National risk registers: Security scientism and the propagation of permanent insecurity

Abstract

Aiming at the measurement, comparison and ranking of all kinds of public dangers, ranging from natural hazards to industrial risks and political perils, the preparation of national risk registers stands out as a novel and increasingly popular Western security practice. This article focuses on these registers and the analytical power politics in which they are complicit. We argue, first, that positing science as an objective determinant of security truth, national risk registers advance a modernist understanding of how knowledge of national dangers can be arrived at, discounting both sovereign and popular authorities; second, that by operationalizing a traditional risk-assessment formula, risk registers make possible seemingly apolitical decisions in security matters, taken on the basis of cost–benefit thinking; and, third, that risk registers’ focus on risk ‘themes’ tiptoes around the definition of referent objects, avoiding overt decisions about the beneficiaries of particular security decisions. Taking all these factors into account, we find that risk registers ‘depoliticize’ national security debates while transforming national insecurity into something permanent and inevitable.

Keywords

critical theory insecurity risk politics knowledge governmentality

Introduction

With the demise of communism as an overarching organizing principle and crystallization point, Western security doctrines have seen the inclusion of a growing range of different security issues from political, societal, economic and environmental sectors. By the same token, Western security politics has also been prominently infused with risk narratives and logics since the 1990s (Petersen, 2011; Hameiri and Kühn, 2011). Particular to risk-centric conceptualizations of public danger is the understanding that national and international security should take into account a varied set of natural or man-made disaster potentials, as well as other probable disruptions with potentially grave consequences for society. Also, specific to these dangers is the profound uncertainty regarding their exact form and likely impact, and the substantial room for conflicting interpretations surrounding them.

However, precise and ‘actionable’ knowledge of looming danger is quintessential to security politics, the shift to new security narratives notwithstanding. Without conceptions of existing or upcoming collective dangers, security schemes are neither intelligible nor implementable. Whether the matter at hand concerns the installation of hi-tech body scanners at airports, the construction of avalanche barriers in the Alps or diplomatic initiatives for a global anti-terror alliance, any security agenda is rhetorically and politically grounded in a representation of national or international danger. In recent years, the epistemological foundations of security politics have been addressed by reflexive and critical approaches, a literature that enquires into the formation, contestation and appropriation of (in)security discourses.

Situating itself in this broader literature, this article focuses on national risk registers as a particular means for authoritative knowledge definition in the field of national security. National risk registers are fairly recent, comprehensive inventories of public dangers ranging from natural hazards to industrial risks and political perils. Often produced by civil protection agencies, they seek to provide secure foundations for public policymaking, security-related resource allocation and policy planning. Evaluating and ranking all kinds of potential insecurities, from toxic accidents and political unrest to plant diseases, thunderstorms, energy shortages, terrorist strikes, wars and the instability of global financial markets, risk registers stand at the intersection of the broadening of security politics and the adoption of risk logics.

This positioning notwithstanding, the topic of risk registers as systematic ministerial attempts at authoritative definition of public danger has received little to no attention in the security studies literature – or any literature, for that matter – so far. Reflexive security studies has focused on the creation of new danger narratives for single cases such as migration or HIV/AIDS (Huysmans, 2000; Elbe, 2008), or on the rationalization of uncertainty through risk logics in the distinct case of terrorism (Rasmussen, 2002; Buzan, 2006; Amoore and De Goede, 2008). In other cases, it has also looked at the role of sovereign decisions in the production of knowledge (Williams, 2003; Aradau and Van Munster, 2007), the knowledge inputs of distinct security professionals such as the police (Bigo, 1996), the limits of knowing in particular (Daase and Kessler, 2007), or the role of science and scientific data in the production of public danger notions more generally (e.g. Büger and Villumsen, 2007; Villumsen, 2008). A recent inquiry into catastrophic futures, too, has some interfaces to the world of risk registers, though it deals more particularly with one specific type of anticipatory governance characterized by ‘radical unknowability’ (Aradau and Van Munster, 2011: 5).

In contrast to those contributions, risk registers are not about individual dangers, extreme risks or tipping points, but about mapping the territory of national insecurity as broadly and comprehensibly as possible. They are governmental technologies for making sense of a world that is seen to be so crowded with potential security issues that choosing the ‘right’ issues on the basis of ‘objective’ and scientific criteria has become the prime goal of security professionals, thus pushing to the background discussions about how to actually deal with those issues. National risk registers, then, are also tools for dealing with unknowability, or the limits of knowledge more generally, but they are not about making particular unexpected events – or catastrophes – actionable and governable. Instead, they are about the management of insecurity in the broadest sense, as they provide seemingly incontestable and neutral mechanisms by which danger potentials can be prioritized in a cost-effective way. In that sense, national risk registers are an integral constituent of a larger politics of insecurity. Though connected to the politics of catastrophe, they advance a different regime of knowledge and distinct modes of governing.

Indeed, risk registers advance an analytical agenda that shapes the way in which the larger organization of public danger is to be understood in the first place, and they also define which authorities are entitled to define danger on behalf of a political collective. Risk registers are hence situated in proximity to other domestic risk technologies and strategies that seek to make the future calculable (Hacking, 1990). However, such registers also differ in several ways from the technologies employed by the ‘managers of unease’ (Bigo, 2005). Most importantly, while the latter are mainly focused on identifying potentially disruptive individuals or groups, risk registers are interested in ‘themes’ of a diverse nature, advancing a depersonalized and even dehumanized image of security. Also, the type of knowledge that is empowered by risk registers is typically not actuarial or statistical in nature, but a type of expert-generated knowledge that is actively used to mask non-knowledge, and that is complicit in ‘feigning control over the uncontrollable’ (Beck, 2002: 41).

The aim of this article is to introduce national risk registers and to problematize the distinct ways of understanding and thinking about security introduced by them into current Western – or arguably European – security affairs. In doing so, we identify and put into question three elements of the larger security analytics with which these risk registers are associated. The first element relates to the specific type of knowledge that is valued, as well as the kinds of authorities that are prioritized by risk registers. While risk registers pretend to recognize scientific inquiry as the supreme authority for security knowledge construction, they in fact employ a glorified form of guesstimates that is turned into objective security ‘truth’ in the process. Through this ‘knowledge-laundering process’, risk registers foreclose the possibility of contestation and discount alternative views.

The second element is the registers’ reliance on the ‘conventional’ risk-analysis formula, which assigns a numerical value to a risk theme by multiplying the probability of occurrence by a figure for the potential impact. Such a rationalization of the future based on engineering risk-assessment methodology effectively silences value questions, while at the same time advancing an analytical perspective that competes with views emphasizing the malleability of future trajectories. By making potential monetary loss – in the form of consequences or impact in the risk formula – a central element of policy prioritization, it empowers a security agenda based on crude cost–benefit rationality. Marginalizing alternative kinds of rationalities, it effectively ‘depoliticizes’ policymaking in the security domain, circumventing debates about other possible values, aims and measures.

The third element pertains to the larger organization of insecurity. Risk registers posit risk ‘themes’ rather than referent objects as their analytical point of departure. In practice, this decision empowers a homeland-centric security agenda in which public ministries define what (and by implication, who) is to be protected – an analytical view that competes with both human subject-centric and more international security perspectives. Not only are classic distinctions between international and domestic issues reformulated; risk registers also strengthen a particular image of security based on a sense of all-encompassing vulnerability. With this, a sense of pervasive insecurity emerges. The security agenda becomes marked by constant mobilization for emergency response and object hardening, and security comes to be seen as requiring our persistent, unwavering dedication, even if a state of security can never be achieved.

The article is structured into three sections to describe the emergence and production of risk registers, to problematize the analytical effects of these inventories, and to embed the fabrication of risk registers in the broader context of contemporary Western security practices: The first section presents a genealogy, the mandates, methodologies and products of risk registers with the help of an illustrative set of examples. Here, we mainly focus on the making of risk registers in the United Kingdom, the Netherlands and Switzerland, though references are also made to other known cases. The second section develops the claim that risk registers contain particular analytical views on insecurity, as briefly outlined above. The concluding section unbundles the type of politics that risk registers support, pointing to its implicit normative and political dimensions.

Codifying national security through risk registers

The creation of national risk registers¹ is a phenomenon of the 2000s, even though some earlier attempts exist. Today, risk registers are planned or have been produced – and, in some instances, already revised or updated – in a growing number of Western countries. Comprehensive risk profiles have been produced and published in the Netherlands (2008), the United Kingdom (2008) and Switzerland (1999), where a second risk register is currently in the making. Norway has also systematized national vulnerabilities, providing risk assessments of selected risk arenas, threats and hazards (Norwegian Ministry of Justice and the Police, 2000). In Germany, publications such as Problemstudie: Risiken für Deutschland (Bundesamt für Bevölkerungsschutz und Katastrophenhilfe, 2005a,b) or Dritter Gefahrenbericht (Bundesamt für Bevölkerungsschutz und Katastrophenhilfe, 2006) lay out the government’s risk-assessment efforts and contain guidelines for the German Länder, which are encouraged to compile their own risk inventories.

Inventorizing risks is also popular elsewhere. The European Commission, for example, has invited its member-states to collect, by the end of 2011, information on risks relevant to the European Union. On the basis of national assessments, the Commission seeks to prepare a cross-sectoral overview of all major natural and man-made risks that the EU region may face (Secretary-General of the European Commission, 2011). In the United States, homeland security has been defined as management of ‘risks posed to the nation’s security’ (US Department of Defense, 2010). In addition, the US Department of Homeland Security (2011) has recently strengthened its integrated risk-management procedures, reorienting them towards a quantitative multihazard assessment of risk.

As of today, national risk registers represent the most comprehensive and systematic attempts at substantiating danger knowledge by government ministries. The unrelenting efforts at rationalizing and mapping danger that these registers represent, as well as their direct and indirect linkages to national security politics and their increasing international popularity, warrant closer engagement with their emergence, their substantive contents and the analytical perspectives that they infuse into national security affairs. The subsequent paragraphs focus on the emergence and content of risk registers. Since these are still fairly novel security technologies, little can be said today about cross-country variation over time – that is, whether there has been a convergence in the form, if not the use, of such registers over the years. Also, because it is our aim to describe an emerging common trend, this article mainly focuses on commonalities of practices in different countries rather than on idiosyncrasies. On this basis, the broader implications for knowledge politics will be addressed in a later section.

Ministerial creators of danger knowledge

Risk registers are the latest prototype of a decades-long evolution of governmental technologies to substantiate danger knowledge. This evolution is marked both by shifting security policy concerns and by changes inside the defence establishment (see Burgess, 2011). Historically, during most of the Cold War, the quintessential procedure for seizing security knowledge was military contingency planning. Conducted by ministerial cells and general staffs, and aided by data from the intelligence complex, the assessment of foreign countries’ military capabilities, strategies, postures and alliances represented the classic procedure for the appreciation and monitoring of military attacks from abroad (Hulnick, 2005).

Civil defence complemented this procedure. During the 1960s and 1970s, NATO, the Warsaw Pact and neutral countries alike developed comprehensive policy frameworks to address the likely impacts of nuclear conflict on civilian populations and installations. Newly established civil defence agencies defined sets of protective instruments: Fallout shelters, underground hospitals and supply depots were erected; public alimentation and health plans were devised according to expected contamination effects on food production and human bodies; the general public was instructed in protective behaviour according to what was considered the best individual preparation (De Weck and Maurer, 1990; US Department of Homeland Security, 2011). The explicit focus on the population and domestic civilian installations inside a country led these civil defence agencies to develop their own assessment methods for identifying specific areas where attention was most needed (Collier and Lakoff, 2008). However, the main rationality behind the overall civil defence efforts was, in accordance with the overall security rationale, deterrent and preventative in nature, aimed at favourably influencing a country’s ability to recuperate after a nuclear strike (Aradau and Van Munster, 2011: 26–7).

When military aggression from the outside became increasingly improbable in Europe in the 1990s, events such as the Balkan wars, environmental catastrophes or collapsing state structures were seized upon to give new mandates to the existing security institutions, whose legitimacy was beginning to dwindle (Huysmans, 1998: 224). In particular, the fusion of traditional security concerns with non-actor hazards, such as natural disasters or large-scale accidents, extended national security to the realm of non-exceptional dangers, anchoring the security apparatus firmly in the far less contested domain of public safety provision populated by civil defence actors.

This reconceptualization of security empowered civil defence agencies to a great degree. Not only had they been engaged in erecting shelters, coordinating emergency alimentation plans and instructing the populace in protective behaviour, they had also been entrusted with additional emergency coordination tasks in the realms of technical and natural risks in the wake of a number of civilian disasters in the late 1980s (Lentzos and Rose, 2009). As a result, they had amassed experience in mobilizing what was regarded as particularly secure danger knowledge emanating from the natural sciences. In the 1990s, their mandates were then expanded from civil defence (protecting non-combatants against the effects of a military attack) towards civil protection (protecting the population against a diffuse set of potential emergencies and disasters), and formerly scattered responsibilities and structures were bundled under their ministerial leadership in the process.

With their diverse and expanded mandates on issues such as reactor safety, hazardous materials, industrial accidents and flooding, the reorganized civil protection entities proved well-positioned to be charged with comprehensive risk analyses, or at least with the development of risk-assessment methodologies for later use by other ministries or political actors at the substate level. With this, such assessments efforts were no longer subordinated to military planning or held contingent upon the threat of a nuclear strike. Instead, they became powerful technologies in their own right, intended to lead to the comparability, ‘objectivization’ and genuine prioritization of public security investments. Overall, this development was favoured by a more general trend whereby risk-management practices were transferred from the private domain to the public sector (see Power, 2004). However, while the rationale behind risk registers and risk-management efforts alike is to provide a basis for cost-effective decisions, the two frameworks differ on at least one crucial point: Private-sector risk management and its offshoots in the public sector deal with risks mainly conceptualized as risks to the entity conducting the assessment, and resulting from inadequacies in internal processes or misconduct of employees. An entity conducting this type of risk assessment is hence essentially making decisions about risks that affect its own operations and stem from its own operations; it ‘owns’ these risks.² In the case of risk registers, however, the risks that are identified and analysed by civil protection agencies are conceptualized as risks to the collective (the state or, rather, ‘the population’). Who selects them, who is responsible for them, and who deals with them in what ways are questions intimately intertwined with the establishment of risk registers, implicating authority and legitimacy in security affairs and rearranging the relationship between politics and security.

The measuring of everything

Today, risk registers function as important policy development instruments for ministerial echelons and governmental policy planning units. Often, risk registers are explicitly presented as bases for the elaboration of future national security doctrines. In the United Kingdom, for example, the national risk register constitutes an official complement to the country’s national security doctrine, its production having already been brought about by the National Security Strategy of 2008 (United Kingdom, 2008: 3; 2010: 14–15). In the Netherlands (2007: 9), national defence already includes the combined category of ‘security and safety’, and the production of the national risk register is situated within a comprehensive work programme on the integration of risk assessment, hazard analysis and national security. The Dutch risk register is designed to contribute strategic forecasting, horizon scanning and emergency-capability assessments to the national security policymaking process (Rademaker, 2008). For historical political reasons, the formal relationship between the risk register and national security doctrine is less specific in the Swiss case. Switzerland’s first risk register of 1999 had shown the precedence of civilian public dangers before military issues so clearly that the country’s defence ministry rejected its publication at a time when a popular initiative was demanding a 50% cut in military spending (Brem and Maridor, 2008). The current Swiss risk register has thus been mandated to identify and describe risks, but refrains from undertaking any prioritization.

Risk registers aim to represent public danger as broadly as possible, in the tradition of an ‘all hazards approach’. Only through the identification of all possible hazards, the reasoning goes, can a complete national risk portfolio be assembled and policy responses prioritized and streamlined (see Netherlands, 2008: 5). Following this rationale, the central role of risk registers is not to debate what endangers popular well-being and what does not, but to make comprehensive information about all kinds of potential dangers available and comparable and, in the process, to make political programmes actionable (Heng, 2006a,b). Because there is no need to choose, the actual selection of public risks for inclusion in the register is a non-issue in the process.

As one of the key aims is to compare and prioritize all possible risks to national security, risk registers advance specific risk-assessment methodologies to ensure the reliability and comparability of the data obtained. In all cases, risk assessments are made comparable by virtue of two elements: a general formula on how to calculate risks and subordinate definitions of how the elements of this formula are to be measured. The general risk-assessment formula draws on engineering and econometric risk analytics. Risk is calculated as the likelihood (of an event’s occurrence) multiplied by impact (the harm that it creates). This systematizing formula for all risk registers is sometimes amended to also include variables such as vulnerability. How the elements of ‘likelihood’ and ‘impact’ are to be measured is then subject to another process of methodological elaboration. In instances where historical data are available – that is, especially in the realm of natural catastrophes and technical risks – there is strong reliance on statistics as a means of determining the ‘likelihood’ of an event. Elsewhere, and in assessments of societal and political risks in particular, qualitative assessments of past occurrences are made, extrapolated and projected into the future. In these cases, specialists make recourse to historically ‘analogous’ events. Constructing case histories, they endeavour to identify a historical track record for risks the likelihood of which is otherwise not defined by existing datasets. The likelihood of the risk of terrorism materializing, for example, is calculated on the basis of intelligence-service estimates and analyses of historical patterns of terrorism.

More numerous indicators usually specify the measurement of the second variable (‘impact’). In the Netherlands, harm is calculated in terms of the so-called objective components of material damage and casualties, along with the subjective component of psychological impact. By the same token, the assessed vulnerability and resilience of threatened objects, systems and people are included in the overall risk formula as further intervening variables (Netherlands, 2008: 27–38; Pruyt and Wijnmalen, 2010). In the United Kingdom, impact is gauged by the number of fatalities that are directly attributable to an incident, by the human illnesses and injuries that result from it, or in terms of economic damage, social disruption and psychological consequences (United Kingdom, 2008: 43–4). In Switzerland, impact is defined as harm to public health, infrastructures, buildings, the environment, emergency forces, the economy and the political system, including the public administration. In all cases, these effects are specified in terms of quantitative and qualitative data. However, in view of the wide range of risks that are to be covered, neither strictly qualitative nor quantitative methods suffice on their own. Rather, the available toolset is used ‘pragmatically’.

Civil protection agencies and their specialized contributors collect risk data according to the risk methodologies so defined. In practice, the actual data about the local prevalence and impact of these risks are sometimes produced by the coordinating agencies and sometimes solicited from other actors, such as specialized government offices, municipalities or local emergency organizations. In the Netherlands (2008: 48), risk assessments have been government-driven, but conducted with the support of a wide network of experts and focus groups. In the United Kingdom (2008: 43), local working groups have provided input to the national risk assessments. In the Swiss confederacy, the national risk register is merely coordinated and methodologically instructed by the federal level, but risk assessments as such are conducted by cantons and other specialized offices (Bundesamt für Bevölkerungsschutz, 2008).

Risk registers usually take the shape of written reports of medium length, documents that are, in the case of the Netherlands and the UK, publicly accessible and actively circulated within public administrations (and to interested members of the general public). These end products go into considerable detail in describing the risks that have been identified as crucial (often in the form of scenarios that illustrate how a given risk would manifest itself) and specifying the methodology used.³ In terms of content, there is little variation regarding what kind of risks are covered, but small differences can be found in specific subthemes and also in the ‘granularity’ of certain risks and the level of detail provided in the reports. After describing the most prevalent and salient of risks, the registers draw up risk matrices to categorize the individual risks (see Figures 1 and 2). A risk matrix is a way of visualizing whether a risk is considered low, moderate or high by combining the two dimensions of the classical risk definition as two axes – namely, the risk’s probability of occurrence and its damage potential in the event of occurrence. On the basis of ‘likelihood’ and ‘impact’, then, these matrices systematize risks that are often fundamentally different in nature. The Swiss 1999 matrix, for instance, compares information warfare with food scarcity and demographic change. The British risk register of 2008 contrasts pandemics with traffic accidents and terrorist attacks. The Dutch register of the same year compares flooding with political Salafism, animal-rights activism and electricity blackouts. The registers also provide a condensed graphical representation of the entire effort that went into the creation of said risk registers.

Figure 1.

British risk matrix (United Kingdom, 2008: 5)

Figure 2.

Dutch risk matrix (The Netherlands, 2009)

However, risk matrices are not only very powerful visual signifiers; they also come loaded with a set of explicit and implicit meanings. The matrices effectively rank risks, presenting some as being more dangerous and important than others by suggesting that the higher the risk associated with a specific issue, the more pressing the need for action. Often, colours are used to indicate different domains of risks – that is, a zone in which risks are low (green) in the bottom-left corner, an intermediate zone where risks are medium (yellow) and more significant (orange), and a zone in which the risks are considered to be very high or even extreme (red) in the top-right corner (Cox, 2008). Green therefore suggests that a given issue is low priority or outright negligible, yellow and orange signify that issues should be ‘mitigated’ under the ALARP principle (which stands for ‘as low as reasonably practicable’), and red means that particular risks are unacceptable under the existing circumstances, requiring immediate action and risk avoidance at almost all costs. What risk registers contain, therefore, are clear calls for action: Let the green ones be; fix the yellow if you think it is truly necessary; do something about the orange as soon as you can and talk about it; and, finally, immediately take care of the red ones (see Klinke and Renn, 1999: 13–14). Though cloaked in apolitical and technocratic language, risk registers are nothing short of national security programmes.

The security analytics of risk registers

Risk registers provide descriptions of danger reality that are unrivalled in their detail and unparalleled in their breadth. By virtue of their formal integration into national security doctrine, but also through their mere availability and by their very means of systematizing, comparing and ranking public dangers, risk registers are influential in defining how public insecurity is organized. In doing so, they represent powerful efforts to produce authoritative definitions of national insecurity. Nevertheless, risk registers should be challenged for the kind of larger analytical power politics in which they are engaged. Indeed, we find that risk registers advance specific perspectives on how the larger organization of public danger is to be understood in the first place, and on what kinds of authorities should be regarded as entitled to define danger on behalf of political collectives. Taken together, the registers advance a distinct security rationality that ‘depoliticizes’ security politics, as they circumvent or close off debates about values, purposes and formulations of security. In the following, we identify and put into question three broader – and in parts interconnected – elements of this larger security analytics.

Security by (not quite) science

Risk registers advance a specific understanding of what kinds of authority should be entrusted with guiding security politics. They strongly draw on scientific methods to assess and rank public dangers and privilege the risk-assessment methodologies of ‘hard’ sciences such as engineering or econometrics. Ultimately, this methodological decision is directly conducive to providing a detailed and ‘convincing’ map of public danger. In practice, however, neither are the chosen scientific bases as ‘hard’ as they appear to be, nor is their selection devoid of effects on the wider politics of security as such.

Indeed, the kind of risk analysis that is predicated on engineering or econometrics is a highly demanding operation requiring solid and often large amounts of data. Often, such data are not available, or not or only partially reliable. In the realm of social and political dangers in particular, expert focus groups function as the primary sources of knowledge. In such instances, expert opinions normally provide the only data available to risk-register production. This means that informed subjective estimations, or peer-discussed agreements, often function as the sole available data on certain risks – a far cry from ‘hard facts’. On the other hand, data on natural and technical hazards are also often less reliable than they are made to appear. More often than not, data on natural hazards are incomplete and therefore cannot provide detailed understandings of historical occurrences and damages (Bründel, 2009). By contrast, data on technical hazards are typically generated by controlled experiments. The results of such controlled experiments working on closed technical systems are still partially applicable to the everyday use of technology – that is, its interaction with social and natural systems.

In many respects, then, risk registers rely on a patchwork of scientist/expert data rather than on secure scientific knowledge. Notwithstanding the questionable validity of risk registers’ scientific bases, risk analysts tend to handle and especially present their data as if they were ‘hard facts’. The risk-register publications are a case in point: While assemblers of risk registers acknowledge the patchy construction of data in private conversations, the published findings do not problematize methodology or data. Instead, risk maps and rankings are presented as authoritative truth statements. Far from providing entry points for debates on validity or content, risk evaluation and its results are presented in a seemingly unproblematic, matter-of-fact way.

This mobilization of science allows risk registers to assume powerful positions of authority on the subject of public danger, as the intimate reliance on scientific methodology empowers a modernist kind of truth-speaking (Bourdieu, 2004). By claiming the mantle of science, risk registers purport to define public insecurity in a disengaged manner. Drawing on scientific modes of inquiry, risk registers claim to operate from an Archimedean vantage point, a position from which a neutral, objective and truthful description of reality can be made. This assertion of scientific truth is sought after and broadly welcomed by the larger policymaking apparatus, as the assertion of scientific knowledge about public dangers provides a stable paradigm for policymaking. Within that paradigm, scientific knowledge provides tangible and undisputed guidance for policy design in the form of ‘actionable knowledge’.

The assertion of scientific authority has larger effects on how security can be discussed. Given the modernist standing of science as disengaged objective truth, scientific inquiry is held to trump other processes of knowledge creation (Feyerabend, 1981). To claim scientific validity usually means to close off political debates. In security affairs more specifically, the authority of science also competes in very practical terms with alternative authorities of danger definition, such as sovereign decisions or participatory elaborations. Risk registers – the ministerial production of scientist danger knowledge – serve as a bulwark against the former while also impeding the latter. Risk registers work against ‘sovereign decisions’ about public danger as identified in some periods of risk politics after 9/11 (Aradau and Van Munster, 2007) insofar as science objectifies reality. Scientific facts are powerful descriptions of reality that cannot be easily ignored. The decision not to publish the Swiss 1999 risk register, mentioned earlier, exemplifies this mechanism: Where scientific knowledge on security issues exists, political leaders feel constrained in their own articulation of public danger narratives.

At the same time, risk registers also work against a democratization of risk politics that was seen as being associated with the advent of catastrophic risks (Beck, 2002: 4), and that in some European countries led to more participative debates on incoming new security doctrines.⁴ The advanced benchmark of scientific knowledge is difficult to reach by the great multitude of security laymen that make up societies. This means that the authority of popular legitimacy is effectively discounted, and that an agenda is empowered in which insecurity is articulated on behalf of populations rather than by populations.

Insecurity projection

Risk registers’ adoption of conventional risk-assessment methodology – the formula that defines risk as likelihood multiplied by impact – also has a distinct influence on how insecurity is to be understood and handled. On the one hand, the emphasis on ‘likelihood’ initiates a consequential rationalization of danger occurrence. This rationalization, of course, is geared towards forecasting future developments. It is methodologically grounded in an in-depth analysis of danger’s ‘natural’ patterns of manifestation. As already mentioned, existing datasets and historical case studies are central elements in the identification of these patterns.

The rationalization of risks based on past events is analytically efficacious, given that it empowers a projection of the past into the future. There is an implicit argument in the methodological measurement of ‘likelihood’ to the effect that the future essentially emulates history – the risk themes described in risk registers are extrapolations of misfortunes already experienced (Bigo, 2007; Jasanoff, 2009). Focusing on these risk themes, then, not only means focusing on past insecurities. It also means that, as technologies, risk registers project the very same insecurities into the future. With this, the very variable of ‘likelihood’ empowers an inert view of reality. This is problematic in the case of those risks that openly rely on, or are mediated by, social actors. Social actors are capable of adopting new types of behaviour over time. The risk of terrorism, for instance, can only be regarded as a persistent one under the assumption that terrorists will never cease, or be induced to cease, their activities. Given their commitment to engineering and econometric risk-assessment methodology, then, risk registers advance a regularized assessment of future practices. They leave little room for contingency, change and alternative trajectories, and so they tend to project a rather fatalist account of public insecurity.

Another effect then adds to this projection. The reliance on past experiences as proof of the existence of risks negates the need to test their current viability. There is no requirement to prove that these issues will ever ‘actually’ become relevant in the future. Together with risk registers’ reliance on probability syllogisms, this causes these projected risks to gain a very specific kind of traction in the present. As risks are claimed to exist, but their date and place of materialization are held impossible to predict, a sense of comprehensive and ever-present insecurity is created. Insecurity comes to be regarded as substantial if not all-encompassing, always present and always possible – an understanding that directly caters to the permanent mobilization of a comprehensive kind of security dispositif.

On the other hand, the focus on ‘impact’ as a determinant of risks also implies larger analytical claims. The problem here is the intimate focus of risk registers on damaging effects as such. The focus on material damage and financial costs in particular raises difficult questions as to what kinds of harmful effects can be claimed to be relevant to human beings and political collectives. In the risk registers, this question is simply delegated to the underlying risk formula. There are no selection criteria underlying risk registers other than a cost–benefit rationale, which comes into play when everything that seemed relevant to experts is compared by its calculated magnitude in the risk matrix. Another problematic aspect is the fact that while analyses of quantities of harm reveal a lot about damage, such an approach is of limited use in understanding how public dangers are created in the first place. The classic lines of enquiry in risk assessment are: ‘What can go wrong? What is the likelihood of it going wrong? What are the consequences if it goes wrong?’ (Haimes, 1998: 54–5). This means that risk assessments do not ask why something can go wrong, or how one’s own actions might be complicit in engendering such dangers. The focus on risk as harmful ‘impact’, then, not only implies debatable assumptions about relevant measures. Its focus on the consequences of risks and ignorance of their origins also poses limits to the reflexivity with which risks are approached.

Paternalistic referent-object politics

Finally, risk registers project specific understandings of the larger organization of public danger. It has already been noted that risk registers seek to achieve complete insecurity awareness for the sake of fine-tuning public policy. Risk registers endeavour to prioritize and streamline policy instruments on the basis of an integral comparison and ranking of what they take as existing risks. This intimate focus on existing risks, policy tools and instrumental efficiency empowers a ‘depoliticizing’ view of security analytics: It privileges a technical focus on risk ‘themes’ such as avalanches, political extremism or climate change, and in so doing avoids an explicit decision on who or what is the primary beneficiary of state action.

The definition of referent objects, however, is an unavoidable political decision. It cannot be avoided, since any danger discourse must eventually be tied to some kind of endangered entity (Buzan et al., 1998); danger narratives are neither meaningful nor actionable without a definition of who or what is insecure. At the same time, this necessary selection of referent objects is political, since it entails a larger argument about protection: Endangered entities are judged to have legitimate claims to protection – or, as Buzan (1991: 13) put it, referent objects are ‘entities that are made to be secure’. Akin to the productive power of discourse (see, for example, Foucault, 1982), the definition of who or what exactly is at risk has important political effects, since it creates different kinds of political subjects. It promotes or relegates these to different privileged or silent positions, assigning legitimate claims to protection to some, but not to others.

Risk registers posit risk ‘themes’ as analytical points of departure, and in doing so suggest that they are not complicit in the deeply political creation of security subjects. However, this is an inaccurate self-representation, given that any risk ‘theme’ must eventually be specified as referring to some kind of referent object. When the ‘theme’ of flooding, for example, is categorized as a risk, then the observation of rising water levels only provides a starting point for impact analysis. Thereafter, it is an issue area for specialists who determine who or what exactly might be affected by such high water levels. All risk ‘themes’, be they avalanches, energy shortages or economic recessions, are sooner or later tied to one or multiple referent object(s). In the production of risk registers, the deeply political creation of security subjects is simply delegated to ‘experts’.

In practice, we argue, this procedure empowers the construction of two distinct perspectives on security politics. First, the failure to define a primary referent object (or the decision not to focus on a primary referent object) empowers a governmental view on security: It empowers a practice in which security policies is based on ministerial harm assessments. In the absence of a recognized primary referent object, risk registers do not promote social actors to positions of authority. Humans may be identified by technical experts as being potentially harmed by a hazard, but they are not posited as the starting point of security thinking. As a result, claims to protection are articulated on behalf of the civil population, but not by the civil population. From this perspective, risk registers empower a paternalistic security agenda in which needs are adjudicated and not identified by public polls. This is not only paternalistic and problematic in terms of power relations. In practice, forgoing a participatory form of danger analysis also tends to empower a tools-oriented government agenda – that is, a tendency for ministries to identify the kinds of harm for the resolution of which policy instruments already exist.

Second, the focus on ‘themes’ rather than referent objects also entails a particular perspective on the larger global organization of insecurity. Risk registers suggest that public insecurity should be conceptualized as being limited by political frontiers. In practice, the mapping of risks is delimited to those hazards that are expected to manifest themselves within national boundaries. This assessment practice directly counteracts holistic international understandings of security. Risk registers make substantial efforts to describe, assess, map and rank risks inside a country, but they do not address whether or how international subjects, nationals abroad, national properties abroad or national interests abroad might be endangered. The blindness of risk registers to the international creates a specific mental map of the global organization of insecurity. This map questions the view that a secure inside (‘community’) is opposed to an insecure outside (‘anarchy’). Indeed, contrary to this classic differentiation, the domestic is presented as known to be insecure, and the international as unknown by risk registers.

This epistemological reconstruction of the inside/outside differentiation advances a particular systematization of insecurity. It provides guidance for a security agenda that is increasingly focused on the domestic rather than the international, with all the practical manifestations that are currently in plain view: The deployment of military personnel on the domestic front, an enlargement of police forces, the expansion of surveillance mechanisms, and so on. Furthermore, risks of potentially global consequence are seen exclusively through the lens of national boundaries. Contrary to how it has been argued by some (e.g. Beck and Sznaider, 2006), risk registers are hence not catering to the overcoming of methodological nationalism – rather, they cater to its reinforcement.⁵ With this, handling risks primarily as manifestations within these boundaries runs counter not only to foreign ministries’ attempts to identify national security concerns abroad with perspectives emphasizing internationally shared security concerns – but also to risk governance understood more broadly as a global, citizen-based avenue today (Beck, 1992, 1999; Jasanoff, 2003).

Conclusion

National risk registers are a novel and increasingly popular element of Western security practice. While this article is not the first to point out how quantitative risk analysis as a favoured discourse of public policy is downplaying crucial questions of a political, ethical and normative nature, the use of quantitative risk analysis in security politics has remained underscrutinized so far. The questions, however, remain the same: Who should do what type of analysis, using what type of methodology, and for whose benefit? Who should be responsible for decisions on these questions? And who is to decide whose vulnerabilities are important and whose voices should count in setting priorities on how to allocate scarce preventive and remedial resources?

Risk registers provide descriptions of national danger potentials that are unrivalled in their detail and unparalleled in their breadth. In this article, we have shown how the adoption of a very distinct perspective on how risks are to be assessed and systematized leads to a specific kind of security analytics. Risk registers suggest that, on the basis of on an inventory of past experiences, national security is to be measured most broadly, but only within national borders. They also assert the possibility of comparing and ranking all kinds of risk themes, no matter how diverse these may be. Providing a ‘complete’ systematization of all kinds of hazards – as opposed to selected potential catastrophes⁶ – they purport to describe national insecurity comprehensively and authoritatively. In doing so, risk registers effectively seek to instruct practical security policymaking. In tune with a broader neoliberal Zeitgeist, they endeavour to render such policymaking ever more ‘efficient’.

This description of national insecurity is associated with a powerful analytic approach. It is based on an understanding that history can be regularized and experiences projected into the future, and it assumes that harm can and should be quantified – preferably in monetary terms. By virtue of their systematizing formula, risk registers in practice insinuate that all kinds of risks are ever-present and always possible, creating a comprehensive sense of permanent danger. In the process, the method of impact analysis biases the focus towards a fatalist account of national insecurity, given that this method avoids a more reflexive engagement with sources of insecurity.

Importantly, the ways in which this understanding of national insecurity is arrived at and defined has significant political implications. In terms of security policy formulation, risk registers privilege a curious kind of ‘scientist approach’. Based on expert knowledge and expert meetings – more so than on actuarial or statistical data – risk registers are sketched in a scientist lingo, which in itself formulates powerful truth statements about the state of public danger. This mobilization of such ministry-produced or ministry-organized knowledge works as much against sovereign decisions by political leaders as it impedes more participatory, or democratic, approaches to security: Although concerned with the well-being of ‘the population’, risk registers do not actually poll the views and concerns of that population. Instead, a state of insecurity is articulated on behalf of – that is, projected onto – that vague entity called ‘population’.

In terms of policymaking, risk registers hence reinforce the epistemological authority of civil protection agencies within governments – that is, they privilege a ministerial type of knowledge formation that is rather hard to identify. They also cater to the development of an ever larger and ever more constantly mobilized security dispositif as such. As all kinds of risks become systematized in the registers, and risks are presented as ever-present and always possible, a comprehensive security machinery is made possible. Accepting that public insecurity may ultimately only be mitigated, but never resolved, this dispositif addresses risks and disruptions as inevitable (Pommering, 2007; Heng and McDonagh, 2011). One result of such a perspective is the increasing mobilization of private actors for the purpose of security provision. As the state comes to be presented as unable to provide absolute security, individuals and private companies are called upon to ensure their own protection (see Petersen, 2008).

It is our contention that, as they constitute such analytically and politically efficacious tools, risk registers should be more strongly recognized as new and increasingly powerful elements in the broader competition over security rationalities. Risk registers’ pretension at an apolitical access to public insecurity should not distract from the deeply political premises underlying their formation and the analytical power politics in which they are complicit: Risk registers rival alternative perspectives on insecurity that lend more weight to the contingency and multiplicity of possible future trajectories – that is, perspectives that reject the reproduction of past experiences as a powerful and influential assertion of naturalism. They also compete with analyses that more reflexively emphasize the active human contributions to the production of public insecurity, and with perspectives that take into account the possibility of situations in which no security challenges are defined, as well as with perspectives that do not seek to deal with future potentials in security terms at all. Lastly, risk registers also compete with perspectives that follow more participatory and more transnational approaches to security politics as such.

Risk registers, together with the logics with which they are associated, are gaining traction today. They directly dovetail with policy concepts such as ‘mitigation’, ‘resilience’, ‘preparedness’ and other inward-looking narratives about vulnerability (Bigo, 2006: 89; Zebrowski, 2008). With their manifold security dimensions, their constant fixation on a permanent state of public insecurity, their aim at the betterment of a vague national collective, but also with their overt policy-efficiency programmatic, risk registers are directly conducive to the governmentalization of security (Foucault, 1991). In this process, security politics is turned increasingly comprehensive and domestic, but it is also increasingly made devoid of overt political decisions and removed from participatory syllogisms. While this development is not inevitable and the security rationality associated with risk registers is not without competing perspectives, the tacit and unspoken political, ethical and normative dimensions of this type of security technology that operates under the radar of public scrutiny need to be made more explicit if it is to be possible to contest them at all.

Footnotes

Acknowledgements

Previous versions of this article were presented at the SGIR 7th Pan-European International Relations Conference in Stockholm, the ESRC Seminar Series on Contemporary Biopolitical Security at King’s College London, and the ETH Zürich Center for Security Studies Research Colloquium. The authors want to thank their colleagues at these venues, the editor of Security Dialogue and the anonymous reviewers for their valuable comments and suggestions. The usual disclaimers apply.

Notes

References

Amoore

De Goede

(2008) Risk and the War on Terror. London: Routledge.

Aradau

Van Munster

(2007) Governing terrorism through risk: Taking precautions, (un)knowing the future. European Journal of International Relations 13(1): 89–115.

Aradau

Van Munster

(2011) Politics of Catastrophe: Genealogies of the Unknown. Milton Park and New York: Routledge.

Beck

(1992) Risk Society: Towards a New Modernity. London: Sage.

Beck

(1999) World Risk Society. Cambridge: Polity.

Beck

(2002) The terrorist threat: World risk society revisited. Theory, Culture and Society 19(4): 39–55.

Beck

Sznaider

(2006) Unpacking cosmopolitanism for the social sciences: A research agenda. British Journal of Sociology 57(1): 1–23.

Bigo

(1996) Polices en réseaux: L’expérience européenne [Networked Police: The European Experience]. Paris: Presses de la Fondation Nationale des Sciences Politiques.

Bigo

(2005) Global (in)security: The field of the professionals of unease management and the ban-opticon. In: Salomon

Sakai

(eds) Translation, Philosophy and Colonial Difference. Hong Kong: University of Hong Kong Press, 109–157.

10.

Bigo

(2006) Protection: Security, territory and population. In: Huysmans

Dobson

Prokhovnik

(eds) The Politics of Protection: Sites of Insecurity and Political Agency. London: Routledge, 84–100.

11.

Bigo

(2007) Editorial: Circulation and archipelagos of exception. Cultures and Conflicts 68: 7–12.

12.

Bourdieu

(2004) Science of Science and Reflexivity. Cambridge: Polity.

13.

Brem

Maridor

(2008) Risk management in the context of Switzerland’s civil protection mechanism. In: Habegger

(ed.) International Handbook on Risk Analysis and Management: Professional Experiences. Zurich: Center for Security Studies, 77–90.

14.

Bründel

(2009) The risk concept and its application in natural hazard risk management in Switzerland. Natural Hazards and Earth Systems Sciences 9(3): 801–813.

15.

Büger

Villumsen

(2007) Beyond the gap: Relevance, fields of practice and the securitizing consequences of (democratic peace) research. Journal of International Relations and Development 10(4): 417–448.

16.

Bundesamt für Bevölkerungsschutz (2008) Leitfaden KATAPLAN: Gefährdungsanalyse und Vorbeugung. Grundlagen zur Erarbeitung einer kantonalen Gefährdungsanalyse [Methodological Guideline KATAPLAN: Risk Assessment and Prevention – Basics for Establishing a Cantonal Risk Analysis]. Berne: Bundesamt für Bevölkerungsschutz [Federal Office of Civil Protection].

17.

Bundesamt für Bevölkerungsschutz und Katastrophenhilfe (2005a) Problemstudie: Risiken für Deutschland, Teil 1 [Problem Study: Risks for Germany, Part 1]. Bonn: Bundesamt für Bevölkerungsschutz und Katastrophenhilfe [Federal Office for Civil Protection and Disaster Assistance].

18.

Bundesamt für Bevölkerungsschutz und Katastrophenhilfe (2005b) Problemstudie: Risiken für Deutschland, Teil 2 [Problem Study: Risks for Germany, Part 1]. Bonn: Bundesamt für Bevölkerungsschutz und Katastrophenhilfe [Federal Office for Civil Protection and Disaster Assistance].

19.

Bundesamt für Bevölkerungsschutz und Katastrophenhilfe (2006) Dritter Gefahrenbericht der Schutzkommission beim Bundesminister des Innern: Bericht über mögliche Gefahren für die Bevölkerung bei Großkatastrophen und im Verteidigungsfall [Third Danger Report of the Federal Minister of the Interior’s Protection Commission: Report on Possible Threats to the Population in the Event of Large-Scale Disasters and War]. Bonn: Bundesamt für Bevölkerungsschutz und Katastrophenhilfe [Federal Office for Civil Protection and Disaster Assistance].

20.

Burgess

(2011) The Ethical Subject of Security: Geopolitical Reasons and the Threat Against Europe. Milton Park and New York: Routledge.

21.

Buzan

(1991) People, States and Fear. Boulder, CO: Lynne Rienner.

22.

Buzan

(2006) Will the ‘global war on terrorism’ be the new Cold War? International Affairs 82(6): 1101–1118.

23.

Buzan

Wæver

De Wilde

(1998) Security: A New Framework for Analysis. Boulder, CO: Lynne Rienner.

24.

Collier

Lakoff

(2008) The vulnerability of vital systems: How ‘critical infrastructure’ became a security problem. In: Dunn Cavelty

Kristensen

(eds) Securing ‘the Homeland’: Critical Infrastructure, Risk and (In)Security. Milton Park and New York: Routledge, 17–39.

25.

Cox

L A

(2008) What’s wrong with risk matrices? Risk Analysis 28(2): 497–512.

26.

Daase

Kessler

(2007) Knowns and unknowns in the ‘war on terror’: Uncertainty and the political construction of danger. Security Dialogue 38(4): 411–434.

27.

De Weck

Maurer

(1990) Swiss national defence policy revisited. In: Milivojevic

Maurer

(eds) Swiss Neutrality and Security: Armed Forces, National Defence and Foreign Policy. New York: St. Martin’s Press, 65–80.

28.

Elbe

(2008) Risking lives: AIDS, security and three concepts of risk. Security Dialogue 39(2–3): 177–198.

29.

Feyerabend

(1981) How to defend society against science. In: Hacking

(ed.) Scientific Revolutions. Oxford: Oxford University Press, 156–167.

30.

Foucault

(1982) The subject and power. In: Dreyfus

Rabinow

(eds) Michel Foucault: Beyond Structuralism and Hermeneutics. Chicago, IL: University of Chicago Press, 208–226.

31.

Foucault

(1991) Governmentality. In: Burchell

Gordon

Miller

(eds) The Foucault Effect: Studies in Governmentality. Hemel Hempstead: Harvester Wheatsheaf, 87–104.

32.

France (2008) Défense et sécurité nationale: Le livre blanc [Defence and National Security: White Paper]. Paris: Odile Jacob.

33.

Hacking

(1990) The Taming of Chance. Cambridge: Cambridge University Press.

34.

Haimes

(1998) Risk Modeling, Assessment, and Management. New York: Wiley.

35.

Hameiri

Kühn

(2011) Introduction: Risk, risk management and international relations. International Relations 25(3): 274–279.

36.

Heng

(2006a) The ‘transformation of war debate’: Through the looking glass of Ulrich Beck’s world risk society. International Relations 20(1): 69–91.

37.

Heng

(2006b) War as Risk Management: Strategy and Conflict in an Age of Globalised Risks. London: Routledge.

38.

Heng

McDonagh

(2011) After the ‘war on terror’: Regulatory states, risk bureaucracies and the risk-based governance of terror. International Relations 25(3): 313–329.

39.

Hulnick

(2005) Indications and warning for homeland security: Seeking a new paradigm. International Journal of Intelligence and Counter Intelligence 18(4): 593–608.

40.

Huysmans

(1998) Security! What do you mean? From concept to thick signifier. European Journal of International Relations 4(2): 226–255.

41.

Huysmans

(2000) The European Union and the securitization of migration. Journal of Common Market Studies 38(5): 751–777.

42.

Jasanoff

(2003) Technologies of humility: Citizen participation in governing science. Minerva 41(3): 223–244.

43.

Jasanoff

(2009) Beyond calculation: A democratic response to risk. In: Lakoff

(ed.) Disaster and the Politics of Intervention. New York: Columbia University Press, 14–40.

44.

Klinke

Renn

(1999) Prometheus unbound: Challenges of risk evaluation, risk classification, and risk management. Working Paper no. 153. Stuttgart: Center of Technology Assessment.

45.

Lentzos

Rose

(2009) Governing insecurity: Contingency planning, protection, resilience. Economy and Society 38(2): 230–254.

46.

Möckli

(2010) Umstrittene Schweizer Sicherheitspolitik: Dokumentation der Hearings zum Bericht 2010 [Controversial Swiss Security Policy: Documentation of Hearings Held for the 2010 Security Report]. Zürich: Center for Security Studies.

47.

Netherlands (2007) The National Security Strategy and Work Programme 2007–2008. The Hague: Ministry of the Interior and Kingdom Relations.

48.

Netherlands (2008) National Risk Assessment Method Guide 2008. The Hague: National Safety and Security Programme.

49.

Norwegian Ministry of Justice and the Police (2000) A Vulnerable Society. Oslo: Akademika.

50.

Petersen

(2008) Terrorism: When risk meets security. Alternatives – Global, Local, Political 33(2): 173–190.

51.

Petersen

(2011) Risk analysis: A field within security studies? European Journal of International Relations. Prepublished August 23 as doi:10.1177/1354066111409770.

52.

Pommerening

(2007) Resilience in organisations and systems: Background and trajectories of an emerging paradigm. CIP programme discussion paper. Fairfax, VA: George Mason University.

53.

Power

(2004) The Risk Management of Everything: Rethinking the Politics of Uncertainty. London: Demos.

54.

Pruyt

Wijnmalen

(2010) National risk assessment in the Netherlands: A multi-criteria decision analysis approach. Multiple Criteria Decision Making for Sustainable Energy and Transportation Systems: Lecture Notes in Economics and Mathematical Systems 634(2): 133–143.

55.

Rademaker

(2008) National security strategy of the Netherlands: An innovative approach. Information and Security: An International Journal 23(1): 51–61.

56.

Rasmussen

(2002) ‘A parallel globalization of terror’: 9-11, security and globalization. Cooperation and Conflict 37(3): 323–349.

57.

Schwartz

(1996) The Art of the Long View: Planning for the Future in an Uncertain World. New York: Currency Doubleday.

58.

Secretary-General of the European Commission (2011) Risk Assessment and Mapping Guidelines for Disaster Management. Brussels: European Commission.

59.

Switzerland (1999) Risikoprofil Schweiz [Risk Profile Switzerland]. Unpublished document, Bern.

60.

United Kingdom (2008) National Risk Register. London: Cabinet Office.

61.

United Kingdom (2010) National Security Strategy. London: Cabinet Office.

62.

US Department of Defense (2010) Quadrennial Defense Review Report. Washington, DC: Department of Defense.

63.

US Department of Homeland Security (2011) DHS Adopting Integrated Risk Management Approach. Washington, DC: Department of Homeland Security.

64.

Villumsen

(2008) Theory as Practice and Capital. Copenhagen: University of Copenhagen.

65.

Williams

(2003) Words, images, enemies: Securitization of international politics. International Studies Quarterly 47(4): 511–533.

66.

Zebrowski

(2008) Governing the network society: A biopolitical critique of reslience. Political Perspectives 3(1). Available at: http://www.politicalperspectives.org.uk/wp-content/uploads/2010/08/Vol3-1-2009-4.pdf (accessed 17 October 2011).