Skip to main content
The Strategic Risk system provides a composite dashboard for global risk triage. Its server-published headline score is a top-5 Country Instability Index (CII) roll-up, while the panel layers additional convergence, infrastructure, theater posture, breaking-news, sanctions, and radiation-watch context around that headline.

Strategic Risk Overview

The Strategic Risk Overview displays the server-side Strategic Risk headline and nearby operational context from the browser panel.

Server Score and Browser Fallback (0-100)

The displayed/server headline score comes from GetRiskScores.strategicRisks[0]. The server derives it from the weighted top 5 CII countries by combinedScore, not from the additive panel context formula: 
topScores = top 5 countries by combinedScore
weights = [1.00, 0.85, 0.70, 0.55, 0.40]
weightedAvg = sum(topScores[i] * weights[i]) / sum(weights)
headline = round(weightedAvg * 0.70 + 15)
See CII Risk Scoring Methodology for the exact top-5 window, scale factor, floor, and severity bands. When cached server scores are unavailable, the browser can render a local fallback overview that combines map-side convergence, infrastructure, theater posture, breaking news, sanctions, radiation-watch signals, and the locally available CII summary: 
compositeScore =
    convergenceScore * 0.30
  + ciiRiskScore     * 0.50
  + infraScore       * 0.20
  + theaterBoost
  + breakingBoost
  + sanctionsScore
  + radiationScore
Those additive terms are local fallback context, not the server Strategic Risk contract. sanctionsScore is capped at 10 from new sanctions entries, largest-country entry volume, and sanctioned vessel/aircraft counts; radiationScore is capped at 12 from radiation-watch spikes, elevated readings, and corroborated observations, reduced by low-confidence or conflicting observations.

Risk Levels

The browser panel and the server API intentionally expose two related but different level schemes for the same 0-100 headline score. Panel-visible display labels use the same five CII-aligned bands as country risk rows:
Headline scorePanel labelMeaning
>=81CriticalActive crisis or major escalation
66-80HighSignificant instability requiring close monitoring
51-65ElevatedAbove-normal activity patterns
31-50NormalBaseline geopolitical activity
<31LowUnusually quiet period
Server/on-wire enum labels remain the three-tier StrategicRisk.level contract returned by GetRiskScores:
Headline scoreStrategicRisk.levelMeaning
70-100SEVERITY_LEVEL_HIGHMultiple converging crises
40-69SEVERITY_LEVEL_MEDIUMHeightened global tension
0-39SEVERITY_LEVEL_LOWLower global strategic pressure
API clients should treat StrategicRisk.level as the server severity enum and the Strategic Risk panel label as a display mapping of StrategicRisk.score.

Unified Alert System

Alerts from all modules are merged using temporal and spatial deduplication:
  • Time window: Alerts within 2 hours may be merged
  • Distance threshold: Alerts within 200km may be merged
  • Same country: Alerts affecting the same country may be merged
When alerts merge, they become composite alerts that show the full picture: 
Type: Composite Alert
Title: Convergence + CII + Infrastructure: Ukraine
Components:
  - Geographic Convergence: 4 event types in Kyiv region
  - CII Spike: Ukraine +15 points (Critical)
  - Infrastructure: Black Sea cables at risk
Priority: Critical

Alert Priority

Alert priority is separate from the server Strategic Risk High/Medium/Low bands. References to Critical and High CII below use the Country Instability Index country-score bands documented in Country Instability Index.
PriorityCriteria
CriticalCII country Critical band (81-100), convergence has 4+ types or score ≥90, cascade critical impact, high-impact radiation/sanctions signal
HighCII country High band (66-80) or ≥30-point CII move, convergence has 3+ types or score ≥70, cascade affecting ≥5 countries
MediumCII country Elevated band or ≥15-point CII move, convergence score ≥50, cascade medium impact or ≥3 countries
LowMinor changes and low-impact events

Trend Detection

Country-level CII rows track approximate 24-hour movement through dynamicScore:
  • dynamicScore is a signed delta from -100 to 100 against the nearest valid prior CII snapshot.
  • Positive values mean the score rose, negative values mean it fell, and 0 means stable or no valid prior snapshot.
  • Trend labels use the server deadband: greater than +1 is rising, less than -1 is falling, and values from -1 through +1 remain stable.
The server-published global StrategicRisk headline is different: it currently sets trend to stable while publishing the top-5 CII roll-up score. If cached server scores are unavailable, the browser fallback computes its own escalating/stable/de-escalating panel trend from local additive context; that fallback trend is a UI continuity signal, not the authoritative server Strategic Risk trend contract.

Pentagon Pizza Index (PizzINT)

The dashboard integrates real-time foot traffic data from strategic locations near government and military facilities. This “Pizza Index” concept, tracking late-night activity spikes at restaurants near the Pentagon, Langley, and other facilities, provides an unconventional indicator of crisis activity.

How It Works

The system aggregates percentage-of-usual metrics from monitored locations:
  1. Locations: Fast food, pizza shops, and convenience stores near Pentagon, CIA, NSA, State Dept, and other facilities
  2. Aggregation: Activity percentages are averaged, capped at 100%
  3. Spike Detection: Locations exceeding their baseline are flagged

DEFCON-Style Alerting

Aggregate activity maps to a 5-level readiness scale:
LevelThresholdLabelMeaning
DEFCON 1≥85%Maximum ActivityMaximum readiness; crisis response active
DEFCON 270% – 84%High ActivityHigh activity; significant event underway
DEFCON 350% – 69%Elevated ActivityElevated; above-normal operations
DEFCON 425% – 49%Above NormalIncreased vigilance
DEFCON 5<25%Normal ActivityNormal peacetime operations

GDELT Tension Pairs

The indicator also displays geopolitical tension scores from GDELT (Global Database of Events, Language, and Tone):
PairMonitored Relationship
USA ↔ RussiaPrimary nuclear peer adversary
Russia ↔ UkraineActive conflict zone
USA ↔ ChinaEconomic and military competition
China ↔ TaiwanCross-strait relations
USA ↔ IranMiddle East regional tensions
USA ↔ VenezuelaWestern Hemisphere escalation and sanctions pressure
Each pair shows:
  • Current tension score (GDELT’s normalized metric)
  • 7-day trend (rising, falling, stable)
  • Percentage change from previous period
This provides context for the activity levels. A spike at Pentagon locations during a rising China-Taiwan tension score carries different weight than during a quiet period. News clusters are automatically enriched with nearby critical infrastructure. When a story mentions a geographic region, the system identifies relevant assets within 600km, providing immediate operational context.

Asset Types

TypeSourceExamples
Pipelines88 global routesNord Stream, Keystone, Trans-Siberian
Undersea Cables86 major cablesTAT-14, SEA-ME-WE, Pacific Crossing
AI Datacenters313 clustersAzure East US, GCP Council Bluffs
Military Bases226 installationsRamstein, Diego Garcia, Guam
Nuclear Facilities100+ sitesPower plants, weapons labs, enrichment

Location Inference

The system infers the geographic focus of news stories through:
  1. Keyword matching: Headlines are scanned against hotspot keyword lists (e.g., “Taiwan” maps to Taiwan Strait hotspot)
  2. Confidence scoring: Multiple keyword matches increase location confidence
  3. Fallback to conflicts: If no hotspot matches, active conflict zones are checked

Distance Calculation

Assets are ranked by Haversine distance from the inferred location: 
d = 2r × arcsin(√(sin²(Δφ/2) + cos(φ₁) × cos(φ₂) × sin²(Δλ/2)))
Up to 3 assets per type are displayed, sorted by proximity.

Example Context

A news cluster about “pipeline explosion in Germany” would show:
  • Pipelines: Nord Stream (23km), Yamal-Europe (156km)
  • Cables: TAT-14 landing (89km)
  • Bases: Ramstein (234km)
Clicking an asset zooms the map to its location and displays detailed information.

Server-Side Risk Score API

Strategic risk and Country Instability Index (CII) scores are pre-computed server-side rather than calculated in the browser. This eliminates the “cold start” problem where new users would see no data while the system accumulated enough information to generate scores.

How It Works

The GetRiskScores RPC handler (get-risk-scores.ts):
  1. Fetches recent protest/riot/battle/explosion/civilian-violence data from ACLED.
  2. Fetches auxiliary sources from Redis, including UCDP conflicts, outages, climate, cyber threats, fires, GPS jamming, Iran events, OREF alerts, advisories, displacement, classified news summaries, aviation alerts, earthquakes, sanctions, and military/AIS CII aggregates.
  3. Computes CII v8 scores for 31 Tier-1 countries using the shared coefficient table documented in CII Risk Scoring Methodology.
  4. Derives Strategic Risk from the weighted top 5 CII scores.
  5. Caches results in Redis with versioned live and stale keys tied to the current CII formula version.

CII Score Calculation

Each country’s score combines a static baseline (40%) with a dynamic event score (60%), plus supplemental boosts and floors. Baseline Risk (0-50 points): Static geopolitical risk reflecting structural fragility. The canonical per-country values live in CII Risk Scoring Methodology. Event Score blends four sub-components:
Sub-componentWeightScoring
Unrest25%ACLED protests/riots, protest fatalities, high-severity unrest, and outage severity
Conflict30%Weighted ACLED battles/explosions/civilian violence, fatalities, Iran strike severity, and OREF alert pressure
Security20%Military flights, military vessels, aviation closures/delays, and GPS/GNSS jamming
Information25%Classified news headlines and country-attributed threat summaries
Floors (minimum score guarantees):
Floor typeThresholdTrigger
UCDP active war>= 702-year Tier-1 UCDP total deaths > 1000 or event count > 100
UCDP minor conflict>= 502-year Tier-1 UCDP event count > 10 below the war thresholds
Advisory do-not-travel>= 60Live advisory feed when present; otherwise embedded State Department fallback table
Advisory reconsider>= 50Live advisory feed when present; otherwise embedded State Department fallback table
Supplemental Boosts: Advisory boost (+15/+10/+5), OREF blend boost for IL (+15 active + history tiers), climate (+15 max), cyber (+12 max), fires (+8 max), displacement (+20 max), news urgency (+5 max), earthquakes (+25 max), sanctions (+14 max), and AIS disruptions (+10 max). Advisory outputs expose both advisoryLevel and advisoryProvenance on each CiiScore. advisoryProvenance is live when the score used the seeded advisory feed, fallback when it used the embedded State Department fallback table, and absent when no advisory level affected boosts or floors.

Event Significance Multipliers

Events in some countries carry more global significance than others:
MultiplierCountriesRationale
3.0xNorth KoreaAny visible unrest is highly unusual
2.0-2.5xChina, Russia, Iran, Saudi Arabia, CubaAuthoritarian states suppress protests
1.5-1.8xTaiwan, Pakistan, Myanmar, Venezuela, UAERegional flashpoints
1.0-1.2xMexico, TurkeyModerate significance
0.5-0.8xUK, France, Germany, Poland, Ukraine, Syria, Yemen, Israel, India, BrazilProtests are routine or events already captured by floors
0.3xUSVery high observability and high-volume domestic reporting require stronger dampening

Strategic Risk Derivation

The composite strategic risk score is computed as a weighted average of the top 5 CII scores: 
Weights: [1.0, 0.85, 0.70, 0.55, 0.40] (total: 3.5)
Strategic Risk = (Σ CII[i] × weight[i]) / 3.5 × 0.7 + 15
The top countries contribute most heavily, with diminishing influence for lower-ranked countries.

Data Sources

SourceRedis KeyUsed For
ACLEDFetched live via APIProtests, riots, battles, explosions, civilian violence, fatalities
UCDPconflict:ucdp-events:v1War/minor conflict floors
Outagesinfra:outages:v1Unrest outage boost
Climateclimate:anomalies:v2Climate severity boost
Cybercyber:threats-bootstrap:v2Severity-weighted cyber boost
Fireswildfire:fires:v1Severity-weighted wildfire boost
GPS Jammingintelligence:gpsjam:v2Security score
Military CIIRelay/seeded military aggregateSecurity score and AIS disruption boost
Aviation AlertsSeeded aviation disruption dataSecurity score
Iran Eventsconflict:iran-events:v1Strike boost with severity weighting
OREF Alertsrelay:oref:history:v1IL conflict boost and blend boost
News ThreatsClassified headline summariesInformation score and news urgency boost
DisplacementHumanitarian displacement aggregateDisplacement boost
EarthquakesEarthquake feedEarthquake boost
SanctionsSanctions country aggregateSanctions boost
Security advisoriesintelligence:advisories:v1 plus embedded fallback tableAdvisory boost/floor with advisoryProvenance

Fallback Behavior

When upstream data is unavailable (API errors, rate limits):
  1. Stale cache: Return the latest versioned stale risk-score payload when available.
  2. Baseline fallback: Return scores using static baselines and available floors when no usable live or stale payload exists.
The RPC exposes the fallback state on GetRiskScoresResponse: stale-cache responses set degraded=true and stale=true; cold baseline-only responses set degraded=true and stale=false. Fresh/cache-hit responses set both flags to false. The relay CII warm-ping loop is active in scripts/ais-relay.cjs: it calls /api/intelligence/v1/get-risk-scores every 8 minutes, lets the RPC handler refresh live/stale cache state, and writes seed-meta:intelligence:risk-scores for health monitoring when scores are returned. That seed-meta recordCount is realtime signal-density coverage, not raw feed availability: it counts the score-relevant Tier-1 conflict (ACLED or UCDP), news, and cyber signal families present in the CII refresh. Quiet-but-fresh realtime feeds can therefore produce COVERAGE_PARTIAL; source-specific freshness remains the feed-heartbeat view.