Danger Zone: Terrorism Risk – Theory, Practice, and Evolution – Combating Terrorism Center at West Point

Report on Modernizing Risk Assessment Frameworks for the Achievement of the Sustainable Development Goals

This report synthesizes contemporary approaches to risk assessment, reframing them within the context of the 2030 Agenda for Sustainable Development. As global strategy shifts toward risk-based prioritization in an environment of constrained development resources, robust risk assessment becomes critical for the efficient allocation of aid and policy focus. Existing approaches remain fragmented, hindering holistic efforts to achieve the Sustainable Development Goals (SDGs). This report provides a primer on diverse risk literature and offers a perspective on the strengths and limitations of various models, with a significant emphasis on their utility for advancing the SDGs, particularly SDG 16 (Peace, Justice and Strong Institutions).

The analysis includes a case study of the Joint Risk Analysis Methodology (JRAM) and proposes an operational Bayesian risk framework that integrates analyst priors, observable development indicators, and explicit loss functions tied to SDG targets. This is complemented by a discussion of how data standards and automation can support expert judgment in development and peacebuilding contexts. The conclusion outlines a future research agenda emphasizing the integration of individual and systemic risk instruments to safeguard progress toward a sustainable and peaceful future. Modernizing risk assessment is imperative to match the complexity of threats undermining the 2030 Agenda.

Part I: Theoretical Foundations of Risk in the Context of Sustainable Development

This section provides an overview of the risk literature, categorizing key models and concepts developed to evaluate complex threats. The focus is on the practical utility of these approaches for practitioners working to mitigate risks to the Sustainable Development Goals in today’s dynamic environment.

Defining Risk to the 2030 Agenda

The literature orients around risk being a function of threat, vulnerability, and consequence. Within the SDG framework, this can be defined as:

• Threat: The presence of violent extremism, conflict, or instability that directly threatens human security and development progress.
• Vulnerability: Pre-existing conditions that exacerbate the threat, such as poverty (SDG 1), inequality (SDG 5, SDG 10), weak governance (SDG 16), and environmental degradation (SDG 13, 15).
• Consequence: The negative impact on the achievement of the SDGs, measured by reversals in key indicators related to health (SDG 3), education (SDG 4), economic growth (SDG 8), and infrastructure (SDG 9).

Key Methodological Approaches and Their SDG Applications

1. Probabilistic Risk Assessment (PRA)

   PRA quantifies risk using the formula: Risk = Probability X Severity. While simple, its application to the SDGs requires careful definition of terms. For example, “probability” could be the likelihood of a conflict disrupting food supply chains, and “severity” could be the resulting increase in malnutrition, directly impacting SDG 2 (Zero Hunger). A key criticism is that it may not adequately account for adaptive adversaries who exploit unexpected vulnerabilities in development programs.

2. Bayesian Risk

   This approach extends PRA by incorporating an analyst’s prior belief, allowing for calculations in data-scarce environments common in fragile states. As new data on development indicators or conflict events becomes available, the assessment can be updated. This is highly valuable for SDG 16, as it allows for dynamic risk management in peacebuilding initiatives, blending qualitative expert judgment with quantitative data.

3. Game-Theoretic Approaches

   These models are useful for studying multi-agent decision problems, such as the interaction between development agencies, governments, and non-state actors. They can help optimize strategies for humanitarian access or resource allocation for infrastructure projects (SDG 9) in contested areas. However, their reliance on assumptions of full rationality can be a limitation in complex, real-world development settings.

4. Power Law Distribution

   This concept models situations where large, devastating events (e.g., state collapse, major conflict) are rare but small events (e.g., localized violence) are common. Understanding this distribution is crucial for policymakers, as it highlights the persistent risk of “black swan” events that could catastrophically set back progress on all 17 SDGs.

5. Hawkes Point Process Model

   This model assumes that the occurrence of one event “excites” the probability of future events. This is highly relevant to understanding conflict contagion, where an act of violence can spark copycat attacks or wider instability, creating cascading negative effects on community resilience and progress toward SDG 11 (Sustainable Cities and Communities) and SDG 16.

6. Structured Professional Judgement (SPJ)

   SPJ blends empirical tools with professional judgment, often using checklists or standardized criteria to rate risk factors. It is widely used in assessing individual radicalization risks, which is a micro-level threat to SDG 16. A core challenge is managing the inherent subjectivity of expert opinion, which can be mitigated through calibration exercises and transparent processes.

7. Risk Terrain Modeling (RTM)

   RTM is a spatial analysis method used to identify how features of a landscape co-locate to create settings conducive to crime or violence. In a development context, it can identify geographic hotspots where a lack of basic services like clean water (SDG 6) or reliable energy (SDG 7) correlates with high levels of grievance and recruitment by extremist groups, thereby highlighting areas for targeted development interventions.

Part II: Risk Assessment in Practice: A Case Study of the Joint Risk Analysis Methodology (JRAM)

This section explores the JRAM as a practical framework for risk assessment. While developed in a security context, its principles can be adapted to evaluate strategic risks to the achievement of the SDGs, particularly SDG 16.

Framework Overview

The JRAM is a structured process for risk appraisal, management, and communication. It defines risk as a function of probability and consequence, assessed through the lens of a potential harmful event. The process relies heavily on structured professional judgment, where experts identify sources and drivers of risk. The final output is often a risk value plotted on a contour map, categorizing risk as low, moderate, significant, or high.

Strengths and Limitations for SDG-Focused Analysis

• Strengths: The JRAM’s primary strength is its structured, standardized process that brings rigor to qualitative expert inputs. This can help development organizations and policymakers evaluate a collection of expert opinions to identify areas of consensus and divergence regarding threats to stability and development progress.
• Limitations: The framework’s reliance on expert judgment can obscure underlying biases and assumptions. For SDG-focused analysis, a major limitation is the lack of clear pathways for integrating quantitative development data, such as Gini coefficients (SDG 10), youth unemployment rates (SDG 8), or access to justice metrics (SDG 16). Without this data, the assessment may fail to capture the complex socio-economic drivers of instability.

Part III: Operationalizing a Bayesian Risk Framework for Sustainable Development

This section presents a case for using a Bayesian risk framework to make optimal decisions under uncertainty in development and peacebuilding contexts. This approach allows for the integration of subject matter expertise with quantitative data tied directly to SDG indicators.

A Hypothetical Scenario: Protecting Educational Infrastructure (SDG 4)

To calculate risk to SDG 4 in a fragile region, a development agency must consider:

1. Possible States of Nature:
   • O_1: No active threat to schools.
   • O_2: Latent threat from an armed group that may activate.
   • O_3: Active threat with groups planning attacks on schools.
2. Analyst Prior Probabilities: Based on field reports and expert analysis, the agency assigns a probability to each state (e.g., P(O_1)=0.3, P(O_2)=0.5, P(O_3)=0.2).
3. Observable Indicators (Likelihood): The agency determines the probability of observing certain data given each state (e.g., the probability of observing online threats against secular education).
4. Possible Actions (Action Space):
   • Action A: Continue standard educational programming.
   • Action B: Invest in physical security for schools.
   • Action C: Launch a community-based peace education program.
5. Loss Function: Loss is quantified in terms of negative impacts on SDG 4 targets. For example, if the agency takes Action A but O_3 is true, the loss could be 300 (representing 300,000 disrupted student-days). If they take Action B and O_3 is true, the loss might only be 80.

By calculating the Bayes risk for each possible action, the agency can identify the strategy that minimizes expected loss to educational outcomes, thereby making a data-informed decision to protect progress on SDG 4.

Integrating Data for a Holistic SDG Risk Picture

A robust Bayesian model for SDG risk should be supported by automated data pipelines that incorporate a wide range of indicators:

• Socio-Economic Data: Food price indices (SDG 2), youth unemployment rates (SDG 8), and measures of inequality (SDG 10).
• Governance Data: Metrics from the Fragile States Index, corruption perception indices, and data on access to justice (SDG 16).
• Environmental Data: Information on drought, resource scarcity, and climate vulnerability (SDG 13), which can be drivers of conflict.

Conclusion: Modernizing Risk Assessment for a Sustainable and Peaceful Future

At a moment when the 2030 Agenda faces significant headwinds, a risk-based approach to prioritization is essential. Improving risk assessment requires both a clearer conceptual foundation aligned with the SDGs and more disciplined institutional practices.

Key Recommendations for an SDG-Aligned Approach

1. Integrate Quantitative SDG Indicators: Risk models must move beyond subjective security assessments to incorporate hard data on development, governance, and environmental factors that drive instability.
2. Bridge Micro and Macro Assessments: Frameworks must connect individual-level risk factors (e.g., radicalization drivers) with network- and state-level vulnerabilities to better target interventions that support SDG 16.
3. Adopt Transparent and Adaptable Frameworks: A Bayesian approach provides a disciplined framework to manage uncertainty, making assumptions explicit and allowing for real-time updates as conditions on the ground change.
4. Leverage Technology for Early Warning: AI and automation should be used to build data pipelines that monitor key SDG indicators, providing early warnings of emerging risks to development and peace.

The Imperative of a Risk-Informed 2030 Agenda

The achievement of the Sustainable Development Goals, particularly SDG 16, is fundamentally a risk management challenge. It requires an explicit, structured, and contestable process that integrates subject-matter expertise, operational judgment, and the best available data. In a strategic environment where development efforts are asked to do more with less, the way we conceptualize and calculate risk is a central determinant of our collective success. If the global community is to remain serious about the 2030 Agenda, then risk assessment itself must be modernized to match the complexity of the threats it seeks to mitigate.

Analysis of Sustainable Development Goals in the Article

1. Which SDGs are addressed or connected to the issues highlighted in the article?

1. SDG 16: Peace, Justice and Strong Institutions
   • The entire article is fundamentally about strengthening national security institutions to prevent violence and maintain peace. It directly addresses the challenge of combating terrorism, which is a primary threat to peace and security. The analysis of U.S. counterterrorism strategy, the critique of existing risk assessment frameworks like the Joint Risk Analysis Methodology (JRAM), and the proposal for modernized, more effective approaches are all aimed at building stronger, more capable institutions to manage security threats. The article’s core argument is that “the quality of our risk assessments a critical component of national security,” which aligns directly with the goal of building effective institutions to promote peaceful societies.

2. What specific targets under those SDGs can be identified based on the article’s content?

1. Target 16.1: Significantly reduce all forms of violence and related death rates everywhere.
   • The article’s focus is on improving terrorism risk assessment to more efficiently allocate resources for counterterrorism. The ultimate purpose of this is to prevent terrorist attacks, which are a specific and severe form of violence. The text discusses modeling the “severity” of attacks, often calculated through “loss of human lives,” and understanding the “frequency of severe terrorist events.” By enhancing the ability to anticipate and mitigate these threats, the methodologies discussed aim to directly contribute to the reduction of violence and related deaths caused by terrorism.
2. Target 16.6: Develop effective, accountable and transparent institutions at all levels.
   • A central theme of the article is the critique of current institutional processes for risk assessment, which are described as fragmented and sometimes opaque. The text highlights how “risk assessments have involved subjective judgments used to generate color-coded assessments without sufficient detail on their assumptions.” The call to modernize these processes by using frameworks like Bayesian risk models is an effort to create a “coherent and transparent process” that makes assumptions, trade-offs, and loss functions explicit. This directly addresses the need for more effective, accountable, and transparent institutional practices within the national security apparatus.
3. Target 16.a: Strengthen relevant national institutions… to prevent violence and combat terrorism and crime.
   • The article is a direct call to action to strengthen the capacity of a key national institution—the U.S. Department of Defense—to combat terrorism. The conclusion explicitly states that “terrorism risk assessment itself must be modernized (conceptually, institutionally, and technologically) to match the complexity and dynamism of the threats it seeks to understand.” This involves adopting a “toolbox of approaches” (e.g., probabilistic risk assessment, game theory, RTM), improving data standards, and using technology like AI to support expert judgment, all of which are measures to strengthen institutional capacity for preventing violence.

3. Are there any indicators mentioned or implied in the article that can be used to measure progress towards the identified targets?

1. Indicators for Target 16.1 (Reduce Violence):
   • Quantified Risk Scores: The article describes the JRAM process, which calculates a risk value ranging from 1-16 based on the multiplication of “probability and consequence.” These scores serve as a direct, quantifiable indicator of the perceived risk of violence from terrorism.
   • Frequency and Severity of Terrorist Attacks: The discussion of Power Law distributions, which model the relationship between the “severity of war, measured by battle deaths, and the frequency of war,” implies that tracking the frequency and severity of terrorist incidents is a key metric for understanding and measuring the threat of violence.
   • Calculated Probability of Future Events: The article mentions the Hawkes Point Process Model, where “the occurrence of a terrorist event ‘excites’ the overall terrorist process and elevates the probability of future events.” This calculated probability serves as a forward-looking indicator used to anticipate and manage the risk of future violence.
2. Indicators for Target 16.6 (Effective Institutions):
   • Accuracy of Risk Assessments: The conclusion proposes a “systematic evaluation of prior U.S. government terrorism risk judgments and scores” by comparing them with “subsequent attack patterns, plots, or operational outcomes.” The measured accuracy of these past assessments would serve as a powerful indicator of institutional effectiveness and learning.
   • Adoption of Standardized and Transparent Methodologies: The article advocates for a “coherent and transparent process” and “standardized processes for deriving and eliciting prior probabilities.” The formal adoption, documentation, and consistent use of such methodologies within government agencies would be a clear indicator of institutional improvement and transparency.
   • Level of Inter-departmental Collaboration: The recommendation that risk assessment be treated as a “genuinely whole-of-staff product” involving J-2 (intelligence), J-3 (operations), and J-5 (plans) perspectives implies that the degree of structured, cross-functional collaboration in the risk assessment process is an indicator of institutional effectiveness and responsiveness.
3. Indicators for Target 16.a (Strengthen Institutions to Combat Terrorism):
   • Integration of Diverse Data Sources: The article suggests augmenting expert judgment with “quantitative terrorism and CT data,” “environmental indicators, such as the Fragile States Index,” and “structured data on counterterrorism operations.” The extent to which these varied data sources are formally integrated into risk models is a tangible indicator of strengthened analytical capacity.
   • Implementation of Automated Data Pipelines: A specific technological improvement mentioned is the creation of “automated data pipelines that update key components of Bayes risk in near real time.” The development and operational deployment of such systems would be a concrete indicator of modernized and strengthened institutional capabilities.
   • Use of Advanced Analytical Tools: The article details a “toolbox of approaches” including Structured Professional Judgement (SPJ), Risk Terrain Modeling (RTM), and Conjunctive Analysis of Case Configurations (CACC). The adoption and application of these specialized tools by counterterrorism practitioners would indicate an enhanced and strengthened institutional capacity to analyze and combat terrorism.

4. Summary of Findings

Source: ctc.westpoint.edu