access to
the target for 12 hours or less but must climb the structure
unaided. Attack can be carried out using bulky equipment or
medium sized vehicles but using significant stealth.
Limited Specific Internet sites. Computer security for
networks, users and applications is considered fair with
some exploitable vulnerability. |
7 – 8 |
|
Partially Accessible .15-25 km offshore. Human observation
and physical barrier with no established means of
intervention. Observable from 250-500m meters. Attacker has
access to the target for 2 hours or less Must use climbing
aids such as rope or ladder. Internet. Computer security
for networks, users and applications is considered fair. |
5 – 6 |
|
Hardly Accessible 25-35 kms. Human observation and physical
barrier with an established means of intervention.
Observable from 250 meters or less. Limited general
information available on the Internet. Attacker has access
to the target for less than 1 hour. Equipment must be able
to be disguised and time limitations are extreme. Onboard
assistance required to climb structure. Limited general
information available on the Internet. Computer security
for networks, users and applications is considered good. |
3 – 4 |
|
Not Accessible. Over 35 kms offshore. Physical barriers,
alarms, and human observation as well as separated by an
additional factor such as height. Defined means of armed
intervention. Observable from less than 100 meters Attacker
can access target for less than 15 minutes with all
equipment carried in pockets. No useful information
available electronically. Computer security for networks,
users and applications is considered excellent. |
1 – 2 |
|
|
|
|
Recuperability |
|
|
•The time it takes to mitigate the damage (Effect and or
Shock) inflicted on the target. |
|
•Recuperability is a vital supporting element of
criticality. |
|
|
•How long will it take to mitigate the attack? |
|
|
•What interventions are already in place? |
|
|
Greater than a year |
9-10 |
|
6-12 months |
7-8 |
|
3-6 months |
5-6 |
|
1-3 months |
3-4 |
|
30 days or less |
1-2 |
|
|
|
|
Vulnerability |
|
|
•If the threat has the means (supplies, time, and equipment)
and expertise to impose their desired effect? |
|
|
•If these means can achieve the desired objectives? |
|
|
•To what types of attack is the target susceptible? |
|
|
•If attacked, will the target system feel the effects? |
|
|
Criteria |
Scale |
|
Threat can achieve its desired effect in all conditions
(Weather, Illumination, sea state) |
9-10 |
|
Threat can achieve its desired effect in ideal conditions
(Calm weather, seas, during limited visibility (Dusk through
Dawn) |
7-8 |
|
Threat can achieve greater than 50% of the desired effect
under all conditions = 5-6 |
5-6 |
|
Threat can achieve greater than 50% of the desired effect
under ideal conditions (Calm weather, seas, during limited
visibility (Dusk through Dawn) |
3-4 |
|
Threat cannot impose more than 50% its desired effect under
any conditions = 1-2 |
1-2 |
|
|
|
|
Effect |
|
|
What are the long term Tangible or measurable ramifications
of the attack |
|
|
What are the long term results of the attack (Economic,
political, military…) Will it cause an act of war
(Afghanistan) Financial depression or recession, New or more
restrictive legislation. Environmental Impact |
|
|
Criteria |
Scale |
|
Causes civil war; Political: Causes permanent national
level legislation or action; Economic: Impacts Gas revenues
for greater than one year; Environmental: Severe |
9-10 |
|
Causes a prolongued military action; Political: Causes
temporary international strife; Economic: Impacts revenues
6-12 months; Environmental: High |
7-8 |
|
Causes a single military action or national law enforcement
effort; Political: Causes temporary legislation or changes
in policy Economic: Impacts revenues 3-6 months;
Environmental: moderate |
5-6 |
|
Causes regional military efforts by Nigeria ; Political:
Causes changes in regional policy; Economic: Impacts
revenues for more than a month Environmental: Low |
3-4 |
|
Causes minimal law enforcement or military activity ;
Political: Causes limited political conflict; Economic:
Impact on Gas revenues is negligible; Environmental:
Minimal to none |
1-2 |
|
|
|
|
Recognizability |
|
|
•If can they recognize the target under the conditions they
must attack |
|
|
•If can they recognize the target via
more than one method |
|
|
•Consider virtual assets |
|
|
•What have we done to increase its visibility |
|
|
•What can we do to decrease its visibility |
|
|
Criteria |
Scale |
|
The target is clearly recognizable under all conditions and
from a distance and requires little or no training for
recognition |
9 – 10 |
|
The target is easily recognizable requires a small amount of
training for recognition |
7 – 8 |
|
The target is difficult to recognize at night or in bad
weather or might be confused with other targets or target
components and requires some training for recognition |
5 – 6 |
|
The target is difficult to recognize at night or in bad
weather. It is easily confused with other targets or
components and requires extensive training for recognition |
3 – 4 |
|
The target cannot be recognized under any conditions, except
by experts or insiders |
1 – 2 |
|
|
|
|
Shock |
|
|
The shock value of a successful attack is a psychological
effect, but for the purpose of assessing the degree of risk
posed by terrorists, this specific effect must be examined
separately from other effects. By definition, terrorists
target to achieve terror and cause horror and strong
emotional responses from their broader target audience.
Aspects of targets that terrorists view as increasing a
target’s shock value are symbolism (e.g., the Pentagon),
massive population concentrations (e.g., the World Trade
Center in South Manhattan), sensitive nature of facilities
(e.g., nuclear facilities), and the ability to strike at
core values and primal emotions through their target (e.g.,
targeting children). |
|
| |
|
|
A target has a symbolic value to an attacker when an
extremist or terrorist element can attach a relationship
between the attacker and the population target, i.e. US
Marines have a symbolic value to Lebanese Hezbollah due to
the Beirut missions; the World Trade was a symbol of the
United States wealth and prosperity; the Pentagon is
symbolic of America’s military might, etc. |
|
| |
|
|
The table below shows how the symbolic values are assigned
on DSHARP matrices. |
|
|
CRITERIA |
SCALE |
|
Target has historical, religious, or, other symbolic
significance to at least 50% of the entire population; |
9-10 |
|
Attacks against this type of target conducted routinely by
all known threats |
|
|
|
|
|
Extremely large population center (1000+), new world record:
i.e. World Trade Center |
|
Target has historical, religious, or, other symbolic
significance to a specific section of the population |
7-8 |
|
Attacks against this target conducted routinely by primary
threat |
|
|
|
|
|
Significant impact on international policy with mass
casualties (100+); Lockerbie Airliner bombing |
|
|
|
Regarded as “Invulnerable” strong point by defender |
5-6 |
|
|
|
Attacks against this type of target have occurred before |
|
|
|
Significant impact on national policy, large population
center (500+), extensive casualties, major stress on
infrastructure; Murrah Federal Building |
|
|
|
Associated with economic or production capability of the
victims. |
3-4 |
|
|
|
Attacks against this type of target have been threatened |
|
|
|
Mass Casualty (10+) with significant impact on general
population in target area; IRA shopping mall bombings |
|
|
|
Area of no significant economic, political, theological or
related significance |
1-2 |
|
|
|
Attacks against this type of target fit the method of
operation of the threat |
|
|
|
Attack on small number (1-10) on specific individuals
(assassination) or types of individuals; El Salvador café,
Cairo bus; majority of local populace not affected |
This is a set of
definitions that can be used for a more strategic assessment.
It also offers a good description of how to determine the Shock
values.
Criticality:
A target is critical when its attack would have a significant
influence on military, political, economic, or social activities.
We must
ask, “How well will the attack accomplish the goals of the design
basis threat?”
Great care must
be taken to compare cost vs. the loss of human life. Select the
value based on the most significant level of criticality i.e. if an
attack may cost $4 billion but has the ability to take in excess of
10,000 lives, assign the
higher rating of 9-10. Example metrics of criticality for use as a
generic model that must be modified for specific sites and scenarios
are:
|
Criteria |
Scale |
|
Loss of
over
10,000 lives;
loss of more than $100
billion |
9 – 10 |
|
Loss of
life is between 1,000 –
10,000; cost between $10
billion and $100
billion |
7 – 8 |
|
Loss of
life between 100 and
1000;
Cost between $1 and $10
billion |
5 – 6 |
|
Loss of
life less than 100; cost less than $1 billion |
3 – 4 |
|
No loss
of life, Cost less than $100 million |
1 – 2 |
Recuperability: A target’s
recuperability is measured in the time it will take to replace,
repair, or bypass damage to it. Recuperability varies with the
sources and type of targeted components in the target.
Recuperability should factor in such items, as how
long will it take to neutralize the attack? In specific, how long
after a contamination takes effect can we neutralize its effects?
This may include identifying and
gaining control over the food that is at risk, and restoring public
confidence in its safety. What interventions are already in
place that may thwart the attack?
If the source of food is critical to the population, how long before
alternatives can be identified and put on-line?
Example
metrics of recuperability for use as a generic model that must be
modified for specific sites and scenarios are:
|
Criteria |
Scale |
|
Intervention in more than 2 weeks after exposure to the
public. |
9 – 10 |
|
Intervention within 1 to 2 weeks after exposure to the
public |
7 – 8 |
|
Intervention within 72-168 hours after exposure to the
public |
5 – 6 |
|
Intervention within 72 hours after exposure to the public |
3 – 4 |
|
Intervention prior to exposure to the public |
1 – 2 |
Vulnerability: A target is
vulnerable if a threat has the means and expertise to successfully
attack it in a way that will
result in the desired effect. Consider whether an attacker,
including an insider, can reach the target with sufficient resources
to achieve the desired effect. Accessibility can be either in
physical or cyber space.
We
must consider cyber and physical aspects of casual observation of
processes, unauthorized access to facilities, and indirect
approaches to facilities (Physical and Virtual)
Example
metrics of vulnerability for use as a generic model that must be
modified for specific sites and scenarios are:
|
Criteria |
Scale |
|
Easily
Accessible (e.g. no
perimeter fence). No physical or human barrier or
observation, observable at 100 meters or more. Attacker has
unlimited access to the target.
Attack can be carried out
using bulky equipment or large volumes of contaminant and
without undue concern of detection). Multiple
specific Internet sources of information. Computer security
for networks, users and applications is considered
inadequate. |
9 – 10 |
|
Accessible
(e.g. inside
perimeter fence, but outdoors). Either human
observation or physical barrier, but no means of
intervention. Observable between 50-100 meters. Attacker
has access to the target for an hour or less.
Attack can be carried out
using bulky equipment or large volumes of contaminant, but
using significant stealth. Or, attack can be carried out
with less gear, but under limited time constraints.
Limited Specific Internet sites. Computer security for
networks, users and applications is considered fair with
some significant vulnerability. |
7 – 8 |
|
Partially Accessible
(e.g.
inside a building, but in a relatively unsecured part of
facility). Human observation and physical barrier
with no established means of intervention. Observable from
10-50 meters. Attacker has access to the target for less
than 20 minutes.
Moderate
equipment or volumes of contaminants may be used, but with
significant limitation on time. General Information
available on the Internet. Computer security for networks,
users and applications is considered fair. |
5 – 6 |
|
Hardly
Accessible (e.g. inside a
building, but in a secured part of facility). Human
observation and physical barrier with an established means
of intervention. Observable from 10 meters or less. Limited
general information available on the Internet. Attacker has
access to the target for less than 10 minutes.
Equipment and/or
contaminant must be able to be disguised and time
limitations are extreme. Limited general information
available on the Internet. Computer security for networks,
users and applications is considered fair. |
3 – 4 |
|
Not
Accessible. Physical barriers, alarms, and human observation
as well as separated by an additional factor such as
height. Defined means of intervention. Not observable or
only observable by operators. No useful information
available electronically. Attacker can access target for
less than 1 minute with all equipment carried in pockets.
No useful information available electronically. Computer
security for networks, users and applications is considered
excellent. |
1 – 2 |
Recognizability: A target’s
recognizability is the degree to which it can be identified by an
attacker under varying conditions of distance, weather, light, and
season without confusion with other targets or components. Factors
that influence recognizability include the size and complexity of
the target, the existence of distinctive target aspects, the
presence (absence) of masking or camouflage, and the technical
sophistication and training of the threat.
Example
metrics of recognizability for use as a generic model that must be
modified for specific sites and scenarios are:
|
Criteria |
Scale |
|
The
target is clearly recognizable under all conditions and from
a distance and requires little or no training for
recognition |
9 – 10 |
|
The
target is easily recognizable requires a small amount of
training for recognition |
7 – 8 |
|
The
target is difficult to recognize at night or in bad weather
or might be confused with other targets or target components
and requires some training for recognition |
5 – 6 |
|
The
target is difficult to recognize at night or in bad
weather. It is easily confused with other targets or
components and requires extensive training for recognition |
3 – 4 |
|
The
target cannot be recognized under any conditions, except by
experts or insiders |
1 – 2 |
Shock: The shock value of a
successful attack is a psychological effect, but for the purpose of
assessing the degree of threat posed by terrorists, this specific
effect must be examined separately from other effects. By
definition, terrorists target to achieve terror and cause horror and
strong emotional responses from their broader target audience.
Aspects of targets that terrorists view as increasing a target’s
shock value are symbolism (e.g., the Pentagon), massive population
concentrations (e.g., the World Trade Center in South Manhattan),
sensitive nature of facilities (e.g., nuclear facilities), and the
ability to strike at core values and primal emotions through their
target (e.g., targeting children).
Assessing
shock value is highly subjective. In an effort to add credence to a
factor that evaluates the emotional effect of an action, we draw
from yet another targeting tool designed to evaluate this variable.
The following is an explanation of the DSHARP targeting process.
This process was used mainly in the past by the US Air Force for
targeting an adversary’s high-risk infrastructures and the emotional
effect it would have on the people dependant upon those assets.
However, in the mid-80’s it was discovered that it was a highly
effective tool for US Special Operations Forces to use for planning
the defense of and or targeting of high population areas. Listed
below is an explanation of DSHARP and an example of how it can be
used to determine the SHOCK factor for the CARVER Matrix.
The Acronym,
DSHARP, stands for:
D =
DEMOGRAPHICS
S = SYMBOLOGY
H = HISTORICAL
A = ACCESSIBILITY
R =
RECUPERABILITY
P = POPULATION
Because some of
these factors were already considered in the CARVER process, only
the symbology, historical, and population factors will be considered
in this analysis.
From the point of view of the
critical civilian infrastructures, the DSHARP selection factors will
assist you in determining, AHEAD OF TIME, which components of your
industry that you feel that a terrorist or a group of terrorists
would select as their most likely targets or components to attack.
As
the factors are considered, they are given a numerical value. This
value represents the desirability of attacking the target. The
values are then placed in a decision matrix. After DSHARP values
for each target or component are assigned, add the scores across the
row. This target ranking in the final column (from the highest
number to the lowest) will develop into a list of components that
show all the indications of becoming a target by an individual or
group. The numerical scale that is used can be rewritten to reflect
the conditions of each individual civilian industry and can
accurately be used to show the real world impacts that would occur
at your facility or installation.
SYMBOLOGY
A target has a symbolic value to an
attacker when an extremist or terrorist element can attach a
relationship between the attacker and the population target, i.e. US
Marines have a symbolic value to Lebanese Hezbollah due to the
Beirut missions; the World Trade was a symbol of the United States
wealth and prosperity; the Pentagon is symbolic of America’s
military might, etc.
The table below shows how the
symbolic values are assigned on DSHARP matrices.
|
CRITERIA |
SCALE |
|
Target
has historical, religious, or, other symbolic significance
(e.g. associated with
children or the American culture) to at least 50% of
the entire population |
9-10 |
|
Target
has historical, religious, or, other symbolic significance
(e.g. associated with
children or the American culture) to a specific
section of the population |
7-8 |
|
Target
has historical, religious, or, other symbolic significance
(e.g. associated with
children or the American culture) to a limited
specific section of the population |
5-6 |
|
Associated with economic or production capability of the
victims |
3-4 |
|
Area of
no significant economic,
historical, religious, or, other symbolic significance |
1-2 |
Table 2.
Assigning symbolic values
HISTORICAL
A target’s historical value is
determined by checking to see if there have been other attacks of
this type before, i.e. Abortion Clinics have well established
histories of targeting by right to life groups; Federal Buildings
with large concentrations of workers have a history of drawing
attacks by anti-government militia groups, etc.
The table below
shows how historical values are assigned on DSHARP matrices.
|
CRITERIA |
SCALE |
|
Attacks
against this type of target conducted routinely by all known
threats |
9-10 |
|
Attacks
against this target conducted routinely by primary threat
|
7-8 |
|
Attacks
against this type of target have occurred before |
5-6 |
|
Attacks
against this type of target have been threatened |
3-4 |
|
Attacks
against this type of target fit the method of operation of
the threat |
1-2 |
Table 3.
Assigning historical values
POPULATION
The type and magnitude of the given
effect on the population that is desired will help the adversary
select his or her target. Population in this context addresses all
significant effects, whether desired or not, that may result once
the selected target component is attacked. Possible effects can be
speculative and should be labeled as such.
The table below shows how population
values are assigned on DSHARP matrices.
|
CRITERIA |
SCALE |
|
Extremely large population
effect (1000+), new world record: i.e. World Trade
Center |
9-10 |
|
Significant impact on international policy with mass
casualties (100+); Lockerbie Airliner bombing |
7-8 |
|
Significant impact on national policy, large population
center (100+),
extensive casualties, major stress on infrastructure; Murrah
Federal Building |
5-6 |
|
Significant Casualty
(10+) with significant impact on general population in
target area; IRA shopping mall bombings |
3-4 |
|
Attack
on small number (1-10) on specific individuals
(assassination) or types of individuals; El Salvador café,
Cairo bus; majority of local populace not affected |
1-2 |
Table 6. Assigning population values
|
