Amidst a hockey-sock of uncertainty and anxiety, one country stands out from the crowd–and that is saying a great deal, given that the crowd includes Syria, Egypt, Nigeria, China, and North Korea (to name but a few). That country, of course, is Iran.
Now, as the sharper amongst you may have guessed, I am a bureaucrat (at least for the moment!) and that means that I belong to one of the most risk-averse (and risk-insulated) tribes that you will ever meet. Therefore, I will not offer a prediction as to what –if anything–will happen. But, because I am specialist bureaucrat that deals with risk analysis and management, what I will do is analyze the process of determining the risks and the options surrounding ‘the problem of Iran’.
What is needed here is a little methodology (bear with me). Risk is an oft-abused term that needs to be defined before it is of any use. The risk to an object (be it a person, an asset, or a programme) is generally regarded as the function between threats to that object, the vulnerabilities of that object, probability of those threats actually occurring, and the impact or consequence to the object if they do occur.
The very first thing to determine, however, is the object in question. ‘What is at stake?’ Or more stated more properly, ‘What is at risk?’ This is crucial, because depending on what we regard as ‘at risk’ the threat posed by Iran varies significantly. Given that we are operating in the realm of the political, which means that there are a number of choices or perspectives that we might adopt, the question of what is at risk cannot be assumed to be self-evident. Do we consider American regional influence to be at risk? Or is it the existence of the State of Israel? Or the security of other allies or states of interest, such as Saudi Arabia, Iraq, or Afghanistan? Or is it the concept of innocent passage and perhaps even freedom of the high seas? Of course, we may choose to hedge our bets and use fluffy terms, such as ‘national interest’, but since these lack specificity, we only (perhaps not by accident) add to the ambiguity, rather than providing clarity.
Commentators, such as John Yoo, have made the case that Iran is “a looming threat” but it is not quite clear what it threatens, exactly. The breathless warnings of Cassandras like Yoo and Matthew Kroening take it for granted that the reader knows what is at stake. Frankly, most of the time it seems as if they are implying that it is the very existence of civilisation, at least, that is in jeopardy. As Stephen Walt points out, this is a tried, tested, and true (unfortunately) rhetorical device that bears no relation to the actual risk being described.
In any event, we can see that even in the first step of the risk analysis process, we are beset by argument and debate. What is critically important to see is that this debate is not, at this stage, about facts, but rather about perspectives. About chosen frames of reference. About ideological positions. And that means it is often going to be a nasty, emotion, and heated debate, rather than a productive one.
Unfortunately, the subjective aspects of the debate that characterise the beginning of the ‘risk analysis’ process often continue to colour the remainder of it. For instance, when the notion of probability comes up, it is most often discussed in equally subjective terms. Yoo, for instance, speaks of Iran as an “unavoidable challenge”, pushing any measurement of probability towards the end of spectrum marked certain. And yet any forecast is clearly arbitrary, even if mathematical terms are introduced. There is no way of knowing the probability of an Iranian nuclear strike. Attempts to ‘know’ these things have failed in the past (such as with Iraq in the lead up to the 2003 invasion), not least because the process of measuring has a significant impact on the thing being measured (ooo…quantum politics kids, a la Herr Doktor Heisenberg, hang on to your hats!). Warnings, monitoring, discussing options–these activities alter the risk equation as it goes along. See, for instance, this week’s naval cat and mouse game.
The same skewing occurs with respect to impact. Those looking to spur action choose to portray potential impacts in the most dire way, while those looking for other courses will downplay any consequences. That goes for second order consequences, too. THEY will cause Armageddon, but WE will be surgical in our response, causing nothing but joy and light.
Once an analysis has been conducted and a determination of the risk made, the next logical step is to formulate some kind of response. There are two important aspects to be aware of here. The first is that ‘risk appetite’ or ‘risk tolerance’ is not a pre-set value. What one actor can live with, another may find intolerable. Famously, for instance, Dick Cheney was said to have preferred the ’1% Doctrine’ (whereby even a 1% chance of an event occurring was enough to warrant a response). Others set there thresholds higher. Some too high: Neville Chamberlain, for instance, faced with indications of Germany’s desire for domination in Europe, was satisfied with verbal assurances to the contrary. Again, I would claim that risk appetite can also be associated with a particular ideological–rather than empirical or biological–position, so where you sit often determines where you stand, as it were.
Given a particular risk tolerance, there are four strategic options for risk management:
Avoidance means what it says: try and have nothing to do with the threats that you have identified, insulating yourself from their impacts. Essentially, you are trying to reduce the probability of a threat occurring to zero. This can be easier said than done, depending on the circumstances. If you want to avoid the risk to your life posed by commercial air travel, it can be done. You may have to forgo some opportunities (vacations abroad, membership in altitude-calibrated societies…), but it is possible. In the world of geopolitics, however, it is not so easy, especially at the strategic level. Again, the issue really defines how you frame the argument; what is at risk in the first place? The USN could, for instance, avoid confrontation with Iran by withdrawing from Gulf. This, however, would not work as a feasible strategy if the ‘object at risk’ were US freedom of the seas, for instance.
The second risk management option is transfer. In ordinary realms (such as finance or commerical operations) risk transfer means insurance. Essentially, one outsources the risk, by passing it on to a third party. Worried about the threat of fire as a source of risk to your home, you can ‘transfer the risk’ to the insurance company. Note that while some benefit (and arguably peace of mind) can come from such a transfer, you can never really transfer all the risk away. If your house burns down, you might get a pay-out, but you cannot escape the risk of being injured or killed in the blaze. Again, note that the risk that was transferred was specifically about a particular ‘object at risk’ (the physical dwelling). Your life is another matter entirely. In geopolitical terms, risk transfer is often attempted–by kicking difficult balls into touch, by referring them to the Security Council, or Allies, or other actors. But, just like in real life, there is often a sticky residue that remains. Iran is not North Korea where a strategy of containment and compartmentalisation has worked (to a degree).
The third option is mitigation. It is sometimes referred to as control, but I think that overstates the case. This is the most ”active” of the options: it contains the measures one takes to try and reduce the risk. Generally speaking this can be done in two ways: by reducing the threat or by reducing the vulnerability to that threat. In physical security terms, this might mean going out and disrupting or destroying those pesky terrorists or pirates. Or it might mean improving the armour plating on your vehicles, or getting a newer high-tech IED jamming device. Geopolitically, it might mean increasing your means of deterrence or launching pre-emptive strikes on Iranian nuclear facilities, or providing naval escorts to commercial vessels navigating the tricky Straits of Hormuz. Whatever the decision, this option is about capabilities. There is little point in coming up with ideas that cannot be put into practice. Similarly, there is little point in implementing plans that have no effect. Making a sweeping generalisation (and invoking the Rid Principle of Blogorific Freedom in so doing) those commentators, be they civilian or military, that one might label as Hawks, tend to put their faith in this option as the best one available. More guns, better ships, awesome F-35s–these are the ‘mitigating measures’ that are needed to address risks.
Finally, we come to acceptance, which while the term of art, is not one that I think adequately addresses what this option actually entails. One way of looking at acceptance is to view it as resigning oneself to the risk that remains after all else has been tried. Another way is to see it as the result of a deliberate ‘cost-benefit’ analysis: whatever the potential upside is (a better reputation, cost savings from not taking an aggressive approach, etc.) outweighs the potential downside (money spent on guns and not butter, potential to ignite a tinderbox, etc.) I think both views are needed. The problem is, of course, that acceptance is–perhaps more than any other option–bound up in the inherently subjective/ideological Gordian Knot of risk tolerance/risk appetite. How much risk should we accept? How far should we attempt to avoid, transfer, and mitigate before we accept? All very good questions, and none of them are technical in nature. They are inherently political, and that is where the fun starts.
While not a formal risk management option, I would like to propose that what lies behind these active options is the idea of risk absorption. In short, this is what we end up with when all that ‘sticky residue’ (mentioned above) and ‘unintended consequences/second order risks’ and accepted risks are accounted for. Often times, the total risk picture is not known, due to neglect, the sheer complexity of it all, errors in calculation and/or wishful thinking. But all the ‘real risk’ (if such a thing could ever be known) is absorbed by an object…until it can no longer be accommodated. For instance, we might say that we accept the risk of a nuclear Iran, but can we really? Or, we might say that we can accept the risk of armed conflict with Iran if that is what results from a strategy of ‘not backing down’. Maybe, though, with all the other risks that we have absorbed (either knowingly or unknowingly) perhaps our capacity to deal with that risk is exceeded. Maybe we need to cut our budgets and cannot deal with two contingencies at the same time any longer. So we might ‘accept’ a risk, without being able to actually deal with it.
In reality, of course, nothing is simple. There are not simple ‘risk-reward’ calculations, or cost-benefit analyses to be done. And it is not that we would make the ‘right’ decisions ‘if only’ we had more information, more time, another satellite, better allies, more honest interlocutors, better hair (but it never hurts). There are risks that need to be traded, prioritised and off-set. Military risks sit along side financial and economic risks, which must be seen in the context of domestic political risks. There is no correct answer, no preferred perspective.
Risk is a tricky thing. It is as beguiling as it is confusing. As some wise old Persian once observed
If one has to jump a stream and knows how wide it is, he will not jump. If he does not know how wide it is, he will jump, and six times out of ten he will make it.
The trick is in knowing whether or not you really do know…or not.