(Part 1 provided some history and identified principal challenges with the current HSAS; Part 2 offers some suggestions for the next version of HSAS.)

Ex-Homeland Security Director Tom Ridge unveiling the original color-coded terrorism warning system on Tuesday, March 12, 2002. (AP photo)

Related Articles: What is the Future of the Homeland Security Alert System? Part 1 of 2 Colors could disappear from terror alert system

What should the Homeland Security Alert System (HSAS) look like in the future? Should it even exist? One could make a strong argument for saying “no” to the latter question.

As discussed in Part 1, the challenges facing a system that’s intended to provide “a comprehensive and effective means to disseminate information regarding the risk of terrorist attacks to Federal, State, and local authorities and to the American people” are substantial and may not even be achievable in anything resembling what we currently have. That doesn’t mean it’s a lost cause, but it is a call for revised expectations.

A warning system, by definition, combines notification with protective action. If the purpose is simply to alert people, recipients must be able to understand what it does and doesn’t say and where to turn for information. If the goal is to convey information, warning systems are not the best way to do that if the information is not directly, and temporally, related to a specific threat.

The best analog is how the National Weather Service communicates hazard information based on confidence level, time sensitivity and reasonable transparency. The NWS structure employs recognizable, consistent tiers with common terminology (Advisory, Watch, Warning, with some broader terms, such as Special Weather Statement), and precision and accuracy are acknowledged to decrease with increasing future projection and areal extent (3-day vs. 7-day vs. 30-day; local vs. regional vs. national). The tiered Advisory/Watch/Warning structure also reflects increasing specificity in time and space and the need for protective action.

The agency (NWS) that provides forecasts and alerts also provides public education well in advance (without warnings), thus reinforcing the concept of one source to turn to — and that offers a lot of potential. An Orange HSAS alert applied across the nation can be problematic, especially in the absence of a specific threat, but an information service can provide a “seasonal forecast” for a region, sector or the nation. This offers an opportunity to lay out whatever can comfortably be publicized about threat assessment, credibility assessment and the decision-making process.

Where the comparisons fade
Analogies aside, weather forecasting and intelligence analysis are inherently different. There’s no shortage of uncertainty in weather forecasting, but intelligence “peaks” are very small and backgrounds very high, and storm warnings don’t deter weather (though they are intended to affect outcomes). Multiple areas may be at risk from the same threat, and it may be impossible to gain desirable resolution within the decision window.

In that respect, HSAS objectives have something in common with preparing for, detecting and warning about other low-frequency, high-potential-impact events such as volcanic eruptions and severe influenza outbreaks. For the latter, it doesn’t have to be a pandemic; a review of seasonal influenza vaccines shows some hits and some misses.

As for volcanoes, the recently updated U.S. Geological Survey Volcano Alert Notification System was modified along the lines of the NWS system. A volcano alert may be based on certain signs, but it’s an open road: Activity could increase and then subside; increase and eventually erupt; increase, subside and erupt; or none of the above.

That puts scientists and government officials in the uncomfortable position of making major decisions in the face of major uncertainty, with a very good chance that there will be no definitive resolution. Sound familiar?

Where to now?
So assuming that we’ve decided that there should be some kind of HSAS, my idealized stab at it would look familiar, starting with an escalating set of alert levels, incorporating the concept of a “normal” baseline, and clearer distinction between daily activities (awareness, alertness, preparedness) and threat-specific directives.

A decision to raise the level would be based on a combination of threat specificity, confidence in the information, identification of desired protective actions, the ability of the target population to take timely protective action and potential negative impacts of an erroneous or no alert, including future loss of credibility for CYA alerts.

Just as important, agencies would still be responsible for determining how best to respond to different threats, and agency preparedness would not need to be level-specific; it could be a menu of escalating steps to address identified threats or needs. Colors are not necessary, but are included as an option.

• NORMAL (GREEN): baseline; absence of specific actionable threat.
o Baseline varies among sectors, for example, transportation (particularly commercial aviation) will always have a higher baseline level than the general public. This will require public education focus, but people are used to this.
o Public education to enhance awareness and encourage alertness and preparedness, understanding that constant alertness in the general population is nearly impossible.
o The public education challenge is to not equate this level with lack of threat, particularly as green is associated with “all clear”.
• ADVISORY (YELLOW): discrete, credible threat (that is, sufficient peak above background) or reasonably elevated threat for a finite period in absence of specific threat (for example, July 4th holiday; winter holidays; special events like inauguration, Superbowl, etc.).
o Primary action is enhanced alertness among the public, specific sectors, public safety agencies. The threat may be diffuse (for example, metropolitan areas, transportation sector).
o Public education would be important, as this would represent the decision to elevate beyond daily routine.
o May generate costs (such as security OT or additional screening), but large-scale protective action would not be deemed necessary/effective at this level.
• WATCH (ORANGE): discrete, credible threat necessitating specific action.
o Specific actions in specific sectors/regions based on threat (such as bridges, transportation portals, financial institutions, mass gatherings).
o Finite duration (duration may not be announced to the public, and may be re-evaluated, but no expectation for maintaining protective actions long-term).
o May be diffuse threat (for example, metropolitan areas, transportation sector).
o May include public education specific to threat and/or protective actions.
o Will generate costs (such as security OT or additional screening) and may generate change to daily public routine (e.g., traffic flow, security checkpoints in specific areas).
• WARNING (RED): discrete, highly credible threat of imminent incident(s) or incident(s) already occurred (likely inferred or actual threat of additional incidents).
o Specific actions in specific sectors/regions based on threat (e.g., bridges, transportation portals, financial institutions, mass gatherings) and/or response to incident(s) and preparedness for additional incident(s).
o Possible extended duration for response/recovery (duration may not be announced to public and may be re-evaluated).
o May be diffuse threat (e.g., metropolitan areas, transportation sector) but must be specific, with finite duration and sufficient credibility to generate definitive action.
o May include public education specific to threat and/or protective actions.
o Will generate significant costs in public and private sectors (e.g., security OT, additional screening) and is likely to generate change to daily public routine (e.g., traffic flow, security checkpoints in specific areas, facility closure, event cancelation, commercial transportation restrictions).

I’m really glad I’m not the one tasked with making these decisions.