Concepts of T&V

Essential Philosophical Concepts of Threats and Vulnerabilities

By Roy D. Follendore III

February 12, 2006

Many people attempt to maintain the concept of a probable threat as something that is tangible. In other words, they look at probability as a tangible asset or liability, as though there is something always exists to be threatened and therefore anything that is perceived as threat, must threaten something, even if that something doesn’t exist. For instance, if you were to be threatened by someone who says that something you do not yet know or possess will be stolen, then what is to be stolen represents a probability of vulnerability. For these people, probability exists as a tangible physical reality, and therefore the threat is tangible, physical and real. The perception of threat has been formed in their minds and remains persistent.

Let’s do a thought experiment about perception. Suppose as an art project we were to create a threat machine. In effect we create a program that makes threats. In one database were to put a list of actions that may or may not threaten others. In another we were to put a list of candidates that may or may not carry out those actions. In between we were to write software that appropriately connects up those ideas, such as, “are going to,” or “will be” or “shall be.” A pseudorandom number seeds the software such that there is no logical association between the relationships of input and output. The machine has been designed such that no-one knows what it is producing and neither does the person who programmed the software. After some period of time the statement pops out… “X is going to Y your car.” ; Where X is a terrorist group, and Y is a destructive terrorist action.

Does this constitute a threat? Does context fashion reality? What if this computer program were running on a stand alone computer as part of an art exhibit in an art gallery? What if it were running as part of a classified Homeland Security project which was attempting to define all of the potential communications that a terrorist might have with the general public?

(Keep in mind that what I have been talking about with respect to security is the physical existence of risk. I have not been discussing the legal definition of threat as defined within the law. The notions of the law are often the result of a maze of conflicting prior rulings that produce decisions that are out of touch with physical reality.)

There are two paths to the explanation of our perception of physical phenomena, one is physical and the other is metaphysical. Metaphysical approaches to explanations while sometimes interesting and even psychologically useful for human creativity become unsustainable within a valid scientific inquiry of a hypothesis. To be rational and scientifically explainable the physical reality of security must be an ordered process such that it is only reasonable that first the vulnerability must come into existence and then the threat to exist.

However, this does not mean that complexity does not exist because threats, like vulnerabilities come in flavors and are defined as catastrophic or non-catastrophic and to make things more difficult, the existence of an ‘intentional’ or ‘unintentional’ threats does not have to have to have involved communication. In addition, it has been my observation that when threat and vulnerabilities are carefully examined, the notion of viable threats usually involves multiple exploitable vulnerabilities.

Within the physical world threats represent second order dependent probabilities which lead to tangible physical events. They only exist after the existence of something else which allows them to exist and because of this they require the existence of another probability.

If it were not true then the inconsistency in our concept of security would require that everything would be a threat and by allowing that nothing could be. The same would be true for vulnerabilities. In defining the nature of threats and vulnerabilities for the purposes of security, we must constantly be on guard of our role. A psychic who claims that someone will fall off of a cliff tomorrow neither defined the threat nor the vulnerability, even if the event were to occur, unless there is participation on the part of the victim. Threats and vulnerabilities must both be viable causal relationships in order to be considered rational. While threats and vulnerabilities must coexist to affect a result, it is not necessary that they be known or communicated.

Man has always been threatened by nature’s unknowns. Asteroids threaten mans existence. Some of nature’s threats are also intentional. For instance, a wild beast might use its intelligence to intentionally track down a man. Man had to have the ability to understand and cope with the relationships of threats and vulnerabilities in order to come out of the caves, survive and flourish.

What I might call the “Terrorist Fallacy” is that we believe that we do not participate in the threats as well as the vulnerabilities that we perceive.

Regardless of how much we may be used to projecting our reality into the future, probability is not reality. As other great minds have properly stated, probability begins and ends with probability. We all exist within a system. We may choose to make probabilities independent, but we can only do that when and if we either ignore or are ignorant of interdependent facts. This presents us with “windows’ of opportunity for threats and vulnerabilities.

For example, every day the traffic barrels along on the highway near my home. This is consistent evidential fact which represents the best kind of predictable probability. Today I checked and there was not one single car on the highway. The dependency of traffic is the absence of ice and snow and that is dependent on the availability of salt, trucks, sand, drivers, gasoline, pay and any number of interdependent things. There is no doubt that at the moment I made this observation this morning. At that moment I might have gone out and made snow angels in the middle of the highway without a threat of being crushed by a passing vehicle. There is also no doubt that this was not true just a few hours later.

The fact that we are left with is that that threats and vulnerabilities coexist with interdependent probabilities which are often unknown in advance of that physical event which comes from their relationship. This is the reason why threats and vulnerabilities are often treated as independent probabilities.

Within this essay I have attempted to make a statement that communicates the nature of practical security with respect to the concept of threats and vulnerabilities. I have attempted to speak about the philosophy of these issues in ways that can be useful in resolving the conflict that currently exist with respect to the best use of our assets in our defense. The fact shall always remain that within a free society there will never be enough resources to protect us from all possible threats. Without the proper philosophy, even our so called security experts are doomed to participate in an investment of new threats and vulnerabilities.

.