Choosing What to Protect

We study a strategic model in which a defender must allocate defensive resources to a collection of locations, and an attacker must choose a location to attack. The defender does not know the attacker's preferences, while the attacker observes the defender's resource allocation. The defender's problem gives rise to negative externalities, in the sense that increasing the resources allocated to one location increases the likelihood of an attack at other locations. In equilibrium, the defender exploits these externalities to manipulate the attacker's behavior, sometimes optimally leaving a location undefended, and sometimes preferring a higher vulnerability at a particular location even if a lower risk could be achieved at zero cost. Key results of our model are as follows: (1) the defender prefers to allocate resources in a centralized (rather than decentralized) manner; (2) as the number of locations to be defended grows, the defender can cost effectively reduce the probability of a successful attack only if the number of valuable targets is bounded; (3) the optimal allocation of resources can be nonmonotonic in the relative value of the attacker's outside option; and (4) the defender prefers his or her defensive allocation to be public rather than secret.     

Modeling Arbitrary Layers of Continuous‐Level Defenses in Facing with Strategic Attackers

We propose a novel class of game‐theoretic models for the optimal assignment of defensive resources in a game between a defender and an attacker. Compared to the other game‐theoretic models in the literature of defense allocation problems, the novelty of our model is that we allow the defender to assign her continuous‐level defensive resources to any subset (or arbitrary layers) of targets due to functional similarity or geographical proximity. We develop methods to solve for equilibrium, and illustrate our model using numerical examples. Compared to traditional models that only allow for individual target hardening, our results show that our model could significantly increase the defender's payoff, especially when the unit cost of defense is high.     

An Attacker–defender Resource Allocation Game with Substitution and Complementary Effects

The United States is funding homeland security programs with a large budget (e.g., 74.4 billion for FY 2019). A number of game-theoretic defender–attacker models have been developed to study the optimal defense resource allocation strategies for the government (defender) against the strategic adversary (attacker). However, to the best of our knowledge, the substitution or complementary effects between different types of defensive resources (e.g., human resource, land resource, and capital resource) have not been taken into consideration even though they exist in practice. The article fills this gap by studying a sequential game-theoretical resource allocation model and then exploring how the joint effectiveness of multiple security investments influences the defensive budget allocation among multiple potential targets. Three false belief models have been developed in which only the defender, only the attacker, and both the defender and attacker hold false beliefs about the joint effectiveness of resources. Regression analysis shows that there are significant substitution effects between human and capital resources. The results show that the defender will suffer a higher loss if he fails to consider the substitution or complementary effects. Interestingly, if the attacker holds a false belief while the defender does not, the defender will suffer an even higher loss, especially when the resources are substitutes. However, if both the attacker and defender hold false beliefs, there will be lower loss when resources are complementary. The results also show that the defender should allocate the highly effective resource when the resources substitute each other. This article provides some new insights to the homeland security resource allocation.     

Risk‐Based Sampling: I Don't Want to Weight in Vain

Recently, there has been considerable interest in developing risk‐based sampling for food safety and animal and plant health for efficient allocation of inspection and surveillance resources. The problem of risk‐based sampling allocation presents a challenge similar to financial portfolio analysis. Markowitz (1952) laid the foundation for modern portfolio theory based on mean‐variance optimization. However, a persistent challenge in implementing portfolio optimization is the problem of estimation error, leading to false “optimal” portfolios and unstable asset weights. In some cases, portfolio diversification based on simple heuristics (e.g., equal allocation) has better out‐of‐sample performance than complex portfolio optimization methods due to estimation uncertainty. Even for portfolios with a modest number of assets, the estimation window required for true optimization may imply an implausibly long stationary period. The implications for risk‐based sampling are illustrated by a simple simulation model of lot inspection for a small, heterogeneous group of producers.     

Duality Approaches to Economic Lot‐Sizing Games

Sharing common production, resources, and services to reduce cost are important for not for profit operations due to limited and mission‐oriented budget and effective cost allocation mechanisms are essential for encouraging effective collaborations. In this study, we illustrate how rigorous methodologies can be developed to derive effective cost allocations to facilitate sustainable collaborations in not for profit operations by modeling the cost allocation problem arising from an economic lot‐sizing (ELS) setting as a cooperative game. Specifically, we consider the economic lot‐sizing (ELS) game with general concave ordering cost. In this cooperative game, multiple retailers form a coalition by placing joint orders to a single supplier in order to reduce ordering cost. When both the inventory holding cost and backlogging cost are linear functions, it can be shown that the core of this game is non‐empty. The main contribution of this study is to show that a core allocation can be computed in polynomial time under the assumption that all retailers have the same cost parameters. Our approach is based on linear programming (LP) duality. More specifically, we study an integer programming formulation for the ELS problem and show that its LP relaxation admits zero integrality gap, which makes it possible to analyze the ELS game by using LP duality. We show that there exists an optimal dual solution that defines an allocation in the core. An interesting feature of our approach is that it is not necessarily true that every optimal dual solution defines a core allocation. This is in contrast to the duality approach for other known cooperative games in the literature.     

Capacity Planning and Allocation for Web‐Based Applications

Motivated by the technology division of a financial services firm, we study the problem of capacity planning and allocation for Web‐based applications. The steady growth in Web traffic has affected the quality of service (QoS) as measured by response time (RT), for numerous e‐businesses. In addition, the lack of understanding of system interactions and availability of proper planning tools has impeded effective capacity management. Managers typically make decisions to add server capacity on an ad hoc basis when systems reach critical response levels. Very often this turns out to be too late and results in extremely long response times and the system crashes. We present an analytical model to understand system interactions with the goal of making better server capacity decisions based on the results. The model studies the relationships and important interactions between the various components of a Web‐based application using a continuous time Markov chain embedded in a queuing network as the basic framework. We use several structured aggregation schemes to appropriately represent a complex system, and demonstrate how the model can be used to quickly predict system performance, which facilitates effective capacity allocation decision making. Using simulation as a benchmark, we show that our model produces results within 5% accuracy at a fraction of the time of simulation, even at high traffic intensities. This knowledge helps managers quickly analyze the performance of the system and better plan server capacity to maintain desirable levels of QoS. We also demonstrate how to utilize a combination of dedicated and shared resources to achieve QoS using fewer servers.     

Game Theory and Risk Analysis

Risk analysts often analyze adversarial risks from terrorists or other intelligent attackers without mentioning game theory. Why? One reason is that many adversarial situations—those that can be represented as attacker‐defender games, in which the defender first chooses an allocation of defensive resources to protect potential targets, and the attacker, knowing what the defender has done, then decides which targets to attack—can be modeled and analyzed successfully without using most of the concepts and terminology of game theory. However, risk analysis and game theory are also deeply complementary. Game‐theoretic analyses of conflicts require modeling the probable consequences of each choice of strategies by the players and assessing the expected utilities of these probable consequences. Decision and risk analysis methods are well suited to accomplish these tasks. Conversely, game‐theoretic formulations of attack‐defense conflicts (and other adversarial risks) can greatly improve upon some current risk analyses that attempt to model attacker decisions as random variables or uncertain attributes of targets (“threats”) and that seek to elicit their values from the defender's own experts. Game theory models that clarify the nature of the interacting decisions made by attackers and defenders and that distinguish clearly between strategic choices (decision nodes in a game tree) and random variables (chance nodes, not controlled by either attacker or defender) can produce more sensible and effective risk management recommendations for allocating defensive resources than current risk scoring models. Thus, risk analysis and game theory are (or should be) mutually reinforcing.     

A General Framework for the Assessment of Power System Vulnerability to Malicious Attacks

The protection and safe operations of power systems heavily rely on the identification of the causes of damage and service disruption. This article presents a general framework for the assessment of power system vulnerability to malicious attacks. The concept of susceptibility to an attack is employed to quantitatively evaluate the degree of exposure of the system and its components to intentional offensive actions. A scenario with two agents having opposing objectives is proposed, i.e., a defender having multiple alternatives of protection strategies for system elements, and an attacker having multiple alternatives of attack strategies against different combinations of system elements. The defender aims to minimize the system susceptibility to the attack, subject to budget constraints; on the other hand, the attacker aims to maximize the susceptibility. The problem is defined as a zero‐sum game between the defender and the attacker. The assumption that the interests of the attacker and the defender are opposite makes it irrelevant whether or not the defender shows the strategy he/she will use. Thus, the approaches “leader–follower game” or “simultaneous game” do not provide differences as far as the results are concerned. The results show an example of such a situation, and the von Neumann theorem is applied to find the (mixed) equilibrium strategies of the attacker and of the defender.     

Intelligent Adversary Risk Analysis: A Bioterrorism Risk Management Model

The tragic events of 9/11 and the concerns about the potential for a terrorist or hostile state attack with weapons of mass destruction have led to an increased emphasis on risk analysis for homeland security. Uncertain hazards (natural and engineering) have been successfully analyzed using probabilistic risk analysis (PRA). Unlike uncertain hazards, terrorists and hostile states are intelligent adversaries who can observe our vulnerabilities and dynamically adapt their plans and actions to achieve their objectives. This article compares uncertain hazard risk analysis with intelligent adversary risk analysis, describes the intelligent adversary risk analysis challenges, and presents a probabilistic defender–attacker–defender model to evaluate the baseline risk and the potential risk reduction provided by defender investments. The model includes defender decisions prior to an attack; attacker decisions during the attack; defender actions after an attack; and the uncertainties of attack implementation, detection, and consequences. The risk management model is demonstrated with an illustrative bioterrorism problem with notional data.     

Generalized Reduced‐Form Auctions: A Network‐Flow Approach

We develop a network‐flow approach for characterizing interim‐allocation rules that can be implemented by ex post allocations. Our method can be used to characterize feasible interim allocations in general multi‐unit auctions where agents face capacity constraints, both ceilings and floors. Applications include a variety of settings of practical interest, ranging from individual and group‐specific capacity constraints, set‐aside sale, partnership dissolution, and government license reallocation.     

The Impact of Estimation: A New Method for Clustering and Trajectory Estimation in Patient Flow Modeling

The ability to accurately forecast and control inpatient census, and thereby workloads, is a critical and long‐standing problem in hospital management. The majority of current literature focuses on optimal scheduling of inpatients, but largely ignores the process of accurate estimation of the trajectory of patients throughout the treatment and recovery process. The result is that current scheduling models are optimizing based on inaccurate input data. We developed a Clustering and Scheduling Integrated (CSI) approach to capture patient flows through a network of hospital services. CSI functions by clustering patients into groups based on similarity of trajectory using a novel semi‐Markov model (SMM)‐based clustering scheme, as opposed to clustering by patient attributes as in previous literature. Our methodology is validated by simulation and then applied to real patient data from a partner hospital where we demonstrate that it outperforms a suite of well‐established clustering methods. Furthermore, we demonstrate that extant optimization methods achieve significantly better results on key hospital performance measures under CSI, compared with traditional estimation approaches, increasing elective admissions by 97% and utilization by 22% compared to 30% and 8% using traditional estimation techniques. From a theoretical standpoint, the SMM‐clustering is a novel approach applicable to any temporal‐spatial stochastic data that is prevalent in many industries and application areas.     

A Comparative Analysis of PRA and Intelligent Adversary Methods for Counterterrorism Risk Management

In counterterrorism risk management decisions, the analyst can choose to represent terrorist decisions as defender uncertainties or as attacker decisions. We perform a comparative analysis of probabilistic risk analysis (PRA) methods including event trees, influence diagrams, Bayesian networks, decision trees, game theory, and combined methods on the same illustrative examples (container screening for radiological materials) to get insights into the significant differences in assumptions and results. A key tenent of PRA and decision analysis is the use of subjective probability to assess the likelihood of possible outcomes. For each technique, we compare the assumptions, probability assessment requirements, risk levels, and potential insights for risk managers. We find that assessing the distribution of potential attacker decisions is a complex judgment task, particularly considering the adaptation of the attacker to defender decisions. Intelligent adversary risk analysis and adversarial risk analysis are extensions of decision analysis and sequential game theory that help to decompose such judgments. These techniques explicitly show the adaptation of the attacker and the resulting shift in risk based on defender decisions.     

An Approach for Optimal Allocation of Safety Resources: Using the Knapsack Problem to Take Aggregated Cost‐Efficient Preventive Measures

On the basis of the combination of the well‐known knapsack problem and a widely used risk management technique in organizations (that is, the risk matrix), an approach was developed to carry out a cost‐benefits analysis to efficiently take prevention investment decisions. Using the knapsack problem as a model and combining it with a well‐known technique to solve this problem, bundles of prevention measures are prioritized based on their costs and benefits within a predefined prevention budget. Those bundles showing the highest efficiencies, and within a given budget, are identified from a wide variety of possible alternatives. Hence, the approach allows for an optimal allocation of safety resources, does not require any highly specialized information, and can therefore easily be applied by any organization using the risk matrix as a risk ranking tool.     

Counterterrorism resource allocation during a pandemic: The effects of dynamic target valuations when facing a strategic terrorist

The outbreak of pandemics such as COVID-19 can result in cascading effects for global systemic risk. To combat an ongoing pandemic, governmental resources are largely allocated toward supporting the health of the public and economy. This shift in attention can lead to security vulnerabilities which are exploited by terrorists. In view of this, counterterrorism during a pandemic is of critical interest to the safety and well-being of the global society. Most notably, the population flows among potential targets are likely to change in conjunction with the trend of the health crisis, which leads to fluctuations in target valuations. In this situation, a new challenge for the defender is to optimally allocate his/her resources among targets that have changing valuations, where his/her intention is to minimize the expected losses from potential terrorist attacks. In order to deal with this challenge, in this paper, we first develop a defender–attacker game in sequential form, where the target valuations can change as a result of the pandemic. Then we analyze the effects of a pandemic on counterterrorism resource allocation from the perspective of dynamic target valuations. Finally, we provide some examples to display the theoretical results, and present a case study to illustrate the usability of our proposed model during a pandemic.     

An Optimization‐Based Framework for the Identification of Vulnerabilities in Electric Power Grids Exposed to Natural Hazards

This article proposes a novel mathematical optimization framework for the identification of the vulnerabilities of electric power infrastructure systems (which is a paramount example of critical infrastructure) due to natural hazards. In this framework, the potential impacts of a specific natural hazard on an infrastructure are first evaluated in terms of failure and recovery probabilities of system components. Then, these are fed into a bi‐level attacker–defender interdiction model to determine the critical components whose failures lead to the largest system functionality loss. The proposed framework bridges the gap between the difficulties of accurately predicting the hazard information in classical probability‐based analyses and the over conservatism of the pure attacker–defender interdiction models. Mathematically, the proposed model configures a bi‐level max‐min mixed integer linear programming (MILP) that is challenging to solve. For its solution, the problem is casted into an equivalent one‐level MILP that can be solved by efficient global solvers. The approach is applied to a case study concerning the vulnerability identification of the georeferenced RTS24 test system under simulated wind storms. The numerical results demonstrate the effectiveness of the proposed framework for identifying critical locations under multiple hazard events and, thus, for providing a useful tool to help decisionmakers in making more‐informed prehazard preparation decisions.     

AbSRiM: An Agent‐Based Security Risk Management Approach for Airport Operations

Security risk management is essential for ensuring effective airport operations. This article introduces AbSRiM, a novel agent‐based modeling and simulation approach to perform security risk management for airport operations that uses formal sociotechnical models that include temporal and spatial aspects. The approach contains four main steps: scope selection, agent‐based model definition, risk assessment, and risk mitigation. The approach is based on traditional security risk management methodologies, but uses agent‐based modeling and Monte Carlo simulation at its core. Agent‐based modeling is used to model threat scenarios, and Monte Carlo simulations are then performed with this model to estimate security risks. The use of the AbSRiM approach is demonstrated with an illustrative case study. This case study includes a threat scenario in which an adversary attacks an airport terminal with an improvised explosive device. The approach provides a promising way to include important elements, such as human aspects and spatiotemporal aspects, in the assessment of risk. More research is still needed to better identify the strengths and weaknesses of the AbSRiM approach in different case studies, but results demonstrate the feasibility of the approach and its potential.     

Supply Performance in Multi‐Echelon Inventory Systems with Intermediate Product Demand: A Perspective on Allocation

In this article, we study the performance of multi‐echelon inventory systems with intermediate, external product demand in one or more upper echelons. This type of problem is of general interest in inventory theory and of particular importance in supply chain systems with both end‐product demand and spare parts (subassemblies) demand. The multi‐echelon inventory system considered here is a combination of assembly and serial stages with direct demand from more than one node. The aspect of multiple sources of demands leads to interesting inventory allocation problems. The demand and capacity at each node are considered stochastic in nature. A fixed supply and manufacturing lead time is used between the stages. We develop mathematical models for these multi‐echelon systems, which describe the inventory dynamics and allow simulation of the system. A simulation‐based inventory optimization approach is developed to search for the best base‐stock levels for these systems. The gradient estimation technique of perturbation analysis is used to derive sample‐path estimators. We consider four allocation schemes: lexicographic with priority to intermediate demand, lexiographic with priority to downstream demand, predetermined proportional allocation, and proportional allocation. Based on the numerical results we find that no single allocation policy is appropriate under all conditions. Depending on the combinations of variability and utilization we identify conditions under which use of certain allocation polices across the supply chain result in lower costs. Further, we determine how selection of an inappropriate allocation policy in the presence of scarce on‐hand inventory could result in downstream nodes facing acute shortages. Consequently we provide insight on why good allocation policies work well under differing sets of operating conditions.     

不对称信息下反恐阻止网络设计

当前，我国面临的恐怖主义威胁日益严峻。为防止境外恐怖分子潜入，政府可设计反恐阻止网络，通过在交通网络中有效地分配例如安检仪器、传感设备等阻断资源，来提前识别和拦截正在潜入的恐怖分子。特别地，考虑信息不对称情形，把阻断资源分为"公开"和"隐蔽"两种类型，并假设恐怖分子观察不到"隐蔽"阻断。主要研究政府应如何同时优化两类阻断方案，才能发挥信息优势，设置"陷阱"并降低袭击分析。首先，将该问题构造为双层规划模型，上层规划是关于政府的阻止网络设计问题，下层规划则是关于恐怖分子的袭击节点选择和入侵路径优化问题。随后，设计一类用改进遗传算法处理上层规划，并结合下层规划直接求解的混合算法。其中，改进体现于杂交算子和变异算子的设计。最后，结合喀什地区进行算例分析，并分析"隐蔽"阻断的作用机理。     

DAMS: A Model to Assess Domino Effects by Using Agent‐Based Modeling and Simulation

Historical data analysis shows that escalation accidents, so‐called domino effects, have an important role in disastrous accidents in the chemical and process industries. In this study, an agent‐based modeling and simulation approach is proposed to study the propagation of domino effects in the chemical and process industries. Different from the analytical or Monte Carlo simulation approaches, which normally study the domino effect at probabilistic network levels, the agent‐based modeling technique explains the domino effects from a bottom‐up perspective. In this approach, the installations involved in a domino effect are modeled as agents whereas the interactions among the installations (e.g., by means of heat radiation) are modeled via the basic rules of the agents. Application of the developed model to several case studies demonstrates the ability of the model not only in modeling higher‐level domino effects and synergistic effects but also in accounting for temporal dependencies. The model can readily be applied to large‐scale complicated cases.