Assessing Contemporary Crises: Aligning Safety Science and Security Studies
Assessing Contemporary Crises: Aligning Safety Science and Security Studies
- Bibi van den Berg, Bibi van den BergInstitute of Security and Global Affairs, Leiden University
- Ruth PrinsRuth PrinsResearch Fellow, Leiden University
- and Sanneke KuipersSanneke KuipersInstitute of Security and Global Affairs, Leiden University
Security and safety are key topics of concern in the globalized and interconnected world. While the terms “safety” and “security” are often used interchangeably in everyday life, in academia, security is mostly studied in the social sciences, while safety is predominantly studied in the natural sciences, engineering, and medicine. However, developments and incidents that negatively affect society increasingly contain both safety and security aspects. Therefore, an integrated perspective on security and safety is beneficial. Such a perspective studies hazardous and harmful events and phenomena in the full breadth of their complexity—including the cause of the event, the target that is harmed, and whether the harm is direct or indirect. This leads to a richer understanding of the nature of incidents and the effects they may have on individuals, collectives, societies, nation-states, and the world at large.
- Governance/Political Change
An Integrated Conceptualization of Security and Safety
Security and safety are key topics of public concern. Open any newspaper, switch on a news program on television, or browse news sites online, and pandemics, floods and hurricanes, terrorist threats, insurgencies and war, acts of crime, the impact of climate change, illegal migration, and industrial accidents will dominate the headlines. All are examples of phenomena and events that are either security or safety issues.
Safety and security have also become popular topics of academic inquiry since the past century. Interestingly, however, they are topics of study in separate disciplines—in quite far-removed fields of science. Security is the central notion of study in the field of security studies, which is a subdomain of international relations (Bourne, 2014; Buzan et al., 1998; Collins, 2013; Klare & Chandrani, 1998; Ullman, 1983; Williams, 2008). The latter is a branch of the discipline of political science. Security is a key concept for social scientists and a handful of humanities scholars (Bourbeau, 2015; Herington, 2012; John, 2011; Rothschild, 1995; Waldron, 2011). Safety, in contrast, is studied in a number of branches of the natural sciences, especially those with an engineering orientation, for example, aviation, industry, road safety, and so on. Collectively, these safety-oriented subfields are called the safety sciences (Aven, 2014; Berg, 2010; Hollnagel, 2014; Hopkins, 2014). Safety is also a central notion in several subfields of medicine, especially where the focus is on public health or workplace safety (Boin, 2008; Cooper, 2000; Weick et al., 2008). Thus, security is a key concept for social scientists, while safety finds its place in the natural/engineering sciences and medicine (with notable exceptions, see, e.g., Pursiainen, 2018, who expands the notions of risk and safety beyond the engineering domain into the societal security domain). While it may seem unproblematic that two concepts are a topic of investigation in disparate scientific fields, there are several reasons to challenge this situation.
First, while the English language uses two distinct words—security and safety—in many other languages, there is a single term to cover both: Sicherheit in German, veiligheid in Dutch, sécurité in French, and sicurezza in Italian. Apparently, in these languages, there is an implicit understanding expressing the fact that safety and security are elements of a single idea or that these terms refer to a unified cluster of phenomena. So, why separate them academically? And what is more, why separate them in such disparate branches of science?
Second, our everyday interpretations, conceptions, and uses of the terms security and safety are fuzzy. For example, the notion of child safety expresses concerns about the physical, mental, and emotional protections that need to be in place so that children are not harmed. At the same time, when children (or adults) are at the receiving end of terrorist threats, such threats constitute a security risk. Similarly, when concerns arise over potential risks to networks and computer systems, these are called cyber security risks, yet industrial safety relates to the practices and processes of making factories secure. Everyday language on safety and security is messy. Therefore, one may wonder why academics feel they can (and should) separate these notions by focusing exclusively on security or safety rather than on both.
Finally, and most importantly, in our interconnected, globalized world, the challenges that security studies scholars study increasingly involve safety aspects, while the challenges that safety scientists study increasingly contain security aspects. To see how this works and what benefits could result from a more inclusive interpretation of these two notions, this article proposes an integrated conceptualization of security and safety.
To achieve an integrated conceptualization, it first requires clarity on how to broadly categorize security and safety issues and how to distinguish them from other phenomena (“Security and Safety: A First Delineation”). The next sections—“Security Studies” and “Safety: An Undertheorized Concept”—focus on how security and safety are conceptualized in their respective academic disciplines. The section “A Proposal for an Integrated Perspective on Security and Safety,” as the title says, presents a proposal for a new conceptualization, which covers the breadth of everyday experience and could contribute to a more integrated approach to security and safety. New definitions for these two terms are provided and integrated into a single framework. The article ends with an explanation of how this new conceptualization can be used and what it contributes over and against existing paradigms (“Using the Integrated Perspective on Security and Safety”).
Security and Safety: A First Delineation
What is security? What is safety? To which set of phenomena do these terms refer? Let us begin by delineating safety and security issues from other issues by answering another question: What sets safety and security issues apart from other issues or challenges? There are two elementary necessary and sufficient conditions that need to be met before something qualifies as a safety or security issue.
First, safety or security issues only exist when there is harm involved. Safety and security revolve around risks of a specific kind: whenever there is a potential for damage, a risk of harm. Note that harm may be small or big, brief or lasting, and can come in a wide variety of guises. Harm, in turn, is directly related to vulnerabilities (Alexander, 2000; Cutter, 1993; Perrow, 2007; Ullman, 1983; Wisner, 1993; Wisner et al., 2012a, 2012b). It is due to the fact that human beings, objects, institutions, or structures have vulnerabilities—weaknesses—that they may potentially come to harm in the first place. Should they lack vulnerabilities, there would be no risk of harm.
Second, traditionally safety and security issues only pertain to harm that affects human beings. Harms that do not affect humans are not generally considered to be safety or security issues. An example may illustrate how this works. When a volcano erupts and lava pours out, this can easily lead to physical harm to people or structures in the vicinity. One historical example of a destructive volcanic eruption was that of the Vesuvius in Italy in the year 79, which took 3,360 lives.1 The eruption of the Nevado del Ruiz in Columbia in 1985 was one of the deadliest ever. It took the lives of approximately 23,000 people. Volcanic eruptions, then, are a risk to human safety. However, not all volcanic eruptions lead to potential harm to people, either directly or indirectly. As a matter of fact, most volcanic eruptions do not. In the Mariana Trench, deep at the bottom of the Pacific Ocean, volcanic eruptions occur continually. Yet these do not lead to any harm to people. People do not even notice that they happen. Hence, volcano eruptions of this kind would hardly qualify as safety risks. An exception to this rule may be the burgeoning literature on ecological safety and environmental security. These literatures focus on harm done to nature by humans, again nicely organized along the safety-security divide: as a by-product of engineering (ecological safety) or as a result of war and depletion (environmental security) (Barnett, 2009).
Third, it is important to make a distinction between direct and indirect harm to humans (see figure 1). The terms “direct” and “indirect” refer to the first locus of the manifestation of a harm. Direct harms are harms that manifest directly in or on a human being. Indirect harms, by contrast, are harms that first manifest outside human beings, in their possessions, in other people, in the larger environment in which they operate, or in relation to core values and institutions that they hold dear, and that affect human beings through the damaging effects they have on those possessions, people, core values, or on the environment.
Direct and indirect harms each can take various forms, as Figure 1 shows. The most obvious form of direct harm is that of bodily injury, for instance when someone is harmed in a car accident or a terrorist attack, or when someone contracts a virus that causes them to become ill. Direct harms do not need to be physical; they can also impact the relationships between people. For example, when someone suffers the consequences of social exclusion this is called a social harm.
Some forms of harm may affect people either directly or indirectly. Mental-emotional harm is a prime example. Human beings can suffer direct mental-emotional harm, as is the case when they suffer a traumatic experience such as being bullied. But they can also suffer indirect mental-emotional harm, for instance when they are subjected to impairing emotions due to losing their home in a fire.
Indirect harms are all harms that affect humans as a second-order effect. They first manifest outside human beings and only secondarily affect humans as a result of the damage they do to the “unit” in which the harm first manifests. An example of indirect harm is when animals are affected by the impact of a chemical spill. These chemicals may harm humans’ physique indirectly when the same animals are part of the human food chain. Indirect harm occurs when humans are affected physically by eating these animals. Indirect harm can also be more subtle, for example when shifts in an ecosystem lead to (longer term, more diffuse) indirect harm to humans. Three main categories of indirect harm are financial, physical, and societal. Financial harm refers to the financial costs and consequences inflicted on people. Physical harm involves destruction of or damage to objects, such as properties but also to animals, as was made clear in the chemical spill example. Societal harm refers to the impact that threats to institutions (e.g., to democracy) or to core values (e.g., civil liberties or public order) may have on human beings.
Note that the category of entities whose destruction or impairment can have a harmful effect on humans is extremely varied: It ranges from objects to habitats and environments, it may include other human beings, and institutions and even (core) values. In a more abstract phrasing, therefore, one could say that indirect harm is harm to entities outside human beings, which in turn generates some form of harm to human beings.
While a distinction between direct and indirect harm may be useful to pinpoint the first locus in which a harm materializes, it is important to note that oftentimes harm has direct and indirect aspects all rolled into one. When employees in a factory are harmed in a large-scale industrial accident, they may have physical injuries and suffer from nightmares afterward (direct harm), but they may also struggle emotionally because they have witnessed other people getting hurt, or they suffer the financial consequences of not being able to work while the factory is rebuilt (indirect harm).
After this first demarcation of safety and security as phenomena, the discussion of the ways in which these two notions have been studied within academia begins with the concept of security.
Since its emergence in the middle of the 20th century, researchers in security studies have been engaging in—sometimes heated—debates on the meaning of the core concept of their discipline: security (Baldwin, 1997; Bourbeau, 2015; Buzan et al., 1998; Giddens, 1991; John, 2011; Rothschild, 1995; Schäfer, 2013; Walt, 1991; Wolfers, 1952; Zedner, 2002). As mentioned earlier, security studies is a subdiscipline of international relations, which in turn is a branch of political science. It gained momentum at the end of the Second World War, especially in light of the emergence of the Cold War (Bourne, 2014). Because of the geopolitical tensions at the time, for the first few decades, the discipline viewed security primarily in relation to nation-states, and research focused almost exclusively on military or other interstate threats.
In the 1970s and 1980s, the conceptualization of security gradually started to change. Many researchers in the field have pointed out that there was a twofold change (Browning & McDonald, 2013; Paris, 2001; Walt, 1991). First, the notion of security was broadened to include threats and risks other than military ones, for example environmental degradation, (international) crime, mass migration, terrorism and political violence, and—in recent times—cybersecurity. Second, it was also deepened, to include levels and actors other than the nation-state, both as the main body involved in ensuring security and as the central “referent object”—the target at which security efforts are directed (Bourbeau, 2015). Security efforts, researchers have pointed out, are targeted at different levels: not only at the level of states (“national security”; see Ullman, 1983), but also at the substate level of individuals (“human security”; see Hampson, 2008), groups (“societal security”; see Buzan et al., 1998), and the suprastate level of regions or even the entire globe (“world security”; see Booth, 2007). Moreover, security is a topic on the agenda not only for nation-states but also for a wide variety of other actors: private actors (businesses and organizations), collectives (nongovernmental actors, lobby groups, NGOs), and individuals.
While many scholars in the field of security studies have come to embrace the broadening and deepening of the concept of security, there are some who argue this development is unwise. Over the years, several lines of criticism have been presented. Most importantly for this article, critics argue that by widening the scope of the notion of security to include a variety of nonmilitary threats, the meaning of the notion of security has been weakened, making it more difficult to demarcate a clear and well-identified object and, by extension, field of study within academia. This may affect the quality of the research done in this field and lead to significant challenges for the development and application of theories. The academic study of security, these critics argue, needs a solid conceptualization and a clear definition of security. The current dilution of the concept undercuts a firm academic foundation for the field, or so the argument goes.
It is easy to see where this line of argumentation fails. When scientists start investigating a new object of study, they often try to remove some of the complexities of this object in the early stages of the research to focus only on a subset of the object in its entirety. They peel away some of the real-world complexity of that object to make it easier to start investigating it in the first place. This is a common and entirely defensible strategy. One could argue classical security studies held onto a narrow definition of security in the first decades of its existence by focusing on single type of threats (military) endangering a specific referent object (nation-states). However, once a field of study matures, it is vital that scholars abandon oversimplifications they have accepted with respect to their object of study, so that their findings do justice to the richness of the object as it exists in the real world. It is contradictory to hold onto a limited perspective on security simply because that makes it easier to study, when, in fact, our everyday use of and our intuitions about this notion go far beyond these limitations. What is more, that there is no clear agreement on the widened notion of security does not mean that such a conceptualization cannot be found or accepted.
Two good reasons emerge to keep searching for a proper conceptualization. First, a proper demarcation and understanding of security is required to ensure that the phenomena that are studied in the field of security studies are properly articulated, well defined, and do justice to the complexity of this phenomenon that seems to exist in the real world. The object of study must be clearly demarcated and identified in order for solid academic study to be possible. Second, by conceptualizing security properly, it becomes easier to delineate more clearly which phenomena do and do not fall under its scope. This, in turn, enables us to look more critically at the political and practical context in which security incidents arise. It enables us to develop a solid toolkit that can be used to evaluate whether incidents and phenomena are justifiably labelled as “security” issues, hence facilitating a discussion of the viability and legitimacy of actions undertaken under its umbrella.
Now that the background of the debate on the meaning of security in the field of security studies is more clear, a closer look at which conceptualizations are used in this discipline is warranted. One of the most often cited definitions of security is that of Arnold Wolfers: “measures the absence of threats to acquired values” (Wolfers, 1952, p. 451). Security thus pertains to threats, with an external force that seeks to harm a person or what they hold dear, such as “acquired values.” What is essential to take from this interpretation of security is that threats are activities that are instigated intentionally. A threat implies that there is an active, purposeful intent behind the activity that causes that threat. Hence, criminal acts or terrorist activities are considered threats to security. Thus, in the field of security studies, the key notion is taken to mean the following: Security refers to the prevention of intentional threats that may harm human beings, their possessions, or “acquired values.”
Note that the focus in this conceptualization of security places emphasis, first and foremost, on the instigator(s) of potential harm, not on the victims, those at the receiving end. Scholars in security studies seek to understand, for example, why countries struggle for power and go to war, or how networks of criminals organize themselves and what can be done against them, or how people radicalize and turn to terrorist activities, or what states and the international community can do against the rise of cybersecurity risks. All of these endeavors are focused primarily on the (human, intentional) causes of threats to security, what terrorism studies call “left of bang” (Forcese, 2017), not the “right side of bang” (De Roy van Zuijdewijn, 2021).
An important exception in this area is the rise of studies on complex emergencies. This literature focuses on regions suffering from violent conflict and political instability that results in or aggravates disasters requiring humanitarian interventions (UNOCHA, 2018). These situations, labeled complex emergencies, for instance, include cholera epidemics among vulnerable populations due to supply-chain disruptions (Deudney & Matthew, 1999; Harpring et al., 2021; Stern, 1995). These studies, from a medical or humanitarian aid angle, look at the consequences of prolonged security violations in terms of providing relief for human suffering or other interventions aimed at disaster risk reduction.
Safety: An Undertheorized Concept
In contrast to security studies scholars, in the field of safety science there is not so much discussion on the notion of safety. One could even argue that the notion of safety is “undertheorized,” it is taken as a given, and no substantial debate has taken place in this field (or any other, for that matter) on what this concept means. Safety is a key concept in a number of different fields of science, ranging from engineering and environmental science to (bio-)medicine and public health (Guarnieri, 1992). Research into safety began in the 1800s, as scientists sought to gain a better understanding of the causes of all sorts of accidents. Accidents have, of course, always been a part of human life. But in the 19th century, two significant developments arose that led to the emergence of safety as an object of scientific study. The first development was the improvement of living conditions and medical knowledge throughout the 1800s. This led to a “declining death rate from infectious diseases,” which in turn “shifted attention to other causes of mortality” (Guarnieri, 1992, p. 152). The second development, the Industrial Revolution, increasingly exposed workers to the dangers of complex human inventions, in the form of machinery, and workplace accidents. With the rise of insurance plans for workplace accidents in the early 20th century, a true need for a scientific understanding of the scope and size of this problem—safety in the workplace, the numbers of people harmed, and the main reasons why they were harmed—led to the first academic studies on the topic.
Studying accidents has been a central theme in the various fields that collectively make up what has come to be called safety science for the last century (Aven, 2014; Oostendorp et al., 2016). Gradually, however, the topic of study broadened to include the myriad ways in which people may come to harm, not only through accidents but also through other adversities, for example as a result of natural disasters, through environmental factors, or through diseases. Over time, the all-hazards approach to studying safety has become more and more quantitative. “Risk management” is the main approach to investigating safety issues in relation to, for example, aviation or traffic, environmental risks, occupational or epidemiological risks, and so on. Risk management consists of a number of steps: identifying risks, analyzing them, assessing what their likelihood and impact is, developing means and methods to mitigate these risks, and monitoring whether these interventions are effective at reducing risks after their implementation (Berg, 2010). Note that the goal of risk management is not to eliminate specific risks entirely. In many cases this is impossible to begin with, and in others it would require unreasonably large investments to be made, both in terms of money and effort. Instead, risk management seeks to establish how, as well as to which degree, dangerous or potentially harmful phenomena can be reduced to what has come to be termed “acceptable risk levels” (Aven, 2014; Giddens, 1999; Hollnagel, 2014).
While the safety sciences have been working toward understanding and improving safety issues in relation to a variety of real-world contexts for over a century, what is striking is that no significant, in-depth discussion about the meaning of its key concept has taken place in this domain. Safety scholars appear to assume that an implicit understanding of the goal of their endeavors—to understand sources of harm to humans, and to create protections against the materialization of that harm—suffices for its accomplishment. Considering the practice-oriented nature of much of the work that is done in engineering, in (bio-)medicine, in environmental science, in epidemiology, and in public health, perhaps they are right.
Moreover, from the focus that safety science has taken, one can deduce a number of implicit assumptions, or demarcations, of the concept of safety. First, due to its original emphasis on studying accidents, to this day a sizable part of safety science leans toward understanding nonintentional aspects of harm that may befall humans. Safety scientists study the effects of floods, earthquakes, and other nature-induced disasters. They seek to understand the spread of viruses and other public health risks. They study the causes of airline accidents and near misses or industrial accidents. None of these phenomena is caused intentionally by anyone. They are accidental, in the broadest sense of the word. When no purposeful intent is present, scholars refer to hazards or dangers (safety) instead of threats (security).
Second, safety scientists are geared to understanding which vulnerabilities, which risks and dangers exist, how likely it is that they will materialize and what their impact will be once they do, and how to mitigate that likelihood and impact to protect humans better. In contrast with security studies scholars, then, safety scientists are more interested in whoever is at the receiving end of all sorts of dangers. They seek to directly or indirectly protect humans, first and foremost, rather than take away the causes of harm—which is entirely logical, given the accidental, nonintentional nature of many of the phenomena that form their object of study.
On the basis of these two silent assumptions, the following definition of the concept of safety applies in the safety sciences: Safety refers to the prevention or reduction of unintentional harm to human beings, their possessions, or “acquired values.”
After the discussion on how security and safety are conceptualized in security studies and safety science, it is time to return to the goal of this article: To investigate whether a more integrated approach to these concepts would be feasible, and what it would lead to.
A Proposal for an Integrated Perspective on Security and Safety
Security studies focus on the cause of harm and are mostly interested in intentional threats, while in the safety sciences the focus lies on the target of harm, that is, on improving protections for humans against potential dangers (especially accidental harm). Therefore, in their respective conceptualizations of security and safety, these two disparate fields of study only see half of the problem. After all, security and safety challenges, ultimately, are about understanding sources of risk (security studies) and the possible interventions (safety science) to reduce the likelihood of risks turning into incidents and leading to grave harm. This means that, rather than looking only at the causes of harm, security studies scholars could benefit from a wider view by also including the impact of security threats, as well as possible protections and solutions to reduce the risk of harm materializing. Similarly, scholars in the field of safety science, whose primary focus is on the impact of dangers, and the protective mechanisms that could be developed against them, could benefit from a deeper understanding of the causes of said dangers.
An integrated perspective on safety and security, which studies hazardous and harmful events and phenomena in the full breadth of their complexity—including the cause of the event, the target that gets harmed, and whether this harm is direct or indirect—would ultimately lead to a richer understanding of the nature of these events and phenomena and the effects they may have on individuals, collectives, societies, nation-states, and the world at large. More importantly, such an integrated perspective is all the more urgent in light of the way security and safety challenges materialize and pan out. Due to the effects of globalization (Burke et al., 2016; Hildebrandt, 2013; Swyngedouw, 2004; Zedner, 2002), the pervasiveness of digital networked technologies (Chandler, 2009; COT, 2007; Taipale, 2004), and the interwoven character of financial markets (Deibert & Rohozinski, 2010), security or safety incidents may start locally but spread across borders rapidly, and in some cases even reach a global scale (Van den Berg et al., 2019). Drought and water scarcity can easily lead to violent conflict between two nation-states, which in turn can become regional as intervention forces from other nation-states become involved. As a result of this conflict, large numbers of refugees may seek to flee from the violence and migrate over great distances to other countries to find safety. An integrated perspective on security and safety helps unravel both the causes and targets of these often connected and multifaceted types of indirect and direct harm to humans.
What is more, the complexity of safety and security incidents themselves has increased in modern times in such a way that one could argue that oftentimes it becomes artificial to label them as either a security or a safety incident. In fact, an event may start out as a “classical” safety incident—let’s say an earthquake, a natural disaster—but in the wake of this incident, all sorts of security issues arise—for example, people start looting because they run out of food in the days after the earthquake, or that crime rates rise due to a lack of policing. Understanding such incidents through a safety or a security lens will only show us part of the picture. A safety science scholar would only study the likelihood of more earthquakes to come, the impact they may have in terms of structural damage, or the physical protections that could be created to reduce the impact of earthquakes in the future. A security studies scholar would only study the intentional harm generated after the event and take the earthquake itself as a given. Neither would seek to deepen our understanding of the connections between the two. This is precisely what our integrated approach to security and safety seeks to do.
To come to such a perspective, two new definitions of security and safety arise, which incorporate the elements of (a) harm to humans, (b) the possibility of direct and indirect harm, and (c) the question of causation (intentional vs. accidental): Security is about protections against intentional threats by humans and about their consequences in terms of direct and indirect harms for humans. In contrast, safety is about protections against the causes and consequences of nonintentional harms, which put humans in danger either directly or indirectly.
Using the Integrated Perspective on Security and Safety
So how does having these new definitions of safety and security help? What can an integrated perspective on security and safety bring, and what does it reveal that the existing, separate approaches to security and safety in their respective scientific disciplines do not show? First and foremost, an integrated perspective enables us to unravel and understand real-world cases—examples of security or safety incidents—in their full complexity. It enables us to see the full specter of such cases, to include both security and safety aspects into our analysis. Second, bringing together safety and security into a single perspective may build bridges between the approaches, methods, findings, and ideas of safety science, on the one hand, and security studies, on the other hand. Both academic disciplines independently generated significant insights into their respective areas of study since the middle of the 20th century. However, no solid cross-disciplinary learning has occurred between these disparate disciplines to this date. This is unfortunate, since in our view each discipline could potentially push beyond its boundaries by learning from the methods, lenses, and approaches the other has to offer. An integrated perspective facilitates cross-fertilization and an interdisciplinary approach to modern-day safety and security challenges. This section will illustrate the advantages of an integrative approach to safety and security using three case examples.
The 2010 Earthquake in Haiti
On January 12, 2010, Haiti was struck by an earthquake with a magnitude of 7 on the Richter Scale. It was a devastating earthquake, and according to outside sources, between 100,000 and 160,000 people lost their lives. The Haitian government argues the number is much higher; according to government officials the death toll for this earthquake ranges between 220,000 and 316,000 people (DesRoches et al., 2011). Approximately 250,000 houses and 30,000 commercial buildings were damaged or collapsed completely as a result of the earthquake. The vital infrastructure in Haiti—roads, airports, hospitals, telecommunications systems, and so forth—were all severely damaged (Pallardy, n.d.). This made the distribution of international aid incredibly complicated. To make things even more complex, in the aftermath it was unclear who was responsible for what and who was in charge of the country.
This crisis situation was set in motion by an earthquake that can be categorized as an unintentional event, making the Haitian crisis a safety case. The Haitian earthquake has been subjected to studies taking a safety science approach. Geologists analyzed the fault lines in the earth’s surface surrounding Haiti and discovered which combination of forces caused the earthquake (Bilham, 2010). They found that a new fault line had emerged, explaining the severity of the earthquake (Calais et al., 2010). Using risk management methods, safety researchers argued that, building on experiences with similar events, the risk of reoccurrence of another devastating earthquake was high in Haiti. Earthquake engineers focused on the material impact of the event in an attempt to determine why there was so much damage and discovered that most buildings were made with poor quality construction materials, such as brittle steel or weak cement. Therefore, the death toll was far higher than it might have been had more advanced construction methods been used (Marshall et al., 2011). When the engineering perspective is combined with the geologists’ insights about the new fault line, it becomes clear that there is great urgency in rethinking how to make buildings in Haiti more earthquake-proof. Both of these insights relate to the safety aspects of this case. Geologists and engineers are interested in mapping the impact of an earthquake on particular targets, searching primarily for technical explanations and calculated risks aimed at developing improved protections against these unintentional dangers. This places these studies in the realm of safety science.
However, the 2010 Haiti earthquake is not just a safety case. In the aftermath of this case, numerous security risks arose as well; the most obvious were related to crime. There were significant increases in crime and violence relating to, for example, gangs and sexual violence (Kolbe et al., 2010). Through crime and a lack of central authority, security issues were generated by human beings after the earthquake. Financial instability and the lack of basic needs exacerbated these risks. Criminologists and social scientists study how and why that happens and how these security risks can be mitigated in the aftermath of crisis and disaster. Their efforts belong to the security domain as they focused on the causes of intentional harm and took a social science perspective. Up until now, both the safety and security aspects of the 2010 Haiti earthquake have been studied in great detail, but in an isolated fashion. With the exception of viewing the case as a complex emergency, which relates the supply-chain disruption in conflict zones or disaster areas to further safety consequences such as epidemics (Harpring et al., 2021), the relation between security and safety insights is often absent. Their crucial but rather fragmented insights will clarify only part of the complex challenges of modern-day crisis management. An integrated perspective would bring these together and allow for alignment of both intentional and unintentional causes and effects and of both technical and social dynamics of a crisis. This would facilitate an improved analysis and response to the complexity of the crisis, and an enriched method for managing future risk in this domain through weighing and combining experiences and interventions from both the safety and security approaches to crisis.
Assessing the Haiti case from an integrated perspective enables us to see how a predominant safety case—human beings are harmed by an unintentional event, in this case an earthquake—eventually led to security risks—human beings harming others by committing crimes—during the devastating aftermath. The combined insights might help crisis managers to see, understand, and address the multiple, interrelated types of harm inflicted on human beings during the Haiti earthquake and to better prepare for the multitude of factors that emerge in the aftermath of such events in the future. The case requires attention for both unintentional (earthquake) and intentional sources of harm (criminal/deviant behavior) and for both causes (the forces of nature and human behavior) and targets (buildings, infrastructure, and people). Merging the two approaches into a more integrated whole would better illuminate how each piece fits into the larger puzzle of the crisis to be managed.
WannaCry and the National Health Service
On May 12, 2017, a global ransomware attack took hold across hundreds of organizations on multiple continents, locking users out of their infected hardware in return for a ransom. Among those hit was the UK National Health Service (NHS), including 34 directly affected hospitals. When staff was unable to access information systems and medical devices, such as scanners, hospital operations came to a grinding halt. In case of such an attack, hospitals literally go “blind” with respect to crucial patient information that disables staff to administer even the most basic care such as the correct medication to patients or monitoring their vital functions. Hospitals directly affected had to cancel over 13,500 outpatient appointments, potentially delaying critical care. Though the kill switch was found within 12 hours after the attack, it caused disruption that continued for a week after the virus was brought to a halt (Alford, 2019).
Cybersecurity specialists focus on preventing breaches, attacks, and other security incidents in the traditional “left side of bang” domain of security studies. Their focus is on trying to prevent the exploitation of vulnerabilities in computer systems, in data, and in networks through a wide range of technical and organizational interventions. One of the key elements to note is that the ransomware attack was not explicitly targeted at the NHS. This particular form of malware indiscriminately affected multiple organizations across the globe, including FedEx, Nissan, Bank of China Telefonica, and the Russian Railways (Delerue, 2020). It was an intentional attack, but not an attack aimed at specific parties—rather like a scattergun approach. Seen from a security perspective, the incident at NHS was preventable. Microsoft had released a critical patch 59 days prior to the attack, yet many organizations had failed to update their computer systems accordingly. This may come as no surprise to healthcare specialists, as in previous years NHS still had thousands of computers running on Windows XP—a version Microsoft no longer supported or maintained (Ehrenfeldt, 2017, p. 104). This left the health services highly vulnerable to malware, let alone completely unprepared for their consequences.
Healthcare specialists on the safety end of the spectrum still struggle to calculate the complete impact on patient care and patient health (Ghafur et al., 2019). As data were not collected during the attack and during the disruption immediately after, it is clear which services and systems were disrupted but the health consequences from cancelled appointments, rescheduled operations, diverted ambulance rides, and so on remain unclear (United Kingdom National Audit Office, 2018). Only losses in terms of economic value (a staggering 5.9 million British pounds) compared to baseline estimates for the disruption week have been computed, but no increase of mortality has been reported, which is arguably a very crude measure of patient harm (Ghafur et al., 2019, p. 1). Experts acknowledge that cybersecurity should become a patient safety concern, underlining the core claim of this article.
As we continue to rely evermore on technology, effective cybersecurity should be a fundamental part of the healthcare culture. Any breach, loss, or corruption of patient data can paralyse a hospital, harm individuals, and erode patients’ trust in healthcare systems that are regularly under threat as they are a rich source of data and present a soft target.(Martin et al., 2018, p. 1)
How could an integrative perspective on safety and security help researchers understand the (impact of the) WannaCry crisis better? The WannaCry incident is a clear example of blurring boundaries between safety and security. It revolves around an intentional act (security) by perpetrators to lock computer systems with the promise (but not the guarantee) of unlocking them when a ransom is paid. Cybersecurity specialists are primarily interested in understanding how to prevent the exploitation of vulnerabilities in systems, networks, and data. However, understanding the impact of attacks, once prevention has failed and a crisis has arisen, is not part of their current focus. Safety scientists, by contrast, are interested in precisely this impact: understanding how incidents in and via cyberspace can lead to harm in the physical world. In this particular case, this harm involves patient health. What makes this a combined safety and security case, then, is the fact that intentional activities in the digital realm (security) lead to consequences for patient health (safety) in the real world. By using an integrated perspective, it becomes possible to combine an understanding of the role of intentionality in generating such attacks with a deeper appreciation of the real-world impact of incidents. This facilitates a more comprehensive description of the WannaCry crisis.
On July 17, 2014, a Malaysia Airlines Boeing 777 that had departed that afternoon from Amsterdam Schiphol airport was downed near Donetsk in Ukraine with 298 people on board. None of the passengers or crew survived the crash. They were killed in midair, due to a local violent conflict on the ground, without ever realizing they were not in a safe place. Separatists in a war zone below had launched a surface-to-air missile that instantly brought down a civilian plane that unknowingly happened to be at the wrong place at the wrong time (Kuipers et al., 2020).
“From time to time, when major aviation-related accidents or tragic events take place, the whole world is shaken” (Klenka, 2017, p. 128). The crash shocked the world because it had serious implications for international aviation safety: Precautions for deciding flight routes that were previously taken for granted were now exposed as inadequate. This case illustrates how the root cause of this aviation disaster relates to the completely separate study and management of security and safety risks.
Persistent boundaries exist between safety and security as separate policy domains and networks in civil aviation (Van Asselt, 2018). Yet, as Kuipers et al. (2020) show, transboundary crises such as the MH17 crash are caused by security threats (i.e., a conflict on the ground) resulting in the most extreme violation of aviation safety (airline crew and passengers becoming the victims of a crash). International civil aviation agreements (international rules and obligations on the operational safety of the aircraft such as personnel licensing and airworthiness) are home to safety regulations and risk assessments but do not include security threats. Meanwhile, policies and interventions in aviation security (“safeguarding civil aviation against acts of unlawful interference”; International Civil Aviation Authority, 1944/2017) almost exclusively focus on airport and passenger screening (Klenka, 2017, p. 129). So security measures aimed at preventing intentional, violent acts are implemented on the ground, before take-off and after landing. Safety regulations mainly pertain to guaranteeing the quality of trained personnel and the quality of the systems and the plane in flight. Yet, the MH17 case illustrates that some security threats occur in-between departure and arrival and do not originate from unlawful acts in the airport or on the plane. “Yet while aviation safety regulations focus on unintentional harm, security threats on the ground are insufficiently systematically included in risk assessments by airlines” (Kuipers et al., 2020, p. 132; also see Dutch Safety Board, 2015; Klenka, 2017; Van Asselt, 2018).
All three cases illustrate how safety and security risks and consequences are inextricably linked, and they should not be studied in isolation if one wants to understand the cases and prevent their reoccurrence.
Safety and security are high on the agenda in societies around the world in the 21st century. That means that it becomes all the more urgent that academics develop theories, lenses, and methods to help societies understand and respond to modern-day safety and security challenges. The integrated perspective on security and safety proposed can function as one such lens. The richness of current complex and global security and safety challenges can be explained under this unified perspective and different aspects can be addressed and interlinkages can be understood in all their complexity, using a variety of insights and ideas that were formerly kept separate by the disciplinary boundaries that surrounded them. Using this integrated perspective is a next step in the maturing sciences that study security and safety; it does justice to the real-world use of the terms that are at the heart of that endeavor; and, most importantly, it aligns with real-world practice, to the challenges that confront us today, tomorrow, and in the upcoming years.
- Alexander, D. (2000). Confronting catastrophe: New perspectives on natural disasters. Oxford University Press.
- Alford, J. (2019). NHS cyber attacks could delay life-saving care and costs millions.
- Aven, T. (2014). What is safety science? Safety Science, 67(925), 15–20.
- Baldwin, D. A. (1997). The concept of security. Review of International Studies, 23(1), 5–26.
- Barnett, J. (2009). Environmental security. In R. Kitchin & N. Thrift (Eds.), International encyclopedia of human geography (pp. 553–557). Elsevier Science Direct.
- Berg, H.-P. (2010). Risk management: Procedures, methods and experiences. Reliability: Theory & Application, 1(17), 79–95.
- Bilham, R. (2010). Lessons from the Haiti earthquake. Nature, 463, 878.
- Boin, A. (2008). Crisis management (Vol. 3). SAGE.
- Booth, K. (2007). Theory of world security. Cambridge University Press.
- Bourbeau, P. (2015). Security: Dialogue across disciplines. Cambridge University Press.
- Bourne, M. (2014). Understanding security. Palgrave Macmillan.
- Browning, C. S., & McDonald, M. (2013). The future of critical security studies. European Journal of International Relations, 19(2), 235–255.
- Burke, A., Lee-koo, K., & McDonald, M. (2016). An ethics of global security. Journal of Global Security Studies Advance, 1(1), 64–79.
- Buzan, B., Waever, O., & Wilde, J. D. (1998). Security: A new framework for analysis. Lynne Rienner.
- Calais, E., Freed, A., Mattioli, G., Amelung, F., Jónsson, S., Jansma, P., Hong, S.-H., Dixon, T., Prépetit, C., & Momplaisir, R. (2010). Transpressional rupture of an unmapped fault during the 2010 Haiti earthquake. Nature Geoscience, 3, 794.
- Chandler, J. (2009). Privacy versus national security: Clarifying the trade-off. In I. R. Kerr, C. Lucock, & V. Steeves (Eds.), Lessons from the identity trail: Anonimity, privacy and identity in a networked society (pp. 121–138). Oxford University Press.
- Collins, A. (2013). Contemporary security studies (3rd ed.). Oxford University Press.
- Cooper, M. D. (2000). Towards a model of safety culture. Safety Science, 36(1993), 111–136.
- COT–Instituut voor Veiligheid en Crisis Management. (2007). Notions of security shifting concepts and perspectives. Deliverable 1, work package 2 in Transnational Terrorism, Security and the Rule of Law, project financed by the European Commission under the Sixth Framework Programme ‘Citizens and Governance in a Knowledge-Based Society.’
- Cutter, S. L. (1993). Living with risk. Wiley.
- De Roy van Zuijdewijn, J. H. (2021). The aftermath: Meaning making after terrorist attacks [Unpublished doctoral dissertation, doctoral defense at 1 September 2021]. Leiden University.
- Deibert, R. J., & Rohozinski, R. (2010). Risking security: Policies and paradoxes of cyberspace security. International Political Sociology, 4(1), 15–32.
- Delerue, F. (2020). Cyber operations and international law. Cambridge University Press.
- DesRoches, R., Comerio, M., Eberhard, M., Mooney, W., & Rix, G. J. (2011). Overview of the 2010 Haiti earthquake. Earthquake Spectra, 27(1), S1–S21.
- Deudney, D. H., & Matthew, R. A. (Eds.). (1999). Contested grounds: Security and conflict in the new environmental politics. State University of New York Press.
- Dutch Safety Board. (2015). MH17 crash: Crash of Malaysia Airlines flight MH17.
- Ehrenfeldt, J. M. (2017). WannaCry, cybersecurity and health information technology: A time to act. Journal of Medical Systems, 41, 104.
- Forcese, C. (2017). Staying left of bang: Reforming Canada’s approach to anti-terrorism investigations. Ottawa Faculty of Law Working Paper Series, no 2017-23.
- Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., & Aylin, P. (2019). A Retrospective impact analysis of the WannaCry cyberattack on the NHS. NPJ Digital Medicine, 2(98), 1–7.
- Giddens, A. (1991). Modernity and self-identity: Self and society in the late modern age. Stanford University Press.
- Giddens, A. (1999). Risk and responsibility. The Modern Law Review, 62(1), 1–10.
- Guarnieri, M. (1992). Landmarks in the history of safety. Journal of Safety Research, 23, 151–158.
- Hampson, F. O. (2008). Human security. In P. D. Williams (Ed.), Security studies: An pntroduction (pp. 229–244). Routledge.
- Harpring, R., Maghsoudi, A., Fikar, C., Piotrowicz, W., & Heaslip, G. (2021). An analysis of compounding factors of epidemics in complex emergencies: A system dynamics approach. Journal of Humanitarian Logistics and Supply Chain Management, 11(2), 198–226.
- Herington, J. (2012). The concept of security. In C. Enemark & M. J. Selgelid (Eds.), Ethics and security aspects of infectious disease control (pp. 7–26). Ashgate.
- Hildebrandt, M. (2013). Balance or trade-off? Online security technologies and fundamental rights. Philosophy & Technology, 26(4), 357–379.
- Hollnagel, E. (2014). Is safety a subject for science? Safety Science, 67, 21–24.
- Hopkins, A. (2014). Issues in safety science. Safety Science, 67, 6–14.
- International Civil Aviation Authority. (2017). Convention on civil international aviation, annex 17: Safeguarding international civil aviation against acts of unlawful interference. Author. (Original work published 1944)
- John, S. (2011). Security, knowledge and well-being. Journal of Moral Philosophy, 8(1), 68–91.
- Klare, M. T., & Chandrani, Y. (1998). World security: Challenges for a new century (3rd ed.). St. Martin’s Press.
- Klenka, M. (2017). Aviation safety: Legal obligations of states and practice. Journal of Transportation Security, 10, 127–143.
- Kolbe, A. R., Hutson, R. A., Shannon, H., Trzcinski, E., Miles, B., Levitz, N., Puccio, M., James, L., Noel, J. R., & Muggah, R. (2010). Mortality, crime and access to basic needs before and after the Haiti earthquake: A random survey of Port-au-Prince households. Medicine, Conflict and Survival, 26(4), 281–297.
- Kuipers, S. L., Verolme, E., & Muller, E. (2020). Lessons from the MH-17 transboundary disaster investigation. Journal of Contingencies and Crisis Management, 28(2), 131–140.
- Marshall, J. D., Lang, A. F., Baldridge, S. M., & Popp, D. R. (2011). Recipe for disaster: Construction methods, materials, and building performance in the January 2010 Haiti earthquake. Earthquake Spectra, 27(S1), S323–S343.
- Martin, G., Ghafur, S., Kinross, J., Hankin, C., & Darzi, A. (2018). WannaCry: One year on. British Medical Journal, 361, 1–2.
- Oostendorp, Y., Lemkowitz, S., Zwaard, W., van Gulijk, C., & Swuste, P. (2016). Introduction of the concept of risk within safety science in The Netherlands focusing on the years 1970–1990. Safety Science, 85, 205–219.
- Pallardy, R. (n.d.). “Haiti Earthquake of 2020.” Encyclopedia Britannica.
- Paris, R. (2001). Human security: Paradigm shift or hot air? International Security, 26(2), 87–102.
- Perrow, C. (2007). The next catastrophe: Reducing our vulnerabilities to natural, industrial, and terrorist disasters. Princeton University Press.
- Pursiainen, C. (2018). The crisis management cycle. Routledge.
- Rothschild, E. (1995). What is security? Daedalus, 124(3), 53–98.
- Schäfer, P. J. (2013). The concept of security. In P. J. Schäfer (Ed.), Human and water security in Israel and Jordan (pp. 5–19). Springer Verlag.
- Stern, E. K. (1995). Bringing the environment in: The case for comprehensive security. Cooperation and Conflict, 30(3), 211–237.
- Swyngedouw, E. (2004). Globalisation or “Glocalisation”? Networks, territories and re-scaling. Cambridge Review of International Affairs, 17(1), 1–46.
- Taipale, K. A. (2004). Technology, security and privacy: The fear of Frankenstein, the mythology of privacy and the lessons of King Ludd. Yale Journal of Law & Technology, 7(1), 125–221.
- Ullman, R. H. (1983). Redefining security. International Security, 8(1), 129–153.
- United Kingdom National Audit Office. (2018). Investigation: WannaCry cyber attack and the NHS. Author.
- UNOCHA. (2018). 2018 Yemen humanitarian response plan. Author.
- Van Asselt, M. (2018). Safety in international security: A viewpoint from the practice of accident investigation. Contemporary Security Policy, 39(4), 590–600.
- Van den Berg, B., Hutten, P., & Prins, R. (2019). Security and safety: An integrative perspective. In G. Jacobs, I. Suojanen, K. Horton, & P. S. Bayerl (Eds.), International security management: New solutions. Springer.
- Waldron, J. (2011). Safety and security. Nebraska Law Review, 85(2), 455–508.
- Walt, S. M. (1991). The renaissance of security studies. International Studies Quarterly, 35(2), 211–239.
- Weick, K. E., Sutcliffe, K. M., & Obstfeld, D. (2008). Organizing for high reliability: Process of collective mindfulness. In A. Boin (Ed.), Crisis management (pp. 31–66). SAGE.
- Williams, P. D. (2008). Security studies: An introduction. Routledge.
- Wisner, B. (1993). Disaster vulnerability: Scale, power and daily life. GeoJournal, 20(2), 127–140.
- Wisner, B., Gaillard, J., & Kelman, I. (2012a). Framing disaster: Theories and stories seeking to understand hazards, vulnerability and risk. In B. Wisner, J. Gaillard, & I. Kelman (Eds.), The Routledge handbook of hazards and disaster risk reduction (pp. 18–34). Routledge.
- Wisner, B., Gaillard, J., & Kelman, I. (Eds.). (2012b). The Routledge handbook of hazards and disaster risk reduction. Routledge.
- Wolfers, A. (1952). “National security” as an ambiguous symbol. Political Science Quarterly, 67(4), 481–502.
- Zedner, L. (2002). The concept of security: An agenda for comparative analysis. Legal Studies, 23(1), 153–175.
1. Note that the most destructive volcanic eruption in recorded history took more than 27 times that number: The eruption of Tambora in Indonesia took 92,000 lives in 1815. Having said that, most people did not die of the direct physical impact of the eruption but of starvation after the event.