Introduction into security and safety (class 8) 25/9/18 ‘What is risk?

’
Introduction
• Risks underpins the whole problem of issues with safety and security
• Without risks, security and safety issues would not exist
• Some people seek risks for adrenaline
Everything has vulnerabilities – it is not a given that these vulnerabilities lead to accidents – risks Risks
can lead to dangers (safety issues) or to threats (security issues)
What? Three elements of risks:
• Element of chance
o You never know, there is a potential of a certain outcome o Death is not a risk, that is a given; the way
we die is a risk
• Element of the future
o When something happened, it is not a risk anymore, a risk looks at the future
• Element of intervention
o We call something a risk, when we are able to interfere with the issues o If we can do something about
it (dijken bouwen) o We cannot change facts, we can eliminate risks (small pocks)
Risk comes from the Italian word riscare and means to dare. Daring to jump of a cliff. Risk is not all
negative.
The term risk denoted the possibility that an undesirable state of reality may occur as a result of natural
events or human activities.
Uncertainty Different term for the word chance. There are two types of uncertainty:
1. Subway uncertainty
a. Standard deviation, predictable uncertainties b. Limited complexity, limited number of outcomes c.
Known unknown 2. Coconut uncertainty
a. Unpredictable uncertainties b. Totally unexpected events c. Unknown unknowns --> known unknowns
Two extremes.
Understanding risks
• Known knowns
o There are things that we know we know o The sun rises everyday o If I wake up after a sleep I am still
me o No uncertainty and no risks, no element of chance
• Known unknowns
o There are things that we know we do not know o How big the universe is
o Flipping a coin and getting either heads or tails o Quantifiable uncertainty (and unquantifiable
uncertainty) → Risk
• Unknown unknowns
o There are things that we do not know that we do not know o We can not prepare for these risks, we do
not know about them but they have
tremendous impact (9/11) o Unquantifiable uncertainty ; makes us nervous → no risk, we do not
know what is
coming and cannot intervene o Predicting the weather
History of the concept of risk For the longest time there was no concept of risk, there were risks though.
Why were they not thinking in forms of risks? People felt they had no control over their lives. Their fate
was in the hands of the gods.
Developments that made the concept of risks arise
• Theory of probability
o Calculating chances o This provided the opportunity to think in terms of chances
• Less mysticism, more science
o Science being more important than religion and magic
• Trade and discovery
o People learned to do proper bookkeeping, making investments o VOC, the risks of unknown territories
was shared
• Numbers to work with
o Number system to calculate with
Two types ‘Elementary’ risks
• Cold
• Natural disasters
• War
• Epidemics
• Famine
Man-made/manufactured risks
• Create layers of protection against these risks
• While creating better protection, there are new unforeseen risks
Concerns We are too used to being safe (state of normalcy) so we take it for granted and want to be in
control of everything.
Zero risk society
• No risks, government has to make it all go away
Knowledge can be a dangerous thing, we hear about every earthquake because of the media.
Paradigms Refers to the readings of this week. First three rows of the table are safety science, last two are
security, other ones are domain specific
One dimension = calculating Multidimensional = risk is a constructed fact See slides
Simplified
• Realism; risks are real, measurable, manageable
• Weak constructivism; risks are real, but we understand them culturally
• Strong constructivism; there is no such things as a real risk, risks is purely a social construct
Readings;
• ‘the concept of risk: a classification’ O. Renn
• ‘Risk and responsibility, a modern law review’ by A. Giddens
Concept of risk: a classification by O. Renn
There are a lot of different perspectives to look at risk.
Overview of risk perspectives; seven approaches to the conception of risk
1. The actuarial approach
a. Using statistical predictions 2. The toxicological and epidemiological approach 3. The
engineering approach 4. The economic approach
a. Risk-benefit comparisons 5. The psychological approach 6. Social theories of risk 7. Cultural
theory of risk
Risk contains three elements
1. Undesirable outcomes 2. Possibility of occurrence 3. State of reality
All the different perspectives answer the following questions differently
1. How can we specify or measure uncertainties? 2. What are undesirable outcomes? 3. What is the
underlying concept of reality?
Technical risk analysis The actuarial approach The prediction of car accidents Answers;
1. Calculate a relative frequency of an event over time 2. Physical harm to humans or ecosystems 3. Facts
and data
The toxicological & epidemiological approach Animals & comparisons Answers;
1. Real experiments to collect data on animals or comparison groups 2. Physical harm to humans or
ecosystems 3. Facts and data
The engineering / probabilistic risk assessments Answers;
1. Calculate the overall failure rate 2. Technological failures 3. (probably) facts and data
The three approaches listed above are technical perspectives. There are some criticisms on technical
perspectives by social scientists.
1. What people perceive as undesirable depends on one’s values and preferences 2. Human actions and
their consequences are too complex to capture in probabilities 3. Controlling risks brings organisational
failures that may increase risks
4. People have preferences for risks and probability does not make the distinction between
high consequence/low probability or low consequence/high probability Conclusion; technical risk pe
rspectives are good but also leave out the subjective which is not good.
Economic risk perspectives Shifts from expected harm/undesired effects to expected utilities Utilities
describe a degree of satisfaction with a possible action or transaction. Purposes of the shift;
1. Subjective dis(satisfaction) can be measured for all consequences 2. Comparisons between risk and
benefits Using utilities instead of physical harm provides a common denominator to compare options with
different benefits; utility is one-dimensional and universal Critics; people do not always choose utility,
they so what they want, problems of combining individual’s utilities But the economic approach serves
vital functions in risk policies
• It provides techniques to measure and compare utility losses or gains, thus decision makers can be more
informed
• Better technical risk analyses by providing a broader definition of undesirable events
• Market prices represent social utilities -> measure different types of benefits
• A model for rational decision making Answers;
1. Probabilities 2. Definition based on individual utilities 3. Real gains or losses
Psychological perspectives on risk This perspective expands the empire of subjective judgement about
risk in three ways
1. It focuses on personal preferences for probabilities and tries to explain why individuals do
not base risk judgements on expected values 2. Because of studies we know more on people’s
abilities to draw conclusions out of
probabilistic information 3. The importance of contextual variables for shaping individual risk
evaluations; like the
following contextual variables
a. The expected number of fatalities b. The catastrophic potential
I. Low probability/high consequence risks are perceived as more threatening c. Qualitative risk
characteristics
I. Having personal control over the probability II. Familiarity with the risk III. Potential to blame
someone else for the situation d. The beliefs associated with the cause
I. A technological, human activity or natural event as causes The understanding of
risk is a multidimensional concept, risk perceptions differ among social and cultural groups. Answers;
1. Relative frequencies are substituted by the strength of belief that people about likelihood
that an event will occur 2. All undesired effects that people associate with a specific cause 3. What is
real is irrelevant
Criticism; the perceptions are too broad, why do people ignore some risks then? ; perceptions cannot be
translated into policies, they are based on partial ignorance
How can risk perception studies contribute to improving risk policies? They can
• Reveal public concerns and values
• Serve as indicators for public preferences
• Document desired lifestyles
• Help to design risk communication strategies
• Represent personal experiences better than the science assessment Conclusion; psychological
studies contribute valuable information for understanding risk responses and designing risk policies
Sociological perspectives on risk All these perspectives have something in common, the following idea:
Humans perceive the world through perceptual lenses filtered by social and cultural meanings transmitted
via primary influences, such as family, friends and co-workers. Two dimensions; Individualistic vs
structural Objective vs constructivist
Rational actor concept; social actions are seen as a result of intentions by individuals/social actors to
promote their interests Social mobilisation theory; 2 questions
1. Under which circumstances are individuals motivated
to take action? 2. What are the conditions necessary for social groups to
succeed? Organisational theory; routinisation of tasks and diffusion of responsibility within
institutions Systems theory; focuses on structural factors and spans real and constructed realities Neo-
Marxist and critical theory; objective component of rational actor but rely on structural analysis for
determine institutional interests Social constructionist concepts; risks are social constructs that are
determined by structural forces in society
➢ All six approaches have in common an interest in explaining and predicting the social
injustice in relation to distributional inequities. The individualistic concepts regard them as violations of
group interests, the structural concepts regard them as reflections of the real and a result of the balancing
of social interests and values.
Answers;
1. Not with calculations but group-specific knowledge and visions 2. Are socially defined and sometimes
socially constructed 3. Real consequences are always mediated through social interpretation and group
interests
and values
The cultural perspective on risk
Social responses to risk are determined by prototypes of cultural belief patterns structural and
constructivist but not individual Five prototypes;
1. Entrepreneurial prototype
a. Risk is taking an opportunity to succeed in a competitive market and pursue
personal goals 2. Egalitarian prototype
a. Emphasises cooperation and equality rather than competition and freedom b. Don’t take chances 3.
Bureaucratic prototype
a. Relies on rules and procedures to cope with uncertainty 4. Atomised individuals prototype
a. Life is a lottery and risks are out of our control; safety is a matter of good luck 5. The hermit
prototype
a. Autonomous Individuals, Hermits: self-centred and short-term risk evaluators that
are potential mediators in conflict, according to the author. They build alliances with the other four
groups.
Answers;
1, 2 and 3. Depends on the cultural affiliation of the respective social group Critics; not about individuals,
one person can be different prototypes, there are too little prototypes
Conclusion: responsive risk management needs all the perspectives mentioned.
‘Risk and responsibility; modern law review’ by A. Giddens
• A risk society is a society where we increasingly live on a high technological frontier which no one
completely understands, and which generates a diversity of possible futures
• Origins of risk society;
o The end of nature o The end of tradition
The end of nature
• Only a few aspects of the natural world are untouched by human intervention
• Since 50 years, no more worrying about what nature could do to us, but what we have done to nature
The end of tradition
• Life is no longer lived as fate (like the fate that women had to look after the house)
Simple and reflexive modernisation; coming to terms with the limits of the modern order Risks only exist
when there are decisions to be taken, responsibility is connected to it
Consequences of the crisis of responsibility
• Emergence of ‘organised irresponsibility’
o When no one is held specifically accountable for a risk
• Adopting the ‘precautionary principle’
o Take action even by uncertainty of risks
• Our responsibility for future generations change view of responsibility o Some decisions taken today
will affect future generations
• Debate around the welfare state
• ‘litigious society’
o Contract of responsibility has broken down; blame can appear everywhere
• Both positive and negative sides of risk should be focused on
Introduction into safety and security (class 9) 1/10/18 ‘Safety science: an introduction’
Safety science Within the field of natural sciences
• Industrial engineering
• Transportation
• Finance
• Health After the industrial revolution, human errors occurred which led to accidents on the work
floor. Employers wanted to be insured for risks of accidents, but then they had to know how big the
impact was of the risk. → start of safety science
Safety science does two things
• Understanding specific risks
o People studying flood risks
• Theorise on risk more generally
o How to understand risk in relation to human errors
Two theories
• Normal accidents (three mile island)
o Todays technological systems are so complex that we can not predict what could go
wrong o Accidents are normal, we can not prevent them all, prepare for the fact that
accidents happen; unavoidable o Because of
❖ Complexity ❖ The systems run continuously ❖ Failure is not an option, the impact is too great ❖
Systems are so connected that not one part can breakdown without
everything breaking down (tight coupling) o Accidents today can be explained by bringing up
past incidents o But it is a poor predictor for future incidents
• High reliability organisations theory (NASA)
o How can you make organisations perform in a way to minimise failures? o High reliability
organisations
❖ Are preoccupied with failure ❖ Are reluctant to simplify ❖ Are sensitive to operations ❖ Are
committed to resilience ❖ Have underspecified structures o It identifies mechanisms that should make
organisations safer in principle o It is only an ideal; high reliability organisations do not exist
‘safety is a dynamic non-event’ It is the default condition; feeling safe is the state of normalcy People in
safety science study incidents where safety is suspended, which does not happen a lot, it is based on
incidents that happen rarely. Safety scientists want to reduce even this tiny number of incidents, that
makes it harder to predict them because they are so rare.
The regulator paradox
1. The safer something is, the less there will be to measure 2. If something happens rarely or never, it is
impossible to know how well
interventions/protections work 3. Since interventions are costly, scarce resources may be redistributed
elsewhere
Safety sciences often focuses on what goes wrong, instead of what goes right
Safety I Safety II
Risk management A systematic approach to understanding and managing a risk Steps:
1. Risk identification 2. Risk analysis 3. Risk evaluation 4. Risk treatment 5. Risk monitoring
Risk identification
• Risk criteria; what to look for? A particular type of crime? Define your criteria.
• Risk sources; when, where, why, how?
• Risk effects; what is the impact?
• Risk involvements; stakeholders? Who to include in the risk?
• Use an event tree/fault tree
o Example of a fire in the building:
sprinklers work or won’t → the fire department can be there fast or not fast (see slides) o Allows people
to think about
different scenarios
Risk analysis/assessment
• Measuring risks
• Decision support
• Probabilistic risk analysis to estimate the impact
• Risk = likelihood x impact (high occurrence/low impact)
• A risk matrix
Risk evaluation
• What do we find acceptable risks?
• A death is not a death is not a death (in different situations, death is worth more or less)
• Perception – knowledge/information – cost- benefit
o Could it have been protected?
(knowledge) o What does it cost to solve it? (cost-
benefit) o How important does society think it
is? (perception)
• ALARP, see slides
Risk treatment
• There are four ways of treating risk
o Avoid risk – stopping or not starting an activity because it is too risky (asbestos) o Accept risk – risks
with a low impact or likelihood (mosquitos) o Transfer risk – insurance (severe financial harm) low
likelihood, big impact o Reduce risk – interventions (social,
financial)
Risk monitoring
• Did it help? Was it effective?
• Evaluating
Reading;
• ‘risk management: procedures, methods and experiences’ H. Berg
‘Risk management: procedures, methods and experiences’ by H. Berg
I Introduction Risk
• Unavoidable
• 2 calculations required
o Likelihood/probability o Extent of the impact or consequences
Risk management
• 2 safety management principles o Consequence based
▪ Design safety systems for bad events to stay within boundaries o Risk based
▪ Risk management is a systematic approach to setting the best course of action under uncertainty by
• Identifying
• Assessing
• Understanding
• Acting on
• And communicating risk issues
Integrated risk management
• There is a need for a more integrated risk management approach
• There are very many different types of risks
• Integrated risk management is defined as a continuous, proactive and systematic process to understand,
manage and communicate risk from an organisation wide perspective
II Risk management steps and tools
1. Establishing goals and context 2. Identifying risks 3. Analysing the identified risk 4.
Assessing/evaluating risk 5. Treating or managing the risk 6. Monitoring and reviewing the risk and risk
environment regularly 7. Continuously communicating, consulting with
stakeholders and reporting
Establish goals and context
• Establishing the strategic, organisational and risk management context of the organisation
• Identifying the constraints and opportunities of the operating environment
• Finding out through analyses how the environment is regulated
Identifying the risk
• What risks can affect the organisation?
• How likely are the risks to occur?
• Who is involved?
• Possible risk sources
• Most critical stage
• Why is it a risk? Impact?
Analyse the risk
• Source of risk, consequence and likelihood to estimate the inherent or unprotected risk without controls
in place
• Determine the level, likelihood
Evaluate the risk
• Is the risk acceptable?
• Level of acceptance
Treat the risk
• An unacceptable risk requires treatment
o Avoidance o Reducing o Transferring o Acceptance
Monitor the risk
• How will the outcomes of the risk be measured?
• After five years look if it is still valid
• Are there new risks?
Communication and reporting
• Good communication, risk management is part of the organisation
• Documentation is very important to see if it has been effective
Introduction into safety and security (class 10) 2/10/18 ‘Risk management: analysis & evaluation’
Recap
• Can we quantify/measure risk?
• Risk management is a practical tool box to help in situations
• Risk = likelihood * impact
Evaluation Risk management works well within
• Aviation (airplanes)
o It’s easy to create simulations, testing wings and parts in a virtual environment
• Construction
o Accidents hardly ever happen, bridges never fall apart, just like buildings almost
never collapse o We can calculate everything about constructions, simulations can also be made
• Space travelling
o Using simulations and calculating things with gravity
Risk management does not work well within
• Cyber space
o Cyber space is too complex, connected with everything o Nobody can foresee consequences for certain
actions o You can not simulate situations in cyber space o There is no typology of issues in cyber security
yet, everything happened once, lack
of information
• Terrorism
o You can not predict terrorism, if you can predict it, it is no longer terrorism
• War or conflict
o Too complex
Risk management works well but with a limited complexity, it should be used for the right kind of
problems.
Shortcomings Three common points of shortcomings
1. Risks cannot be known 2. Risk cannot be quantified 3. There are no adequate protections
Risks cannot be known
• Known unknowns – risk management sees this whole category as possible to calculate, but the category
consists of quantifiable as well as unquantifiable uncertainties.
• Life is random
• You cannot use one method for all risks, they are random
Risk cannot be quantified
• The numbers related to probability are not certain, experts are also not sure all the time
• Too big of a marge
• Risk = probability * impact – risks do not get distributed evenly often, that is controlled by humans,
their values etc.
• Risk is not objective, always human related with beliefs, values etc
No adequate protections
• Risks have become global, are transboundary
• You are dependent on other parties, it is difficult to protect yourself
• Risk = power game – risk policies are constructed through discussion
• Risk breeds risk – new risks emerge out of other risks and their solutions
Alternatives?
1. Precautionary principle 2. Resilience 3. Tragic governance
Precautionary principle Better safe than sorry Take precaution, be sure than an innovation cannot harm
people in any way instead of regretting it afterwards 1970s-1980s – acid rain The creator of the product
needs to prove there will be no consequences This principle (systems are unsafe until proven otherwise)
crashes with the principle of laissez-faire (to leave consequences for later, systems are safe unless proven
otherwise)
Resilience You can’t know which risk may befall us, crisis will happen The ability to bounce back, being
able to cope with change The causes of a crisis are not relevant, just solve the crisis as soon as possible
Backup systems, having a plan b Focus: contingency plans
• Practise crisis solving
• Test the effectiveness of various crisis interventions
Tragic governance Disasters are part of our lives, will happen more often and we must focus on that
Governance can try hard, but just like a Greek tragedy, they will fail There is only so much government
can do, no zero-risk governance Risk acceptance
Readings:
• ‘is safety a subject for science?’ E. Hollnagel
‘Is safety a subject for science?’ by E. Hollnagel
I Introduction
• Is safety a proper subject for scientific investigation?
• Science = knowledge + the way this is pursued
• ‘Safety science is the study of safety’ → not an object, what is safety?
II The definition of safety
• Safety is often defined as a condition where nothing goes wrong or very little goes wrong
• Absence of accidents and incidents
• We do not measure safety, but we measure when safety is absent
• Mechanisation increased the number of accidents
• They found out you cannot control everything → human actors
• Causality credo
o Bad outcomes happen when something goes wrong; o Bad outcomes therefore have causes, which can
be found o Treating or eliminating the causes will increase safety by preventing future accidents
Safety as an epiphenomenon
• An epiphenomenon is defined as an incidental product of some process that has no effects on of its own
• Rather than a phenomenon: it is something that is missing once an accident occurs.
• The subject of safety science is therefore the occurrence (or rather the non-occurrence)
• Safety is simply a condition that exists when the bas outcomes do not happen
• Can the object of science be nothing?
• We study safety when it is not there
• But: safety is not about nothing but about avoiding adverse outcomes
• Safety science is about risks and hazards rather than safety
Safety as a non-event ‘A dynamic non-event’ → safety or the state where nothing goes wrong, is achieved
by many different layers of defence and protections (dynamic)
Safety as a social construct Safety → safe operations (social construct) We can focus on safe operations
and see what goes right
III From safety-I to safety-II
• Safety-I
o A condition where the number of adverse outcomes is as low as possible
• Safety-II
o The ability to succeed under expected and unexpected conditions alike o The number of acceptable
outcomes is as high as possible o Not about why things go wrong, but why they go right and ensure that o
The author calls this safety science, doing things safely
IV The bottom line
• When something goes wrong, there is no safety
• When nothing goes wrong, there is safety
• The scientific study of safety should focus on situations where nothing goes wrong
Introduction into safety and security (class 11a) 8/10/18 ‘Risk perception and security behaviours’
Psychometrics Subdomain of psychology Using quantitative methods, but you cannot measure
perceptions or social influences The science of measuring mental capacities and processes, subjective
perceptions of risks How do people of societies respond to certain risks?
Findings on risk perception Seven findings that psychometrics produced on risk perception
1. Level of harm
a. It matters to people what level of harm you’re talking about b. Permanent or temporarily harm? c.
Mental, financial, social or physical harm? d. Natural disasters or is there someone to blame? e. One
generation or more generations affected? 2. Type of harm and relative fear
a. People are afraid of certain types of harm b. Gruesome death or slow? c. Terrorism vs cigarettes 3.
Level of control
a. People are more afraid of things they have little control over b. Drive yourself or someone else c.
Flying or driving a car 4. Level of voluntariness
a. Choosing to take a risk is less scary b. Choosing to live near a nuclear power plant c. Choosing to go
bungee jumping 5. Level of loss/gain
a. Living in San Francisco → nice job, nice city but big chance of earthquakes b. Downplaying certain
risks because they don’t want it to happen 6. Causes and sources
a. More afraid of man-made risks b. Earthquakes vs terrorism c. If something had been designed better, it
could have been protected (not true
because accidents can always happen) 7. Harm to whom?
a. People are most afraid for harm to themselves or closest to them b. We are less afraid of terrorist attack
when they take place somewhere else
Security behaviours Six common security behaviours
1. Non-acceptance
a. People don’t want to accept the risk and the security it comes with b. People don’t know enough, or
don’t care enough, are ignorant c. Security is someone else’s responsibility 2. Risk homeostasis
a. Balancing act b. Increase protections → people will do more risky behaviours
c. The more you try to protect people the more people will take risks d. Driving faster when one is
wearing a seatbelt for example 3. Motivation
a. Are people ignorant when they run a red light? b. People are unmotivated to follow the rules or do
security activities c. People are not stupid but overloaded 4. No visible threat, no glory
a. When threats are invisible, like cyber things b. What are you even protecting yourself against? c. You
don’t get a reward when you protect yourself from this invisible harm 5. Learning
a. You don’t get the punishment or feedback until later b. Like getting a ticket, or being hacked 6.
Security gets in the way
a. It’s a distraction, you’re trying to get things done
‘Social amplification of risk’ (class 11b)
Level of analysis The scale or level of the thing you are studying
• Individual level of analysis
• Group or societal level of analysis We will look at societies, how are risks perceived and what is
the impact in societies
The puzzle The puzzle: violent crimes in the USA Looking at statistics—the quantity of being a victim of
violent crimes are dropping Measuring fear; chances of becoming a victim are decreasing but people
increasingly worry about becoming a victim Sub conclusion: risk calculation does not fully explain public
response to risk
SARF Social amplification of risk framework Amplification: the process of intensifying or attenuating
signals during the transmission of information from an information source, to intermedia transmitters and
finally to a receiver. Looking at communication, transferring information, sender and receiver and how
they frame a certain message. Amplifications stand for emphasising or strengthening a message. A sender
sends a message with a certain interpretation and the receiver will receive the message and interpret it
himself. Amplified is the opposite of downplaying information. Ripple effect; the drop is a risk and the
ripples start to move society
Example;
Fipronil crisis (pesticide, eggs) ; was actually a very small risk to get ill from fipronil First stage: fipronil
was found in eggs in the Netherlands Second stage: everyone started talking about it, amplified the risk
‘serious public health risk’ Third stage: consumers stopped buying eggs, supermarkets took the eggs from
the shelfs, these are responses to the way we talked about the risks Fourth stage: financial losses retail and
farming sector, less trust in inspection services
It does oversimplify reality, but every model does This model can open our eyes; key takeaways of SARF
1. It tells us to look beyond technical risk calculations 2. Public response to risk shapes societal impact
risk 3. Communication and action regarding perceived risk 4. Merge disciplinary insights to get full
picture
Readings;
- ‘the psychology of security’ by B. Schneier - ‘The social amplification of risk: a conceptual framework’
by R. Kasperson
‘The psychology of security’ by B. Schneier
I Introduction
• You can be secure bot not feel secure
• Reality vs feeling
• The feeling of security; 4 fields
o Behavioural economics – how human biases affect economic decisions o Psychology of decision-
making o Psychology of risk o Neuroscience – understanding brains
II The trade-off of security
• Security always involves some sort of trade-off
• Specific aspects of security trade-offs that can go wrong;
o Severity of the risk o Probability of the risk o Magnitude of the costs o Effectiveness of countermeasure
at mitigating the risk o Comparisons of different risks
III Conventional wisdom about risk General pathologies
• People exaggerate spectacular but rare risks and downplay common risks
• People have trouble estimating risks for anything not exactly like their normal situation
• Personified risks are perceived to be greater than anonymous risks
• People underestimate risks they willingly take and overestimate risks in situations they cannot control
• People overestimate risks that are being talked about and remain an object of public study David
Ropenc and George Oray expand the list
• Newer risks are scarier
• Human made risks are perceived as more dangerous
• People are less afraid of risks they choose than risks they cannot help
• Benefits that lead to risks are okay (living in San Francisco)
• People are less afraid of risks that cause normal deaths than gruesome deaths
• Less afraid when one has control, like driving a car
• People are less afraid for companies or people they trust, like Oprah
• When an issue has high awareness, people are more scared
• When there is a lot of uncertainty, people are more afraid
• Child-related risks are seen as very scary
• People are more afraid of risks that directly affects them
IV Risks and the brain The brain, two important parts → amygdala and neocortex Amygdala
• Assessing and reacting to risk
• Adrenaline
• Fight or flight
• Base emotions
• Animals have this Neocortex
• Analysing risk
• Mammals have this
• Being able to reason
• Thinks slower
First fundamental problem: amygdala and neocortex work parallel from each other Second fundamental
problem: neocortex is rather new in the evolution and has some rough edges
V Risk Heuristics
• We overestimate or underestimate risks, this is governed by a few brain heuristics
Prospect theory
• People have subjective values for gains and losses
• It depends on the way the gains or losses are framed
Other biases that affect risk
• Optimism bias
o We tend to believe to be better than other people, like driving a car o Positive outcomes are seen as
more possible outcomes
• Control bias
o Accepting risk when you have control over it
• Affect heuristic
o Good feeling about something results in a lower risk perception o Like smoking
VI Probability heuristics
• If we get the probability wrong, we get the trade-off wrong
The availability heuristic
• Easy remembered data are given a greater weight than hard to remember data
o If it is recently, emotionally, vivid accidents etc
Representativeness
• Risks belonging to particular classes
• ‘law of small numbers’
o A coin can still be heads the third throw
VII Cost heuristics If we cannot evaluate costs right, there will be no good trade-off
Mental accounting
• People categorise different costs
• People have different mental budgets
Time discounting
• The human tendency to discount future costs and benefits
• Money is worth more today than after a year
• Related to the prospect theory and the framing effect
VIII Heuristic that affect decisions
• Framing effects
o Context effect; comparing options
▪ When you need someone to pick 2 million dollars, make the choice 1, 2, or 3
▪ People avoid extremes, will not pick 3 o Choice bracketing
▪ Choose a variety o Anchoring effect
▪ Numbers → number wheel → picking
▪ People pick close to the number they just got on the wheel o Confirmation bias
▪ People are more likely to notice evidence that supports a previously help position than evidence that
discredits it
IX Making sense of the perception of security Areas where perception can diverge from reality
• The severity of the risk
• The probability of the risk
• The magnitude of the risk
• How effective countermeasure is of the risk
• The trade-off itself
‘The social amplification of risk: a conceptual framework’ by R. Kasperson
I Risk in modern society Issues that require attention:
• Technical concept of risk focuses too narrowly on probability and magnitude; other aspects are ignored
• Individual perceptions are under-addressed as well with formal probability risk analysis
• Risk causes discussions because there are different ways to calculate risks Technical risk
perception is too narrow. A comprehensive theory is needed that is capable of integrating the technical
analysis of risk and the cultural, social and individual response structures that shape the public experience
of risk.
II Background
• Social amplifications are important with risks
• Based on communication
III Signal amplification in communication theory Amplification is intensifying or downplaying signals
during transmission of information, telling and hearing the facts that one finds important
IV A structural description of the social amplification of risk
• The information system may amplify risk events in two ways;
o Intensifying of weakening signals that are part of the information that individuals or
social groups receive o Filtering signals
• There are social and individual amplification systems
o Scientists o Risk management institutions o Media o Opinion leaders
• Receiving information with amplification;
o Filtering signals o Decoding the signal o Attaching social values o Interacting with cultural groups to
interpret the message o The processing of risk information
• Behavioural responses; are secondary impacts
o Enduring mental perceptions o Local impact of business sales o Political and social pressure o Changes
in the nature of the risk o Social disorder o Changes in risk monitoring
• Ripple effect
V Informational mechanisms of social amplification
• Credible?
• Dramatization
• Large volume
• Different social or cultural groups
VI Response mechanisms of social amplification 4 major responses
1. Heuristics and values
a. Risks are too complex for the human minds → we simplify it 2. Social group relationships
a. Risk issues are brought into social groups → is it made an issue or not 3. Signal value
a. High signal – low likelihood but big impact b. Low signal – high likelihood but low impact 4.
Stigmatisation
a. Negative stuff is associated with undesirable people
Introduction into safety and security (class 12) 9/10/18 ‘Security studies: realism and liberalism’
Disciplinary lens Political science: discipline about political actors; organising society Subdiscipline:
international relations; state interaction Within international relations: security studies; national security
Traditional security studies
Schools of thought Traditional security studies
• Realism
• Liberalism
• Social constructivism
• Securitisation
Realism Realist ideas have been inspired by Niccolò Machiavelli and Thomas Hobbes. They both agree
that it is in human nature to seek power and be selfish. If you leave security to a bunch of individuals it
will go wrong Shared ideas of realists
• Looking at states when it’s about politics
• States operate in an anarchical world
• A state must have power to survive in the chaotic international arena, power according to a realist is to
have enough resources to survive in the world
• The political world is a very competitive world between states
The realist family
• What drives state behaviour?
o States themselves → motivational realism; states have an endless lust for power and
that is what drives them o The international system → structural realism
❖ Structural realism
• Balancing power internally; boost your power by balancing your resources, good army
• Balancing power externally; building alliances, sharing resources, joining the superpower ❖ Offensive
realism
• Power race
• Thinking very darkly and fearing security threats, pessimistic
• Gathering as much power as possible to make sure you can protect yourself ❖ Defensive realism
• Collaboration is an option
• Building arguments on the ‘security dilemma’; the argument that by gaining power you’re creating
security challenges as a state
Liberalism States are also the most important actors in international relations, just like realists States are
also surrounded by anarchy and chaos, just like realists However;
To understand international relations, one must look at non-state actors as well. Not competition, but
collaboration
Liberalists are open to a multi-level and multi-actor view on international politics. Actors
• International organisations (united nations)
• Non-state organisations (red cross)
• Multinational corporations
• Domestic actors
What drives state behaviour?
• Domestic politics
• States
• International systems
Liberal strands
• Commercial liberalism
o Open markets create a stable and peaceful environment o International trade
• Human rights liberalism
o States should always try to protect human lives, pursuit of human rights
• Institutional liberalism
o States need international institutions to help them
• Democratic liberalism
o Democracy peace thesis; democracy leads to peace because democracies won’t attack each other, and
democracies have checks and balances and democracies would rather talk things over than fight or
compete o Security through democracy
Criticism: theoretically thin and Western imperialism
Introduction into security and safety (class 13) 15/10/18 ‘security studies: social constructivism &
securitisation’
Introduction Two other schools of thought during this lecture
Recap We already had realism and liberalism, two traditional schools of thought Schools of thoughts
make us see different elements of security challenges
What is reality? Social constructivism: Reality is a shared understanding of the outside world; Reality is
produced through social interaction; ‘If men define situations as real, they are real in their consequences’
How to know reality? → by studying how actors construct reality through social interaction, that social
interaction are shaped by culture, social status and history
Social constructivism A security threat = socially constructed, we label them as security threats ‘500
British nuclear weapons are less threatening to the United States than five North Korean nuclear
weapons’ → don’t just look at the statistics to decide what is the biggest threat, look at relationships,
perceptions etc
3 key assumptions of social constructivists
1. Ideas matter 2. Identities matter 3. Actors affect structure and vice versa
Identity shapes
• Interests
• Goals; types of goals one is willing to pursue based on someone’s identity
• Action
• Interaction
Culture
• What is security? – shaped by cultural ideas
• How to deal with it?
Norms
• Rules on how (not) to act
• Constitutive / regulatory
• Formal / informal / shared
Identities, cultures and norms shape international relations and security dynamics
Two camps within social constructivism; different methodological standpoints on how to study
international security dynamics
1. Conventional constructivism
a. International security dynamics can be measured b. Particular cultures produce particular ideas
 c. Look at the aspects and ideas 2. Critical constructivism
a. There is no real reality but a lot of different ideas and definition b. We cannot measure something, only
the ideas about it
Securitisation Looks broader at security than just states against states; many types of threats to many
types of things Emerged from multiple scholars that called themselves the Copenhagen school Threats;
non-military Referent objects; non-states
What is security? Security is about survival An existential threat to a referent object (the thing that is
threatened) Not just military threats to states Referent objects: Sectors:
- The state military security - Ideology political security - National economy economic security -
Collective identities societal security - Species, habitat environmental security Critics: everything is about
security, too broad, sloppy science Pros: widening and deepening the concept of security
Securitisation; when in the process of social interaction, a common definition of security is reached
Process of securitisation (= a speech act): two stages
1. A securitising actor articulates an existential threat to a referent object 2. A relevant audience accepts
the referent object is existentially threatened
Questions on securitisation
- When is an act of securitisation successful?
o When the audience accepts the message o Other scholars; and when extraordinary security measure
were taken - What are extraordinary measures?
o Measures taken outside of the scope of normal politics o When aspect, checks and balances are lifted or
shifted - Why would you make a securitising move?
o It creates a sense of urgency
Beyond politics Non-politicised → politicised → securitised
Example; securitisation of migration Interpret in different ways
Introduction into safety & security (class 14) 16/10/18 ‘Wrap-up’
Recap course Lecture 1; context of studying security
- Agenda on security, why
o Human need; security is a basic need o Technology; more technology comes with more security issues,
errors can occur and
bad intentions o Globalisation; transboundary challenges - Scale, reach - History of security studies
Lecture 2; science
- Tree of science, history - Branches of science (natural science, social science, humanities) -
Worldviews; different perspectives - Different goals, different impact, different ideas about reality
Lecture 3; social science
- Analytical-descriptive, normative prescriptive, domain-specific - Relevant disciplines for security
studies; sociology, law etc - Disciplinary, multi-disciplinary and interdisciplinary - Explore, understand,
do
Lecture 4; security and safety
- State of normalcy; when security and safety are there - Harm to humans - Direct/indirect harm - History
security - Safety; focus on target - Security; focus on cause - Integrative definition; security is about the
protection against intentional harm that
threatens human beings either directly or indirectly; safety is about the protection against unintentional
harm that endangers human beings either directly or indirectly
Lecture 5; governance
- Contested concept; many academic concepts; governance; abstract; different meanings - State;
collection of people, territory and government institutions - Government; people responsible for common
tasks; number of institutions - Governance; the action that government institutions do - Night watchman
state; minimalist state; only provides security - Welfare state; maximal state; provides a lot more than just
security - Regulatory state; checks and balances; lower taxes - Multi-actor; horizontal shift; including
other actors; media, private, social actors - Multi-level; vertical shift; including other than national level;
international, local - Interrelated problems of legitimacy, accountability and governability; multiple loci
of power
makes checks and balances difficult
Lecture 8; risk
- Chance, the future, intervention; risks
- Subway vs coconut uncertainties - Known knowns (certain outcome), known unknowns (throwing a
dice, backing crisis),
unknown unknowns (first banking crisis ever) - History; math, trade, Arab numbers - Natural vs man-
made risks - No tolerance - Zero risk society - Renn’s perspectives on risk - Realism, weak
constructivism, strong constructivism
Lecture 9; safety science
- Specific scientific fields - Normal accident theory - High reliability theory - Risk management; steps:
identification, assessment, evaluation, mitigation, monitoring
Lecture 10; evaluation
- Risk management works well here, but not here - Risks cannot be known, quantifies or mitigated - No
adequate protections - Precautionary principle; don’t make anything if you can’t prove it won’t come with
risks - Resilience; rather than preventing risks, accept the fact shit happens and we have to bounce
back quickly - Tragic governance; risks are inevitable and part of humans
Lecture 11; risk perception - Individual level; - Psychometrics - 7 key finding from psychometrics - 6
security behaviours - Societal level; - Risk management does not sufficiently explain public responses to
risk - Social amplification of risk
Lecture 12; classical security studies
- Schools of thought - Realism; key assumptions, sub strands, main criticism; - Liberalism; key
assumptions, 4 strands, main criticism
Lecture 13; classical security studies II
- Reality; social construction - Social constructivism; identity, culture, norms - Conventional vs critical
constructivism - Securitisation: Copenhagen school; impact of the word security - 5 security sectors - 2
stages of securitisation
Questions
Please name the three approaches to International Relations discussed in this course. Liberalism, realism
and social constructivism
Please explain for each approach: Who can be considered an ‘actor’ in the international domain?
Liberalism – states, international organisations, non-state organisations, domestic actors Realism – states
Social constructivism – social groups, cultures
What drives the behaviour of these actors? What is their nature? Liberalism – domestic politics, states and
international behaviour Realism – to seek power and survive in the international anarchical world Social
constructivism – everyone has different ideas, identities, norms
What kind of methods do they use? Liberalism – cooperation, democracies Realism – military power,
sometimes alliances Social constructivism – gathering different social ideas
How can the international domain be characterised? Liberalism – anarchic but cooperation is possible and
trade keeps war from happening Realism – anarchic and a power game Social constructivism – through
relations between countries as well as military resources
Explain how safety scientists and security studies scholars differ in terms of their focus on causes of
safety/security issues and targets of safety/security issues Safety scientists focus on the target and not so
much on the cause of an issue and security studies scholars focus mainly on the cause of the harm.
Explain how van den Berg and Prins conceptualise Safety and Security. What sets the concepts apart from
one another? Security is about the protection against intentional harm that threatens human beings either
directly or indirectly. Safety is about the protection against unintentional harm that endangers human
beings either directly or indirectly. Intentional / unintentional Intentional harm threatens, and
unintentional harm endangers humans
What do (un)safety and (in) security issues have in common? They are both about protection against harm
to human beings either directly or indirectly
Mention one example of a security issue and one example of a safety issue Security: A terrorist attack
(intentional harm) Safety: A hurricane (unintentional harm)
All risks relate to a certain degree of uncertainty. Please mention two types of uncertainty and explain
what they mean and how they differ.
Coconut uncertainty: you cannot predict or calculate coconut uncertainties because they are so rare and
unpredictable Subway uncertainty: you can predict and calculate subway uncertainties to a certain degree.
You will get a graph like standard deviation.
Can all uncertainties be classified as risk? Please explain why (not). To substantiate your argument,
please refer to the ideas of “known known, known unknown, unknown unknown”. Not all uncertainties
can be classified as risks, known knowns are known and are not risk because you know what will happen.
Risks contain an element of chance, which is not there with known knowns. It is like winning a lottery
where there is only one ticket and you have the ticket.
Can you provide an example of a known known known unknown and unknown unknown? Lottery with
one ticket Flipping a coin and getting either heads or tails We can’t know an unknown unknown but as an
example from the past; 9/11
How do realist, weak social constructivists and strong social constructivists differ in how they view risk?
Weak social constructivist: risk is a shared understanding of society Strong social constructivist: there is
no definition of risk Realism: risk is calculable and manageable
From a risk management perspective (technical), how can we measure risk? Risk= likelihood * impact
Once a risk has been calculated there are four possible responses to manage the particular risk Avoidance
– high likelihood and high impact Acceptance – low likelihood and low impact Transfer – low likelihood
but big impact, insurance Reduce – high likelihood but low impact
According to Schneier, the citizen’s perspective on the size of risk can differ from reality. What
explanation does he provide to explain this difference? Our feelings can differ from reality. This has to do
with our brains and different brain heuristics that make that happen.
Kasperson explains the difference between objective risk and how they are perceived, by referring to a
process of social amplification. Please explain what this means, and how it works in practice. He explains
this difference between objective risk and how it is perceived by explaining the process of social
amplification. It is all about communication. When a risk event happens and communication is
happening, the transmitter as well as the receiver are involved in the transmission of the risk. The
transmitter will tell the risk, and will either amplify some aspects of the story or filter certain parts of the
message. The receiver at its turn will hear the message and interpret it in a certain way. Then some
amplification stations like the media will spread the message, telling their interpretation of the story. This
can create movements within society and eventually result in actions being taken.
More questions From which discipline does security studies originate? Originally from the discipline
political science, which has a subdomain international relations. Security studies comes from international
relations.
Name a discipline from the humanities and explain why it belongs to humanities. Literature, because it
studies the products of humans.
What is a discipline? A discipline is a certain field of study that studies the same object and uses the same
methods to study that object.
Provide an example of an interdisciplinary research project and explain why it’s interdisciplinary.
Interdisciplinary is when multiple disciplines merge methods to study something. The Manhattan Project,
where mathematics as well as physicists for example worked together to create the bomb
What’s the difference between mono-multi- and interdisciplinarity? Mono disciplinary means one
discipline to study something Multi is different disciplines working alongside of each other Inter is
different disciplines merged together in methods to work together
How can security be defined? Security is about the protection against intentional harm that threatens
human beings either directly or indirectly
How can safety be defined? Safety is about the protection against unintentional harm that endangers
human beings either directly or indirectly
What is the difference between a threat and a danger? A threat happens when something is intentional and
danger is unintentional
Safety science is generally focused on the ... of harm, whereas security studies focuses predominantly on
the ... of harm. Safety – target Security – cause
What is the definition of governance? Governance is the term used to refer to the actions that the
government does but it can also relate to non government itself as it gives away tasks to private actors.
This perspective on IR views actors as self-interested, but also willing to forge alliances for common
(economic) benefits Liberalism (commercial)
Which IR theory was most dominant during the Cold War? Realism
How do strong social constructivists conceptualize risk? There is no definition of risk
Why did liberalism and constructivism gain popularity at the cost of realism in the academic world, after
the end of the cold war? ???? Because realism couldn’t explain the end of the cold war.
How does a phenomenon become ‘securitized’ Name two steps The phenomenon needs to be shared and
believed. 1. A securitising actor articulates an existential threat to a referent object 2. A relevant audience
accepts the referent object is existentially threatened
More questions Realism Why is realism better understood as a family of theories than a single theory?
Because realism contains a broad family of theories and arguments and people within realism disagree on
some aspects as well.
What assumptions are shared by most realist theories? The state is the main actor that operates in an
anarchic world. The state is a unitary actor. Power is a defining feature in the international system. States
are rational actors and make choices that fit their national interests. In the anarchic world there is the
possibility of war.
What is the key divide between structural and motivational realism? In contrast to structural realism,
which essentially assumes that states are security-seekers, motivational realism emphasises the
importance of variation in states’ motives and goals.
Why does Waltz believe that the international system tends to generate competition? The necessity of
self-help, the importance of preventing adversaries from acquiring military advantages and concern about
relative gains lead to states to adopt competitive policies
Why does offensive realism believe that states maximise power? States should assume the worst about
other states and their intentions. The more powerful you are, the better you are at defending. Maximising
power is the best way to survival.
Why does defensive realism believe states should attempt to signal their kindly motives?