Heather Rosoff, Alyssa G. Newton, Isaac Maya
October 2009 to September 2010
The DHS-funded National Center for Risk and Economic Analysis of Terrorism Events (CREATE) at the University of Southern California is developing a homeland security risk analysis and risk management system for the U.S. Federal Emergency Management Agency (FEMA). This paper describes and illustrates the risk analysis and decision analysis methodology used to analyze the risk-reduction potential and net benefits of countermeasures used to protect against a radiological attack. This analysis begins by assuming that attackers have already selected the attack type, i.e. radiological dispersal device (RDD) or “dirty bomb”, and the target. We assess and compare the risk-reduction performance and cost effectiveness of candidate RDD attack risk reduction measures. We intend our risk and decision analysis approach to allow us to 1) Estimate attack risks, given the various uncertainties in important input factors, and 2) Compare the performance and robustness of alternative RDD risk reduction strategies, given the complexities and uncertainties involved. While the project is oriented at RDD risks and countermeasures, the approach is also intended to be generally applicable to homeland security risk and decision analysis problems across domains. Our RDD attack scenario is based on DHS’ National Planning Scenario 11, “Radiological Attack – Radiological Dispersal Devices” (DHS 2005). In this scenario, the attacker uses a combination of explosives and radiological material (cesium-137) to create a RDD attack in Los Angeles. The RDD economic impact (consequence) estimate is from a separate CREATE analysis being delivered to FEMA at the same time as this paper, and is also described in Giesecke, Burns et al. (2010). To keep our analyses tractable, we selected a few specific countermeasures to model and assess in detail. A summary of the countermeasures explored in this analysis is provided in Table 1. This paper analyzes the risk-reduction potential and cost effectiveness of physical security enhancements to secure access to radioactive sources in hospitals, specifically self-contained irradiators using Cs-137 in the form of Cesium Chloride. In accordance with NRC security requirements, hospitals and blood banks with self-contained cesium irradiators are required at a minimum to have an access monitoring/alarm system and video cameras. Additional countermeasures are available and currently being deployed in some facilities. These include In-Device Delays (IDDs) designed to harden the machinery that houses the radioactive source and make theft more difficult, more sophisticated alarm systems, and portal systems monitoring levels of radioactivity. Commercially available x-ray devices do not require the use of a radionuclide. Self-contained irradiators and Cs-137 are replaced by the x-ray machine and an x-ray tube, respectively (NRC 2008). We assume that the countermeasures we consider could reduce the probability of a successful RDD attack, without changing the consequences of a successful RDD attack. We assume the countermeasures are implemented at all U.S. hospitals with blood irradiators using Cs-137.