The Utility of Risk in International Security: Quo Vadis?

I want to speak a little about the idea of risk in the arena of international security.  Current events, and a recent publication, have me thinking about this complicated topic.   I am afraid, though, that my thoughts are not constrained by a singular focus, and are rather ambitious in their scope.  So, Dear Reader, I invite you down the rabbit hole as we explore the twisted labyrinth that is my mind, at least as far as it concerns this topic.

Risk is not a new subject, but it is not widely understood.  This means that there are many offers of new wine, which often turn out to be nothing more than old plonk.  Differences in meaning of key terms (such as threat, vulnerability, likelihood, and mitigation) often mean that eureka moments on the part of one author (or policy wonk) are nothing more than ‘bubbles in the tub’, to coin a phrase of which Archimedes would be proud.

Look inside, as well as out

That said, a helpful (if not genuinely novel, despite titular claims otherwise) way of looking at risks was recently published in the Harvard Business Review (written by Robert S. Kaplan and Anette Mikes).  While the focus of the article is “The Firm”, I believe it has applicability to states and international security.  The authors divide the risks facing an organization into three categories.  The first are labeled ‘preventable risks’.  While this moniker is somewhat unfortunate, these risks are the kind of ‘own goals’ that organizations should strive to eliminate.  Rogue traders, crooked officials, unsafe work practices—these all represent internal, and therefore supposedly controllable, risks to success for companies.

The second category of risks is labeled by Kaplan and Mikes as ‘strategy risks’.  These risks are based on the choices made by Firms as they carry out their business.  This kind of risk derives from the ways in which companies try and capture value within the market.  Should a company commence operations in Myanmar? Or partner with BlackBerry?  Should a company give away its online content for free or put it behind a pay-wall?  Each of these choices carries with it opportunities for success and failure.  These risks, too, are supposedly controllable, in that a company is able to take the initiating decisions itself.  The ‘no risk, no reward’ mantra operates within this space.  Taking the safe route problem means a company may miss out on some potential for profit.  As Pliny the Elder opined, “audentes fortuna iuvat”.  Of course, there are no guarantees: the outcomes or impacts of the decisions made by firms are neither predictable nor controllable.  If they were—if perfect knowledge of the market as imagined by economists actually existed—I (and everyone else) would be rich instead of being a wage-slave.  (But then you wouldn’t be able to enjoy my scribbling, either, as I am lazier than I am greedy.  And wouldn’t we all be the poorer for that?)

The third category of risks proposed by Kaplan and Mikes are ‘external risks’.  External risks are those things that occur outside of The Firm but have an impact on it.  Flooding in Thailand interrupted the manufacturing supply chains of several Japanese car manufacturers, just at the time when they were reeling from an earthquake, tsunami, and release of radioactive material at home.

The reason that Kaplan and Mikes wrote their article was to draw attention to the fact that all three categories need to be understood and managed if companies are going to navigate the world of risk.

What is good for the Firm is good for the State…or is it?

Traditionally within international security (and in business, it turns out), we focus on ‘external risks’.  How many tanks or warheads does the other side have?  What is the likelihood that the enemy will attack and what will happen if it occurs?  Is AQ planning another spectacular and what will happen if they are?  What Kaplan and Mikes helpfully point out is that other actions/choices/decisions may also pose risks.

We tend to look at Category I (‘controllable risks’) and Category II (‘strategy risks’) more as ‘mitigating measures’, influenced by, and often in reaction to, the ‘real risks’ from outside.  But if we follow Kaplan and Mikes’s thinking we can see that these types of decisions have the potential to generate their own risks.

In terms of national security, we might look at something like the Abu Ghraib debacle as a Category I risk.  The abhorrent behaviour of some US troops generated risk by having an impact on domestic legitimacy, international support, and even Iraqi resistance.  Kaplan and Mikes would point out that this risk is (at least in theory) controllable by the organization.  Better training, more effective supervision, or other measures could have been applied to mitigate this kind of risk.

Other Category I risks might include decisions about how an armed force trains and equips itself.  Does an army prepare for conventional war or counter-insurgency?  Does a navy lose the capability to deploy ship-borne aircraft for a number of years?

In terms of Category II risks, a national security focus might look at the choices a country makes at a level of analysis ‘higher’ (or broader) than mere force development decisions.  A ‘grand strategic’ decision to pivot into Asia, for instance, causes the risk landscape to change.  It might excite (positively and negatively) a variety of actors in Asia, while at the same time sending signals to other regions (say, erstwhile European allies and potential African beneficiaries) that they are no longer on the radar, so to speak.

Such a wider appreciation of risk might help decision makers become more aware of the consequences of their actions.  Short-term gains or savings might be seen as portending longer-term ‘down-sides’ hitherto unseen.  The idea that ‘smaller is better’ is fine with regard to the size of the British army, in so far as it goes, but it cannot be ignored such a decision made now may bring with it future impacts.

However, at the same time, the idea of categorizing risks carries with it the danger of leading us to believe that each category is somehow a container, or at least a baffle.  In reality, though, the three categories of risk slosh into, or interact with, each other, causing multiple risk scenario potentialities and combining to compound complexity, not only in terms of causation, but more frustratingly of resolution.

The recent example of France’s actions in Mali are germane here.  France decided to act in Mali (taking a Category II risk, in terms of increasing its exposure to domestic and foreign retaliation in the form of terrorist attacks), seemingly to mitigate the risk posed by Islamists operating there (addressing a Category III risk).  France’s ability to act swiftly and effectively was constrained by decisions that she (mais bien sûr!  L’état c’est La France quandmême!) had taken independently and much earlier concerning the acquisition (or lack thereof) of effective strategic airlift capability (a Category I risk).  But not acting may have also generated risks:  some have said that if the Islamists were not stopped in Timbuktu then they would soon menace Europe.  Others point out that the Socialist politician Hollande was looking to bolster his weak public image at home and that by ‘doing nothing’ he would have looked even weaker.  Still others have said that to do nothing (to not have taken a Category II risk) would perhaps have emboldened other groups, making them feel that they had a free hand to do similar things elsewhere.

Such are the problems with risk in the modern world.  Allow me to list just some of the more important ones relevant here:

1.  Risks are not objectively determinable.  Risk is not something that exists ‘out there’, measurable by way of a thermometer or barometer.  Risks depend on several ‘non-material’ aspects.  The first step in risk analysis is the subjective determination of what is at risk: National survival?  Political capital?  Prestige?  Would all actors make the same kinds of determinations?  How are they influenced by their own psychological, cultural, and ideological (to name but three) biases and prejudices when making those kinds of decisions?  The second step involves subjective perception: does an actor ‘see’ all the factors necessary to make a sound judgment, even within the frame of the determination made above?  Are likelihoods, vulnerabilities, and impacts calculated (or rather estimated) accurately enough to be helpful?  What about those pesky ‘unknown unknowns’ of Rumsfeldian fame?  Or, even worser still, the ever lurking Black Swans (‘unimaginable unknowns’) described with such vituperation by Taleb?  How can this indeterminacy be included in our calculations?  Risk, therefore, is not a measurement of the danger present in any given environment, but rather a description of the danger attributed to that environment.  It is part of the narrative that we create to both impel and justify our actions.  It is, therefore, highly political.

2.  Risks may be managed but are rarely eliminated.  Setting aside for a moment the ‘impossibility of reason’ associated with the concept of risk calculation, Ulrich Beck tells us that risks may be addressed (with greater or lesser effect) but are infrequently dealt with ‘once and for all’.  This is largely due to the recursive nature of our mitigation efforts.  We use pesticides to reduce the risk to crops from insects, but at the same time generate wider risks to the environment and humankind through a degradation in biodiversity and ecological viability.  We arm the Mujahedeen in Afghanistan in order to address the Soviet risk, but we create a ‘downstream’ risk that turns out to cause us all kinds of bother later on.  We airdrop weapons to assist Libyan rebels mitigate the risk of a mad dicator, but later discover that some of these same weapons (and perhaps even rebels) end up in nearby Mali.  The popular sentimental reaction to this circuity might be summed up as “Blowback’s a bitch.”

3.  Our actions generate risk in all directions, simultaneously. The example of the Mujahedeen is instructive, but too simplistic in its linearity.  Often we cannot see what impacts our actions take, or may take, or are going to take.  We assume we understand the cause and effect (cut a division from the order of battle, lose the ability to react in a particular area) but in reality, due to the complex and changing nature of risk (as highlighted above) we really have no idea what will happen.  The butterfly-wing-flap-turns-into-killer-tornado meme might be a bit far fetched, but it should make us aware of the almost infinite ways in which our decisions can spin off.  Rather than getting all caught up in Beck’s ‘late Modernity’ we might look to Homer’s very much ‘hypo-Modern’ tale of Odysseus’s return from Troy as an example of how difficult any trip from ‘A’ to ‘B’ might become, despite our best intentions.

4.  The old saw abundans cautela non nocet ain’t necessarily so.  To the insights gleaned from what we have seen above, we need to be mindful of the fact that deciding (or not deciding) to not act will also generate effects.  That which does not happen because the butterfly does not flap its wings is even more difficult to calculate than a tornado, but may turn out to be equally, or even more, important.

Take a page from Frankie’s book: Risk…what is it good for?

We might then ask whether or not risk is the right way to look at the world.  If it is altogether too messy, too complex and too ineffective, why use it?  Taleb for one believes that we are not making decisions under risk (where one of a known set of potential outcomes must come to pass, bring with it associated and measurable impacts) but rather we are making decisions under uncertainty (where one or more outcomes from an unknown and often unknowable set of potential outcomes may come to pass, and brings with it (or them) one or several undetermined impacts).  His solution, though, is to plan and design for the worst, looking to create resilient (or gooder still, anti-fragile) organizations.

But how realistic is it to base our actions on ‘worst case scenarios’, building in redundancy (and therefore flexibility)?  Who can afford such a plan?  It seems that in times of scarcity and uncertainty, we are left with little to go on other than an unaffordable ideal.  Strategy under risk is difficult.  Strategy under uncertainty is impossible and counterproductive.

It seems that in the world of international security, we are left, therefore, with little other than imperfect, entirely human, political judgment.  I, for one, wouldn’t have it any other way.


One thought on “The Utility of Risk in International Security: Quo Vadis?

  1. Paul T. Mitchell says:

    Interesting piece: I agree that the three categories are too reliant on observable and quasi-measurable factors. Giddens and Beck have expanded the discussion on risk by looking at it from a social perspective, as you do here. Both Coker and Rasmussen have taken up this line of reasoning and applied it to military affairs in directions very similar to your logic here.

Leave a Reply

Your email address will not be published. Required fields are marked *