key: cord-0007093-33c47yj0 authors: Tien, James M. title: Viewing urban disruptions from a decision informatics perspective date: 2005 journal: J Syst Sci Syst Eng DOI: 10.1007/s11518-006-0194-7 sha: cbd4e4f3fa41434e1823d57918ebe513af09ef89 doc_id: 7093 cord_uid: 33c47yj0 Urban infrastructures are the focus of terrorist acts because, quite simply, they produce the most visible impact, if not casualties. While terrorist acts are the most insidious and onerous of all disruptions, it is obvious that there are many similarities to the way one should deal with these willful acts and those caused by natural and accidental incidents that have also resulted in adverse and severe consequences. However, there is one major and critical difference between terrorist acts and the other types of disruptions: the terrorist acts are willful — and therefore also adaptive, if not coordinated. One must counter these acts with the same, if not more sophisticated, willful, adaptive and informed approach. Real-time, information-based decision making — which Tien (2003) has called the decision informatics paradigm — is the approach advanced herein to help make the right decisions at the various stages of a disruption. It is focused on decisions and based on multiple data sources, data fusion and analysis methods, timely information, stochastic decision models and a systems engineering outlook; moreover, it is multidisciplinary, evolutionary and systemic in practice. The approach provides a consistent way to address real-time emergency issues, including those concerned with the preparation for a major disruption, the prediction of such a disruption, the prevention or mitigation of the disruption, the detection of the disruption, the response to the disruption, and the recovery steps that are necessary to adequately, if not fully, recuperate from the disruption. The efforts of the U. S. Department of Homeland Security and its academically-based Homeland Security Centers of Excellence are considered within the proposed types, stages and decisions framework. Urban infrastructures are the focus of terrorist acts because, quite simply, they produce the most visible impact, if not casualties. From the September 11, 2001 (i.e., "9/11") attack on New York City's World Trade Center to the more recent March 11, 2004 , attack on Madrid's commuter trains, it is obvious that urban centers are indeed vulnerable to such hideous acts. A systemic or holistic approach to securing the infrastructure systems that underpin an urban center is required. New York City (NYC), for example, is not only an obvious target of terrorism; it is also a major urban center, with all the attendant complexities of people, processes, products, physical structures and institutions. As a consequence, NYC -and its symbolic World Trade Center -was an obvious target for the 9/11 terrorists, whose colleagues had previously targeted the same symbolic structure back in 1993. While terrorist acts are the most insidious and onerous of all disruptions, it is obvious that there are many similarities to the way one should deal with these willful acts -which would also include a malicious prankster releasing an electronic virus on the Internetand those caused by natural and accidental incidents that have also resulted in adverse and severe consequences. Indeed, the natural disasters of droughts, diseases, floods and earthquakes -including the 1899-1901 drought in India, the 1917-1919 world-wide influenza epidemic, the 1931 Hwang-Ho flood in China, and the 2004 Tsunami in South Asia -have been the scourge of mankind. Fortunately, accidental disruptions (e.g., asbestos contamination, carcinogen exposure, oil spills, power failures, and nuclear accidents) have thus far been less disastrous, but they may begin to rival the natural disasters in impact as one explores the potentially high-payoff but equally high-risk worlds of nanotechnology and biotechnology. Nevertheless, the public expects that the accidental hazards can and should be fixed as they are man-made; on the other hand, natural hazards are considered to be acts of God whose negative effects can only, at best, be mitigated. However, there is one major and critical difference between terrorist acts and the other man-made but accidental disruptions: the terrorist acts are willful -and therefore also adaptive, if not coordinated. Since terrorist -and other willful (e.g., electronic viruses, hacker attacks, and email spam) -acts are based on the most up-to-date intelligence or information, one must also counter these acts with the same, if not more sophisticated, willful, adaptive, coordinated and informed approach. More specifically, the approach of real-time, information-based decision making -which Tien (2003) has called the decision informatics paradigm -is focused on decisions and based on multiple data sources, data fusion and analysis methods, timely information, stochastic decision models and a systems engineering outlook. It should be emphatically stated that while the terms employed in describing the methodologies that underpin decision informatics are those belonging to decision analysis (i.e., emergency management, statistics, risk analysis, etc.), decision informatics is clearly multidisciplinary in nature and, depending on the problem being considered, could include experts from science (i.e., information, visualization, cognition, sociology, etc.), engineering (i.e., telecommunications, biomedical, chemical, nuclear, etc.) and other disciplines (i.e., religion, theology, terrorism, culture, etc.). It provides a systematic and consistent way to address real-time emergency issues, including those concerned with the preparation for a major disruption, the prediction of such a disruption, the prevention or mitigation of the disruption, the detection of the disruption, the response to the disruption, and the recovery steps that are necessary to adequately, if not fully, recuperate from the disruption. More importantly, one must approach an urban emergency management problem in a systemic or holistic manner, especially given the interdependencies of the underlying infrastructure systems. Although the focus of this paper is primarily on terrorist disruptions, it is obvious that the decision informatics approach is likewise applicable to the preparation, prediction, prevention, detection, response and recovery steps associated with the emergency management of any major urban disruption. The remaining sections of the paper deal with the types of disruption, the stages of or life cycle in a disruption, the decision informatics paradigm, and the combination of types, stages and decisions in regard to the efforts of the U. S. Department of Homeland Security and its academically-based Homeland Security Centers of Excellence, followed by some concluding remarks. Modern society relies on the reliable operation of a set of human-built systemseach being a combination of people, processes, goods, services, physical structures and institutions -to sustain people themselves, infrastructures and commerce. In an urban center, these human-built or constructed systems include transportation (i.e., roads, bridges and rail); health (i.e., clinics, emergency rooms and hospitals); education (i.e., pre-college, college and continuing education); energy (i.e., electric power, gas and liquid fuels); telecommunications (i.e., radio, telephone and internet); information technologies (i.e., file servers, database systems and networks); water (i.e., lakes, reservoirs and rivers); food (i.e., farms, markets and warehouses); sanitation (i.e., garbage, sewage and air pollution), structures (i.e., homes, buildings and spaces); civil order (i.e., police, fire and health); finance (i.e., banks, insurance and security firms), and government (i.e., local, state and federal). People, infrastructures and commerce all rely on the constructed systems to provide the necessary goods and services. In the U. S., the constructed systems -most of which are privately owned and operatedare so essential that they have been called the nation's "lifelines" and are included in the broader set of critical infrastructures defined by the President's Council on Critical Infrastructure Protection (PCCIP) (U. S. President, 1998) to be those physical and cyber-based systems essential to the minimum operations of both the economy and the government. More specifically, the U. S. National Strategy has identified 14 sectorsagriculture (2M farms), food (90K food-processing plants), water (2K federal water reservoirs), public health (6K registered hospitals), emergency services (90K emergency service entities), government, defense industrial base, information and telecommunications (2B miles of telecom cable), energy (3K electric power plants, 2M miles of pipelines), transportation (5K public airports, 120K miles of major railroads, 590K highway bridges), banking and finance (27K banking and financial institutions), chemical industry and hazardous materials (66K chemical plants), postal, and shipping -and 5 key resources -national monuments and icons, nuclear power plants (104 commercial nuclear power plants), dams (80K dams), government facilities (3K federal facilities), and critical commercial assets (0.5K skyscrapers) -that must be protected. Historically, the nation's critical infrastructures have been physically and logically separate systems that had little interdependence. However, as a result of advances in information technology and the necessity for improved efficiency and effectiveness, these infrastructures have become increasingly automated and interlinked. In fact, because the information technology revolution has changed the way business is transacted, government is operated, and national defense is conducted, the U. S. President (2001) singled it out as the most critical infrastructure to protect following 9/11. Thus, while the U. S. is considered a superpower because of its military strength and economic prowess, non-traditional attacks on its interdependent and cyber-supported infrastructures could significantly harm both the nation's military power and economy. Clearly, infrastructures, especially the information infrastructure, are among the nation's weakest links; they are vulnerable to willful acts of sabotage. The U. S. National Academies' Committee on The Role of Information Technology in Responding to Terrorism (2005) has made a number of recommendations to reduce vulnerabilities associated with the information infrastructure, including undertaking more research in authentication, detection, containment and recovery. The infrastructure interdependencies are most obvious when a disruption occurs. For example, interruptions in power and communications following the 9/11 attack, in turn, forced the closing of the New York Stock Exchange, which is a critical part of the nation's banking and finance infrastructure. As another example, the August 2003 electrical power outage on the east coast caused the failure of wireless communications and affected the City of Cleveland's water system. Clearly, there are innumerable interdependencies among the various infrastructure networks or systems that provide for a continual flow of goods and services essential to the defense and economic security of a nation. Indeed, for this reason, it is inappropriate to only categorize some infrastructure systems as being critical; they are all critical to the proper functioning of a nation or urban center -otherwise, the non-critical ones might well become the weakest links and thus vulnerable to attack and destruction. More importantly, the infrastructure interdependence problems should not be minimized, especially from a security and reliability perspective; in fact, contingency plans or backup systems should be developed and employed to mitigate these problems. Sadly, the same advances that have enhanced interconnectedness have created new vulnerabilities, especially related to equipment failure, human error, weather and other natural causes, and physical and cyber attacks. Thus, electronic viruses, biological agents and other toxic materials can turn a nation's "lifelines" into "deathlines" (Beroggi and Wallace, 1995) , in that they can be used to facilitate the spread of these materials -whether by accident or by willful act. Even the Internet -with almost a billion users -has become a terrorist tool (Talbot, 2005) ; jihad websites are recruiting members, soliciting funds, and promoting violence (e.g., by showing the beheading of hostages). Also, as evidenced by the 9/11 attack, components of an infrastructure system can be used as weapons of destruction. Further, the built environment is often the battleground for engaging the threat or disruption and its impact. Office buildings, subways, airports, water pipes, and power-generation and transmission facilities are all possible targets for terrorist acts, resulting in fires, toxic materials, debris and flooding. As identified earlier, there are, in essence, three types of disruptions: those natural incidents due to nature and/or natural forces; those accidental incidents due to human errors and/or structural failures; and those willful incidents due to human acts and/or destructive weapons. The who, what, when and where of a number of well known disruptions occurring in the latter half of the 20th century are considered in Table 1 15 plausible disruption scenarios that could be used for planning purposes and that could help focus the allocation of billions of federal dollars which will be distributed in the future to help secure the homeland. More specifically, 12 of the scenarios pertain to willful terrorist acts and include: a nuclear detonation of a 10-kiloton device, a biological attack with aerosolized anthrax spray, a biological attack through release of pneumonic plague, a chemical attack with aerosolized chemical blister spray, a chemical attack through explosion of toxic chemical cargo, a chemical attack through release of sarin gas in ventilation systems, a chemical attack through explosion of chlorine gas storage tanks, a radiological attack with radioactive cesium-137 bombs, an explosives attack with handmade bombs or suicide belts, a biological attack through contamination of food items with liquid anthrax, a biological attack through infection of farm animals with food-and-mouth disease, and a cyber attack on the nation's financial infrastructure. The remaining three scenarios concern natural disasters and include: a biological disease outbreak like an influenza pandemic, a 7.2-magnitude earthquake on a fault line through a major urban center, and a category 5 hurricane with sustained winds of 160 miles per hour and storm surges of 20 feet hitting a major metropolitan area. Finally, in regard to impact, a natural disaster tends to be more regional or world-wide than local (as in the case of SARS), and its effect could last for years. An accidental tragedy tends to be more local or regional (as The mission and overriding objective of the The additional detection stage is also necessary; it follows prediction and precedes response and is very much dependent on data obtained from multiple data sources or sensors and the careful fusion and analysis of that data. In preparing for a major urban disaster, it is critical to learn from past incidents. Careful How to convert potential terrorists away from terrorism? How to prepare for disruption without degrading quality of life and civil liberties? How to integrate the help of industry and other private organizations? What type of resources (e.g., protective gear) are available and at what locations? What integrated emergency command center needs to be established? How to coordinate and standardize data, medical records, information systems, and communications? Is the preparation appropriate for both security and safety? How to effectively assess preparedness? What precursor signals can be associated with natural, accidental and willful incidents? What is the nature (e.g., self-assembled, self-replicated) and scope of such attacks? What facilities, assets and resources are most vulnerable to attack? In addition to direct threats, what are possible indirect or secondary threats (e.g., Zoonotic diseases, hurricane-related fresh water flooding)? How best to pre-position resources for the most likely and most risky disruptions? How to communicate accuracy of prediction? How to provide education and simulated training for decision makers and responders? What identification (e.g., biometric) technologies can be reliably employed to prevent unlawful entry? How to prevent attacks, reduce vulnerability, minimize damage, and enhance recovery? How to develop contingency plans or backup systems to mitigate interdependency problems? How to warn the public (e.g., color-coded alerts, terrorist threat index)? How and when to mitigate (e.g., evacuate) before the disruption? How to mitigate problems of communications, traffic gridlock, and inter-jurisdictional issues? How to prevent problems associated with the roles and responsibilities of all involved? Are the prevention strategies sustainable and are they commensurate with the risk level? Detection What sensors can be employed to detect a disruption? How to fuse and abstract valid and useful information from multiple data sources? What response preparation should be effected (e.g., level of emergency)? How to validly identify nature of attack? What is the target (including people, infrastructures and commerce) and scope (including time, space, and weapon used) of the attack? How to mitigate the potential impact of an attack? How to strengthen the public's resilience to the disruption? Where should an emergency staging and medical triaging center be established? How to logistically inventory and disburse available resources, requested resources, and donated goods? How to coordinate and secure communications by computer, cellular, radio, and telephone lines? How to reposition resources for another attack or response to other incidents? How to coordinate and integrate workers and volunteers? How to coordinate within and between response levels (i.e., local, regional, state, and federal)? How to communicate with the public, including dealing with the media? Which targets remain at risk and must be taken out of harms way? What can be done to recover from the resultant damages? How to store, protect, retrieve and recover critical data? What state, federal and commercial aid can be obtained to fund the recovery? What recovery goals, measures and assessment procedures have been established? What projects, tasks, budget and schedule are necessary for the recovery? What can be put in place to forestall or prepare for another disruption? physical environment, air, water, structures, and resources presented in a meaningful manner for timely and judicious decision making by individual responders or a group of decision makers? In regard to willful terrorist acts, one has to prepare for the unforeseen or unexpected, including the possibility that an act could include several related actions at different locations. As examples, the 9/11 tragedy included four airline crashes within a regional area and the Sarin attack included five affected subway lines leading to Tokyo center. Obviously, these terrorist acts could have been even more fatal if all response resources were committed to the first occurring action; indeed, this could have occurred if hours, not minutes, were to have separated each action. In short, one must be prepared for the worst possible scenario without bankrupting either our economy or our quality of life. Perhaps the weakest link in the preparation against a terrorist act is the unwillingness of intelligence organizations to communicate or share crucial information. In fact, as discussed later, many of the activities being undertaken by the U. S. Department of Homeland Security focus on ameliorating or mitigating this problem. Actually, this communication and information sharing problem pervades and adversely impacts every disruption stage, from preparation to recovery. For example, the Federal Bureau of Investigations' recent $170 million effort to establish a Virtual Case File of interview reports throughout the Bureau has been somewhat of a failure, partially due to the fact that agents are reluctant to share their notes for fear of security breaches. Moreover, it can take several days before the available reports are scanned into the central computer, resulting in a potentially dangerous time lag for a fast-moving terrorist initiative. It is critical for an urban center to prepare not just for urban security but also for urban safety. This dual purpose reflects reality, in that most, if not all, of the public safety resources are able to also secure the homeland; indeed, natural disasters and accidental tragedies result in safety concerns, while only willful acts result in security concerns. Moreover, the costs associated with performing security duties can be considered to be a marginal add-on to the long established public safety mandate. In many regards, prediction parallels the preparation stage of a disruption. For a past type of disruption, preparation should already be made and prediction can then be employed to determine the likelihood that it might happen again. For a new type of disruption, prediction is necessary to first ascertain the potential nature of the disruption in all its dimensionalities, together with a level of confidence or accuracy regarding the prediction; this would then provide the reason for and the scope of a preparation plan. Thus, prediction details the likelihood, as well as the who, when, what and where, of a disruption. Based on this input, especially the likelihood statistic, appropriate preparation steps can be taken. Moreover, prediction should not only be about the first order impact of a disruption but also about higher-order impacts. In fact, secondary impacts are sometimes more devastating than the initial disaster; thus, hurricane-caused fresh water flooding of inland rivers and lakes may be more problematic than the initial coastal damages. Likelihood is a difficult concept to convey to the general public. At present, the U. S. employs an alert system based on five colors ranging from green, the least dangerous, to red, or high alert. The color-coded scheme seeks to capture the likelihood of a terrorist threat and the consequent level of alert or mobilization required. The scheme is too aggregated and is applicable to the entire nation at any point in time. Perhaps a more refined and understandable scheme might be in terms of a terrorist threat index (TTI), much like the Dow Jones Index for stocks and the Consumer Price Index for inflation. TTI could range from, say, 0 to 100, with 100 corresponding to the highest level of alert. Additionally, a gradation of index values should be allowed; thus, for the 9/11 example, the NYC Wall Street area would have had TTI values in the 90s, areas in New Jersey would have had values in the 80s, and upstate New York would have had values in the 70s. Of course, an appropriate decision model must be developed to make the TTI operational; it would be based on a number of contributory factors or variables. In addition to statistical methods, there are a number of forensic approaches to determining the likelihood of an event. For example, many natural disasters and accidental tragedies are a result of a series of events that signal an impending catastrophe. Recognizing, understanding and appropriately reacting to such events -or precursors -might very well help forestall, if not mitigate, the catastrophe. Willful acts may also register such precursors; for example, increased cellular traffic used to signal an impending terrorist act until the terrorists became more cautious, having realized that the traffic was being monitored. A critical preventative measure is the use of identification technologies to prevent unlawful entry. For the most part, passwords, identification cards, tokens, keys and codes have been employed. Biometric -including, as examples, fingerprinting, iris scans, voice authentication and face recognition -systems are usually employed where security is critical; they are used for both verification (i.e., one-to-one matching) and identification (i.e., one-to-many matching). To minimize potential errors that may occur, multiple systems are being deployed; for example, foreign visitors to the U. S. must now provide prints of both index fingers and a picture of their face at the port of entry. Another approach suggested by Burnes et al. (2003) is an integrated system whereby, say, the wavelet transforms of both the fingerprints and the facial image are judiciously combined in the wavelet domain and then used for both verification and identification purposes. Although such an integrated or hybrid biometric system might add an extra layer of security, its effect on error rates must still be determined. The best preventative action in the face of a major disruption and assuming ample warning time is, of course, evacuation. However, cost, inconvenience and believability must all be taken into consideration before an evacuation is ordered. Recently, in August 2004, about a million people were evacuated from an area south of Tampa, Florida, where Hurricane Charlie, a category 4 storm, was first predicted to come ashore; the evacuation turned out to be a false alarm for many of the evacuated areas. When it was later predicted that the hurricane would come on shore north of Tampa, residents there were reluctant to evacuate, resulting in more damage than necessary if the second set of evacuation warnings were heeded. Interestingly, in regard to commerce, information technology and supply chain efficiencies have squeezed out many redundancies or inventories; just-in-time everything has been the mantra that has resulted in even greater interdependencies and productivity. Now, however, in order to prevent an adverse impact on the supply chains in the face of a major disruption, there is a need to enhance the reliability of these chains by building in more inventories (i.e., backup systems) and decreasing the interdependencies, resulting in a possible decrease in productivity. Clearly, there is a need to trade off between security and productivity; between just-in-time and just-in-case approaches. It is critical that whatever prevention tactics or strategies are implemented, are sustainable in the long run. Otherwise, the ever adaptable terrorist will observe a weak link or vulnerability and take appropriate advantage of it. Scaling back on a strategy is more desirable than abandoning it altogether, especially if a statistical approach is taken. Thus, if examining every container at a port of entry is prohibitively costly, then a sampling rate of, say, x percent can be used, with the value of x being commensurate with the assessed risk level. With advances in technology (e.g., micro-electro-mechanical systems, sensor motes, sensor networks, wireless communications, radio frequency identification tags, pervasive computing, and robotics), new devices can be developed to acquire data that may result in the, hopefully early, detection of a natural, accidental or willful incident. Of course, data are just that -data. As discussed in the next section on decision informatics, it takes a careful fusion and analysis of the various data streams to obtain information concerning whether an incident is indeed being detected. Additionally, it is critical that such devices are not compromised. For example, it has been shown that the passive digital signature transponders employed in a number of radio frequency identification (RFID) devices -including vehicle immobilizer keys and SpeedPass-type payment systems -can be successfully attacked with cryptanalytic techniques. Detection is a critical stage in the life-cycle of a disruption. An alert should be issued if there is ample evidence that an impending disruption may occur. With adequate prior preparation, such an alert should not cause panic but instead begin to mobilize the response resources and, if appropriate, initiate the prevention or mitigation action of evacuation. In fact, if a potential disruption is detected early enough and preventative counter measures can be effectively deployed, then there may not be a need to go to a full-blown response stage. Consequently, more attention should be focused on detection; it could certainly lessen the impact of a disruption and mitigate, if not obviate, the need for a response. How prepared are urban centers to responding to terrorism in the post 9/11 era? The Rand Corporation (Davis et al., 2004) undertook a 2002 survey and found that law enforcement agencies which perceived the risk of a terrorist attack to be higher for their jurisdiction were more likely to undertake steps to improve their corresponding response preparedness. It also found that law enforcement considers the most likely threats to be chemical, biological, or conventional-explosives attacks. Indeed, following 9/11, large cities, especially New York City (NYC), are becoming better prepared, if not coordinated. The lessons learned from the August 14, 2003, northeast power outage also helped the NYC Office of Emergency Management (OEM) develop and adopt a Citywide Incident Management System (CIMS), a formal management structure designed to better organize the City's response to future emergencies. With a unified command matrix and a common understanding of terminologies, roles and responsibilities, the CIMS parallels DHS' National Incident Management System (NIMS) (DHS, 2004(b) ). An important aspect of response concerns how the various data inputs are fused, analyzed and appropriately modeled and presented to the decision makers in a timely manner at both the scene and the command and control centers. The presentation format must facilitate cognition and should not be underestimated, whether it be displayed on a computer or personal data assistant, or visualized on a map, or verbalized in a conversation. Unfortunately, urban centers are, for the most part, ill prepared in this regard. Although, for example, NYC's OEM has a Emergency Operations Center (EOC) where all city agencies plus some state and federal agencies are represented during a crisis situation, periodic situation reports take over an hour to compile from different agency inputs using the E-Team software. These reports -including input from NYC's Citywide Assets and Logistics Management System (CALMS) -are to provide decision support (to the OEM Commissioner and the Mayor) and logistics support (to the field personnel requiring resources). Unfortunately, the reports reflect a minimum amount of data fusion and analysis and cannot be produced in real-time. Another important aspect of response concerns the immediate establishment of a moveable emergency staging and medical triaging center at or near the disruption site; the center should, of course, be staffed by pre-trained experts. Yet another critical response issue is the repositioning of the unencumbered resources for another attack or in response to other incidents. Media management is likewise critical to the response function, especially since it is the communication link to the citizenry-at-large. There is obviously a fine line between timely sharing of information and delaying that sharing in order to ascertain its accuracy. While unnecessarily panicking the citizenry is not helpful, withholding information, even temporarily, that might affect the citizens' security and safety is also inappropriate, if not illegal. Simulated training in this difficult area is clearly required. Depending on the nature of the disruption, alternate recovery steps can be taken. For example, damage to, say, the Wall Street financial system would require careful reconstruction or recovery of the vital data, most of which should have been backed up on an off site server. Rebuilding of a physical structure would, of course, require more intense planning and execution. No matter what the disruption is, the first step is to stabilize the situation and then to ascertain the damages. The next necessary step is to determine the resources -including state and federal aid, as well as commercial insurance payouts -required to adequately, if not fully, recover from the disruption. The amount of resources is, of course, also subject to the stated rules and regulations governing their availability. Again, having access to knowledgeable and pre-trained experts in this area would minimize victim frustrations and facilitate the recovery effort, which could take months, if not years, to carry out. In critically reviewing the disruption characteristics in Table 2 and related decisions identified in Table 3 and 4, it is obvious that real-time, information-based decision making is needed for addressing major disruptions, especially in regard to terrorist acts that are quite adaptive in reality. Alternately, what is needed is, as depicted in Figure 1 , a decision informatics paradigm. That is, the nature of the required real-time decision (in connection with each of the six stages of a disruption) determines, where appropriate and from a systems engineering perspective, the data to be collected (possibly, from multiple, non-homogeneous sources) and the real-time fusion and analysis to be undertaken to obtain the needed information for input to the modeling effort which, in turn, provides the knowledge to support the required decision in a timely manner. The feedback loops in Figure 1 are within the context of systems engineering; they serve to refine the analysis and modeling steps. Thus, decision informatics concerns three related issues (i.e., decisions, data and information) and is underpinned by three multi-disciplines (i.e., data fusion and analysis, decision modeling, and systems engineering). In abbreviated form, there are six steps in the decision informatics process: decisions, data, analysis, information, models, and systems. These six steps are summarized in Table 5 . Before highlighting below some of the concerns at each step, it should be noted that decision informatics is, as a framework, generic and applicable to most, if not all, decision problems. Furthermore, since any data analysis or modeling effort should only be undertaken for some purpose or decision, all analyses and modeling activities can be viewed within the decision informatics framework. In short, decision informatics represents a decision-driven, information-based, adaptive, real-time, human-centered, integrated and computationally-intensive approach to intelligent decision making by humans or software agents. Consequently, it can be very appropriately employed to address decisions at the preparation, prediction, prevention, detection, response, and recovery stages of an urban disruption. As noted earlier, effective urban emergency management is not only about making the right decisions; it is also about making timely decisions. For example, moving analysts closer to the decision maker would be most helpful in a real-time environment where management failures and communications breakdowns are more prevalent given the heightened pressures of time, urgency and criticality. This would be especially pertinent at the operational level (which, as indicated earlier, includes the detection and response stages of a disruption) where decisions must be made in real-time. On the other hand, at the tactical level (which includes the prediction and prevention stages of a disruption), decisions must be made in terms of days, if not hours; and at the strategic level (which includes the preparation and recovery stages of a disruption), decisions must be made in terms of months, if not weeks. No matter at what level a decision is made, it is critical to note that steady state analysis or models are of limited use in addressing the emergency management of urban disruptions. Although decision support models focus on helping one or more decision makers to make the best informed decisions, it should be noted that most decisions are made in a collective, if not collaborative, manner among a group of decision makers. This is especially true in the public sector where elected officials depend on their appointees to help them make the decisions, subject to a number of other constraints -including political, budgetary and social equity issues -that may not be implicitly considered in the models. Clearly, in terms of a major urban disruption, collective or group decision making occurs at every stage of a disruption's life cycle, from preparation to recovery. The National Science Foundation's recent focus on advancing collaborative systems is helpful in this regard. Sensors acquire data; they could be in the form of humans, robotic networks, aerial images, electronic signals, and other measures and signatures. In regard to tsunamis, for example, seismographs, deep ocean detection devices with buoy transmitters, and/or tide gauges can all sense a potential tsunami. Other sensors are being developed to detect weapons of mass destruction. One such effort is being undertaken by CombiMatrix; under a $10 million funding, a computer chip is being developed that can sense up to 20 different threats, from biological agents like anthrax to deadly chemicals and radiation. However, as noted earlier, data are useless unless access to and analysis of the data are in real-time and, moreover, the findings are also transmitted in a timely manner to a public which should have been prepared to react appropriately and not in a panic. There were clearly gaps in the preparation, detection, response and recovery stages of the 2004 South Asia Tsunami. More recently, data warehouses are proliferating and data mining techniques are gaining in popularity. No matter how large a data warehouse and how sophisticated a data mining technique, problems can, of course, occur if the data do not possess the desirable attributes of measurability, availability, consistency, validity, reliability, stability, accuracy, independence, robustness and completeness. Indeed, 9/11 might have been thwarted if a more robust and system-oriented passenger screening system were in place instead of the 1998 initiated CAPPS program (which employed a computer-based formula to identify potential terrorists based on a number of variables), a program that had already experienced a drastic cutback, and, moreover, had not been uniformly used by the airlines. Hopefully, most of these deficiencies have been corrected in the current Transportation Security Administration's CAPPS II system. To be more specific and as illustrated in Table 5 , the definition and collection of data must be motivated by the decisions that must be made based upon the information that is obtained from the processing (i.e., fusion and analysis) of the data. More importantly and from an urban emergency management perspective, a collaborative, decision-driven data base management system must be developed that can electronically access locally-generated data and provide appropriate information (through data fusion and analysis algorithms and decision support models) for real-time, distributed decision making. It should be noted that currently available collaborative software systems (e.g., E-Team) are stand-alones that are neither directly interfaced with critical data sources nor supported by appropriate decision-oriented algorithms and models. Data fusion and analysis methods include probability, statistics, quality, reliability, fuzzy logic, multivariable testing, pattern analysis, etc. as well as the mining, visualization and management of data, information and knowledge. However, the fusion and analysis of data to yield valid information or intelligence is not only about the application of these methods; it is also about specialized analysts who have, as examples, the linguistic skills to translate important data, the ability to develop software agents to troll the Web (especially the forthcoming Semantic Web with its definitional tags) for valuable information, and the cultural or religious background to interpret the data. In short, it takes a terrorist mind to help develop appropriate data fusion and analysis techniques and then to recognize the relevant information gleaned from the analysis, as well as to help make informed decisions to prepare for, to predict, to prevent, to detect, to respond to, and to recover from a potential terrorist act. The National Visual Analytics Center, established by DHS in 2004 under the auspices of the Pacific Northwest National Laboratory, is developing tools that are capable of creating images from complex multidimensional data which, in turn, could enable analysts to effectively fuse and analyze data streams containing structured and unstructured text documents, measurements, images and video data. Obviously, such tools would be invaluable in the prevention and detection of terrorist acts. The fusion and analysis of qualitative and quantitative data take on an extra dimension of difficulty when both steps have to be undertaken in real-time (Hu and Tien, 2004) . In business, a strengths, weaknesses, opportunities and threats (SWOT) analysis is undertaken to obtain valid information that can be used to make informed business strategies. Likewise, effective security strategies can be identified by using a similar information-based approach. Thus, S-O strategies could focus on prevention opportunities that are a good fit to the law enforcement strengths of, say, a city; W-O strategies could focus on overcoming preparation weaknesses by pursuing cooperative regional opportunities; S-T strategies could focus on ways that the city can use its firefighting strengths to reduce vulnerabilities to another 9/11 threat; and W-T strategies could focus on a security and reliability plan to prevent the city's interdependent infrastructure weaknesses from making it highly susceptible to external terrorist threats. As noted in Table 5 , information has the same sets of attributes, sources, and issues as data; however, information is processed data and could be in terms of derivations, groupings or patterns. In general, information technology has transformed large-scale informationreally data -systems from being the "glue" that holds the various units of an organization together to being the strategic asset that provides the organization with its competitive advantage. However, as alluded to earlier, while information technology can transform a data poor situation into a data rich environment, the fact remains that the data need to be effectively and efficiently fused and analyzed in order to provide appropriate information for decision making. Thus, in order to overcome the somewhat embarrassing data rich, information poor (DRIP) problem that Tien (2003) forewarned, it is critical to develop more sophisticated data fusers and data analyzers that could yield the information or knowledge for making smart choices. In essence, information technology is a necessary, but not sufficient, condition for robust and timely decision making; the sufficient condition is one based on decision informatics. Data must be processed to yield timely information on threats, vulnerabilities to these threats, and the possible resultant risks or damages, including mortality, morbidity, physical, environmental, and financial consequences. The results of any analysis must support the cognitive process of mental visualization, capable of creating images from complex multidimensional data, including structured and unstructured text documents, measurements, images and video. Moreover, creating and communicating a mental image common to a team of emergency responders facilitates collaboration and leads to more effective decision making at all levels, from operational to strategic. As noted above, at the operational level, there is a need for real-time decision support models. In such a situation, it is not just about speeding up the models and their solution algorithms; indeed, steady state models become irrelevant in a real-time environment. In essence, it concerns reasoning under both uncertainty and time constraints. Santos and his colleagues have contributed extensively to this area: they (Santos, 1996) have employed linear potential functions to approximate solutions to decision problems cast as Bayesian networks; they (Santos and Young, 1999) have formulated uncertain temporal reasoning without the use of Markov models and yet have been able to elegantly cope with the resultant combinatorial overhead; and they (Santos et al., 2003) have developed a seminal way of incrementally updating Bayesian knowledge bases. These efforts are closely aligned with evolutionary models, also known as genetic algorithms that work in a manner similar to biological evolution or natural selection. The algorithms are based on a seminal paper by Holland (1962) that posited a logical theory for adaptive systems. However, these algorithms did not become a viable tool until computers became powerful enough to start with equations that offer potential solutions, then mutate them repeatedly in an evolutionary manner until a solution emerges that best fit the observed data. Today, evolutionary algorithms have been employed to coordinate airport operations, to develop assembly line schedules, to enhance autonomous operations in unmanned aircrafts, and to determine sniper locations while on patrol in Iraq. The question remains: could such adaptive models help urban centers detect and respond to a major disruption? Certainly, adaptive models are better suited to dealing with changing situations and threats than the more traditional descriptive or prescriptive models. Nevertheless, evolutionary algorithms must be further developed and become more dynamic in their adaptiveness in order to capture the equally adaptive or elusive behavior of terrorists who are experts at modifying their actions and avoiding detection. At a more tactical level and as Larson (2004 Larson ( , 2005 details, there is a range of decision models for emergency response planning. Indeed, response to an emergency is about allocating or reallocating resources, which is the essence of operations research -a science that helped the U. S. minimize shipping losses during World War II, brought efficiencies in production, and developed optimal scheduling of police and firefighters. Actually, much of the urban emergency response modeling came out of the efforts of the New York City-RAND Institute (NYCRI), a 1968-1975 partnership between the RAND Corporation and New York City (Green and Kolesar, 2004) . For example, the NYCRI fire allocation model, developed almost 30 years before 9/11, was invaluable in helping New York City deploy and redeploy their fire resources on that fateful day. Another set of critical tactical models includes those that can simulate, as examples, the impact of an airliner hitting a chemical plant, the dispersion of radioactive material following the explosion of a dirty bomb, and the spread of illness due to a contaminated water supply. At the strategic, policy or preparedness level, there are a number of appropriate models that can support such decisions. As examples, Kaplan et al. (2002) developed a set of complex models to demonstrate that the best prevention strategy to a smallpox attack would be to undertake immediate and widespread vaccination; Wein et al. (2003) similarly advocate for a widespread dispersion of antibiotics following an anthrax attack; and Yu et al. (2003) developed an effective airline recovery algorithm that can be applied following an extended halt in operation, as happened in 9/11. Unfortunately, models, including simulations, dealing with infrastructures and their interdependencies are still relatively immature and must be the focus of additional research and development. Such "system of systems" models will, undoubtedly be very complex and will require a multidisciplinary approach. Systems engineering is about integrating products, processes and operations from a holistic perspective, especially human-centered systems that are computationally-intensive and intelligence-oriented. It can be considered a multidiscipline that addresses a system from a life-cycle and cybernetic (i.e., feedback and control) perspective. A critical aspect of systems engineering is system performance; it provides an essential framework for assessing the decisions made -in terms of such issues as satisfaction, convenience, privacy, security, equity, quality, productivity, safety and reliability. Given the interdependencies of urban infrastructures, it is especially crucial to address an urban disruption from a systems perspective. Indeed, even within an infrastructure or system, one needs to address it from a holistic framework, especially in regard to weak links in the system. For example, although the airline industry has significantly increased the security screening of passengers and luggage at major airports, it may still be possible for a terrorist to enter the system through a regional airport where screening is not as thorough. Nevertheless, undertaking systems engineering within a real-time environment will require -as with decisions, data, analysis, information and modeling -additional research and development. A fundamental underpinning of a democratic system is personal privacy. It is obvious that every time one uses a credit card or an electronic device to enter a building or to get by a toll booth, one is giving up personal data, some of which are being compiled by a number of intelligence-oriented companies (e.g., Acxiom, ChoicePoint and Seisint). These companies, initially established to help market products, are apparently filling the void left by the Pentagon's Total Information Awareness program, which Congress cancelled in 2003 after it became a lightning rod for privacy advocates alarmed about unchecked government surveillance. O'Harrow (2005) takes a look at this trend and warns that such surveillance programs reflect a shadowy new alliance between private sector firms and government agencies, one that is unaccountable and allows for no due process and redress when one is being unfairly harmed or compromised. Following the 9/11 attack on the U. S. homeland in 2001, the U. S. Homeland Security Act of 2002 (Public Law 107-296, 2002) was immediately passed; it established the Department of Homeland Security (DHS) with a mission to "a) prevent terrorist attacks within the United States; b) reduce the vulnerability of the United States to terrorism; and c) minimize the damage, and assist in the recovery, from terrorist attacks that do occur within the United States." Additionally, a number of high level reports have been published on how to make the homeland more secure from future acts of terrorism. The U. S. National Academies formed a Committee on Science and Technology for Countering Terrorism (2003); it strongly urged, among several other important recommendations, a risk or decision based approach to measuring and countering terrorism, and it also helped to define the Directorate of Science and Technology that is now a part of DHS. More recently, the National Commission on Terrorist Attacks Upon the United States (2004) recommended the establishment of a National Counterterrorism Center -with a National Intelligence Director -to unify all counterterrorism intelligence and operations across the foreign-domestic divide in one organization. The strategic goals of DHS (2004(a)) include i) awareness (i.e., identifying and understanding threats, assessing vulnerabilities, determining potential impacts and disseminating timely information to security partners and the public); ii) prevention (i.e., detecting, deterring and mitigating threats); iii) protection (i.e., safeguarding the people and their freedoms, critical infrastructures, property, and the economy from acts of terrorism, natural disasters, or other emergencies); iv) response (i.e., leading, managing and coordinating the national response to acts of terrorism, natural disasters, or other emergencies); v) recovery (i.e., leading national, state, local and private sector efforts to restore services and rebuild communities after acts of terrorism, natural disasters, or other emergencies); vi) service (i.e., serving the public effectively by facilitating lawful trade, travel and immigration); and vii) organizational excellence (i.e., creating a culture that promotes a common identity, innovation, mutual respect, accountability and teamwork to achieve efficiencies, effectiveness, and operational synergies). Not surprisingly, the first five of the above identified seven DHS goals cover the earlier detailed six stages of a disruption. As stated in two related Presidential directives (U. S. President, 2003(a,b) ), the National Response Plan (DHS, 2004(c) ) establishes a comprehensive all-hazards approach to enhance the ability of the nation to manage domestic incidents. The National Response Plan (NRP) incorporates best practices and procedures from incident management disciplines-homeland security, emergency management, law enforcement, firefighting, public works, public health, responder and recovery worker health and safety, emergency medical services, and the private sector-and integrates them into a unified structure. It forms the basis of how the federal government coordinates with state, local, and tribal governments and the private sector during incidents. It establishes protocols to help i) save lives and protect the health and safety of the public, responders, and recovery workers; ii) ensure security of the homeland; iii) prevent an imminent incident, including acts of terrorism, from occurring; iv) protect and restore critical infrastructure and Types of Disruptions key resources; v) conduct law enforcement investigations to resolve the incident, apprehend the perpetrators, and collect and preserve evidence for prosecution and/or attribution; vi) protect property and mitigate damages and impacts to individuals, communities, and the environment; and vii) facilitate recovery of individuals, families, businesses, governments, and the environment. Further, to enhance the ability of the nation to manage domestic incidents, a single, comprehensive National Incident Management System (NIMS) has been established (DHS, 2004(b) ). The NRP is predicated on the NIMS; together, the NRP and the NIMS provide a nationwide template for working together to prevent or respond to threats and incidents regardless of cause, size, or complexity. The Department of Homeland Security (DHS) is organized into four major directorates: Border and Transportation Security (including sensors, signals, passenger profiling, and prevention tactics), Emergency Preparedness and Response (including preparation, prediction, prevention, detection, response, and recovery), Information Analysis and Infrastructure Protection (including data fusion and analysis, disruption modeling, performance versus cost analysis, vulnerability/risk assessment tools and systems considerations), and Science and Technology (including biometric systems, weapons detection systems, and satellite image systems). DHS actually out sources many of its activities through contracts and grants -to federal laboratories, government agencies, and private organizations. In April 2004, the $130M, 4.5-year Homeland Security Institute was established at Analytic Services, Inc. or ANSER, a systems engineering "think tank" modeled after the RAND Corporation. Additionally, through the Office of University Programs within the Science and Technology Directorate, DHS is engaging the academic community to create learning and research environments in areas critical to homeland security. DHS is investing in university-based partnerships for two reasons. First, to bring together the nation's best experts and to focus its most talented researchers on a variety of threats that include agricultural, chemical, biological, nuclear, explosive and cyber terrorism as well as the behavioral aspects of terrorism. An equally important reason to engage the academic community is to enhance the nation's knowledge capacity and people resources to deal with natural disasters, accidental tragedies and willful acts through relevant education and training. Labeled Homeland Security Centers of Excellence, it is helpful to consider them within the three dimensional -types, stages and decisionsframework discussed in the previous sections of this paper. As depicted in Figure 2 , this framework identifies 3 by 6 by 6 or 108 possible foci for study consideration. Thus far, four Homeland Security Centers of Excellence have been established, while a fifth one is forthcoming. As summarized in Angeles -and 10 other academic institutions in the U. S. and abroad. This 3-year, $12 million effort is focused on understanding the social and behavioral aspects of terrorism so as to disrupt the formation of terror networks and to minimize the impact of future attacks. The solicitation for a fifth center, entitled Homeland Security Center for the Study of High Consequence Event Preparedness and Response, has just been released in January 2005; it will also be a 3-year Center, funded at a $15 million level. The Center is to perform research on how to prepare for high consequence events, especially in regard to acts of terrorism and the use of weapons of mass destruction (WMD), as well as on how to enhance the capabilities of first responders and others. Table 6 also identifies the foci of these five academic centers in regard to the types of disruption, the stages of a disruption, and the decisions associated with a disruption. As expected, willful acts constitute the focus of all five centers, while accidental tragedies constitute the focus of three of the centers, and natural disasters constitute the focus of two of the centers. In regard to the six stages of a disruption, three of the stages -preparation, prediction and prevention -are dealt with by all five centers, response is dealt with by four centers, detection is dealt with by three centers, and recovery is dealt with by two centers. Finally, as also might be expected, all six stepsdecisions, data, analysis, information, modeling and systems -in the decision informatics process are necessary in each center's approach to their respective problem foci. Securing the homeland from damaging willful acts is a matter of tradeoffs. It is a tradeoff between security and people; in particular, people's privacy, civil liberties and quality of life. It is a tradeoff between security and infrastructures; in particular, infrastructures that are highly interdependent. It is a tradeoff between security and commerce; in particular, commerce that is based on highly efficient and non-redundant processes. In short, it is a tradeoff between security and a free society. Interestingly, the tools or technologies that underpin a modern society are likewise the weapons that can be used to undermine, if not destroy, society. Biological, chemical and nuclear breakthroughs can also be considered to be weapons of mass destruction; the highly effective Internet provides a medium for cyber viruses, hackers and spammers; and airplanes are employed as missiles against people, infrastructures and commerce. The decision informatics approach to urban emergency management that is detailed herein can clearly address a number of vulnerabilities, including natural disasters, accidental tragedies and willful acts. Several comments should be made in regard to this approach. First, it is multidisciplinary in nature; obviously, depending on the problem being considered, it requires experts from many disciplines. Second, it is evolutionary in practice; as a problem becomes better understood, the approach could be better refined and made more expeditious. Third, it is systemic in scope; it seeks to consider a problem from different perspectives, in terms of, as examples, efficiency and reliability, public and private goals, and domestic and international concerns. The purpose of this paper, then, is to augur for the development of decision technologies that can be employed to prepare for a major disruption, if not predict and possibly prevent the disruption. Such technologies should also detect the disruption, identify the responses required to deal with the resultant situation, and then, following the disruption, specify the recovery steps that are necessary to satisfactorily recuperate from the disruption. Real-Time decision support for emergency management: an integration of advanced computer and communications technology An intrinsic assessment and comparison of biometric systems through wavelet analysis Making The Nation Safer: The Role of Science and Technology in Countering Terrorism Committee on The Role of Information Technology in Responding To Terrorism When Terrorism Hits Home: How Prepared Are State and Local Law Enforcement? Securing Our Homeland: The DHS Strategic Plan National Incident Management System National Response Plan DHS, Office of State and Local Government Coordination and Preparedness Improving emergency responsiveness with management science Outline for a logical theory of adaptive systems Real-time fusion and analysis of multiple non-homogeneous data streams Emergency response to a smallpox attack: the case for mass vaccination Emergency Response for Homeland Security: Lessons Learned and the Need for Analysis O. R. models for homeland security Decision models for emergency response planning National commission on terrorist attacks upon the united states No Place To Hide Public law 107-296, as amended, Homeland Security Act of On linear potential functions for approximating bayesian computations Probabilistic temporal networks: a unified framework for reasoning with time and uncertainty Implicitly preserving semantics during incremental knowledge base acquisition under uncertainty Terror's server Towards a decision informatics paradigm: a real-time, information-based approach to decision making Presidential Decision Directive NSC-63 Executive Order on Critical Infrastructure Protection Homeland Security Presidential Directive (HSPD) 5 Homeland Security Presidential Directive (HSPD) 8 Decision support systems for disaster management Emergency attack to an anthrax attack A new era for crew recovery at continental airlines