Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts

Most attacker–defender games consider players as risk neutral, whereas in reality attackers and defenders may be risk seeking or risk averse. This article studies the impact of players' risk preferences on their equilibrium behavior and its effect on the notion of deterrence. In particular, we study the effects of risk preferences in a single‐period, sequential game where a defender has a continuous range of investment levels that could be strategically chosen to potentially deter an attack. This article presents analytic results related to the effect of attacker and defender risk preferences on the optimal defense effort level and their impact on the deterrence level. Numerical illustrations and some discussion of the effect of risk preferences on deterrence and the utility of using such a model are provided, as well as sensitivity analysis of continuous attack investment levels and uncertainty in the defender's beliefs about the attacker's risk preference. A key contribution of this article is the identification of specific scenarios in which the defender using a model that takes into account risk preferences would be better off than a defender using a traditional risk‐neutral model. This study provides insights that could be used by policy analysts and decisionmakers involved in investment decisions in security and safety.     

Resource Distribution in Multiple Attacks with Imperfect Detection of the Attack Outcome

This article extends the previous research of consecutive attacks strategy by assuming that an attacker observes the outcome of each attack imperfectly. With given probabilities it may wrongly identify a destroyed target as undestroyed, and wrongly identify an undestroyed target as destroyed. The outcome of each attack is determined by a contest success function that depends on the amount of resources allocated by the defender and the attacker to each attack. The article suggests a probabilistic model of the multiple attacks and analyzes how the target destruction probability and the attacker's relative resource expenditure are impacted by the two probabilities of incorrect observation, the attacker's and defender's resource ratio, the contest intensity, the number of attacks, and the resource distribution across attacks. We analyze how the attacker chooses the number of attacks, the attack stopping rule, and the optimal resource distribution across attacks to maximize its utility.     

Defender–Attacker Games with Asymmetric Player Utilities

The presence of strategic attackers has become an important factor in the security and protection of systems, especially since the 9/11/2001 attacks, and considerable efforts have been dedicated to its study. When defending against the strategic attacker, many existing studies assume that the attacker would seek to minimize the defender's utility, which implies that the defender and attacker have symmetric utilities. However, the attacker's objective is determined by its own valuation of the system and target of the attack, which is not necessarily consistent with the defender's utility. If the attacker unexpectedly targets a different utility, then the defense strategy might no longer be optimal. In particular, the defense strategy could be inferior if the attacker's utility is not known to the defender. This study considers a situation where the defender's utility is the system survivability and the attacker's utility is the expected number of destroyed elements in the system. We investigate possible attack strategies under these two different utilities and compare (a) the conservative defense strategy when the attack utility is unknown to the defender with (b) the optimal defense strategy when the attack utility is known to the defender. We show that the conservative protection strategy is still optimal under asymmetric utilities when the contest intensity is smaller than one.     

A General Framework for the Assessment of Power System Vulnerability to Malicious Attacks

The protection and safe operations of power systems heavily rely on the identification of the causes of damage and service disruption. This article presents a general framework for the assessment of power system vulnerability to malicious attacks. The concept of susceptibility to an attack is employed to quantitatively evaluate the degree of exposure of the system and its components to intentional offensive actions. A scenario with two agents having opposing objectives is proposed, i.e., a defender having multiple alternatives of protection strategies for system elements, and an attacker having multiple alternatives of attack strategies against different combinations of system elements. The defender aims to minimize the system susceptibility to the attack, subject to budget constraints; on the other hand, the attacker aims to maximize the susceptibility. The problem is defined as a zero‐sum game between the defender and the attacker. The assumption that the interests of the attacker and the defender are opposite makes it irrelevant whether or not the defender shows the strategy he/she will use. Thus, the approaches “leader–follower game” or “simultaneous game” do not provide differences as far as the results are concerned. The results show an example of such a situation, and the von Neumann theorem is applied to find the (mixed) equilibrium strategies of the attacker and of the defender.     

Defender–Attacker Decision Tree Analysis to Combat Terrorism

We propose a methodology, called defender–attacker decision tree analysis, to evaluate defensive actions against terrorist attacks in a dynamic and hostile environment. Like most game‐theoretic formulations of this problem, we assume that the defenders act rationally by maximizing their expected utility or minimizing their expected costs. However, we do not assume that attackers maximize their expected utilities. Instead, we encode the defender's limited knowledge about the attacker's motivations and capabilities as a conditional probability distribution over the attacker's decisions. We apply this methodology to the problem of defending against possible terrorist attacks on commercial airplanes, using one of three weapons: infrared‐guided MANPADS (man‐portable air defense systems), laser‐guided MANPADS, or visually targeted RPGs (rocket propelled grenades). We also evaluate three countermeasures against these weapons: DIRCMs (directional infrared countermeasures), perimeter control around the airport, and hardening airplanes. The model includes deterrence effects, the effectiveness of the countermeasures, and the substitution of weapons and targets once a specific countermeasure is selected. It also includes a second stage of defensive decisions after an attack occurs. Key findings are: (1) due to the high cost of the countermeasures, not implementing countermeasures is the preferred defensive alternative for a large range of parameters; (2) if the probability of an attack and the associated consequences are large, a combination of DIRCMs and ground perimeter control are preferred over any single countermeasure.     

An Attacker–defender Resource Allocation Game with Substitution and Complementary Effects

The United States is funding homeland security programs with a large budget (e.g., 74.4 billion for FY 2019). A number of game-theoretic defender–attacker models have been developed to study the optimal defense resource allocation strategies for the government (defender) against the strategic adversary (attacker). However, to the best of our knowledge, the substitution or complementary effects between different types of defensive resources (e.g., human resource, land resource, and capital resource) have not been taken into consideration even though they exist in practice. The article fills this gap by studying a sequential game-theoretical resource allocation model and then exploring how the joint effectiveness of multiple security investments influences the defensive budget allocation among multiple potential targets. Three false belief models have been developed in which only the defender, only the attacker, and both the defender and attacker hold false beliefs about the joint effectiveness of resources. Regression analysis shows that there are significant substitution effects between human and capital resources. The results show that the defender will suffer a higher loss if he fails to consider the substitution or complementary effects. Interestingly, if the attacker holds a false belief while the defender does not, the defender will suffer an even higher loss, especially when the resources are substitutes. However, if both the attacker and defender hold false beliefs, there will be lower loss when resources are complementary. The results also show that the defender should allocate the highly effective resource when the resources substitute each other. This article provides some new insights to the homeland security resource allocation.     

Adversarial risk analysis for counterterrorism modeling

Recent large-scale terrorist attacks have raised interest in models for resource allocation against terrorist threats. The unifying theme in this area is the need to develop methods for the analysis of allocation decisions when risks stem from the intentional actions of intelligent adversaries. Most approaches to these problems have a game-theoretic flavor although there are also several interesting decision-analytic-based proposals. One of them is the recently introduced framework for adversarial risk analysis, which deals with decision-making problems that involve intelligent opponents and uncertain outcomes. We explore how adversarial risk analysis addresses some standard counterterrorism models: simultaneous defend-attack models, sequential defend-attack-defend models, and sequential defend-attack models with private information. For each model, we first assess critically what would be a typical game-theoretic approach and then provide the corresponding solution proposed by the adversarial risk analysis framework, emphasizing how to coherently assess a predictive probability model of the adversary's actions, in a context in which we aim at supporting decisions of a defender versus an attacker. This illustrates the application of adversarial risk analysis to basic counterterrorism models that may be used as basic building blocks for more complex risk analysis of counterterrorism problems.     

Resource Distribution in Multiple Attacks Against a Single Target

A target is protected by the defender and attacked by an attacker launching sequential attacks. For each attack, a contest intensity measures whether the agents’ efforts have low or high impact on the target vulnerability (low vs. high contest intensity). Both the defender and the attacker have limited resources. It is assumed that the attacker can observe the outcome of each attack and stop the sequence of attacks when the target is destroyed. Two attacker objectives are considered, that is, to maximize the target vulnerability or to minimize the expected attacker resource expenditure. The article addresses the following three questions: whether the attacker should allocate its entire resource into one large attack or distribute it among several attacks; whether geometrically increasing or decreasing resource distribution into a fixed number of sequential attacks is more beneficial than equal resource distribution; and how the optimal attack strategy depends on the contest intensity.     

Intelligent Adversary Risk Analysis: A Bioterrorism Risk Management Model

The tragic events of 9/11 and the concerns about the potential for a terrorist or hostile state attack with weapons of mass destruction have led to an increased emphasis on risk analysis for homeland security. Uncertain hazards (natural and engineering) have been successfully analyzed using probabilistic risk analysis (PRA). Unlike uncertain hazards, terrorists and hostile states are intelligent adversaries who can observe our vulnerabilities and dynamically adapt their plans and actions to achieve their objectives. This article compares uncertain hazard risk analysis with intelligent adversary risk analysis, describes the intelligent adversary risk analysis challenges, and presents a probabilistic defender–attacker–defender model to evaluate the baseline risk and the potential risk reduction provided by defender investments. The model includes defender decisions prior to an attack; attacker decisions during the attack; defender actions after an attack; and the uncertainties of attack implementation, detection, and consequences. The risk management model is demonstrated with an illustrative bioterrorism problem with notional data.     

A Comparative Analysis of PRA and Intelligent Adversary Methods for Counterterrorism Risk Management

In counterterrorism risk management decisions, the analyst can choose to represent terrorist decisions as defender uncertainties or as attacker decisions. We perform a comparative analysis of probabilistic risk analysis (PRA) methods including event trees, influence diagrams, Bayesian networks, decision trees, game theory, and combined methods on the same illustrative examples (container screening for radiological materials) to get insights into the significant differences in assumptions and results. A key tenent of PRA and decision analysis is the use of subjective probability to assess the likelihood of possible outcomes. For each technique, we compare the assumptions, probability assessment requirements, risk levels, and potential insights for risk managers. We find that assessing the distribution of potential attacker decisions is a complex judgment task, particularly considering the adaptation of the attacker to defender decisions. Intelligent adversary risk analysis and adversarial risk analysis are extensions of decision analysis and sequential game theory that help to decompose such judgments. These techniques explicitly show the adaptation of the attacker and the resulting shift in risk based on defender decisions.     

Choosing What to Protect

We study a strategic model in which a defender must allocate defensive resources to a collection of locations, and an attacker must choose a location to attack. The defender does not know the attacker's preferences, while the attacker observes the defender's resource allocation. The defender's problem gives rise to negative externalities, in the sense that increasing the resources allocated to one location increases the likelihood of an attack at other locations. In equilibrium, the defender exploits these externalities to manipulate the attacker's behavior, sometimes optimally leaving a location undefended, and sometimes preferring a higher vulnerability at a particular location even if a lower risk could be achieved at zero cost. Key results of our model are as follows: (1) the defender prefers to allocate resources in a centralized (rather than decentralized) manner; (2) as the number of locations to be defended grows, the defender can cost effectively reduce the probability of a successful attack only if the number of valuable targets is bounded; (3) the optimal allocation of resources can be nonmonotonic in the relative value of the attacker's outside option; and (4) the defender prefers his or her defensive allocation to be public rather than secret.     

Modeling Values for Anti-Terrorism Analysis

Decisions are made to achieve objectives. A qualitative list of the objectives for a decision is the foundation for a value model that unambiguously represents objectives in a quantitative manner. The objectives guide thinking and the value model provides a basis for analyzing alternatives to best meet the desired objectives. This article illustrates the usefulness of clearly identifying objectives and developing value models to support anti-terrorism analysis. It outlines procedures to develop value models for the Department of Homeland Security and for terrorist organizations. The later is useful to both design anti-terrorism alternatives and suggest possible terrorist priorities and actions. An example that develops a terrorist value model for the theft and misuse of plutonium is presented. Several uses of value models for anti-terrorist activities are discussed and suggestions for developing such value models are outlined.     

Some Limitations of “Risk = Threat × Vulnerability × Consequence” for Risk Analysis of Terrorist Attacks

Several important risk analysis methods now used in setting priorities for protecting U.S. infrastructures against terrorist attacks are based on the formula: Risk=Threat×Vulnerability×Consequence. This article identifies potential limitations in such methods that can undermine their ability to guide resource allocations to effectively optimize risk reductions. After considering specific examples for the Risk Analysis and Management for Critical Asset Protection (RAMCAP?) framework used by the Department of Homeland Security, we address more fundamental limitations of the product formula. These include its failure to adjust for correlations among its components, nonadditivity of risks estimated using the formula, inability to use risk‐scoring results to optimally allocate defensive resources, and intrinsic subjectivity and ambiguity of Threat, Vulnerability, and Consequence numbers. Trying to directly assess probabilities for the actions of intelligent antagonists instead of modeling how they adaptively pursue their goals in light of available information and experience can produce ambiguous or mistaken risk estimates. Recent work demonstrates that two‐level (or few‐level) hierarchical optimization models can provide a useful alternative to Risk=Threat×Vulnerability×Consequence scoring rules, and also to probabilistic risk assessment (PRA) techniques that ignore rational planning and adaptation. In such two‐level optimization models, defender predicts attacker's best response to defender's own actions, and then chooses his or her own actions taking into account these best responses. Such models appear valuable as practical approaches to antiterrorism risk analysis.     

Game Theory and Risk Analysis

Risk analysts often analyze adversarial risks from terrorists or other intelligent attackers without mentioning game theory. Why? One reason is that many adversarial situations—those that can be represented as attacker‐defender games, in which the defender first chooses an allocation of defensive resources to protect potential targets, and the attacker, knowing what the defender has done, then decides which targets to attack—can be modeled and analyzed successfully without using most of the concepts and terminology of game theory. However, risk analysis and game theory are also deeply complementary. Game‐theoretic analyses of conflicts require modeling the probable consequences of each choice of strategies by the players and assessing the expected utilities of these probable consequences. Decision and risk analysis methods are well suited to accomplish these tasks. Conversely, game‐theoretic formulations of attack‐defense conflicts (and other adversarial risks) can greatly improve upon some current risk analyses that attempt to model attacker decisions as random variables or uncertain attributes of targets (“threats”) and that seek to elicit their values from the defender's own experts. Game theory models that clarify the nature of the interacting decisions made by attackers and defenders and that distinguish clearly between strategic choices (decision nodes in a game tree) and random variables (chance nodes, not controlled by either attacker or defender) can produce more sensible and effective risk management recommendations for allocating defensive resources than current risk scoring models. Thus, risk analysis and game theory are (or should be) mutually reinforcing.     

Defense Resource Distribution Between Protection and Redundancy for Constant Resource Stockpiling Pace

The article considers the optimal resource distribution in a parallel system between increasing protection and providing redundancy in a situation when the attacker's and defender's resources are stockpiling and the resource increment rate is constant. It is assumed that the system must perform within an exogenously given time horizon and the attack time probability is uniformly distributed along this horizon. The defender optimizes the resource distribution in order to minimize the system destruction probability during the time horizon. First, we find the optimal pace of construction of the new redundant elements assuming that the construction must start in the initial stage of the stockpiling process. We show that starting construction of new elements in the beginning of the system's existence results in its high initial vulnerability. Introducing the time delay before starting the construction can reduce the initial system vulnerability and the entire system destruction probability. The problem of optimization of time delay and new element construction pace is considered with and without constraint on the initial system vulnerability. Examples illustrating the methodology of the optimal defense strategy analysis are presented.     

Counterterrorism resource allocation during a pandemic: The effects of dynamic target valuations when facing a strategic terrorist

The outbreak of pandemics such as COVID-19 can result in cascading effects for global systemic risk. To combat an ongoing pandemic, governmental resources are largely allocated toward supporting the health of the public and economy. This shift in attention can lead to security vulnerabilities which are exploited by terrorists. In view of this, counterterrorism during a pandemic is of critical interest to the safety and well-being of the global society. Most notably, the population flows among potential targets are likely to change in conjunction with the trend of the health crisis, which leads to fluctuations in target valuations. In this situation, a new challenge for the defender is to optimally allocate his/her resources among targets that have changing valuations, where his/her intention is to minimize the expected losses from potential terrorist attacks. In order to deal with this challenge, in this paper, we first develop a defender–attacker game in sequential form, where the target valuations can change as a result of the pandemic. Then we analyze the effects of a pandemic on counterterrorism resource allocation from the perspective of dynamic target valuations. Finally, we provide some examples to display the theoretical results, and present a case study to illustrate the usability of our proposed model during a pandemic.     

Modeling Arbitrary Layers of Continuous‐Level Defenses in Facing with Strategic Attackers

We propose a novel class of game‐theoretic models for the optimal assignment of defensive resources in a game between a defender and an attacker. Compared to the other game‐theoretic models in the literature of defense allocation problems, the novelty of our model is that we allow the defender to assign her continuous‐level defensive resources to any subset (or arbitrary layers) of targets due to functional similarity or geographical proximity. We develop methods to solve for equilibrium, and illustrate our model using numerical examples. Compared to traditional models that only allow for individual target hardening, our results show that our model could significantly increase the defender's payoff, especially when the unit cost of defense is high.     

A Study on a Sequential One‐Defender‐N‐Attacker Game

Government usually faces threat from multiple attackers. However, in the literature, researchers often model attackers as one monolithic player who chooses whether to attack, how much investment to spend, and on which target, instead of treating multiple attackers as independent agents. This modeling strategy may potentially cause suboptimal defense investment if the attackers have vastly different interests and preferences and may not be combined as one in theory. In this article, we develop a sequential game with complete information. This model considers one defender explicitly dealing with multiple unmergeable attackers. Thorough numerical experiments are conducted using ratio and exponential contest success functions under different scenarios. The result is also contrasted with the corresponding single attacker model to study the effect of mishandling multiple attackers. The propositions and observations drawn from the numerical experiments provide insights for government decision making with a better understanding of the attackers' behavior.     

An Optimization‐Based Framework for the Identification of Vulnerabilities in Electric Power Grids Exposed to Natural Hazards

This article proposes a novel mathematical optimization framework for the identification of the vulnerabilities of electric power infrastructure systems (which is a paramount example of critical infrastructure) due to natural hazards. In this framework, the potential impacts of a specific natural hazard on an infrastructure are first evaluated in terms of failure and recovery probabilities of system components. Then, these are fed into a bi‐level attacker–defender interdiction model to determine the critical components whose failures lead to the largest system functionality loss. The proposed framework bridges the gap between the difficulties of accurately predicting the hazard information in classical probability‐based analyses and the over conservatism of the pure attacker–defender interdiction models. Mathematically, the proposed model configures a bi‐level max‐min mixed integer linear programming (MILP) that is challenging to solve. For its solution, the problem is casted into an equivalent one‐level MILP that can be solved by efficient global solvers. The approach is applied to a case study concerning the vulnerability identification of the georeferenced RTS24 test system under simulated wind storms. The numerical results demonstrate the effectiveness of the proposed framework for identifying critical locations under multiple hazard events and, thus, for providing a useful tool to help decisionmakers in making more‐informed prehazard preparation decisions.     

Robust allocation of a defensive budget considering an attacker's private information

Attackers' private information is one of the main issues in defensive resource allocation games in homeland security. The outcome of a defense resource allocation decision critically depends on the accuracy of estimations about the attacker's attributes. However, terrorists' goals may be unknown to the defender, necessitating robust decisions by the defender. This article develops a robust-optimization game-theoretical model for identifying optimal defense resource allocation strategies for a rational defender facing a strategic attacker while the attacker's valuation of targets, being the most critical attribute of the attacker, is unknown but belongs to bounded distribution-free intervals. To our best knowledge, no previous research has applied robust optimization in homeland security resource allocation when uncertainty is defined in bounded distribution-free intervals. The key features of our model include (1) modeling uncertainty in attackers' attributes, where uncertainty is characterized by bounded intervals; (2) finding the robust-optimization equilibrium for the defender using concepts dealing with budget of uncertainty and price of robustness; and (3) applying the proposed model to real data.