Environmental Security: From Dichotomy to Risk Management

Environmental Security: From Dichotomy to Risk Management

Photo: ua.depositphotos.com / Roxana
13 October 2023

In our previous publications (1, 2, 3), we raised the issue that the current approaches of the Ukrainian government to assess the environmental damage caused by Russian aggression will not allow Ukraine to get compensation from the aggressor for ecosystem restoration. The global views on environmental security have evolved. Therefore, Ukraine should also adjust its approaches to speak the same language with international organizations. This article explains the main differences between the traditional dichotomous view on environmental security and the modern environmental risk management approach.

Change of views on security at the international level

In early 2022, the evolution of understanding of security was discussed during a meeting of the Intergovernmental Panel on Climate Change (ІРСС) Working Group II on Climate Change Impacts, Adaptation, and Vulnerabilities, within the framework of the discussions of Summary for Policymakers. Naturally, the most significant statement was made by our delegation on February 24th about the impossibility of continuing Ukraine’s participation in the meetings due to the full-scale invasion by Russia, which was able to build its military machine exploiting humanity’s dependence on fossil fuels. Thus, for the first time on the international stage, the cause of climate change was linked to Russia’s energy blackmail. Ukraine received support from all delegations, including Russia’s representative, who was ashamed of his country’s unprovoked aggression.

However, our delegation also proposed other amendments that were supported by the representatives of China, the United States, and the European Union and included in the Summary for Policymakers. Specifically, we suggested replacing the phrase “water insecurity” with “reduced water security.” We argued that it was essential not to frame security and insecurity as a simple dichotomy in the Summary for Policymakers because it could cause policymakers to perceive security as merely the absence of insecurity. Therefore, it would be very challenging for them to grasp the key messages of the IPCC Sixth Assessment Report, which are articulated entirely in the language of risk management: 

“Risk provides a framework for understanding the increasingly severe, interconnected, and often irreversible impacts of climate change on ecosystems, biodiversity, and human systems; and how to best reduce adverse consequences for current and future generations. In the context of climate change, risk can arise from the dynamic interactions among climate-related hazards, the exposure and vulnerability of affected human and ecological systems.”

Figure 1. 

The most important conclusions of the Summary for Policymakers (Figure 1) are that: 

  • Current development paths, combined with the observed effects of climate change, lead away from sustainable development rather than toward it.
  • Mitigation plays a key role in reducing the threat of climate change.
  • Adaptation plays a key role in reducing exposure and vulnerability to climate change. 
  • Only simultaneous emissions reductions and adaptation can ensure sustainable development for all.
  • Climate-resilient development is the process of implementing mitigation and adaptation options to support sustainable development for all.
  • The window of opportunity for climate-resilient development is closing fast.

Comprehending and understanding this conclusion of the IPCC Sixth Assessment Report is impossible without relinquishing the outdated notion of security as the absence of risks.

How does our legislation define security, and why is it a problem?

The Civil Protection Code defines security as the absence of risks. The law “On Environmental Protection” still contains “Soviet” dichotomous definitions of environmental security:

  • “Environmental security is a state of the environment where the deterioration of the ecological situation is prevented, and there is no danger to human health;”
  • “Environmental security is ensured by controlling deviations from the maximum allowable standards for environmental pollution;”
  • “The goal of Environmental Impact Assessment is not to exceed the impacts on the environment with regard to indicators regulated and limited at the time of the project design (maximum permissible concentrations, limits, etc.).” 

The understanding of environmental security as the absence of risks emerged from the historical understanding of national security as the absence of threats from other states. However, the IPCC, in the process of comprehending the causes and consequences of global climate change, has come to view security not as a state but as a process, not as the absence of risks, but as the process of reducing risks to socially acceptable levels.

What are the differences between these approaches? Firstly, in the dichotomous approach, environmental policy aims to ensure compliance with norms and standards, with security understood as the absence of any risks or hazards. Compliance with standards is measured as a binary variable (compliant or non-compliant) without specifying the extent of non-compliance. Such simplified measurement does not provide an understanding of the seriousness of the issue, making the implementation of environmental policy more complex.

Secondly, dichotomy represents a “zero-sum game” (a situation in which there is always a winner and a loser, and the amount won equals the amount lost) between law violators and inspectors documenting these violations. Compliance-based management allows for identifying violators but does not facilitate environmental improvement because the sum for the environment remains “zero.” For instance, in 2021, the State Environmental Inspection identified UAH 4 billion worth of violations. Still, it could only recover UAH 100 million, which was insufficient even to cover its salary costs.

Finally, environmental standards and regulations are traditionally set at a level that, at least in theory, represents a “zero risk” to human health. This is because even slightly higher concentrations are considered a potential health risk. However, if no level of risk is deemed acceptable, then no technical or economic priorities can be established, and quantitative cost-benefit analysis becomes impossible. Consequently, no effective and efficient development strategies can be formulated.

Contemporary understanding of security as risk management

In contrast, the approach of the Organization for Economic Cooperation and Development (OECD), which is based on risk assessment, defines security by establishing acceptable (Figure 2) risk levels in terms of the probability of occurrence and potential impact (economic, environmental, social). It balances potential losses with the expected benefits of security improvements. This is the cost-benefit analysis aiming to ensure that the level of risk aligns with societal values and that society’s response to the risk is adequate. The risk assessment-based approach also allows for the identification of high-risk areas where management actions should be prioritized.

Figure 2. Acceptable risks are those in which the product of the probability of an adverse event and its impact is below a defined threshold.

The risk-oriented approach opens up additional opportunities for environmental management because reducing any risk factor – either the likelihood of a threat or its impact – to zero eliminates the risk. Reports from the Intergovernmental Panel on Climate Change (ІРСС) have made a significant contribution to this rethinking of security and risk understanding. The IPCC suggested considering risk as the product of three factors – Hazards, Vulnerability, and Exposure (Figure 3) – as this enhances the operational aspects of risk management.

Figure 3. Contemporary understanding of risks by ІРСС

Source: Summary for Policymakers of the Intergovernmental Panel on Climate Change (2014).

For example, in the case of natural and anthropogenic disasters, the ІРСС defines the three risk factors as follows:

  1. Hazards: danger, natural disasters, and the like (e.g., hurricanes);
  2. Vulnerability: how significantly this hazard can affect the population and the environment (e.g., poorly constructed buildings are more vulnerable to hurricanes or earthquakes); 
  3. Exposure: the number of people or infrastructure in a potential disaster zone (e.g., the number of facilities located in a flood-prone area).

The International Organization for Standardization (ISO) has also changed the definition of risk. Previously, ISO defined risk as the probability of adverse effects (and this definition is still present in our national construction norms). Now, ISO considers the risk to be the effect of uncertainty. Therefore, our legislation, including construction norms, should be revised.

Ukraine’s path toward risk management

Changing the wording in legislation and, more importantly, the understanding of risk by policymakers can be challenging because risk is inherently about uncertainty and its consequences, while government policies and decision-making prefer certainty. In the case of global climate change, it is crucial to conduct an analysis that bridges the gap between scientific knowledge and the understanding of water security because people will experience the consequences of climate change primarily through its impact on the availability and quality of water, including floods, droughts, and deteriorating ecological state of water.

However, Ukrainian lawmakers have already taken some steps in this direction. 

Thus, the goal of the Environmental Strategy adopted by Parliament in 2019 is not just “compliance with environmental standards” but rather “support of sustainable development”. Instead of “ensuring environmental security,” the Strategy focuses on reducing environmental risks. However, adopting the Strategy is only the first step toward a modern understanding of security and risks. A contemporary interpretation of ecological risk should be based on the understanding of the causes of natural hazards and ways to mitigate the harm from natural hazards to the population.

This understanding entails the following key points 

  1. Risk per se does not directly impact ecosystems or populations; it is the negative event that has an impact.
  2. The magnitude or probability of a threat can be reduced by mitigating factors such as emissions of pollutants or greenhouse gasses;
  3. The impact of an adverse event can be reduced by lowering vulnerability and exposure. For example, prohibiting construction in flood-prone areas, implementing early warning systems, and enforcing stringent construction norms in earthquake-prone zones.

To effectively implement the updated Environmental Strategy, the new Strategy for Environmental Security and Climate Change Adaptation until 2030, and to secure funding for the restoration of ecosystems damaged due to war, it is crucial to implement significant changes in Ukrainian environmental legislation.

Specifically, the legislation should entail a modern understanding of the concepts of “environmental (climate) risk,” “environmental security,” “environmental assessment,” “environmental damage,” “environmental liability,” and “environmental remediation liabilities” (see Glossary in [3] and the appendix). 

To achieve this, there is an urgent need to transpose (i.e., literally transfer) Directive 2004/35/EC on Environmental Liability with Regard to Prevention and Remedying of Environmental Damage into Ukrainian legislation. Additionally, it is essential to fully adopt the relevant provisions of EU directives that have not yet been recognized by Ukraine, such as the EU’s Water Framework Directive, Floods Directive, EIA Directive, SEA Directive, Sendai Framework for Disaster Risk Reduction, and make the necessary amendments to the relevant laws and regulations, including the Law on Environmental Protection, EIA and SEA regulations, Civil Protection Code, State Building Codes for EIA, and others.

Risk Management in Water Security

Ukrainian scientists constantly advocate for the implementation of risk management both in Ukraine and at the international level. In particular, in early 2022, the national delegation to the IPCC (Intergovernmental Panel on Climate Change) attempted (unfortunately, unsuccessfully so far) to change the views of the Intergovernmental Panel on Climate Change on water security as a purely social category. The current definition of water security by the IPCC reads as “The capacity of a population to safeguard sustainable access to adequate quantities of acceptable quality water for sustaining livelihoods, human well-being, and socio-economic development, for ensuring protection against water-borne pollution and water-related disasters, and for preserving ecosystems in a climate of peace and political stability.” This definition describes just the social aspect of the problem – “the population’s capacity to safeguard access to water.” However, defining security as the reduction of risks to socially acceptable levels is much more environmentally friendly.

Therefore, we propose to augment the IPCC’s formulation of water security with the definition from Ukraine’s recently approved Water Strategy:

Water security is sticking to acceptable levels of four water risks

Too much water risk (including floods and high waters): exceeding normal limits of a water system (natural or constructed) or the destructive accumulation of water in areas typically not submerged;

Too little water risk (including droughts): insufficient quantity of water to meet demand (both in the short and long term) for beneficial use by all water users (households, businesses, and the environment);

Inadequate water quality risk: absence of water of appropriate quality for a specific purpose or use;

Risks of undermining the resilience of freshwater systems: exceeding the resilience capacity of surface and groundwater objects and their interactions, possibly causing irreversible damage to hydraulic and biological functions of the system.

This definition provides a better understanding of the measures policymakers should take to enhance water security in addition to imposing fines for violations of environmental legislation, which do not have a significant effect on the reduction of environmental risks and environmental restoration.


The following terminology from the ІРСC Glossary should be adopted in Ukraine, including its incorporation into the Climate Change Adaptation Strategy.”

Adaptation. The process of adjustment to actual or expected climate and its effects.
Early warning systems (EWS)The set of technical and institutional capacities to forecast, predict, and communicate timely and meaningful warning information to enable individuals, communities, managed ecosystems, and organizations threatened by a hazard to prepare to act promptly and appropriately to reduce the possibility of harm or loss.
Exposure. The presence of people; livelihoods; species or ecosystems; environmental functions, services, and resources; infrastructure; or economic, social, or cultural assets in places and settings that could be adversely affected.
Governance. The structures, processes, and actions through which private and public actors interact to address societal goals. This includes formal and informal institutions and the associated norms, rules, laws, and procedures for deciding, managing, implementing, and monitoring policies and measures at any geographic or political scale, from global to local.
Climate governance. The structures, processes, and actions through which private and public actors seek to mitigate and adapt to climate change.
Hazard. The potential occurrence of a natural or human-induced physical event or trend that may cause loss of life, injury, or other health impacts, as well as damage and loss to property, infrastructure, livelihoods, service provision, ecosystems, and environmental resources.
Impacts. The consequences of realized risks on natural and human systems, where risks result from the interactions of climate-related hazards (including extreme weather/climate events), exposure, and vulnerability. Impacts generally refer to effects on lives, livelihoods, health and well-being, ecosystems and species, economic, social, and cultural assets, services (including ecosystem services), and infrastructure. Impacts may be referred to as consequences or outcomes and can be adverse or beneficial.
Mitigation (of climate change). A human intervention to reduce emissions or enhance the sinks of greenhouse gases.
Resilience. The capacity of interconnected social, economic, and ecological systems to cope with a hazardous event, trend, or disturbance, responding or reorganizing in ways that maintain their essential function, identity, and structure
Risk. The potential for adverse consequences for human or ecological systems, recognizing the diversity of values and objectives associated with such systems. In the context of climate change impacts, risks result from dynamic interactions between climate-related hazards with the exposure and vulnerability of the affected human or ecological system to the hazards.
Risk management. Plans, actions, strategies, or policies to reduce the likelihood and/or magnitude of adverse potential consequences based on assessed or perceived risks
Risk perception. The subjective judgment that people make about the characteristics and severity of a risk
Vulnerability. The propensity or predisposition to be adversely affected. Vulnerability encompasses a variety of concepts and elements, including sensitivity or susceptibility to harm and lack of capacity to cope and adapt.


  • Andriy Demydenko, Senior researcher, Division of Mathematical Environmental Modeling, Institute of Mathematical Machines and Systems Problems, NASU
  • Svitlana Krakovska, Vice Focal Point of IPCC to Ukraine, Head of the Laboratory of Applied Climatology at the Ukrainian Hydrometeorological Institute of the State Emergency Service and NASU


The authors do not work for, consult to, own shares in or receive funding from any company or organization that would benefit from this article, and have no relevant affiliations