Now, while I completely believe that no analyst, whether intelligence analyst or risk analyst, should attempt to prescribe policy, I believe that it is perfectly appropriate to explain the sensitivty of different decision variables and state variables on future events.  Doing this sensitivity analysis makes an assessment explicitly actionable, even if it is not specific, because it communicates how the different variables can positively (or negatively) influence an outcome.  This is what decision makers need and want.  From here, the decision maker can design a strategy to influence variables in a favorable direction while considering other dimensions of the problem typically not entertained by analysts.

But as I often argue, the first step in defeating surprise is to find out more about what you do not know, so these “speculative threat” pieces are helpful at least from this standpoint.

Oh, stay tuned for a follow-on post describing several other speculative threats talked about in the published literature.  One that might be of interest is a DHS study entitled “How Terrorists Might Exploit a Hurricane,” which can be readily found in PDF format through a simple Google search.

This sounds to me like a good case for seperation of threat from vulnerability in risk analysis (as stated in R = T x V x C).  A “speculative threat” above is not really a threat at all in my consideration, but an identified vulnerability.  It makes a good case for the seperate consideration of vulnerability from threat - it is important to focus on both how vulnerable the point is AND on how much it is being threatened, and the above consideration seems to me to weaken the importance of the threat analysis.  That is hazardous in risk calculus as it results in limited resources being appropriated against vulnerabilities with no capability or intent raised against them at the expense of areas otherwise of importance.

Threat is commonly considered as a function of Intent and Capability, with consideration sometimes given to Will or Historical Precident.  Once the “speculative threat” i.e. vulnerability is identified, you can seperately search for adversary intent to use it (or exculpatory evidence showing they’ve chosen not to), which you identify as the key transition point.  Perhaps it is correct to de-emphasize the importance of stated intent for publically published vulnerabilities and ensure a hard look at adversary capability (both current and near future)?  Either way, I would say that labeling vulnerability as speculative threat does a disservice to threat analysis when they are better considered distinctly.