Game Theory and Risk Analysis

Risk analysts often analyze adversarial risks from terrorists or other intelligent attackers without mentioning game theory. Why? One reason is that many adversarial situations—those that can be represented as attacker‐defender games, in which the defender first chooses an allocation of defensive resources to protect potential targets, and the attacker, knowing what the defender has done, then decides which targets to attack—can be modeled and analyzed successfully without using most of the concepts and terminology of game theory. However, risk analysis and game theory are also deeply complementary. Game‐theoretic analyses of conflicts require modeling the probable consequences of each choice of strategies by the players and assessing the expected utilities of these probable consequences. Decision and risk analysis methods are well suited to accomplish these tasks. Conversely, game‐theoretic formulations of attack‐defense conflicts (and other adversarial risks) can greatly improve upon some current risk analyses that attempt to model attacker decisions as random variables or uncertain attributes of targets (“threats”) and that seek to elicit their values from the defender's own experts. Game theory models that clarify the nature of the interacting decisions made by attackers and defenders and that distinguish clearly between strategic choices (decision nodes in a game tree) and random variables (chance nodes, not controlled by either attacker or defender) can produce more sensible and effective risk management recommendations for allocating defensive resources than current risk scoring models. Thus, risk analysis and game theory are (or should be) mutually reinforcing.     

Defender–Attacker Games with Asymmetric Player Utilities

The presence of strategic attackers has become an important factor in the security and protection of systems, especially since the 9/11/2001 attacks, and considerable efforts have been dedicated to its study. When defending against the strategic attacker, many existing studies assume that the attacker would seek to minimize the defender's utility, which implies that the defender and attacker have symmetric utilities. However, the attacker's objective is determined by its own valuation of the system and target of the attack, which is not necessarily consistent with the defender's utility. If the attacker unexpectedly targets a different utility, then the defense strategy might no longer be optimal. In particular, the defense strategy could be inferior if the attacker's utility is not known to the defender. This study considers a situation where the defender's utility is the system survivability and the attacker's utility is the expected number of destroyed elements in the system. We investigate possible attack strategies under these two different utilities and compare (a) the conservative defense strategy when the attack utility is unknown to the defender with (b) the optimal defense strategy when the attack utility is known to the defender. We show that the conservative protection strategy is still optimal under asymmetric utilities when the contest intensity is smaller than one.     

Efficient Allocation of Resources for Defense of Spatially Distributed Networks Using Agent‐Based Simulation

This article presents ongoing research that focuses on efficient allocation of defense resources to minimize the damage inflicted on a spatially distributed physical network such as a pipeline, water system, or power distribution system from an attack by an active adversary, recognizing the fundamental difference between preparing for natural disasters such as hurricanes, earthquakes, or even accidental systems failures and the problem of allocating resources to defend against an opponent who is aware of, and anticipating, the defender's efforts to mitigate the threat. Our approach is to utilize a combination of integer programming and agent‐based modeling to allocate the defensive resources. We conceptualize the problem as a Stackelberg “leader follower” game where the defender first places his assets to defend key areas of the network, and the attacker then seeks to inflict the maximum damage possible within the constraints of resources and network structure. The criticality of arcs in the network is estimated by a deterministic network interdiction formulation, which then informs an evolutionary agent‐based simulation. The evolutionary agent‐based simulation is used to determine the allocation of resources for attackers and defenders that results in evolutionary stable strategies, where actions by either side alone cannot increase its share of victories. We demonstrate these techniques on an example network, comparing the evolutionary agent‐based results to a more traditional, probabilistic risk analysis (PRA) approach. Our results show that the agent‐based approach results in a greater percentage of defender victories than does the PRA‐based approach.     

Securing Passenger Aircraft from the Threat of Man‐Portable Air Defense Systems (MANPADS)

In this article, we develop a model for the expected maximum hit probability of an attack on a commercial aircraft using MANPADS, as a function of the (random) location of the attacker. We also explore the sensitivity of the expected maximum hit probability to the parameters of the model, including both attacker parameters (such as weapon characteristics) and defender parameters (such as the size of the secure region around the airport). We conclude that having a large secure region around an airport offers some protection against MANPADS, and that installing onboard countermeasures reduces the success probability of a MANPADS attack.     

Resource Distribution in Multiple Attacks Against a Single Target

A target is protected by the defender and attacked by an attacker launching sequential attacks. For each attack, a contest intensity measures whether the agents’ efforts have low or high impact on the target vulnerability (low vs. high contest intensity). Both the defender and the attacker have limited resources. It is assumed that the attacker can observe the outcome of each attack and stop the sequence of attacks when the target is destroyed. Two attacker objectives are considered, that is, to maximize the target vulnerability or to minimize the expected attacker resource expenditure. The article addresses the following three questions: whether the attacker should allocate its entire resource into one large attack or distribute it among several attacks; whether geometrically increasing or decreasing resource distribution into a fixed number of sequential attacks is more beneficial than equal resource distribution; and how the optimal attack strategy depends on the contest intensity.     

Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts

Most attacker–defender games consider players as risk neutral, whereas in reality attackers and defenders may be risk seeking or risk averse. This article studies the impact of players' risk preferences on their equilibrium behavior and its effect on the notion of deterrence. In particular, we study the effects of risk preferences in a single‐period, sequential game where a defender has a continuous range of investment levels that could be strategically chosen to potentially deter an attack. This article presents analytic results related to the effect of attacker and defender risk preferences on the optimal defense effort level and their impact on the deterrence level. Numerical illustrations and some discussion of the effect of risk preferences on deterrence and the utility of using such a model are provided, as well as sensitivity analysis of continuous attack investment levels and uncertainty in the defender's beliefs about the attacker's risk preference. A key contribution of this article is the identification of specific scenarios in which the defender using a model that takes into account risk preferences would be better off than a defender using a traditional risk‐neutral model. This study provides insights that could be used by policy analysts and decisionmakers involved in investment decisions in security and safety.     

Efficiency of Even Separation of Parallel Elements with Variable Contest Intensity

The article considers strategic defense and attack of a system that can be separated into parallel elements. The defender distributes its resource between separation and protecting the elements from outside attacks. The vulnerability of each element is determined by an attacker‐defender contest success function, which depends on a contest intensity that may increase or decrease through the separation process. The article determines criteria of separation efficiency for systems without performance redundancy and 1‐out‐of‐N and Q‐out‐of‐N systems with performance redundancy. For the systems with performance redundancy the cases of expected damage proportional to the probability that the demand is not met, and expected damage proportional to the unsupplied demand, are considered.     

Choosing What to Protect

We study a strategic model in which a defender must allocate defensive resources to a collection of locations, and an attacker must choose a location to attack. The defender does not know the attacker's preferences, while the attacker observes the defender's resource allocation. The defender's problem gives rise to negative externalities, in the sense that increasing the resources allocated to one location increases the likelihood of an attack at other locations. In equilibrium, the defender exploits these externalities to manipulate the attacker's behavior, sometimes optimally leaving a location undefended, and sometimes preferring a higher vulnerability at a particular location even if a lower risk could be achieved at zero cost. Key results of our model are as follows: (1) the defender prefers to allocate resources in a centralized (rather than decentralized) manner; (2) as the number of locations to be defended grows, the defender can cost effectively reduce the probability of a successful attack only if the number of valuable targets is bounded; (3) the optimal allocation of resources can be nonmonotonic in the relative value of the attacker's outside option; and (4) the defender prefers his or her defensive allocation to be public rather than secret.     

An Attacker–defender Resource Allocation Game with Substitution and Complementary Effects

The United States is funding homeland security programs with a large budget (e.g., 74.4 billion for FY 2019). A number of game-theoretic defender–attacker models have been developed to study the optimal defense resource allocation strategies for the government (defender) against the strategic adversary (attacker). However, to the best of our knowledge, the substitution or complementary effects between different types of defensive resources (e.g., human resource, land resource, and capital resource) have not been taken into consideration even though they exist in practice. The article fills this gap by studying a sequential game-theoretical resource allocation model and then exploring how the joint effectiveness of multiple security investments influences the defensive budget allocation among multiple potential targets. Three false belief models have been developed in which only the defender, only the attacker, and both the defender and attacker hold false beliefs about the joint effectiveness of resources. Regression analysis shows that there are significant substitution effects between human and capital resources. The results show that the defender will suffer a higher loss if he fails to consider the substitution or complementary effects. Interestingly, if the attacker holds a false belief while the defender does not, the defender will suffer an even higher loss, especially when the resources are substitutes. However, if both the attacker and defender hold false beliefs, there will be lower loss when resources are complementary. The results also show that the defender should allocate the highly effective resource when the resources substitute each other. This article provides some new insights to the homeland security resource allocation.     

Intelligent Adversary Risk Analysis: A Bioterrorism Risk Management Model

The tragic events of 9/11 and the concerns about the potential for a terrorist or hostile state attack with weapons of mass destruction have led to an increased emphasis on risk analysis for homeland security. Uncertain hazards (natural and engineering) have been successfully analyzed using probabilistic risk analysis (PRA). Unlike uncertain hazards, terrorists and hostile states are intelligent adversaries who can observe our vulnerabilities and dynamically adapt their plans and actions to achieve their objectives. This article compares uncertain hazard risk analysis with intelligent adversary risk analysis, describes the intelligent adversary risk analysis challenges, and presents a probabilistic defender–attacker–defender model to evaluate the baseline risk and the potential risk reduction provided by defender investments. The model includes defender decisions prior to an attack; attacker decisions during the attack; defender actions after an attack; and the uncertainties of attack implementation, detection, and consequences. The risk management model is demonstrated with an illustrative bioterrorism problem with notional data.     

A Comparative Analysis of PRA and Intelligent Adversary Methods for Counterterrorism Risk Management

In counterterrorism risk management decisions, the analyst can choose to represent terrorist decisions as defender uncertainties or as attacker decisions. We perform a comparative analysis of probabilistic risk analysis (PRA) methods including event trees, influence diagrams, Bayesian networks, decision trees, game theory, and combined methods on the same illustrative examples (container screening for radiological materials) to get insights into the significant differences in assumptions and results. A key tenent of PRA and decision analysis is the use of subjective probability to assess the likelihood of possible outcomes. For each technique, we compare the assumptions, probability assessment requirements, risk levels, and potential insights for risk managers. We find that assessing the distribution of potential attacker decisions is a complex judgment task, particularly considering the adaptation of the attacker to defender decisions. Intelligent adversary risk analysis and adversarial risk analysis are extensions of decision analysis and sequential game theory that help to decompose such judgments. These techniques explicitly show the adaptation of the attacker and the resulting shift in risk based on defender decisions.     

Modeling Arbitrary Layers of Continuous‐Level Defenses in Facing with Strategic Attackers

We propose a novel class of game‐theoretic models for the optimal assignment of defensive resources in a game between a defender and an attacker. Compared to the other game‐theoretic models in the literature of defense allocation problems, the novelty of our model is that we allow the defender to assign her continuous‐level defensive resources to any subset (or arbitrary layers) of targets due to functional similarity or geographical proximity. We develop methods to solve for equilibrium, and illustrate our model using numerical examples. Compared to traditional models that only allow for individual target hardening, our results show that our model could significantly increase the defender's payoff, especially when the unit cost of defense is high.     

Behavioral Modeling of Adversaries with Multiple Objectives in Counterterrorism

Attacker/defender models have primarily assumed that each decisionmaker optimizes the cost of the damage inflicted and its economic repercussions from their own perspective. Two streams of recent research have sought to extend such models. One stream suggests that it is more realistic to consider attackers with multiple objectives, but this research has not included the adaption of the terrorist with multiple objectives to defender actions. The other stream builds off experimental studies that show that decisionmakers deviate from optimal rational behavior. In this article, we extend attacker/defender models to incorporate multiple objectives that a terrorist might consider in planning an attack. This includes the tradeoffs that a terrorist might consider and their adaption to defender actions. However, we must also consider experimental evidence of deviations from the rationality assumed in the commonly used expected utility model in determining such adaption. Thus, we model the attacker's behavior using multiattribute prospect theory to account for the attacker's multiple objectives and deviations from rationality. We evaluate our approach by considering an attacker with multiple objectives who wishes to smuggle radioactive material into the United States and a defender who has the option to implement a screening process to hinder the attacker. We discuss the problems with implementing such an approach, but argue that research in this area must continue to avoid misrepresenting terrorist behavior in determining optimal defensive actions.     

Resource Distribution in Multiple Attacks with Imperfect Detection of the Attack Outcome

This article extends the previous research of consecutive attacks strategy by assuming that an attacker observes the outcome of each attack imperfectly. With given probabilities it may wrongly identify a destroyed target as undestroyed, and wrongly identify an undestroyed target as destroyed. The outcome of each attack is determined by a contest success function that depends on the amount of resources allocated by the defender and the attacker to each attack. The article suggests a probabilistic model of the multiple attacks and analyzes how the target destruction probability and the attacker's relative resource expenditure are impacted by the two probabilities of incorrect observation, the attacker's and defender's resource ratio, the contest intensity, the number of attacks, and the resource distribution across attacks. We analyze how the attacker chooses the number of attacks, the attack stopping rule, and the optimal resource distribution across attacks to maximize its utility.     

Die Kultur der Macht. Die Macht der Kultur

Acting in organizations is characterized by strategies of “Bemächtigung” (repression) just as “Ermächtigung” (empowerment): Everyone tries to push through its individual interests, legitimate or not. Thereby in every organization specific rules of game and stiles of play are developed. Altogether these rules constitute the specific organizational culture. In unfair games, strategies of repression are dominant. In fair games, all players try to realize over and over again a just balance of legitimate interests of all stakeholders. Supervision aims to strengthen “Spielmächtigkeit” (ability of play and game) so that its addressees are able to change unfair games into fair games. The know-how for this is here called “technology of empowerment”.     

An Optimization‐Based Framework for the Identification of Vulnerabilities in Electric Power Grids Exposed to Natural Hazards

This article proposes a novel mathematical optimization framework for the identification of the vulnerabilities of electric power infrastructure systems (which is a paramount example of critical infrastructure) due to natural hazards. In this framework, the potential impacts of a specific natural hazard on an infrastructure are first evaluated in terms of failure and recovery probabilities of system components. Then, these are fed into a bi‐level attacker–defender interdiction model to determine the critical components whose failures lead to the largest system functionality loss. The proposed framework bridges the gap between the difficulties of accurately predicting the hazard information in classical probability‐based analyses and the over conservatism of the pure attacker–defender interdiction models. Mathematically, the proposed model configures a bi‐level max‐min mixed integer linear programming (MILP) that is challenging to solve. For its solution, the problem is casted into an equivalent one‐level MILP that can be solved by efficient global solvers. The approach is applied to a case study concerning the vulnerability identification of the georeferenced RTS24 test system under simulated wind storms. The numerical results demonstrate the effectiveness of the proposed framework for identifying critical locations under multiple hazard events and, thus, for providing a useful tool to help decisionmakers in making more‐informed prehazard preparation decisions.     

Robust allocation of a defensive budget considering an attacker's private information

Attackers' private information is one of the main issues in defensive resource allocation games in homeland security. The outcome of a defense resource allocation decision critically depends on the accuracy of estimations about the attacker's attributes. However, terrorists' goals may be unknown to the defender, necessitating robust decisions by the defender. This article develops a robust-optimization game-theoretical model for identifying optimal defense resource allocation strategies for a rational defender facing a strategic attacker while the attacker's valuation of targets, being the most critical attribute of the attacker, is unknown but belongs to bounded distribution-free intervals. To our best knowledge, no previous research has applied robust optimization in homeland security resource allocation when uncertainty is defined in bounded distribution-free intervals. The key features of our model include (1) modeling uncertainty in attackers' attributes, where uncertainty is characterized by bounded intervals; (2) finding the robust-optimization equilibrium for the defender using concepts dealing with budget of uncertainty and price of robustness; and (3) applying the proposed model to real data.     

Defense Resource Distribution Between Protection and Redundancy for Constant Resource Stockpiling Pace

The article considers the optimal resource distribution in a parallel system between increasing protection and providing redundancy in a situation when the attacker's and defender's resources are stockpiling and the resource increment rate is constant. It is assumed that the system must perform within an exogenously given time horizon and the attack time probability is uniformly distributed along this horizon. The defender optimizes the resource distribution in order to minimize the system destruction probability during the time horizon. First, we find the optimal pace of construction of the new redundant elements assuming that the construction must start in the initial stage of the stockpiling process. We show that starting construction of new elements in the beginning of the system's existence results in its high initial vulnerability. Introducing the time delay before starting the construction can reduce the initial system vulnerability and the entire system destruction probability. The problem of optimization of time delay and new element construction pace is considered with and without constraint on the initial system vulnerability. Examples illustrating the methodology of the optimal defense strategy analysis are presented.     

Defender–Attacker Decision Tree Analysis to Combat Terrorism

We propose a methodology, called defender–attacker decision tree analysis, to evaluate defensive actions against terrorist attacks in a dynamic and hostile environment. Like most game‐theoretic formulations of this problem, we assume that the defenders act rationally by maximizing their expected utility or minimizing their expected costs. However, we do not assume that attackers maximize their expected utilities. Instead, we encode the defender's limited knowledge about the attacker's motivations and capabilities as a conditional probability distribution over the attacker's decisions. We apply this methodology to the problem of defending against possible terrorist attacks on commercial airplanes, using one of three weapons: infrared‐guided MANPADS (man‐portable air defense systems), laser‐guided MANPADS, or visually targeted RPGs (rocket propelled grenades). We also evaluate three countermeasures against these weapons: DIRCMs (directional infrared countermeasures), perimeter control around the airport, and hardening airplanes. The model includes deterrence effects, the effectiveness of the countermeasures, and the substitution of weapons and targets once a specific countermeasure is selected. It also includes a second stage of defensive decisions after an attack occurs. Key findings are: (1) due to the high cost of the countermeasures, not implementing countermeasures is the preferred defensive alternative for a large range of parameters; (2) if the probability of an attack and the associated consequences are large, a combination of DIRCMs and ground perimeter control are preferred over any single countermeasure.