A Cost-Benefit Analysis of Alternative Device Configurations for Aviation-Checked Baggage Security Screening

The terrorist attacks of September 11, 2001 have resulted in dramatic changes in aviation security. As of early 2003, an estimated 1,100 explosive detection systems (EDS) and 6,000 explosive trace detection machines (ETD) have been deployed to ensure 100% checked baggage screening at all commercial airports throughout the United States. The prohibitive costs associated with deploying and operating such devices is a serious issue for the Transportation Security Administration. This article evaluates the cost effectiveness of the explosive detection technologies currently deployed to screen checked baggage as well as new technologies that could be used in the future. Both single-device and two-device systems are considered. In particular, the expected annual direct cost of using these devices for 100% checked baggage screening under various scenarios is obtained and the tradeoffs between using single- and two-device strategies are studied. The expected number of successful threats under the different checked baggage screening scenarios with 100% checked baggage screening is also obtained. Lastly, a risk-based screening strategy proposed in the literature is analyzed. The results reported suggest that for the existing security setup, with current device costs and probability parameters, single-device systems are less costly and have fewer expected number of successful threats than two-device systems due to the way the second device affects the alarm or clear decision. The risk-based approach is found to have the potential to significantly improve security. The cost model introduced provides an effective tool for the execution of cost-benefit analyses of alternative device configurations for aviation-checked baggage security screening.     

On Determining Specifications and Selections of Alternative Technologies for Airport Checked-Baggage Security Screening

Federal law mandates that every checked bag at all commercial airports be screened by explosive detection systems (EDS), explosive trace detection systems (ETD), or alternative technologies. These technologies serve as critical components of airport security systems that strive to reduce security risks at both national and global levels. To improve the operational efficiency and airport security, emerging image-based technologies have been developed, such as dual-energy X-ray (DX), backscatter X-ray (BX), and multiview tomography (MVT). These technologies differ widely in purchasing cost, maintenance cost, operating cost, processing rate, and accuracy. Based on a mathematical framework that takes into account all these factors, this article investigates two critical issues for operating screening devices: setting specifications for continuous security responses by different technologies; and selecting technology or combination of technologies for efficient 100% baggage screening. For continuous security responses, specifications or thresholds are used for classifying threat items from nonthreat items. By investigating the setting of specifications on system security responses, this article assesses the risk and cost effectiveness of various technologies for both single-device and two-device systems. The findings provide the best selection of image-based technologies for both single-device and two-device systems. Our study suggests that two-device systems outperform single-device systems in terms of both cost effectiveness and accuracy. The model can be readily extended to evaluate risk and cost effectiveness of multiple-device systems for airport checked-baggage security screening.     

Analyzing the Cost of Screening Selectee and Non-Selectee Baggage

Determining how to effectively operate security devices is as important to overall system performance as developing more sensitive security devices. In light of recent federal mandates for 100% screening of all checked baggage, this research studies the trade-offs between screening only selectee checked baggage and screening both selectee and non-selectee checked baggage for a single baggage screening security device deployed at an airport. This trade-off is represented using a cost model that incorporates the cost of the baggage screening security device, the volume of checked baggage processed through the device, and the outcomes that occur when the device is used. The cost model captures the cost of deploying, maintaining, and operating a single baggage screening security device over a one-year period. The study concludes that as excess baggage screening capacity is used to screen non-selectee checked bags, the expected annual cost increases, the expected annual cost per checked bag screened decreases, and the expected annual cost per expected number of threats detected in the checked bags screened increases. These results indicate that the marginal increase in security per dollar spent is significantly lower when non-selectee checked bags are screened than when only selectee checked bags are screened.     

Modeling Precheck Parallel Screening Process in the Face of Strategic Applicants with Incomplete Information and Screening Errors

In security check systems, tighter screening processes increase the security level, but also cause more congestion, which could cause longer wait times. Having to deal with more congestion in lines could also cause issues for the screeners. The Transportation Security Administration (TSA) Precheck Program was introduced to create fast lanes in airports with the goal of expediting passengers who the TSA does not deem to be threats. In this lane, the TSA allows passengers to enjoy fewer restrictions in order to speed up the screening time. Motivated by the TSA Precheck Program, we study parallel queueing imperfect screening systems, where the potential normal and adversary participants/applicants decide whether to apply to the Precheck Program or not. The approved participants would be assigned to a faster screening channel based on a screening policy determined by an approver, who balances the concerns of safety of the passengers and congestion of the lines. There exist three types of optimal normal applicant's application strategy, which depend on whether the marginal payoff is negative or positive, or whether the marginal benefit equals the marginal cost. An adversary applicant would not apply when the screening policy is sufficiently large or the number of utilized benefits is sufficiently small. The basic model is extended by considering (1) applicants' parameters to follow different distributions and (2) applicants to have risk levels, where the approver determines the threshold value needed to qualify for Precheck. This article integrates game theory and queueing theory to study the optimal screening policy and provides some insights to imperfect parallel queueing screening systems.     

The Impact of Joint Responses of Devices in an Airport Security System

In this article, we consider a model for an airport security system in which the declaration of a threat is based on the joint responses of inspection devices. This is in contrast to the typical system in which each check station independently declares a passenger as having a threat or not having a threat. In our framework the declaration of threat/no-threat is based upon the passenger scores at the check stations he/she goes through. To do this we use concepts from classification theory in the field of multivariate statistics analysis and focus on the main objective of minimizing the expected cost of misclassification. The corresponding correct classification and misclassification probabilities can be obtained by using a simulation-based method. After computing the overall false alarm and false clear probabilities, we compare our joint response system with two other independently operated systems. A model that groups passengers in a manner that minimizes the false alarm probability while maintaining the false clear probability within specifications set by a security authority is considered. We also analyze the staffing needs at each check station for such an inspection scheme. An illustrative example is provided along with sensitivity analysis on key model parameters. A discussion is provided on some implementation issues, on the various assumptions made in the analysis, and on potential drawbacks of the approach.     

Proportional Hazards in Information Security

Nonparametric methods can be used to analyze failure times and estimate probability distributions for failures of systems due to successful attacks on confidentiality, integrity, and availability in information security. However, such methods do not take full advantage of supplemental information regarding the configurations of systems in an information infrastructure that is usually also available. One approach, which does take advantage of such information, views the risks of systems failing from various causes as competing risks and determines the correlation coefficients of different treatments to system longevity. Since the times and causes of failure in such studies are usually uncorrelated, the hazards associated with each risk are proportional. By correlating system survival times to the use of specific design enhancements and security countermeasures, as well as to system exposure based on choice of operational functionality, guidance can be obtained for making investments in information security.     

特殊时期地铁二级分流-联防安检优化模型

恐怖分子经常将安检体系相对薄弱、人流相对密集的地铁站作为攻击的首要目标之一。本文从地铁安检流程优化和跨部门联防协作的角度出发，提出了特殊时期地铁二级分流-联防安检优化模型。结果表明，在特殊时期，通过引入身份证信息库和指纹-人脸识别系统，对乘客进行绿、橙、红三色通道分流安检，能够明显提升普通乘客的社会福利水平；当X光检测系统的准确率越低，被分流到橙色通道乘客比例越大，橙色通道中潜在袭击者比例越高时，社会福利增益越大，暴恐概率越小；在案潜逃人员识别率越高，社会福利增益越大。多部门协防反恐正向反馈越积极，进而可以刺激安防部门优化身份识别系统，直到社会福利增益为零的最优状态。     

Addressing the Dependency Problem in Access Security System Architecture Design

The objective of this research is to present a method for evaluating the performance of access control security systems, such as airport security operations. This requires the examination of security system architectures, which involve security technology devices and the algorithms that coordinate their operations. Dependence between device responses in multiple-device systems is a critical practical issue in assessing the performance of such architectures, though no results on this problem have appeared in the literature. This paper presents a method for evaluating when multipledevice security systems with overlapping capabilities are cost-effective. This is achieved using a dependency structure for security system devices to quantify how various technologies interact and to measure the impact of device dependence on system error probabilities. A measure of device response dependence for a two-device system is defined and its properties are explored, including bounds on the dependency measure. The effect of dependence on the system Type I and Type II error probabilities is examined for the two-device system. System performance is compared for independent vs. dependent device responses and desirable dependence relationships are identified. Results are also presented for a cascading sequence of devices. An example is presented to illustrate the results for the two-device system. Implications of these results are discussed, such as how they can be used to identify the optimal use of security devices and to determine whether new technologies warrant investment.     

Security Investment in Contagious Networks

Security of the systems is normally interdependent in such a way that security risks of one part affect other parts and threats spread through the vulnerable links in the network. So, the risks of the systems can be mitigated through investments in the security of interconnecting links. This article takes an innovative look at the problem of security investment of nodes on their vulnerable links in a given contagious network as a game‐theoretic model that can be applied to a variety of applications including information systems. In the proposed game model, each node computes its corresponding risk based on the value of its assets, vulnerabilities, and threats to determine the optimum level of security investments on its external links respecting its limited budget. Furthermore, direct and indirect nonlinear influences of a node's security investment on the risks of other nodes are considered. The existence and uniqueness of the game's Nash equilibrium in the proposed game are also proved. Further analysis of the model in a practical case revealed that taking advantage of the investment effects of other players, perfectly rational players (i.e., those who use the utility function of the proposed game model) make more cost‐effective decisions than selfish nonrational or semirational players.     

IT security planning under uncertainty for high-impact events

While many IT security incidents result in relatively minor operational disruptions or minimal recovery costs, occasionally high-impact security breaches can have catastrophic effects on the firm. Unfortunately, measuring security risk and planning for countermeasures or mitigation is a difficult task. Past research has suggested risk metrics which may be beneficial in understanding and planning for security incidents, but most of these metrics are aimed at identifying expected overall loss and do not directly address the identification of, or planning for, sparse events which might result in high-impact loss. The use of an upper percentile value or some other worst-case measure has been widely discussed in the literature as a means of stochastic optimization, but has not been applied to this decision domain. A key requirement in security planning for any threat scenario, expected or otherwise, is the ability to choose countermeasures optimally with regard to tradeoffs between countermeasure cost and remaining risk. Most of the planning models in the literature are qualitative, and none that we are aware of allow for the optimal determination of these tradeoffs. Therefore, we develop a model for optimally choosing countermeasures to block or mitigate security attacks in the presence of a given threat level profile. We utilize this model to examine scenarios under both expected threat levels and worst-case levels, and develop budget-dependent risk curves. These curves demonstrate the tradeoffs which occur if decision makers divert budgets away from planning for ordinary risk in an effort to mitigate the effects of potential high-impact outcomes.     

Use of Fuzzy Evidential Reasoning in Maritime Security Assessment

Over the last few years, there has been a growing international recognition that the security performance of the maritime industry needs to be reviewed on an urgent basis. A large number of optional maritime security control measures have been proposed through various regulations and publications in the post-9/11 era. There is a strong need for a sound and generic methodology, which is capable of taking into account multiple selection criteria such as the cost effectiveness of the measures based on reasonable security assessment. The use of traditional risk assessment and decision-making approaches to deal with potential terrorism threats in a maritime security area reveals two major challenges. They are lack of capability of analyzing security in situations of high-level uncertainty and lack of capability of processing diverse data in a utility form suitable as input to a risk inference mechanism. To deal with such difficulties, this article proposes a subjective security-based assessment and management framework using fuzzy evidential reasoning (ER) approaches. Consequently, the framework can be used to assemble and process subjective risk assessment information on different aspects of a maritime transport system from multiple experts in a systematic way. Outputs of this model can also provide decisionmakers with a transparent tool to evaluate maritime security policy options for a specific scenario in a cost-effective manner.     

Critical Asset and Portfolio Risk Analysis: An All-Hazards Framework

This article develops a quantitative all-hazards framework for critical asset and portfolio risk analysis (CAPRA) that considers both natural and human-caused hazards. Following a discussion on the nature of security threats, the need for actionable risk assessments, and the distinction between asset and portfolio-level analysis, a general formula for all-hazards risk analysis is obtained that resembles the traditional model based on the notional product of consequence, vulnerability, and threat, though with clear meanings assigned to each parameter. Furthermore, a simple portfolio consequence model is presented that yields first-order estimates of interdependency effects following a successful attack on an asset. Moreover, depending on the needs of the decisions being made and available analytical resources, values for the parameters in this model can be obtained at a high level or through detailed systems analysis. Several illustrative examples of the CAPRA methodology are provided.     

Evaluating the Perceived Efficacy of Randomized Security Measures at Airports

Both the increase in traveler numbers and the heightened threat posed by terrorism in recent years represent significant challenges to airport security measures. To ensure that a high level of security is maintained, randomized security checks have been proposed as a promising alternative to traditional security approaches. The use of randomized checks means that only a specific number of people are selected for security screening. However, the likely effects of such a change in security procedures on travelers’ security perceptions and on the deterrence of criminal activities remain unclear. Thus, the present study examines how varying the percentage of people screened during security checks influences people's security perceptions. In two online experiments, the participants were asked to imagine that they sought to smuggle an explosive dummy past an airport security check. The only information provided was the number of people screened during security checks, which was manipulated between-subjects in the first experiment and within-subjects in the second experiment. The participants then had to rate their security perception (i.e., the perceived likelihood of successfully smuggling the explosive dummy). The findings show that people perceive traditional security checks to be safer than randomized checks, irrespective of whether 90% or 30% of people are screened. Hence, if randomized security checks would indeed be implemented, it would automatically lead to a decreased perception of security. Furthermore, this decreased security perception might lead to an actual reduction in security, as the deterrence of criminal activities could also be reduced.     

Real-time threat assessment based on hidden Markov models

An essential factor toward ensuring the security of individuals and critical infrastructures is the timely detection of potentially threatening situations. To this end, especially in the law enforcement context, the availability of effective and efficient threat assessment mechanisms for identifying and eventually preventing crime- and terrorism-related threatening situations is of utmost importance. Toward this direction, this work proposes a hidden Markov model-based threat assessment framework for effectively and efficiently assessing threats in specific situations, such as public events. Specifically, a probabilistic approach is adopted to estimate the threat level of a situation at each point in time. The proposed approach also permits the reflection of the dynamic evolution of a threat over time by considering that the estimation of the threat level at a given time is affected by past observations. This estimation of the dynamic evolution of the threat is very useful, since it can support the decisions by security personnel regarding the taking of precautionary measures in case the threat level seems to adopt an upward trajectory, even before it reaches the highest level. In addition, its probabilistic basis allows for taking into account noisy data. The applicability of the proposed framework is showcased in a use case that focuses on the identification of potential threats in public events on the basis of evidence obtained from the automatic visual analysis of the footage of surveillance cameras.     

A Value Measure for Public‐Sector Enterprise Risk Management: A TSA Case Study

This article presents a public value measure that can be used to aid executives in the public sector to better assess policy decisions and maximize value to the American people. Using Transportation Security Administration (TSA) programs as an example, we first identify the basic components of public value. We then propose a public value account to quantify the outcomes of various risk scenarios, and we determine the certain equivalent of several important TSA programs. We illustrate how this proposed measure can quantify the effects of two main challenges that government organizations face when conducting enterprise risk management: (1) short‐term versus long‐term incentives and (2) avoiding potential negative consequences even if they occur with low probability. Finally, we illustrate how this measure enables the use of various tools from decision analysis to be applied in government settings, such as stochastic dominance arguments and certain equivalent calculations. Regarding the TSA case study, our analysis demonstrates the value of continued expansion of the TSA trusted traveler initiative and increasing the background vetting for passengers who are afforded expedited security screening.     

水环境安全评价方法及其在京津冀地区的应用

为了克服模糊综合评价方法中的权重选取以及最大最小算法导致的信息缺失问题，本文提出一种改进的模糊综合评价方法。首先以熵权法、灰色关联分析法以及主成分分析法为基础，建立组合权重模型；其次，在加权平均原则下引入综合评分方法进行评价得到最终评价结果。从经济社会、水质状况和资源条件三个方面出发，初步建立了包含17个指标的水环境安全评价体系。利用主成分分析法对初步建立的指标体系进行了筛选，最终确定了13个指标作为评价指标。在筛选之后的指标体系下，用改进的模糊综合评价法对北京、天津、河北以及京津冀地区总体的水环境安全进行了评价，给出了2006-2014年间各地区水环境安全变化情况，结果显示京津冀地区水环境安全基本呈现北京优于河北优于天津的趋势；京津冀地区总体的水环境安全呈现先变好再变差的趋势。森林覆盖率是水环境安全最主要的影响因素，其次是第三产业占GDP的比重、人均水资源量以及Ⅰ-Ⅲ类水质占比。弹性系数分析表明，这四个指标的改善也是对京津冀地区水环境安全提高最有效的措施。最后，根据对评价结果的分析，提出了提高京津冀水环境安全的一些建议。     

Job Insecurity and Employee Commitment: Managers' Reactions to the Threat and Outcomes of Redundancy Selection1

Increases in managerial redundancies have followed in the wake of recession and fiercer competition. Although popular accounts have warned of a growing disaffection among managers, few studies have examined the effects of abandoning their traditional job security. This article examines changes in the work attachments of long-service managers under the threat of redundancy. Over a 12-month period, interviews were conducted with 42 middle managers who, at the beginning of the research, had been warned of possible redundancy. Initially, most of the managers experienced significant threats to their established views about themselves and their employers. The development of these early perceptions into altered work attachments depended largely on outcomes of the redundancy process. For reprieved managers organizational commitment was quickly re-established. In contrast, those demoted to engineering roles or re-employed by other companies became less trusting and developed new explanations of their past employment experiences. These findings illustrate the tension between the need of managers to be assured of their place within the organizational structure and recent threats to their traditional careers and employment security. Also we may expect difficulties in the development of organizational commitment to emerge as the personal risks to managers increase.     

做市商制度下证券价格的形成机制分析

证券价格的形成要受到交易机制的约束,也会受到投资者的风险偏好、信念以及对信息获知程度的影响.文章将把这两方面因素结合起来考虑,把信息不对称引入模型,对做市商市场的证券价格形成机制进行了均衡分析.结果表明,一方面,在存在做市商的证券市场,投资者根据自己的风险偏好、信念和获知信息进行交易以使预期效用最大化,交易指令的下达与执行传达了证券清算价值的信息.做市商通过对指令信息的观察而进行双向报价,为市场提供了流动性;另一方面,证券市场的有序运行不仅跟交易机制有关,还受到投资者的风险偏好、信念以及信息上的差异等的影响,这也是决定证券价格的关键因素.     

Valuing Equal Protection in Aviation Security Screening

The growing number of anti‐terrorism policies has elevated public concerns about discrimination. Within the context of airport security screening, the current study examines how American travelers value the principle of equal protection by quantifying the “equity premium” that they are willing to sacrifice to avoid screening procedures that result in differential treatments. In addition, we applied the notion of procedural justice to explore the effect of alternative selective screening procedures on the value of equal protection. Two‐hundred and twenty‐two respondents were randomly assigned to one of three selective screening procedures: (1) randomly, (2) using behavioral indicators, or (3) based on demographic characteristics. They were asked to choose between airlines using either an equal or a discriminatory screening procedure. While the former requires all passengers to be screened in the same manner, the latter mandates all passengers undergo a quick primary screening and, in addition, some passengers are selected for a secondary screening based on a predetermined selection criterion. Equity premiums were quantified in terms of monetary cost, wait time, convenience, and safety compromise. Results show that equity premiums varied greatly across respondents, with many indicating little willingness to sacrifice to avoid inequitable screening, and a smaller minority willing to sacrifice anything to avoid the discriminatory screening. The selective screening manipulation was effective in that equity premiums were greater under selection by demographic characteristics compared to the other two procedures.