July 15, 2019

Growing risks from malicious drones

Recent drone attacks in Saudi Arabia dramatically illustrate several key issues relevant to terrorist and security risk assessment. This should be enough to cause private entities, governments and insurers to reassess their prior risk assessments and security planning around important infrastructure, iconic buildings and large scale events.

According to Aljazeera, the drone used in the Saudi pipeline attack “flew more than 800km into Saudi Arabia to successfully attack its target . . . [and] was guided using satellite technology.” As Aljazeera further noted, “This implies increasingly sophisticated levels of training.” Couple the foregoing with a recent U.N. report indicating that Houthi drones can fly up to 1,500km with a 40-pound warhead and a statement by the FAA that anti-drone security technology is still developing, and it should be apparent that a risk that may have been only theoretically considered now seems to be very real.

Anyone with even a cursory knowledge of risk assessment can readily see the potential dangers posed by a 40-pound bomb capable of traveling up to 1,500km with GPS targeting capability. But should we be surprised? I think not.

Terrorist innovation and tactical learning are not new. Almost 25 years ago, Ramzi Yousef hid liquid explosives in contact lens solution containers and coupled that with a timer made from an inexpensive Casio watch to hatch a plot that resulted in the death of one person. Fortunately, the plot was disrupted before 12 airliners were destroyed over the Pacific.

Terrorists and other malevolent actors have long used their technical expertise to transform technology that is intended to better our lives into a means for destroying life and societal bonds. For more than 40 years, cars and trucks have been loaded with explosives or just used as a direct means of killing innocent persons all over the world. And 9/11 illustrates how aircraft that serve to bring the world closer together can be used to kill thousands and make the world move a little further apart.

The point is that terrorists innovate and learn from prior attacks. We underestimate them at our peril and increase the attractiveness of a target when we fail to implement measures to deal with the potential disruption and damage that they intend to cause.

There are readily available measures that can be taken to minimize both the damage and disruption to critical infrastructure. First-party damage and disruption can be the subject of insurance coverage that will allow rapid repair and minimize disruption. Third-party damage and liability claims can also be addressed by insurance, as well as by implementing or cooperating in the deployment of defensive measures that will assist government actors fulfill their role as providers of a national defense.

Recognizing and respecting the governmental role in defending persons and property is also of critical import. My own experience in this area has long convinced me that terrorist attacks by truck, plane or drone are akin to acts of war and that these attacks target government policies far, far more than individual businesses interests. The long-established role of governments is to defend their people and infrastructure. And, cooperation with government defense efforts is what responsible citizenship demands. When private parties and government actors recognize and fulfill their respective roles, they not only help minimize their vulnerability but also lay the cornerstone for defending their actions should they ever be targeted.

Insurers, insureds and government actors working together not only minimize the pre-attack risk but also the post-attack disruption that oftentimes proves more destructive than the physical damage caused by the attack itself. Indeed, when it is considered that the ultimate goal of terrorism is to destroy societal bonds, strengthening those bonds both before and after an attack takes place may prove to be the most effective deterrent and antidote to the terrorist disease that plagues the world today. That process starts with a rational and realistic risk assessment and then continues with the implementation of the mitigation measures deemed appropriate. It’s never too late to start that process but far too late to consider these rapidly emerging risks as something that can be dealt with in the far-off future.

This article was first published in Insurance Thought Leadership.