Institutionalizing a Risk-Based Approach in the U.S. Border Patrol
Robert D. Schroeder
In 2012, the U.S. Border Patrol transitioned from a resource-based to a new, risk-based approach for measuring border security and informing planning efforts along U.S. borders. This transition was designed to significantly enhance the Border Patrol’s ability to work internally and alongside interagency partners to proactively address the critical capabilities of illicit networks. The Border Patrol recognized that fully institutionalizing the new risk-based approach would require it to define risk in the context of border security, develop standardized risk assessment processes and planning products, and demonstrate how a risk-based approach would meaningfully enhance border security. The processes and tools developed to support the Border Patrol’s risk-based approach enhanced its capabilities for gathering and analyzing information, provided important opportunities for integrating its analytic products with interagency partners, and enhanced its ability to rapidly respond to changes in the threat environment. The continued use and refinement of the Border Patrol’s risk-based approach will institutionalize robust risk management practices throughout the Border Patrol’s organization and culture and significantly enhance its ability to achieve the strategic objectives set forth in the 2012–2016 Border Patrol Strategic Plan.
In 2012, the U.S. Border Patrol released its 2012–2016 Border Patrol Strategic Plan. Historically, the Border Patrol focused most of its attention and resources on high activity areas along U.S. borders and gauged its border security success predominantly on the number of illegal aliens apprehended and pounds of drugs seized. The new Strategic Plan prescribed a transition from the Border Patrol’s legacy activity and resource-based approach to a new, risk-based approach for measuring border security and informing intelligence and operations planning efforts along U.S. borders. Using a combination of quantitative and qualitative data derived and analyzed by leveraging interagency intelligence resources, the Border Patrol began shifting its focus from an awareness of what was happening along the borders, to an understanding of why it was happening, who was making it happen, and how to stop it. This shift was designed to significantly enhance the Border Patrol’s ability to work internally and alongside interagency partners to proactively address the critical capabilities of illicit networks and diminish their capacity to operate, rather than simply displacing criminal traffic to other areas along the U.S. border.
The Border Patrol’s new Strategic Plan required the enhanced use of “information, integration, and rapid response to develop and deploy new and better tactics, techniques, and procedures to achieve the Border Patrol’s strategic objectives.” In this context, the Border Patrol recognized that fully institutionalizing the new, risk-based approach would require the development of standardized processes and tools to organize and analyze information on all relevant threats―including the Border Patrol’s knowledge and capabilities related to those threats―to develop risk-based plans for targeted and steady-state operations.
Defining the Problem
The first critical step the Border Patrol took to execute its risk-based approach was to define what ‘risk’ meant in the context of border security. The concept of risk has many meanings and can be applied in numerous contexts. In the insurance industry, risk can describe the potential for a person to contract a disease, a driver to get into an automobile accident, or a house to flood during a storm. In the shipping industry, risk can be examined based on the potential for a ship to encounter dangerous weather or be attacked by pirates. In the fire service, risk can describe the potential for a fire to evolve into a conflagration or an accident to produce a hazardous materials incident.
The Department of Homeland Security (DHS) defines risk as the “potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences.” Different components of DHS assume responsibility for mitigating different elements of risk under that definition, such as risks to local communities from major disasters and risks to the Nation’s critical infrastructure.
For the Border Patrol, risk assessment involves an examination of the factors that impact border security and the potential that dangerous people and things will enter the United States. This risk is analyzed as a function of threats to homeland security; threats to border security operations and public safety; vulnerabilities of Border Patrol operations, personnel, and the communities they protect; and consequences that could result if threats are not mitigated and vulnerabilities are successfully exploited by adversaries (e.g., transnational criminal organizations or terrorists) or natural events (e.g., disasters or public health hazards). The Border Patrol considers an area to have a low level of risk when the Border Patrol has a high confidence in its situational awareness and understanding of imminent and emergent threats to border security and a high confidence in Border Patrol and interagency capabilities to mitigate those threats.
Developing the Process
The standardization of risk assessment processes and planning products among all Border Patrol field units was the next critical element for fully executing a comprehensive, risk-based approach. Before 2012, the U.S. Border Patrol had no uniform method to identify and address threats; rather, operations were based on historic and current activity levels. Some sectors adopted hybrid versions of Department of Defense (DOD) models—such as the Criticality, Accessibility, Recuperability, Vulnerability, Effect, and Recognizability (CARVER) matrix—to analyze and rank transnational criminal organizations and terrorist organizations based on their relevance to law enforcement actions. Other sectors developed entirely new tools for analyzing the presence, type, and degree of known or suspected criminal activity in their areas of responsibility to determine which organizations represented the highest activity and therefore should be the focus of intelligence collections and enforcement operations.
While the assessment processes adopted by some Border Patrol sectors had value for addressing elements of risk, the lack of uniformity in assessment processes used made it challenging for the Border Patrol to compare notes among different geographic areas and create a comprehensive risk assessment across large sections of the border. Among other things, the incompatible assessment processes inhibited the Border Patrol’s ability to determine when minor problems in multiple sectors stemmed from the same adversary organization and represented a major problem for the Nation. This also inhibited the Border Patrol’s ability to effectively identify where resources could be positioned across the country to effectively and efficiently counter the most significant threats.
The Border Patrol Planning Process
Changing the way the Border Patrol tackled border security started with changing the way Border Patrol personnel analyzed their mission space and approached planning to effectively execute their border security mission. The first step in creating this shift was the development of the Border Patrol Planning Process (BP3). Adapted from the U.S. Army’s Military Decision Making Process (MDMP), the BP3 included a series of steps to help Border Patrol personnel think through what they were trying to do, why it was important, and how they could most effectively get it done. The BP3 provided Border Patrol personnel with a standard process for: defining the problems they were attempting to solve in their AORs, identifying the tasks they needed to perform, analyzing factors within the operational environment that would support or hinder their operations, and developing courses of action to execute their mission.
The Threats, Targets, and Operations Assessment Model
The next step for implementing a risk-based approach was to provide Border Patrol personnel with a tool to perform a comprehensive assessment of the threats in their AORs and the intelligence and operational capabilities they had to counter those threats. To fill this requirement, the Border Patrol developed the Threats, Targets, and Operations Assessment (TTOA) Model. The TTOA Model provided a standard methodology to assess:
- The most likely and most dangerous threats to public safety and the continuity of Border Patrol operations;
- The most critical and significant adversary characteristics;
- The impacts of U.S. and foreign physical, human, and security environments on adversary operations and Border Patrol operations;
- The most significant adversary organizations and individuals affecting border security;
- The knowledge gaps regarding threats and adversary operations;
- The Border Patrol’s capabilities for countering specific elements of transborder threats and adversaries;
- The operational vulnerabilities that impact the successful execution of Border Patrol mission-essential tasks; and
- Recommended actions to mitigate interagency knowledge and capability gaps.
The TTOA Model was designed to be completed by an integrated team of Border Patrol intelligence, operations, and planning personnel in the AOR, with input and assistance from all relevant headquarters offices, intra-agency components, interagency partners, and subject matter experts. Additionally, Border Patrol personnel were advised to leverage all available relevant data, statistics, intelligence products, and subject matter expertise—from within and outside the Border Patrol—to complete the assessment.
Intelligence Preparation of the Operational Environment
Once all information on specific elements of threats and countermeasures were gathered, organized, and assessed through the TTOA, Border Patrol personnel needed a way to contextualize that information in the unique physical, human, and security characteristics of their AORs. Again borrowing from the U.S. military, the Border Patrol addressed this need through the development of an Intelligence Preparation of the Operational Environment (IPOE), modeled after the DOD Joint IPOE. The IPOE was designed to serve as a platform for describing, for a particular Border Patrol geographic AOR, the following elements:
- The area of interest (geographical area of concern to the Border Patrol, including adversary territory);
- The area of influence (geographical area within which the Border Patrol is directly capable of influencing adversary operations); and
- The area of operations (geographical area within which the Border Patrol performs law enforcement operations).
The IPOE also included how the physical, human, and security elements of the environment impacted both adversary and Border Patrol operations, and the courses of action adversaries were likely to take in the future.
The Operational Implementation Plan
Finally, with a comprehensive picture of adversary and Border Patrol capabilities and operations in hand, Border Patrol personnel needed a mechanism for articulating the specific steps they would take to perform their border security operations, mitigate risks in the short term, and begin to manage risks over the long term. To address this need, the Border Patrol directed the development of an Operational Implementation Plan (OIP) for each sector to describe how the identified risks would be mitigated for the coming year. The OIPs included the specific objectives and tasks to be performed within the AOR, as well as the administrative, logistical, command, control, and communications components and shortfalls related to effective plan execution.
When developing the suite of processes and tools (BP3, TTOA, IPOE and OIP) to support the execution of a risk-based approach, legacy Border Patrol processes were modified as needed so the terminology and structures of all processes were aligned to ensure information could logically flow from one step to the next. This alignment helped the process designers ensure all relevant elements of risk assessment and mitigation/management planning had been appropriately addressed. In addition, the alignment enabled Border Patrol personnel to more easily and effectively navigate through the entire process, creating numerous administrative efficiencies for developing the required written assessments and planning products.
Demonstrating the Impact
In addition to ensuring the processes and tools used by the Border Patrol aligned with each other, each element of the risk-based approach was developed by first researching the methodologies utilized by other DHS components as well as components of the Department of Justice, Department of Defense, Intelligence Community, and other federal, state, local, and international law enforcement and national security agencies. By examining the approaches used by interagency partners, the Border Patrol was able to leverage best practices that already had been field tested and had established ‘proof of concept’ for effectively managing risk. Adopting elements used by partners also enabled the Border Patrol to design processes and generate risk assessment products that could be integrated with analytic products developed by those partners.
Risk assessment process integration was an important feature for facilitating the Border Patrol’s ability to work with the interagency community to develop comprehensive assessments of adversary networks and supply chains impacting U.S. borders. Aligning processes would also support the development of interagency law enforcement and intelligence capability assessments representing the interests of multiple agencies executing unique but interdependent components of the border security mission. In reflecting on U.S. military operations in Iraq, Retired General Stanley A. McChrystal observed that “to defeat a networked enemy we had to become a network ourselves. We had to figure out a way to retain our traditional capabilities of professionalism, technology, and, when needed, overwhelming force, while achieving levels of knowledge, speed, precision, and unity of effort that only a network could provide.“ Aligning the Border Patrol’s risk-based approach with interagency partner approaches was an important first step for achieving the unity of effort General McChrystal described.
Collectively, the processes and tools developed to support the Border Patrol’s risk-based approach greatly enhance Border Patrol capabilities for gathering and analyzing information on important elements of the threat landscape and developing the Border Patrol’s posture to address it. These processes and tools provide important opportunities for integrating Border Patrol analytic products with interagency partners to assess the status and strength of adversary networks, the significance of adversary networks to border security, and the impact of intra- and interagency law enforcement operations on the disruption, degradation, and dismantlement of adversary organizations. These processes and tools further enable the Border Patrol to more effectively develop comprehensive short- and long-term plans to rapidly respond to changes in the threat and proactively adapt operational postures to eliminate vulnerabilities while weighing the impacts of choosing one course of action over another.
Over time, the continued use and refinement of the processes and tools developed to support the risk-based approach will institutionalize robust risk management practices throughout the Border Patrol organization and culture, and significantly enhance the Border Patrol’s ability to achieve the strategic objectives set forth in the 2012–2016 Border Patrol Strategic Plan and “secure the Nation’s borders against all types of illegal entries in a manner that is risk-based and prioritizes capabilities against the highest threats.”
The views expressed in this article are those of the author and do not necessarily represent the official policy or position of the Department of Homeland Security, Customs and Border Protection, or the U.S. Government.
 U.S. Department of Homeland Security, Risk Steering Committee. DHS Risk Lexicon, 2010 Edition. September 2010. http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf
 McChrystal, Stanley A. “It Takes a Network: The New Frontline of Modern Warfare.” Foreign Policy. March/April 2011. http://www.foreignpolicy.com/articles/2011/02/22/it_takes_a_network