The Fundamentals of CARVER Target Analysis and Vulnerability Assessment Methodology
“Without data, you’re just another person with an opinion.”
—W. Edwards Deming
What is the CARVER Target Analysis and Vulnerability Assessment Methodology?
The CARVER Target Analysis and Vulnerability Assessment Methodology is a system which uses specific procedures, that are both qualitative and quantitative in nature, to interpret and determine the Probability of Attack (Pa) from an adversary against critical infrastructure assets and/or key resources.
CARVER distinguished itself as an offensive target assessment tool, originally developed for use by the U.S. military and the Intelligence Community for evaluating the vulnerabilities of enemy assets and determining how best to exploit those vulnerabilities to attack a target. It utilizes a numerical ranking matrix to identify vulnerable components of an infrastructure. Each asset is assigned a numerical value between 1-5 (5 being the most severe) which is then measured against other assets.
Since the terrorist attacks of September 11th, 2001, CARVER has been instrumental in its use as a defensive methodology for protecting the U.S. homeland. As such, CARVER is a vulnerability assessment methodology utilized by the U.S. Department of Homeland Security (DHS), as well as NATO and the United Nations security forces. It is considered by many security experts to be the definitive assessment tool for protecting critical assets.
Why do I need to understand the CARVER Methodology?
If you have any responsibility for the safety and security of the people and/or assets of an organization, you should be very familiar with CARVER Methodology. In addition to providing a numeric score for the Probability of Attack from an adversary, CARVER also:
- Provides measurements of effectiveness for your current security posture
- Allows for a standardization of security measures
- Assists in the allocation and justification of security budgets
- Offers Design-Basis-Threat (DBT) scenarios to assist with emergency preparedness and crisis management training
- Outlines a threat spectrum between the likelihood and impact of an attack
- Identifies and prioritizes key assets within your organization
- Analyzes estimated recovery times should an incident occur
Once a comprehensive CARVER Target Analysis and Vulnerability Assessment has been completed, and material risks and threats have been identified - you must then determine the best approach to eliminating, thwarting, and offsetting the vulnerabilities, and recommend appropriate security systems, protocols, and countermeasures to be implemented.
What does CARVER even mean?
CARVER is an acronym, which stands for:
What is the SMI CARVER Target Analysis and Vulnerability Assessment Training Course™?
The CARVER Target Analysis and Vulnerability Assessment Training Course™, offered by Security Management International, is an interactive online course on conducting facility threat and vulnerability assessments. SMI is the world leader in CARVER instruction and has conducted CARVER training courses for over 10 years and provided instruction to over 2,500 attendees. The courses have all been instructed by SMI’s Director of Critical Infrastructure Protection, Mr. Leo Labaj.
While at the CIA, Mr. Labaj developed and implemented the Defense Against Terrorism Survey, a vulnerability assessment methodology used to assess security at borders, high threat residences and facilities and over 100 international airports. Mr. Labaj also served on the Federal Aviation Administration's Blue-Ribbon Panel on Airport Security and Vulnerability Assessment, and implemented and managed the FAA's National Safe Skies Team Security Screening Test Bed.
What does the course curriculum consist of?
- Lesson One – Welcome to the Fundamentals of the CARVER Methodology
- Lesson Two – Meet Leo Labaj and the History of CARVER
- Lesson Three – The CARVER Methodology
- Lesson Four – Target Analysis
- Lesson Five – The Threat Assessment
- Lesson Six – Conducting the Vulnerability Assessment
- Lesson Seven – CARVER Cyber Webinar
- Lesson Eight – SOTERIA: The Future of Conducting Assessments
- Lesson Nine – CARVERCON Presentation
- Lesson Ten – Final Thoughts on Your Next Assessment
What some of our successful students say
“Just wanted to let you know that Mr. Labaj conducted an excellent class that was very well received by all. Several members of the class had recently attended another Vulnerability Assessment class, and everyone agreed that this was 100 times better. In fact, one of my officers stated, “I learned more in 15 minutes in this class than I did in two days from the other course.” Thanks again for your prompt and professional service, I am looking forward to working with you in the future."
Bruce Barnes, CPP, MA Ed, Director, Physical Security and Emergency Management, NV Energy
“Our nation’s critical infrastructure and key resources (CIKR) continue to be vulnerable to a wide variety of threats. Because the private sector owns the vast majority of the nation’s CIKR - banking and financial institutions, commercial facilities, telecommunications networks, and energy production and transmission facilities, among others - it is vital the public and private sectors work together to protect these assets and system.”
The Report on Critical Infrastructure Protection, The Government Accountability Office (GAO)
“The CARVER Target Analysis and Vulnerability Assessment Methodology is one of the most effective tools that a security professional can use to identify and evaluate weaknesses in a critical infrastructure system. It is an efficient process, which produces a numeric score against assets, to determine their probability of being attacked. It allows the person conducting the assessment to examine a potential target through the eyes of an aggressor. I first learned about CARVER during my time in Vietnam, where it was used by both the intelligence and the special operations communities. It is time tested and it works.”
General James L. Jones, Former U.S. National Security Advisor to the President of the United States, Former Supreme Allied Commander Europe and Combatant Commander USEUCOM, 32nd Commandant of the Marine Corps
“How much does CARVER Target Analysis and Vulnerability Assessment Methodology cost?”
