Applied Risk Analysis for Guiding Homeland Security Policy and Decisions E-Book

Table of Contents

Cover

Title Page

Copyright

Dedication

About the Editors

List of Contributors

Preface

Chapter Abstracts

Chapter 1 – Page 3 (Thorisson and Lambert)

Chapter 2 – Page 25 (Maya, Liu, Zhu, Tran, Creighton and Woo)

Chapter 3 – Page 69 (Chatterjee, Brigantic and Waterworth)

Chapter 4 – Page 101 (Lundberg)

Chapter 5 – Page 125 (Fortin, Johansen, Chatterjee, Muller and Noonan)

Chapter 6 – Page 153 (Shan and Zhuang)

Chapter 7 – Page 171 (Bier and Liu)

Chapter 8 – Page 193 (DeGregory and Ganesan)

Chapter 9 – Page 223 (McCarthy, Sinha, Tambe and Manadhatha)

Chapter 10 – Page 253 (Rose and Miller)

Chapter 11 – Page 275 (Cui, Rosoff and John)

Chapter 12 – Page 297 (Lee, Pietz, Chen and Liu)

Chapter 13 – Page 325 (Phillips and Petit)

Chapter 14 – Page 357 (Baroud)

Chapter 15 – Page 381 (MacKenzie and Kazimi)

Chapter 16 – Page 405 (Santos, Pagsuyoin and Yip)

Chapter 17 – Page 427 (Shekar and Fiondella)

Chapter 18 – Page 443 (Basu)

Chapter 19 – Page 467 (Tipireddy, Rubio-Herrero, Chatterjee and Chikkagoudar)

Part I: Managing National Security Risk and Policy Programs

1 On the “Influence of Scenarios to Priorities” in Risk and Security Programs

1.1 Introduction

1.2 Risk Programs

1.3 Canonical Questions Guiding Development of Risk Programs

1.4 Scenario-Based Preferences

1.5 Methodology

1.6 Demonstration of Methods

1.7 Discussion and Conclusions

Acknowledgments

References

2 Survey of Risk Analytic Guidelines Across the Government

2.1 Department of Defense (DOD) Overview

2.2 Department of Justice (DOJ)

2.3 Environmental Protection Agency (EPA) Overview

2.4 National Aeronautics and Space Administration (NASA): Overview

2.5 Nuclear Regulatory Commission (NRC) Overview

2.6 International Standards Organization (ISO) Overview

2.7 Australia Overview

2.8 UK Overview

Acknowledgments

References

Notes

3 An Overview of Risk Modeling Methods and Approaches for National Security

3.1 Introduction

3.2 Homeland Security Risk Landscape and Missions

3.3 Background Review

3.4 Modeling Approaches for Risk Elements

3.5 Modeling Perspectives for Further Research

3.6 Concluding Remarks

Acknowledgments

References

4 Comparative Risk Rankings in Support of Homeland Security Strategic Plans

4.1 Introduction

4.2 Conceptual Challenges in Comparative Risk Ranking

4.3 Practical Challenges in Comparative Ranking of Homeland Security Risks

4.4 Policy Relevance to Strategic-Level Homeland Security Risk Rankings

Acknowledgments

References

5 A Data Science Workflow for Discovering Spatial Patterns Among Terrorist Attacks and Infrastructure

5.1 Introduction

5.2 The Data: Global Terrorism Database

5.3 The Tools: Exploring Data Interactively Using a Custom Shiny App

5.4 Example: Using the App to Explore ISIL Attacks

5.5 The Models: Statistical Models for Terrorist Event Data

5.6 More Data: Obtaining Regional Infrastructure Data to Build Statistical Models

5.7 A Model: Determining the Significance of Infrastructure on the Likelihood of an Attack

5.8 Case Study: Libya

5.9 Case Study: Jammu and Kashmir Region of India

5.10 Summary

References

Note

Part II: Strengthening Ports of Entry

6 Effects of Credibility of Retaliation Threats in Deterring Smuggling of Nuclear Weapons

6.1 Introduction

6.2 Extending Prior Game-Based Model

6.3 Comparing the Game Trees

6.4 The Extended Model

6.5 Solution to the Extended Model

6.6 Comparing the Solutions in Prior Game-Based Model and This Study

6.7 Illustration of the Extended Model Using Real Data

6.8 Conclusion and Future Research Work

References

7 Disutility of Mass Relocation After a Severe Nuclear Accident

7.1 Introduction

7.2 Raw Data

7.3 Trade-Offs Between Cancer Fatalities and Relocation

7.4 Risk-Neutral Disutility Model

7.5 Risk-Averse Disutility Model

7.6 Disutility Model with Interaction Effects

7.7 Economic Analysis

7.8 Conclusion

References

8 Scheduling Federal Air Marshals Under Uncertainty

8.1 Introduction

8.2 Literature

8.3 Air Marshal Resource Allocation Model

8.4 Stochastic Dynamic Programming Formulation

8.5 Phases of Stochastic Dynamic Programming

8.6 Integrated Allocation Model

8.7 Results

8.8 Conclusion

Acknowledgments

References

Notes

Part III: Securing Critical Cyber Assets

9 Decision Theory for Network Security: Active Sensing for Detection and Prevention of Data Exfiltration

9.1 Introduction

9.2 Background and Related Work

9.3 Threat Model

9.4 POMDP Abstraction

9.5 VD-POMDP Framework

9.6 Evaluation

9.7 Game Theoretic Extensions

9.8 Conclusion and Future Work

Acknowledgments

References

10 Measurement of Cyber Resilience from an Economic Perspective

10.1 Introduction

10.2 Economic Resilience

10.3 Cyber System Resilience Tactics

10.4 Resilience for Cyber-Related Sectors

10.5 Conclusion

References

Notes

11 Responses to Cyber Near-Misses: A Scale to Measure Individual Differences

11.1 Introduction

11.2 Scale Development and Analysis Outline

11.3 Method

11.4 Results

11.5 Discussion

Acknowledgments

References

Notes

Part IV: Enhancing Disaster Preparedness and Infrastructure Resilience

12 An Interactive Web-Based Decision Support System for Mass Dispensing, Emergency Preparedness, and Biosurveillance

12.1 Introduction

12.2 System Architecture and Design

12.3 System Modules and Functionalities

12.4 Biodefense, Pandemic Preparedness Planning, and Radiological and Large-Scale Disaster Relief Efforts

12.5 Challenges and Conclusions

Acknowledgments

References

13 Measuring Critical Infrastructure Risk, Protection, and Resilience in an All-Hazards Environment

13.1 Introduction to Critical Infrastructure Risk Assessment

13.2 Motivation for Critical Infrastructure Risk Assessments

13.3 Decision Analysis Methodologies for Creating Critical Infrastructure Risk Indicators

13.4 An Application of Critical Infrastructure Protection, Consequence, and Resilience Assessment

13.5 Infrastructure Interdependencies

13.6 What's Next for Critical Infrastructure Risk Assessments

References

Notes

14 Risk Analysis Methods in Resilience Modeling: An Overview of Critical Infrastructure Applications

14.1 Introduction

14.2 Background

14.3 Modeling the Resilience of Critical Infrastructure Systems

14.4 Assessing Risk in Resilience Models

14.5 Opportunities and Challenges

14.6 Concluding Remarks

References

15 Optimal Resource Allocation Model to Prevent, Prepare, and Respond to Multiple Disruptions, with Application to the

Deepwater Horizon

Oil Spill and Hurricane Katrina

15.1 Introduction

15.2 Model Development

15.3 Application: Deepwater Horizon and Hurricane Katrina

15.4 Conclusions

References

16 Inoperability Input–Output Modeling of Electric Power Disruptions

16.1 Introduction

16.2 Risk Analysis of Natural and Man-Caused Electric Power Disruptions

16.3 Risk Management Insights for Disruptive Events

16.4 Modeling the Ripple Effects for Disruptive Events

16.5 Inoperability Input–Output Model

16.6 Sample Electric Power Disruptions Scenario Analysis for the United States

16.7 Summary and Conclusions

References

17 Quantitative Assessment of Transportation Network Vulnerability with Dynamic Traffic Simulation Methods

17.1 Introduction

17.2 Dynamic Transportation Network Vulnerability Assessment

17.3 Sources of Input for Dynamic Transportation Network Vulnerability Assessment

17.4 Illustrations

17.5 Conclusion and Future Research

References

18 Infrastructure Monitoring for Health and Security

18.1 Introduction

18.2 Data Acquisition

18.3 Sensors

18.4 Capturing and Transmitting Signals

18.5 Energy Harvesting

18.6 Robotic IHM

18.7 Cyber-Physical Systems

18.8 Conclusions

References

19 Exploring Metaheuristic Approaches for Solving the Traveling Salesman Problem Applied to Emergency Planning and Response

19.1 The Traveling Salesman Problem

19.2 Emergency Planning and Response as a Traveling Salesman Problem

19.3 Metaheuristic Approaches

19.4 Discussion

19.5 Concluding Remarks

References

Index

End User License Agreement

List of Tables

Chapter 1

Table 1.1 Summary of definition and properties of scenario

s

1

: insufficient po...

Table 1.2 Summary of definition and properties of scenario

s

2

: unsatisfactory lo...

Table 1.3 Summary of definition and properties of scenario

s

3

: deteriorating sec...

Table 1.4 Summary of definition and properties of scenario

s

4

: public perception...

Table 1.5 Summary of definition and properties of scenario

s

5

: electricity impor...

Table 1.6 Summary of definition and properties of scenario

s

6

: international m...

Table 1.7 Success criteria derived from the Afghanistan National Development ...

Table 1.8 Assessment of impacts of initiatives on success criteria.

Table 1.9 Criteria given higher weight under different scenarios.

Table 1.10 Influence of scenarios to priorities.

Chapter 2

Table 2.1 Probability and consequence levels.

Table 2.2 DOJ Five-point scale for criticality, threat, and vulnerability.

Table 2.3 DOJ data needs for threat assessment.

Chapter 3

Table 3.1 Summary of risk representations.

Chapter 4

Table 4.1 A set of selected hazards to examine homeland security risk.

Table 4.2 Attributes selected to describe homeland security risks.

Table 4.3 Comparison of elicited rankings and calculated rankings from the DM...

Chapter 5

Table 5.1 Fitted model coefficients for negative binomial model in Libya.

Table 5.2 Negative binomial model coefficients for the J&K data.

Table 5.3 Zero-inflated negative binomial model coefficients for the J...

Table 5.4 Negative binomial model coefficients for the J&K data with o...

Table 5.5 Zero-inflated negative binomial model coefficients for the J...

Chapter 6

Table 6.1 Parameter estimates that are used in Haphuriwat et al. (2011).

Chapter 7

Table 7.1 Frequencies of accident scenarios.

Table 7.2 90% confidence intervals for number of people relocated based on 1-...

Table 7.3 Number of people relocated per cancer fatality prevented.

Table 7.4 Range of

λ

values for which a given relocation threshold is opt...

Table 7.5 Average dollar value of avoided dose for each scenario at each plan...

Table 7.6 Average number of people relocated for each scenario at each plant.

Table 7.7 Average dollar value of avoided dose per person relocated for each ...

Table 7.8 Average dollar value of dose avoided per person relocated.

Chapter 8

Table 8.1 Sensitivity analysis on number of marshals.

Table 8.2 Sensitivity analysis on risk.

Table 8.3 Sample output from simulation.

Table 8.4 Sample decision set for marshals.

Chapter 9

Table 9.1 Notation.

Table 9.2 Complexities of full and VD-POMDP models with original and compact ...

Table 9.3 Comparing performance of full POMDP model to factored model on a sm...

Table 9.4 Performance of the factored model on larger networks.

Table 9.5 Trace of a run on a network of 85 nodes of a single legitimate doma...

Chapter 10

Table 10.1 Microeconomic resilience options for businesses.

Chapter 11

Table 11.1 Cyber near-miss appraisal scale items.

Table 11.2 Summary of three scenarios and three manipulations (Rosoff et al. ...

Table 11.3 Demographic information of the sample (

N

 = 256).

Table 11.4 Mean and standard deviation of the measures.

Chapter 12

Table 12.1 Contrasting throughput for two different layouts for a screening a...

Chapter 13

Table 13.1 SME-determined ranks and relative importance for car-buying criter...

Table 13.2 Notional relative importance obtained for car-buying criteria.

Table 13.3 Notional weights obtained for car-buying criteria.

Table 13.4 Relationship between the RMI components and the definition of resi...

Table 13.5 Comparison of top-down and bottom-up approaches in considering int...

Chapter 15

Table 15.1 Input parameters for oil spill.

Table 15.2 Input parameters for hurricane.

Table 15.3 Optimal allocation for different budgets (millions of dollars).

Table 15.4 Optimal allocation for model with effectiveness uncertainty with b...

Table 15.5 Optimal allocation for model with effectiveness uncertainty with 5...

Chapter 16

Table 16.1 Economic sector codes and descriptions.

Chapter 18

Table 18.1 Typical sensors for infrastructure health monitoring.

Chapter 19

Table 19.1 Cooling schedules in a simulated annealing example.

Table 19.2 Neighborhoods obtained with different operators in a Tabu search e...

List of Illustrations

Chapter 1

Figure 1.1 Prioritization of initiatives under different scenarios.

Figure 1.2 Illustration of the influence of scenarios to a timeline of prior...

Chapter 2

Figure 2.1 The joint risk framework.

Figure 2.2 A generic risk contour graph.

Figure 2.3 DCIP risk management process model.

Figure 2.4 Risk and issue management process overview.

Figure 2.5 DOJ terrorism risk assessment framework. Source: DOJ (2005).

Figure 2.6 Success of EPA risk assessment – planning and data collection met...

Figure 2.7 The four step human health risk assessment process.

Figure 2.8 Ecological risk phase 2: analysis.

Figure 2.9 Risk management in NASA's organizational hierarchy.

Figure 2.10 Risk management as the interaction of risk-informed decision mak...

Figure 2.11 RIDM process.

Figure 2.12 CRM process.

Figure 2.13 Coordination of RIDM and CRM within the NASA hierarchy (illustra...

Figure 2.14 Five key principles in NRC approach to integrated risk-informed ...

Figure 2.15 Five key principles in NRC approach to integrated risk-informed ...

Figure 2.16 Relationships between the risk management principles, framework,...

Figure 2.17 The ISO 31000:2009 risk management process.

Figure 2.18 Relationship between the components of the framework for managin...

Figure 2.19 The risk management process.

Figure 2.20 Examples of the drivers of key risks.

Figure 2.21 The UK risk management model.

Chapter 3

Figure 3.1 Conceptual infrastructure risk and decision modeling framework.

Chapter 4

Figure 4.1 A comparison of selected homeland security hazards with best boun...

Figure 4.2 Average of DMRR participants' elicited rankings of homeland secur...

Chapter 5

Figure 5.1 High-level data science workflow emphasizing the cyclical nature ...

Figure 5.2 Application interface.

Figure 5.3 Animation snapshot of the emergence of two organizations.

Figure 5.4 ISIL attacks in Iraq and Syria.

Figure 5.5 Attack clusters near Baghdad, Iraq.

Figure 5.6 Depicting point size relative to the number of deaths caused by t...

Figure 5.7 Number of incidents by target type.

Figure 5.8 Depicting multiple variables by size proportionality and color.

Figure 5.9 Comparing the distribution of deaths from ISIL attacks across dif...

Figure 5.10 Locations of radar searches throughout the Jammu and Kashmir reg...

Figure 5.11 Locations of terrorist attacks and building infrastructure in Li...

Figure 5.12 Distribution of selected infrastructure across Libya.

Figure 5.13 Population vs attacks by district in Libya.

Figure 5.14 Spatial distribution of terrorist attacks at specific locations ...

Figure 5.15 Distribution of attack counts across subdistricts in Jammu and K...

Figure 5.16 Population versus attacks by district.

Figure 5.17 Selected infrastructure by district within Jammu and Kashmir.

Figure 5.18 Relationship between subdistrict population and infrastructure v...

Figure 5.19 Actual number of attacks versus fitted values for the NB model a...

Figure 5.20 Residual plot for the zero-inflated negative binomial regression...

Chapter 6

Figure 6.1 (a) Game tree embedded in the model of Haphuriwat et al. (2011) a...

Chapter 7

Figure 7.1 CCDFs at plant B (log scale). (a) CCDF for cancer fatalities at p...

Figure 7.2 Changes in cancer fatalities and relocation at plant B.

Figure 7.3 Additive disutility at plant B as a function of the weight

λ

Figure 7.4 Disutility at plant B as a function of the weight 1 − 

k

1

 − 

k

2

. Re...

Figure 7.5 Disutility at plant B as a function of the weight 1 − 

k

1

 − 

k

2

. Re...

Figure 7.6 Range values of

1 − 

k

1

 − 

k

2

f...

Figure 7.7 Range values of

1 − 

k

1

 − 

k

2

f...

Figure 7.8 Cost avoided by relocation.

Chapter 8

Figure 8.1 Static scheduling model.

Figure 8.2 Dynamic scheduling model.

Figure 8.3 Forward dynamic programming algorithm using the post-decision sta...

Figure 8.4 Integrated scheduling model.

Figure 8.5 Comparison of value approximation strategies.

Chapter 9

Figure 9.1 Data exfiltration over DNS.

Figure 9.2 Example of a network with two domains, four source hosts and four...

Figure 9.3 Sample network with three domains, three nodes, and five sources....

Figure 9.4 Flowchart for the data exfiltration VD-POMDP.

Figure 9.5 Runtime results. (a) Comparing runtimes of the POMDP to the VD-PO...

Figure 9.6 Testing the robustness with respect to error in the planned true-...

Chapter 11

Figure 11.1 A Cognitive chain of a response following a physical near-miss. ...

Figure 11.2 ICCs of two items (item 11 and item 3) from the 15-item CNMAS.

Figure 11.3 ICCs of the 10 items in the final CNMAS.

Figure 11.4 Test information curve for the 10-item CNMAS.

Chapter 12

Figure 12.1 Some of the system modules inside the RealOpt© suite.

Figure 12.2 A schematic design of the RealOpt-Regional© system architecture....

Figure 12.3 Interactive user interface combining visualization, graph drawin...

Figure 12.4 Simple click and drag to obtain a user-defined boundary of the c...

Figure 12.5 Algorithmic flow of our facility location heuristic.

Figure 12.6 A network of PODs serving the City of Los Angeles returned by Re...

Figure 12.7 POD demographics for Shadow Oak Dr., Los Angeles, CA 91311.

Figure 12.8 RealOpt-POD© online for POD design, resource allocation, and dis...

Figure 12.9 Tracing the dynamics of intra-facility infection (at each servic...

Figure 12.10 Optimal POD facility network for New York City.

Figure 12.11 ZIP code-based demographical information.

Figure 12.12 A layout for a walk-through POD.

Figure 12.13 Total number and types of workers needed to cover 96.3% of New ...

Figure 12.14 Supplies at airport and seaport and the estimated population de...

Figure 12.15 Distribution paths and supply quantities.

Figure 12.16 Screening of children for radiation contamination after the 201...

Figure 12.17 This color-coded figure shows the outcome (total infections) re...

Chapter 13

Figure 13.1 Risk components.

Figure 13.2 Risk management bowtie diagram.

Figure 13.3 Protective Measures Index – level 1 components.

Figure 13.4 Physical security level 2 and 3 subcomponents of the PMI.

Figure 13.5 Security management level 2 and 3 subcomponents of the PMI.

Figure 13.6 Security force level 2 and 3 subcomponents of the PMI.

Figure 13.7 Information sharing level 2 and 3 subcomponents of the PMI.

Figure 13.8 Security activity history/background level 2 and 3 subcomponents...

Figure 13.9 Level 1 components of the RMI.

Figure 13.10 Preparedness level 2 and 3 components of the RMI.

Figure 13.11 Mitigation measures level 2 and 3 components of the RMI.

Figure 13.12 Response capabilities level 2 and 3 components of the RMI.

Figure 13.13 Recovery mechanisms level 2 and 3 components of the RMI.

Figure 13.14 Consequences components.

Figure 13.15 Level 1 components of the CMI.

Figure 13.16 Human consequence components of the CMI.

Figure 13.17 Economic consequence components of the CMI.

Figure 13.18 Mission/public health/psychological consequences components of ...

Figure 13.19 Cascading impact components of the CMI.

Figure 13.20 Comparison of CMI, RMI, and PMI for 12 facilities.

Figure 13.21 Top-down and bottom-up approaches to regional interdependency a...

Chapter 15

Figure 15.1 Optimal allocation to spend prior to a disruption.

Figure 15.2 Production losses for each disruption.

Figure 15.3 Pre-disruption allocations for (a) the oil spill and (b) the hur...

Chapter 16

Figure 16.1 Inoperability and economic loss estimates for Scenario 1 (total ...

Figure 16.2 Inoperability and economic loss estimates for Scenario 1 (total ...

Chapter 17

Figure 17.1 Overview of data sources and simulation.

Figure 17.2 Simple network.

Figure 17.3 Dynamic vulnerability assessment of a simple network.

Figure 17.4 Vehicle densities in a fully functioning network (a) at time per...

Figure 17.5 Impact of disconnecting link from node two to four (a) at time p...

Figure 17.6 University of Massachusetts Dartmouth campus map.

Figure 17.7 University of Massachusetts Dartmouth concept map.

Figure 17.8 UMass Dartmouth simulation results.

Chapter 18

Figure 18.1 Life-cycle stages of infrastructure.

Figure 18.2 Operational principle of a transducer.

Figure 18.3 Ultrasonic inspection (a) Pulse-Echo Configuration (b) Pitch-Cat...

Figure 18.4 Application of GPR method.

Figure 18.5 Active sensor application for NDI test in local acquisition mode...

Figure 18.6 MEMS-based dosimeter.

Figure 18.7 Embedded vibrating wire strain gage in bridge deck before pourin...

Figure 18.8 Schematics of the laser vibrometer.

Figure 18.9 AE sensor for monitoring crack initiation and growth in real tim...

Figure 18.10 Paths of AE signal.

Figure 18.11 Network scheme for data acquisition, processing, and transmissi...

Figure 18.12 Energy harvester network and schematics of electromagnetic type...

Figure 18.13 Typical components of a microdrone.

Chapter 19

Figure 19.1 Location of 48 regions of interest based on

att48

data set of TS...

Figure 19.2 Solution computed with simulated annealing. (a) Shortest path. (...

Figure 19.3 Solution computed with Tabu search. (a) Shortest path. (b) Conve...

Figure 19.4 Solution computed with genetic algorithm. (a) Shortest path. (b)...

Figure 19.5 Solution computed with ant colony optimization. (a) Shortest pat...

Figure 19.6 Optimal path computed using metaheuristic algorithms: (a) geneti...

Figure 19.7 Percentage drop in the total distance traveled as a function of ...

Guide

Cover Page

Table of Contents

Begin Reading

Pages

ii

iii

iv

v

xix

xx

xxi

xxii

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

1

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

151

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

487

488

489

490

491

492

493

Wiley Series in

Operations Research and Management Science

Operations Research and Management Science (ORMS) is a broad, interdisciplinary branch of applied mathematics concerned with improving the quality of decisions and processes and is a major component of the global modern movement towards the use of advanced analytics in industry and scientific research. The Wiley Series in Operations Research and Management Science features a broad collection of books that meet the varied needs of researchers, practitioners, policy makers, and students who use or need to improve their use of analytics. Reflecting the wide range of current research within the ORMS community, the Series encompasses application, methodology, and theory and provides coverage of both classical and cutting edge ORMS concepts and developments. Written by recognized international experts in the field, this collection is appropriate for students as well as professionals from private and public sectors including industry, government, and nonprofit organization who are interested in ORMS at a technical level. The Series is comprised of four sections: Analytics; Decision and Risk Analysis; Optimization Models; and Stochastic Models.

Advisory Editors • Stochastic Models

Tava Olsen, The University of Auckland

Raúl Gouet, University of Chile

Founding Series Editor

James J. Cochran, University of Alabama

Analytics

Yang and Lee • Healthcare Analytics: From Data to Knowledge to Healthcare Improvement

Attoh-Okine • Big Data and Differential Privacy: Analysis Strategies for Railway Track Engineering

Forthcoming Titles

Kong and Zhang • Decision Analytics and Optimization in Disease Prevention and Treatment

Behavioral Research

Donohue, Katok, and Leider • The Handbook of Behavioral Operations

Decision and Risk Analysis

Barron • Game Theory: An Introduction, Second Edition

Brailsford, Churilov, and Dangerfield • Discrete-Event Simulation and System Dynamics for Management Decision Making

Johnson, Keisler, Solak, Turcotte, Bayram, and Drew • Decision Science for Housing and Community Development: Localized and Evidence-Based Responses to Distressed Housing and Blighted Communities

Mislick and Nussbaum • Cost Estimation: Methods and Tools

Chatterjee, Brigantic, and Waterworth • Applied Risk Analysis for Guiding Homeland Security Policy and Decisions

Forthcoming Titles

Aleman and Carter • Healthcare Engineering

Optimization Models

Ghiani, Laporte, and Musmanno • Introduction to Logistics Systems Management, Second Edition

Forthcoming Titles

Tone • Advances in DEA Theory and Applications: With Examples in Forecasting Models

Stochastic Models

Ibe • Random Walk and Diffusion Processes

Forthcoming Titles

Matis • Applied Markov Based Modelling of Random Processes

Applied Risk Analysis for Guiding Homeland Security Policy and Decisions

Edited by

Pacific Northwest National Laboratory, Richland, WA, USA

This edition first published 2021

© 2021 John Wiley & Sons, Inc.

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

The right of Samrat Chatterjee, Robert T. Brigantic, Angela M. Waterworth to be identified as the editorial material in this work has been asserted in accordance with law.

Registered Office

John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA

Editorial Office

111 River Street, Hoboken, NJ 07030, USA

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Some content that appears in standard print versions of this book may not be available in other formats.

Limit of Liability/Disclaimer of Warranty

While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

Library of Congress Cataloging-in-Publication Data

Names: Chatterjee, Samrat, 1980- editor. | Brigantic, Robert T., editor. | Waterworth, Angela M., editor.

Title: Applied risk analysis for guiding homeland security policy and decisions / edited by Samrat Chatterjee, Robert T. Brigantic, Angela M. Waterworth.

Description: Hoboken, NJ : John Wiley & Sons, Inc., 2021. | Series: Wiley series in operations research and management science | Includes bibliographical references and index.

Identifiers: LCCN 2019057776 (print) | LCCN 2019057777 (ebook) | ISBN 9781119287469 (hardback) | ISBN 9781119287476 (adobe pdf) | ISBN 9781119287483 (epub)

Subjects: LCSH: United States. Department of Homeland Security–Management. | National security–United States. | Risk assessment–United States. | Risk management–United States. | Operations research–United States.

Classification: LCC UA23 .A684 2020 (print) | LCC UA23 (ebook) | DDC 363.34/5610973–dc23

LC record available at https://lccn.loc.gov/2019057776

LC ebook record available at https://lccn.loc.gov/2019057777

Cover Design: Wiley

Cover Image: Chart, courtesy of Samrat Chatterjee, abstract background © Toria /Shutterstock

Samrat dedicates this book to his dearest Arianna, Aariv, Zyra, and Zara – stay curious, keep learning!

Robert dedicates this book to his lovely granddaughters Amelia Rose and Emmalyn Mae – blessings always!

Angela dedicates this book to Andy, Scarlett, and Archer

About the Editors

Dr. Samrat Chatterjee is a Senior Data/Operations Research Scientist and the Decision Modeling and Optimization Team Lead with the National Security Directorate at the Pacific Northwest National Laboratory (PNNL). His research focuses on assessing and managing risks to critical cyber and physical infrastructure systems and processes from multiple hazards using interdisciplinary modeling, simulation, data analytics, and operations research methods. His research activities at PNNL focus on national security in support of the Department of Homeland Security, Department of Energy, and the Department of Defense. He recently co-authored a Springer book on economic consequence analysis of disasters and has published over 65 peer-reviewed journal articles, conference papers, and technical reports, including two best paper awards in cybersecurity and disaster resilience at an Institute of Electrical and Electronics Engineers (IEEE) homeland security conference. He is current chair of the Security and Defense specialty group, and past chair of the Engineering and Infrastructure specialty group of the Society for Risk Analysis (SRA), and recently completed a membership term with the National Academies' Transportation Research Board's (TRB) Committee on Transportation of Hazardous Materials. His experience includes disaster risk modeling at the International Institute for Applied Systems Analysis (IIASA) in Austria on a National Academy of Sciences (NAS) fellowship through a National Science Foundation (NSF) grant and traffic flow simulation for an engineering consulting firm. Samrat conducted postdoctoral research on infrastructure risk and decision analysis at the US Homeland Security National Center of Excellence for Risk and Economic Analysis of Terrorism Events (DHS-CREATE) at the University of Southern California. Dr. Chatterjee holds a PhD in Civil Engineering with focus on systems risk analysis from Vanderbilt University, an MS in Civil Engineering with focus on transportation systems from the University of Texas at Austin, and a BE with honors in Civil Engineering from Punjab Engineering College, India. Samrat also serves as an Affiliate Professor of Civil and Environmental Engineering with Northeastern University in Boston. He is a senior member of IEEE, and member of SRA and the Military Operations Research Society (MORS).

Dr. Robert T. Brigantic is a Chief Operations Research Scientist and the Statistical Modeling and Experimental Design Team Lead with the National Security Directorate at the Pacific Northwest National Laboratory (PNNL). He is a US Air Force officer who joined PNNL in 2005 after completing a 22-year career on active duty with the US Air Force. In the Air Force he specialized in weapon systems logistics, space operations with a focus on command and control systems for space shuttle operations and space test systems, and strategic airlift transportation. His technical concentration areas include operational modeling and simulation, systems analysis, statistical pattern recognition/artificial intelligence, imagery analysis, design of experiments, and multiobjective optimization. At PNNL, some of his research initiatives include operationalizing methodologies for national security risk analysis, modeling and simulation of operational radiation/nuclear detection processes, systems analysis, and optimization of renewable energy systems and energy efficiency measures. Dr. Brigantic holds a PhD in Operations Research from the Air Force Institute of Technology, an MS in Space Operations from the Air Force Institute of Technology, and a BS in Chemical Engineering from Oregon State University. He also serves as an Adjunct Professor of Operations Research with Washington State University.

Ms. Angela M. Waterworth is a Senior Research Scientist with the National Security Directorate at the Pacific Northwest National Laboratory (PNNL) and currently serves as the Technical Advisor for Data Science for Defense Nuclear Nonproliferation Research and Development at the National Nuclear Security Administration. Ms. Waterworth joined PNNL after a distinguished career as an Operations Research Analyst in the US Air Force, where she specialized in research and development and technical intelligence of weapon systems. At PNNL, Ms. Waterworth has led project teams to develop operational modeling and decision support methodologies to analyze and reduce system risk, forecast cost and performance, and optimize resource allocation related to real-world national security systems for threats including nuclear proliferation and smuggling and emergency response to biological weapons. Additionally, Ms. Waterworth leads multidisciplinary efforts in the research and development of US technical capabilities to detect nuclear weapons development, with special focus on incorporating modern analytics approaches and computing technologies. Ms. Waterworth holds an MS in Operations Research from Kansas State University and a BS in Economics from the US Air Force Academy.

List of Contributors

Amro Al- KazimiIndustrial and Manufacturing Systems EngineeringIowa State UniversityAmes, IA, USA

Hiba BaroudCivil and Environmental EngineeringVanderbilt UniversityNashville, TN, USA

Prodyot K. BasuCivil and Environmental EngineeringVanderbilt UniversityNashville, TN, USA

Vicki M. BierIndustrial and Systems EngineeringUniversity of Wisconsin–MadisonMadison, WI, USA

Robert T. BriganticNational Security DirectoratePacific Northwest National LaboratoryRichland, WA, USA

Samrat ChatterjeeNational Security DirectoratePacific Northwest National LaboratoryRichland, WA, USA

Satish ChikkagoudarNational Security DirectoratePacific Northwest National LaboratoryRichland, WA, USA

Chien-Hung ChenIndustrial and Systems EngineeringGeorgia Institute of TechnologyAtlanta, GA, USA

Robert CreightonNational Center for Risk and Economic Analysis of Terrorism Events (CREATE)University of Southern CaliforniaLos Angeles, CA, USA

Jinshu CuiDepartment of PsychologyUniversity of Southern CaliforniaLos Angeles, CA, USA

Keith W. DeGregoryUnited States Military AcademyWest Point, NY, USA

Daniel C. FortinNational Security DirectoratePacific Northwest National LaboratoryRichland, WA, USA

Lance FiondellaElectrical and Computer EngineeringUniversity of Massachusetts DartmouthDartmouth, MA, USA

Rajesh GanesanSystems Engineering and Operations ResearchGeorge Mason UniversityFairfax, VA, USA

Thomas JohansenNational Security DirectoratePacific Northwest National LaboratoryRichland, WA, USA

Richard S. JohnDepartment of PsychologyUniversity of Southern CaliforniaLos Angeles, CA, USA

James H. LambertSystems and Information EngineeringUniversity of VirginiaCharlottesville, VA, USA

Eva K. LeeIndustrial and Systems EngineeringGeorgia Institute of TechnologyAtlanta, GA, USA

Amelia LiuNational Center for Risk and Economic Analysis of Terrorism Events (CREATE)University of Southern CaliforniaLos Angeles, CA, USA

Shuji LiuIndustrial and Systems EngineeringUniversity of Wisconsin–MadisonMadison, WI, USA

Yifan LiuIndustrial and Systems EngineeringGeorgia Institute of TechnologyAtlanta, GA, USA

Russell LundbergCollege of Criminal JusticeSam Houston State UniversityHuntsville, TX, USA

Cameron A. MacKenzieIndustrial and Manufacturing Systems EngineeringIowa State UniversityAmes, IA, USA

Pratyusa ManadhathaHewlett Packard LabsPrinceton, NJ, USA

Isaac MayaNational Center for Risk and Economic Analysis of Terrorism Events (CREATE)University of Southern CaliforniaLos Angeles, CA, USA

Sara M. McCarthyDepartment of Computer ScienceUniversity of Southern CaliforniaLos Angeles, CA, USA

Noah MillerNational Center for Risk and Economic Analysis of Terrorism Events (CREATE)University of Southern CaliforniaLos Angeles, CA, USA

George MullerNational Security DirectoratePacific Northwest National LaboratoryRichland, WA, USA

Christine NoonanNational Security DirectoratePacific Northwest National LaboratoryRichland, WA, USA

Sheree Ann PagsuyoinCivil and Environmental EngineeringUniversity of Massachusetts–LowellLowell, MA, USA

Frédéric PetitRisk and Infrastructure Science CenterArgonne National LaboratoryArgonne, IL, USA

Julia A. PhillipsThe Perduco GroupDayton, OH, USA

Ferdinand H. PietzCenters for Disease Control and PreventionAtlanta, GA, USA

Adam Z. RoseNational Center for Risk and Economic Analysis of Terrorism Events (CREATE)University of Southern CaliforniaLos Angeles, CA, USA

Heather RosoffNational Center for Risk and Economic Analysis of Terrorism Events (CREATE)University of Southern CaliforniaLos Angeles, CA, USA

Javier Rubio-HerreroSchool of Science, Engineering, and TechnologySt. Mary's UniversitySan Antonio, TX, USA

Joost R. SantosEngineering Management and Systems EngineeringGeorge Washington UniversityWashington, DC, USA

Xiaojun ShanIndustrial and Systems EngineeringState University of New York at BuffaloBuffalo, NY, USA

Venkateswaran ShekarElectrical and Computer EngineeringUniversity of Massachusetts DartmouthDartmouth, MA, USA

Arunesh SinhaDepartment of Computer ScienceUniversity of Southern CaliforniaLos Angeles, CA, USA

Milind TambeDepartment of Computer Science & Industrial and Systems EngineeringUniversity of Southern CaliforniaLos Angeles, CA, USA

Heimir ThorissonSystems and Information EngineeringUniversity of VirginiaCharlottesville, VA, USA

Ramakrishna TipireddyPhysical and Computational Sciences DirectoratePacific Northwest National LaboratoryRichland, WA, USA

Francine TranNational Center for Risk and Economic Analysis of Terrorism Events (CREATE)University of Southern CaliforniaLos Angeles, CA, USA

Angela M. WaterworthNational Security DirectoratePacific Northwest National LaboratoryRichland, WA, USA

Charles WooNational Center for Risk and Economic Analysis of Terrorism Events (CREATE)University of Southern CaliforniaLos Angeles, CA, USA

Christian YipEngineering Management and Systems EngineeringGeorge Washington UniversityWashington, DC, USA

Lily ZhuNational Center for Risk and Economic Analysis of Terrorism Events (CREATE)University of Southern CaliforniaLos Angeles, CA, USA

Jun ZhuangIndustrial and Systems EngineeringState University of New York at BuffaloBuffalo, NY, USA

Preface

The US Department of Homeland Security's (DHS) risk landscape spans across multiple intentional, accidental, and natural threats and hazards. These threats and hazards may be directed at and affect various critical national assets, systems, and processes and potentially lead to significant adverse human, societal, economic, and governance impacts. As a result, effective assessment and management of risks to the nation's security from such threats and hazards is both vital and challenging. As described in the 2014 Quadrennial Homeland Security Review (Department of Homeland Security (2014) The 2014 Quadrennial Homeland Security Review), DHS's five missions are to: (i) prevent terrorism and enhance security, (ii) secure and manage our borders, (iii) enforce and administer our immigration laws, (iv) safeguard and secure cyberspace, and (v) strengthen national preparedness and resilience. Analysis and comparison of risks from various threats and hazards is critical for accomplishing these missions. Also, as these threats and hazards evolve over time and critical systems become more connected and complex, risk assessment and management strategies need to adequately update as well while incorporating data and computing advances with subject matter expertise.

Risk analysis methods may be qualitative, semiquantitative, or quantitative, adopt probabilistic and statistical theories, and implement concepts from core disciplines including operations research, reliability engineering, systems engineering, and applied mathematics. These methods continue to develop and evolve and have successfully been applied to address various homeland security mission challenges in recent years. The objective of this edited volume is to: (i) highlight the role of risk science for informing homeland security policy decisions and (ii) describe case studies from academia, government, and industry that apply risk analysis methods for addressing challenges within DHS mission spaces. This volume is intended for homeland security policy analysts and practitioners interested in applications of security risk analysis methods. The content presented here might also be useful for researchers and students interested in state-of-the-art homeland security risk analysis research and development.

This edited volume owes a debt of gratitude to 49 contributors from institutions across academia, national laboratories, and industry. The three editors were fortunate to receive an outstanding collection of contributions from leading researchers on a myriad of topics within the homeland security risk and decision analysis space. The editors also thank the management within the National Security Directorate at Pacific Northwest National Laboratory for encouraging and supporting the development of this volume. This edited volume is organized into 4 thematic parts/sections with 19 total chapters based on DHS's missions: (i) “Managing National Security Risk and Policy Programs,” (ii) “Strengthening Ports of Entry,” (iii) “Securing Critical Cyber Assets,” and (iv) “Enhancing Disaster Preparedness and Infrastructure Resilience.”

Part I contains five chapters: Chapter 1 “On the ‘Influence of Scenarios to Priorities’ in Risk and Security Programs” by Thorisson and Lambert from the University of Virginia, Chapter 2 “Survey of Risk Analytic Guidelines Across the Government” by Maya et al. from the University of Southern California, Chapter 3 “An Overview of Risk Modeling Methods and Approaches for National Security” by Chatterjee et al. from the Pacific Northwest National Laboratory, Chapter 4 “Comparative Risk Rankings in Support of Homeland Security Strategic Plans” by Lundberg from Sam Houston State University, and Chapter 5 “A Data Science Workflow for Discovering Spatial Patterns Among Terrorist Attacks and Infrastructure” by Fortin et al. from the Pacific Northwest National Laboratory.

Part II contains three chapters: Chapter 6 “Effects of Credibility of Retaliation Threats in Deterring Smuggling of Nuclear Weapons” by Shan and Zhuang from the State University of New York at Buffalo, Chapter 7 “Disutility of Mass Relocation After a Severe Nuclear Accident” by Bier and Liu from the University of Wisconsin–Madison, and Chapter 8 “Scheduling Federal Air Marshals Under Uncertainty” by DeGregory and Ganesan from US Military Academy and George Mason University, respectively.

Part III contains three chapters: Chapter 9 “Decision Theory for Network Security: Active Sensing for Detection and Prevention of Data Exfiltration” by McCarthy et al. from the University of Southern California and Hewlett Packard Labs, Chapter 10 “Measurement of Cyber Resilience from an Economic Perspective” by Rose and Miller from the University of Southern California, and Chapter 11 “Responses to Cyber Near-Misses: A Scale to Measure Individual Differences” by Cui et al. from the University of Southern California.

Part IV contains eight chapters: Chapter 12 “An Interactive Web-Based Decision Support System for Mass Dispensing, Emergency Preparedness, and Biosurveillance” by Lee et al. from Georgia Institute of Technology and Centers for Disease Control and Prevention, Chapter 13 “Measuring Critical Infrastructure Risk, Protection, and Resilience in an All-Hazards Environment” by Phillips and Petit from the Perduco Group and Argonne National Laboratory, respectively, Chapter 14 “Risk Analysis Methods in Resilience Modeling: An Overview of Critical Infrastructure Applications” by Baroud from Vanderbilt University, Chapter 15 “Optimal Resource Allocation Model to Prevent, Prepare, and Respond to Multiple Disruptions, with Application to the Deepwater Horizon Oil Spill and Hurricane Katrina” by MacKenzie and Al-Kazimi from the Iowa State University, Chapter 16 “Inoperability Input–Output Modeling of Electric Power Disruptions” by Santos et al. from George Washington University and University of Massachusetts–Lowell, Chapter 17 “Quantitative Assessment of Transportation Network Vulnerability with Dynamic Traffic Simulation Methods” by Shekar and Fiondella from the University of Massachusetts–Dartmouth, Chapter 18 “Infrastructure Monitoring for Health and Security” by Basu from Vanderbilt University, and Chapter 19 “Exploring Metaheuristic Approaches for Solving the Traveling Salesman Problem Applied to Emergency Planning and Response” by Tipireddy et al. from the Pacific Northwest National Laboratory and St. Mary's University.

Chapter Abstracts

Chapter 1 – Page 3 (Thorisson and Lambert)

On the “Influence of Scenarios to Priorities” in Risk and Security Programs

Organizations increasingly follow comprehensive guidelines and standards when implementing programs for the assessment and management of risk, safety, resilience, or security. Programs often involve the coordination of multiple systems, of stakeholders and organizational units, and require balancing different needs and missions, as well as being flexible and having the ability to withstand and adjust to emerging conditions of economics, policies, military conflict, environment, and other factors. This chapter suggests three canonical questions as the mission of such a program: (i) what sources of risks are to be managed by the program; (ii) how should multiple risk assessment, risk management, and risk communication activities be administered and coordinated, and what should be the basis for resource allocation to these activities; and (iii) how will the performance of the program be monitored and evaluated. An approach to evaluate how different components of a program comply with guidelines and how various risk scenarios influence the priorities of the program is demonstrated. Thus, it emphasizes the preparedness of programs whose priorities adjust to emergent conditions of technology, environment, demographics, markets, regulations, organizations, and geography. The methods presented are useful to organizations and agencies implementing risk guidelines for security, infrastructure, finance, logistics, emergency management, resilience, and preparedness.

Chapter 2 – Page 25 (Maya, Liu, Zhu, Tran, Creighton and Woo)

Survey of Risk Analytic Guidelines Across the Government

The Department of Homeland Security (DHS) has been developing its guidance for standardizing risk analyses practices to facilitate high quality, data fidelity, utility of results, and appropriate consistency for the analyses performed by DHS's broad spectrum of operational components and offices. In this chapter, the authors review such guidance as used across non-DHS agencies in the US government, as well as select international sources. To achieve this, they surveyed areas of relevance to analyses for the homeland security enterprise, and performed a systematic overview of the content of these guidelines. Finally, they examined how different organizations and guidelines address methodological challenges in qualitative and quantitative national level integrated risk assessments, and senior level risk assessments for decision-making. The results are presented by agency in a manner that facilitates the comparative review of the extant guidance from multiple sources related to specific areas of risk assessment and management.

Chapter 3 – Page 69 (Chatterjee, Brigantic and Waterworth)

An Overview of Risk Modeling Methods and Approaches for National Security

The United States Department of Homeland Security (DHS) defines risk as the “potential for an adverse outcome assessed as a function of threats, vulnerabilities, and consequences associated with an incident, event, or occurrence.” National security risk analyses are conducted across a spectrum of threats, such as nuclear terrorism to pandemic diseases. These analyses often rely on historical data and/or data derived from simulation or expert judgment to quantify and model the various elements of risk. This chapter focuses on the evolution of DHS's definition of the elements of security risk, i.e. threat, vulnerability, and consequence. An overview of the modeling methods and approaches typically adopted for characterizing these risk components is also presented..

Chapter 4 – Page 101 (Lundberg)

Comparative Risk Rankings in Support of Homeland Security Strategic Plans

Prioritizing homeland security risks at the strategic level starts with a need to understand which risks are worse than others. This is particularly challenging, as not only are there a diverse set of hazards to consider, with deep uncertainty in their likelihood and consequence, but bringing together the multiple aspects of consequence involves an inherent subjectivity. One useful approach is the Deliberative Method for Ranking Risks, a structured method to solicit informed comparative risk rankings. This chapter will outline an illustration of the Deliberative Method for Ranking Risks applied to a set of 10 hazards strategically important to the U.S. Department of Homeland Security (DHS). Using a sample of the lay public, the method is found to be reliable and produces more analytical consideration of risks than ad hoc consideration of risk.

Chapter 5 – Page 125 (Fortin, Johansen, Chatterjee, Muller and Noonan)

A Data Science Workflow for Discovering Spatial Patterns Among Terrorist Attacks and Infrastructure

Terrorism continues to plague nations around the globe. Decision-makers and analysts need data-driven tools to help them gain insight into terrorist groups, uncover trends, and quantify the risk of terrorist attack. We introduce an interactive data visualization application to explore incidents of terror at user-specified spatial and temporal levels using data from the Global Terrorism Database. The application allows a user to view historical terrorist activity on an interactive world map, with features that allow filtering and visualization in multiple forms. Additionally, we discuss a statistical modeling approach to determine the relationship between terrorist attacks and types of infrastructure within a country using zero-inflated models for count data. The modeling framework is demonstrated using case studies on terrorist attack data from Libya and the Jammu and Kashmir region in India. The models are able to identify statistically significant infrastructure variables, as well as identify specific regions of interest for further investigation by analysts.

Chapter 6 – Page 153 (Shan and Zhuang)

Effects of Credibility of Retaliation Threats in Deterring Smuggling of Nuclear Weapons

The prevalence of global supply chains demands speediness of freights moving across borders between nations. However, nuclear weapon smuggling still poses a significant risk to the United States, which requires a trade-off between cargo inspection and speedy transition. Retaliation threats and partial inspection could be used together to effectively deter such smuggling attempts. As a nontechnical version of Shan and Zhuang (2014a), this chapter models credibility of retaliation threats against smuggling of nuclear weapons within the context of an attacker-defender game and find that a rational defender would not always carry out retaliation activities under the condition that i) the reputation loss from non-credible retaliation threats is low, ii) the reward for carrying out retaliation is low, or iii) the retaliation costs too much. In addition, we study the required inspection level in order to deter smuggling of nuclear weapons when the retaliation threats are non-credible. This research highlights the importance of studying the credibility of retaliation threats in attacker-defender interactions, as well as provides some insights on strategic integration of partial inspection and retaliation threats in deterring nuclear smuggling.

Chapter 7 – Page 171 (Bier and Liu)

Disutility of Mass Relocation After a Severe Nuclear Accident

Health effects following nuclear accidents may be dominated by the societal disruption of mass relocation. Since relocation can lead to physical, psychological, and economic impacts, tradeoffs between fatalities and relocation is an important topic of study. This chapter presents multiple disutility models accounting for cancer fatalities and relocation. Results of an economic analysis based on direct economic costs of relocation are also discussed.

Chapter 8 – Page 193 (DeGregory and Ganesan)

Scheduling Federal Air Marshals Under Uncertainty

Approximate dynamic programming (ADP), the modern approach for effectively handling both sequential decision-making under uncertainty (stemming from risk) and the scalability problem long associated with traditional dynamic programming, is becoming more prevalent in academia and industry. Extant literature provides many examples of how the transportation industry has embraced ADP, particularly in the airline and trucking sectors, which demand critical decisions in the face of uncertainty, such as scheduling of personnel, allocation of scarce resources, and capital investment. In particular, the chapter describes one application in detail on the dynamic allocation of Federal Air Marshals (a case that addresses Department of Homeland Security's mission to prevent terrorism and enhance security), and, in general, outlines the necessary components for successful modeling and implementation of ADP as it pertains to the homeland security frontier. The intent is to motivate researchers, practitioners, and policy makers to explore and consider ADP as a viable technique in solving the most complex decision-making problems facing homeland security.

Chapter 9 – Page 223 (McCarthy, Sinha, Tambe and Manadhatha)

Decision Theory for Network Security: Active Sensing for Detection and Prevention of Data Exfiltration

We address a major challenge in cyber security, detecting and addressing advanced persistent threats (APTs) in a computer network; and propose decision-theoretic planning models to reason about streams of suspicious activity alerts, and noisy observations in order to dynamically allocate security resources such as sensors and determine whether the suspicious activity is malicious, and best response policy. We focus in particular on the challenge of detecting data exfiltration over Domain Name System (DNS) queries, where existing detection sensors are imperfect and lead to noisy observations about the network's security state. Data exfiltration over DNS queries involves unauthorized transfer of sensitive data from an organization to a remote adversary through a DNS data tunnel to a malicious web domain. Our solution sequentially plans to accumulate evidence under uncertainty while taking into account the cost of deploying such sensors. More specifically, we provide a fast scalable POMDP formulation to address the challenge, where the efficiency of the formulation is based on two key contributions: (i) we use a virtually distributed POMDP (VD-POMDP) formulation, motivated by previous work in distributed POMDPs with sparse interactions, where individual policies for different sub-POMDPs are planned separately but their sparse interactions are only resolved at execution time to determine the joint actions to perform; (ii) we allow for abstraction in planning for speedups, and then use a fast MILP to implement the abstraction while resolving any interactions. This allows us to determine optimal sensing strategies, leveraging information from many noisy detectors, and subject to constraints imposed by network topology, forwarding rules and performance costs on the frequency, scope and efficiency of sensing we can perform.

Chapter 10 – Page 253 (Rose and Miller)

Measurement of Cyber Resilience from an Economic Perspective

Businesses are becoming more vulnerable to cyber threats and cyber-based disruptions. This chapter provides a framework for analyzing the costs of cyber resilience and synthesizes the academic literature and industry-specific information to provide a comprehensive initial set of cost and effectiveness estimates for many cyber resilience tactics. The framework is based on economic production theory, which reflects the ways businesses use cyber and other inputs to produce goods and services. The tactics are grouped into general categories such as input substitution and conservation, use of excess capacity and inventories, and geographic or cyber relocation. Our analysis indicates that the set of cyber resilience tactics is extensive, diverse, potentially very effective, and of relatively low cost. Additionally, resilience is examined for two key sectors on which cyber activity depends – electricity and production of cyber equipment – to provide further insights and context on this issue.

Chapter 11 – Page 275 (Cui, Rosoff and John)

Responses to Cyber Near-Misses: A Scale to Measure Individual Differences

This chapter focuses on responses to near-miss experiences in a cyber environment involving negative consequences (e.g., loss of data, credit card fraud) that could have occurred but did not. A Cyber Near-miss Appraisal Scale (CNMAS) is described to assess an individual's tendency to ignore a near-miss message and take risky actions. The scale has an initial pool of 15 items and is evaluated with a sample of 256 respondents through Amazon Mechanical Turk. The final version of the scale is based on 10 of the items following psychometric analysis for dimensionality, scale reliability, and item functioning, discriminant validity, and predictive validity. The current study demonstrates that responses to cyber near-misses are not only determined by the experience itself, but also related to decision makers' near-miss appraisal tendencies in a cyber environment.

Chapter 12 – Page 297 (Lee, Pietz, Chen and Liu)

An Interactive Web-Based Decision Support System for Mass Dispensing, Emergency Preparedness, and Biosurveillance