A Comparative Analysis of PRA and Intelligent Adversary Methods for Counterterrorism Risk Management

In counterterrorism risk management decisions, the analyst can choose to represent terrorist decisions as defender uncertainties or as attacker decisions. We perform a comparative analysis of probabilistic risk analysis (PRA) methods including event trees, influence diagrams, Bayesian networks, decision trees, game theory, and combined methods on the same illustrative examples (container screening for radiological materials) to get insights into the significant differences in assumptions and results. A key tenent of PRA and decision analysis is the use of subjective probability to assess the likelihood of possible outcomes. For each technique, we compare the assumptions, probability assessment requirements, risk levels, and potential insights for risk managers. We find that assessing the distribution of potential attacker decisions is a complex judgment task, particularly considering the adaptation of the attacker to defender decisions. Intelligent adversary risk analysis and adversarial risk analysis are extensions of decision analysis and sequential game theory that help to decompose such judgments. These techniques explicitly show the adaptation of the attacker and the resulting shift in risk based on defender decisions.     

Intelligent Adversary Risk Analysis: A Bioterrorism Risk Management Model

The tragic events of 9/11 and the concerns about the potential for a terrorist or hostile state attack with weapons of mass destruction have led to an increased emphasis on risk analysis for homeland security. Uncertain hazards (natural and engineering) have been successfully analyzed using probabilistic risk analysis (PRA). Unlike uncertain hazards, terrorists and hostile states are intelligent adversaries who can observe our vulnerabilities and dynamically adapt their plans and actions to achieve their objectives. This article compares uncertain hazard risk analysis with intelligent adversary risk analysis, describes the intelligent adversary risk analysis challenges, and presents a probabilistic defender–attacker–defender model to evaluate the baseline risk and the potential risk reduction provided by defender investments. The model includes defender decisions prior to an attack; attacker decisions during the attack; defender actions after an attack; and the uncertainties of attack implementation, detection, and consequences. The risk management model is demonstrated with an illustrative bioterrorism problem with notional data.     

Game Theory and Risk Analysis

Risk analysts often analyze adversarial risks from terrorists or other intelligent attackers without mentioning game theory. Why? One reason is that many adversarial situations—those that can be represented as attacker‐defender games, in which the defender first chooses an allocation of defensive resources to protect potential targets, and the attacker, knowing what the defender has done, then decides which targets to attack—can be modeled and analyzed successfully without using most of the concepts and terminology of game theory. However, risk analysis and game theory are also deeply complementary. Game‐theoretic analyses of conflicts require modeling the probable consequences of each choice of strategies by the players and assessing the expected utilities of these probable consequences. Decision and risk analysis methods are well suited to accomplish these tasks. Conversely, game‐theoretic formulations of attack‐defense conflicts (and other adversarial risks) can greatly improve upon some current risk analyses that attempt to model attacker decisions as random variables or uncertain attributes of targets (“threats”) and that seek to elicit their values from the defender's own experts. Game theory models that clarify the nature of the interacting decisions made by attackers and defenders and that distinguish clearly between strategic choices (decision nodes in a game tree) and random variables (chance nodes, not controlled by either attacker or defender) can produce more sensible and effective risk management recommendations for allocating defensive resources than current risk scoring models. Thus, risk analysis and game theory are (or should be) mutually reinforcing.     

Terrorist Population Dynamics Model

A system that includes a number of terrorist cells is considered. The cells can consist of one or more terrorists. The current number of terrorist cells is further denoted by N(t), where t is a current time counted from any appropriate origin. The objective is to find the evolution of the system in terms of N(t) and some interpretable parameters, such as the initial number of the terrorist cells N0=N(0), the cell disabling rate constant lambda (or the cell half-life t1/2), and the rate of formation of new cells P. The cost-effectiveness analysis, performed in the framework of the model, reveals that the effectiveness of disabling a terrorist cell is getting worse after 2-3 half-lives of a cell, which shows that if the anti-terrorist actions have not reached their goal during that time, the respective policy should be considered for revision, using the risk assessment consideration. Another important issue raised concerns balancing the efforts related to counterterrorism actions inside the system and the efforts protecting its borders. The respective data analysis is suggested and illustrated using simulated data.     

Counterterrorism resource allocation during a pandemic: The effects of dynamic target valuations when facing a strategic terrorist

The outbreak of pandemics such as COVID-19 can result in cascading effects for global systemic risk. To combat an ongoing pandemic, governmental resources are largely allocated toward supporting the health of the public and economy. This shift in attention can lead to security vulnerabilities which are exploited by terrorists. In view of this, counterterrorism during a pandemic is of critical interest to the safety and well-being of the global society. Most notably, the population flows among potential targets are likely to change in conjunction with the trend of the health crisis, which leads to fluctuations in target valuations. In this situation, a new challenge for the defender is to optimally allocate his/her resources among targets that have changing valuations, where his/her intention is to minimize the expected losses from potential terrorist attacks. In order to deal with this challenge, in this paper, we first develop a defender–attacker game in sequential form, where the target valuations can change as a result of the pandemic. Then we analyze the effects of a pandemic on counterterrorism resource allocation from the perspective of dynamic target valuations. Finally, we provide some examples to display the theoretical results, and present a case study to illustrate the usability of our proposed model during a pandemic.     

Optimal Resource Allocation for Defense of Targets Based on Differing Measures of Attractiveness

This article describes the results of applying a rigorous computational model to the problem of the optimal defensive resource allocation among potential terrorist targets. In particular, our study explores how the optimal budget allocation depends on the cost effectiveness of security investments, the defender's valuations of the various targets, and the extent of the defender's uncertainty about the attacker's target valuations. We use expected property damage, expected fatalities, and two metrics of critical infrastructure (airports and bridges) as our measures of target attractiveness. Our results show that the cost effectiveness of security investment has a large impact on the optimal budget allocation. Also, different measures of target attractiveness yield different optimal budget allocations, emphasizing the importance of developing more realistic terrorist objective functions for use in budget allocation decisions for homeland security.     

Some Limitations of “Risk = Threat × Vulnerability × Consequence” for Risk Analysis of Terrorist Attacks

Several important risk analysis methods now used in setting priorities for protecting U.S. infrastructures against terrorist attacks are based on the formula: Risk=Threat×Vulnerability×Consequence. This article identifies potential limitations in such methods that can undermine their ability to guide resource allocations to effectively optimize risk reductions. After considering specific examples for the Risk Analysis and Management for Critical Asset Protection (RAMCAP?) framework used by the Department of Homeland Security, we address more fundamental limitations of the product formula. These include its failure to adjust for correlations among its components, nonadditivity of risks estimated using the formula, inability to use risk‐scoring results to optimally allocate defensive resources, and intrinsic subjectivity and ambiguity of Threat, Vulnerability, and Consequence numbers. Trying to directly assess probabilities for the actions of intelligent antagonists instead of modeling how they adaptively pursue their goals in light of available information and experience can produce ambiguous or mistaken risk estimates. Recent work demonstrates that two‐level (or few‐level) hierarchical optimization models can provide a useful alternative to Risk=Threat×Vulnerability×Consequence scoring rules, and also to probabilistic risk assessment (PRA) techniques that ignore rational planning and adaptation. In such two‐level optimization models, defender predicts attacker's best response to defender's own actions, and then chooses his or her own actions taking into account these best responses. Such models appear valuable as practical approaches to antiterrorism risk analysis.     

An Attacker–defender Resource Allocation Game with Substitution and Complementary Effects

The United States is funding homeland security programs with a large budget (e.g., 74.4 billion for FY 2019). A number of game-theoretic defender–attacker models have been developed to study the optimal defense resource allocation strategies for the government (defender) against the strategic adversary (attacker). However, to the best of our knowledge, the substitution or complementary effects between different types of defensive resources (e.g., human resource, land resource, and capital resource) have not been taken into consideration even though they exist in practice. The article fills this gap by studying a sequential game-theoretical resource allocation model and then exploring how the joint effectiveness of multiple security investments influences the defensive budget allocation among multiple potential targets. Three false belief models have been developed in which only the defender, only the attacker, and both the defender and attacker hold false beliefs about the joint effectiveness of resources. Regression analysis shows that there are significant substitution effects between human and capital resources. The results show that the defender will suffer a higher loss if he fails to consider the substitution or complementary effects. Interestingly, if the attacker holds a false belief while the defender does not, the defender will suffer an even higher loss, especially when the resources are substitutes. However, if both the attacker and defender hold false beliefs, there will be lower loss when resources are complementary. The results also show that the defender should allocate the highly effective resource when the resources substitute each other. This article provides some new insights to the homeland security resource allocation.     

Modeling Values for Anti-Terrorism Analysis

Decisions are made to achieve objectives. A qualitative list of the objectives for a decision is the foundation for a value model that unambiguously represents objectives in a quantitative manner. The objectives guide thinking and the value model provides a basis for analyzing alternatives to best meet the desired objectives. This article illustrates the usefulness of clearly identifying objectives and developing value models to support anti-terrorism analysis. It outlines procedures to develop value models for the Department of Homeland Security and for terrorist organizations. The later is useful to both design anti-terrorism alternatives and suggest possible terrorist priorities and actions. An example that develops a terrorist value model for the theft and misuse of plutonium is presented. Several uses of value models for anti-terrorist activities are discussed and suggestions for developing such value models are outlined.     

Behavioral Modeling of Adversaries with Multiple Objectives in Counterterrorism

Attacker/defender models have primarily assumed that each decisionmaker optimizes the cost of the damage inflicted and its economic repercussions from their own perspective. Two streams of recent research have sought to extend such models. One stream suggests that it is more realistic to consider attackers with multiple objectives, but this research has not included the adaption of the terrorist with multiple objectives to defender actions. The other stream builds off experimental studies that show that decisionmakers deviate from optimal rational behavior. In this article, we extend attacker/defender models to incorporate multiple objectives that a terrorist might consider in planning an attack. This includes the tradeoffs that a terrorist might consider and their adaption to defender actions. However, we must also consider experimental evidence of deviations from the rationality assumed in the commonly used expected utility model in determining such adaption. Thus, we model the attacker's behavior using multiattribute prospect theory to account for the attacker's multiple objectives and deviations from rationality. We evaluate our approach by considering an attacker with multiple objectives who wishes to smuggle radioactive material into the United States and a defender who has the option to implement a screening process to hinder the attacker. We discuss the problems with implementing such an approach, but argue that research in this area must continue to avoid misrepresenting terrorist behavior in determining optimal defensive actions.     

Flash Flood Risks and Warning Decisions: A Mental Models Study of Forecasters,Public Officials,and Media Broadcasters in Boulder,Colorado

Timely warning communication and decision making are critical for reducing harm from flash flooding. To help understand and improve extreme weather risk communication and management, this study uses a mental models research approach to investigate the flash flood warning system and its risk decision context. Data were collected in the Boulder, Colorado area from mental models interviews with forecasters, public officials, and media broadcasters, who each make important interacting decisions in the warning system, and from a group modeling session with forecasters. Analysis of the data informed development of a decision‐focused model of the flash flood warning system that integrates the professionals’ perspectives. Comparative analysis of individual and group data with this model characterizes how these professionals conceptualize flash flood risks and associated uncertainty; create and disseminate flash flood warning information; and perceive how warning information is (and should be) used in their own and others’ decisions. The analysis indicates that warning system functioning would benefit from professionals developing a clearer, shared understanding of flash flood risks and the warning system, across their areas of expertise and job roles. Given the challenges in risk communication and decision making for complex, rapidly evolving hazards such as flash floods, another priority is development of improved warning content to help members of the public protect themselves when needed. Also important is professional communication with members of the public about allocation of responsibilities for managing flash flood risks, as well as improved system‐wide management of uncertainty in decisions.     

Managing Risk at the Tucson Sector of the U.S. Border Patrol

This article describes a risk analysis used to inform resource allocation at the Tucson Sector of the U.S. Border Patrol, the busiest sector for alien and drug trafficking along the Southwest land border with Mexico. The model and methodology that underlie this analysis are generally applicable to many resource allocation decisions regarding the management of frequently occurring hazards, decisions regularly made by officials at all levels of the homeland security enterprise. The analysis was executed by agents without previous risk expertise working under a short time frame, and the findings from the analysis were used to inform several resource allocation decisions.     

The SAM Framework: Modeling the Effects of Management Factors on Human Behavior in Risk Analysis

Complex engineered systems, such as nuclear reactors and chemical plants, have the potential for catastrophic failure with disastrous consequences. In recent years, human and management factors have been recognized as frequent root causes of major failures in such systems. However, classical probabilistic risk analysis (PRA) techniques do not account for the underlying causes of these errors because they focus on the physical system and do not explicitly address the link between components' performance and organizational factors. This paper describes a general approach for addressing the human and management causes of system failure, called the SAM (System-Action-Management) framework. Beginning with a quantitative risk model of the physical system, SAM expands the scope of analysis to incorporate first the decisions and actions of individuals that affect the physical system. SAM then links management factors (incentives, training, policies and procedures, selection criteria, etc.) to those decisions and actions. The focus of this paper is on four quantitative models of action that describe this last relationship. These models address the formation of intentions for action and their execution as a function of the organizational environment. Intention formation is described by three alternative models: a rational model, a bounded rationality model, and a rule-based model. The execution of intentions is then modeled separately. These four models are designed to assess the probabilities of individual actions from the perspective of management, thus reflecting the uncertainties inherent to human behavior. The SAM framework is illustrated for a hypothetical case of hazardous materials transportation. This framework can be used as a tool to increase the safety and reliability of complex technical systems by modifying the organization, rather than, or in addition to, re-designing the physical system.     

Modeling intelligent adversaries for terrorism risk assessment: some necessary conditions for adversary models

Intelligent adversary modeling has become increasingly important for risk analysis, and a number of different approaches have been proposed for incorporating intelligent adversaries in risk analysis models. However, these approaches are based on a range of often-implicit assumptions about the desirable properties of intelligent adversary models. This "Perspective" paper aims to further risk analysis for situations involving intelligent adversaries by fostering a discussion of the desirable properties for these models. A set of four basic necessary conditions for intelligent adversary models is proposed and discussed. These are: (1) behavioral accuracy to the degree possible, (2) computational tractability to support decision making, (3) explicit consideration of uncertainty, and (4) ability to gain confidence in the model. It is hoped that these suggested necessary conditions foster discussion about the goals and assumptions underlying intelligent adversary modeling in risk analysis.     

Cognitive Mapping Tools: Review and Risk Management Needs

Risk managers are increasingly interested in incorporating stakeholder beliefs and other human factors into the planning process. Effective risk assessment and management requires understanding perceptions and beliefs of involved stakeholders, and how these beliefs give rise to actions that influence risk management decisions. Formal analyses of risk manager and stakeholder cognitions represent an important first step. Techniques for diagramming stakeholder mental models provide one tool for risk managers to better understand stakeholder beliefs and perceptions concerning risk, and to leverage this new understanding in developing risk management strategies. This article reviews three methodologies for assessing and diagramming stakeholder mental models—decision‐analysis‐based mental modeling, concept mapping, and semantic web analysis—and assesses them with regard to their ability to address risk manager needs.     

需求不确定条件下的制造商订单分配模型

制造商的订单分配作为供应链模型微观层面的重要组成部分,对提升整个供应链效率有很大影响,但需求层面的不确定因素加大了订单分配的难度。以按比例分配为原则,讨论在需求不确定条件下完全信息与不完全信息两类多供应商-单制造商的订单分配模型。重点研究完全信息条件下各方的分散决策和集中决策,由于后者能避免各参与方对其他决策方的边际影响,所以能够实现供应链总利润的最大化;其次又将不完全信息引入模型,讨论制造商如何通过折算因子结合已有信息对供应商的私人信息进行估计,进而做出决策。最后以需求服从正态分布为例对两类模型进行验证。     

Interdependent Network Recovery Games

Recovery of interdependent infrastructure networks in the presence of catastrophic failure is crucial to the economy and welfare of society. Recently, centralized methods have been developed to address optimal resource allocation in postdisaster recovery scenarios of interdependent infrastructure systems that minimize total cost. In real-world systems, however, multiple independent, possibly noncooperative, utility network controllers are responsible for making recovery decisions, resulting in suboptimal decentralized processes. With the goal of minimizing recovery cost, a best-case decentralized model allows controllers to develop a full recovery plan and negotiate until all parties are satisfied (an equilibrium is reached). Such a model is computationally intensive for planning and negotiating, and time is a crucial resource in postdisaster recovery scenarios. Furthermore, in this work, we prove this best-case decentralized negotiation process could continue indefinitely under certain conditions. Accounting for network controllers' urgency in repairing their system, we propose an ad hoc sequential game-theoretic model of interdependent infrastructure network recovery represented as a discrete time noncooperative game between network controllers that is guaranteed to converge to an equilibrium. We further reduce the computation time needed to find a solution by applying a best-response heuristic and prove bounds on ε-Nash equilibrium, where ε depends on problem inputs. We compare best-case and ad hoc models on an empirical interdependent infrastructure network in the presence of simulated earthquakes to demonstrate the extent of the tradeoff between optimality and computational efficiency. Our method provides a foundation for modeling sociotechnical systems in a way that mirrors restoration processes in practice.     

关于经理股权激励机制的探讨

对经理股权报酬和非股权报酬的优化组合激励问题进行了探讨。通过分析建立了组合激励的两阶段博弈模型,通过博弈分析和优化分析得到了经理最优薪资报酬组合和最优股权配置比例。结合构成股权配置比例的各参数的含义,探讨了它们的变化对最优股权配置比例的影响,指出了经理股权配置比例设计工作中应该注意的一些问题。     

Integrating Operational and Organizational Aspects in Interdependent Infrastructure Network Recovery

Managing risk in infrastructure systems implies dealing with interdependent physical networks and their relationships with the natural and societal contexts. Computational tools are often used to support operational decisions aimed at improving resilience, whereas economics‐related tools tend to be used to address broader societal and policy issues in infrastructure management. We propose an optimization‐based framework for infrastructure resilience analysis that incorporates organizational and socioeconomic aspects into operational problems, allowing to understand relationships between decisions at the policy level (e.g., regulation) and the technical level (e.g., optimal infrastructure restoration). We focus on three issues that arise when integrating such levels. First, optimal restoration strategies driven by financial and operational factors evolve differently compared to those driven by socioeconomic and humanitarian factors. Second, regulatory aspects have a significant impact on recovery dynamics (e.g., effective recovery is most challenging in societies with weak institutions and regulation, where individual interests may compromise societal well‐being). And third, the decision space (i.e., available actions) in postdisaster phases is strongly determined by predisaster decisions (e.g., resource allocation). The proposed optimization framework addresses these issues by using: (1) parametric analyses to test the influence of operational and socioeconomic factors on optimization outcomes, (2) regulatory constraints to model and assess the cost and benefit (for a variety of actors) of enforcing specific policy‐related conditions for the recovery process, and (3) sensitivity analyses to capture the effect of predisaster decisions on recovery. We illustrate our methodology with an example regarding the recovery of interdependent water, power, and gas networks in Shelby County, TN (USA), with exposure to natural hazards.