CREATE OVERVIEW Detlof von Winterfeldt Professor of Industrial and Systems Engineering Professor of Public Policy and Management Center for Risk and Economic Analysis of Terrorism Events University of Southern California Fall, 2008
Four Years of CREATE July, 2008March, 2004
Why Risk Analysis? “….We have to identify and prioritize risks -- understanding the threat, the vulnerability and the consequence. And then we have to apply our resources in a cost-effective manner….. “
Why Economic Analysis? “If their economy is destroyed, they will be busy with their own affairs rather than enslaving the weak peoples. It is very important to concentrate on hitting the US economy through all possible means.”
CREATE is an Interdisciplinary Center Social Science –Economics –Psychology –Political Science Engineering –Industrial and Systems Engineering (OR) –Civil Engineering –Computer Science Other –Public Policy –Decision Science –International Relations
CREATE is an (Inter)national Center
CREATE Researchers 40 faculty members –40 tenure track faculty members –10 adjunct, research professors, etc. 20 Other Researchers –6 Postdoctoral Research Associates –14 research scientists, computer scientists, etc. 40 Research Assistants –Mix of Ph.D. and Masters students –First batch of Ph.D. students graduated in 2007 Quality Indicators –Ten researchers with 1,000+ citations (ISI Web of Science) –One member of the NAS, two members of the NAE –Two presidents, four fellows of INFORMS
CREATE Models Risk Assessment –Probabilistic Risk Analysis –Game Theory –Terrorist Utility Models Economic Assessment –Advanced Economic Impact Models (I/O and CGE) –Economic Analyses of Terrorist Behavior –Models of Public Responses and Resilience Risk Management –Dynamic, Adaptive Decision Analysis –Game theoretic models for inspections and patrols –Optimal Resource Allocation Models
Examples of Center Projects and Products Applied Research Projects Analysis of dirty bomb attacks on ports Allocation of funds to critical infrastructure Economic analysis of bioterrorism events Randomization of inspections and patrols Fundamental Research Projects Game theory extensions to terrorism problems Decision analysis with adaptive responses Probabilistic models of terrorist preferences Network reliability and failure models Software Development Risk Analysis Workbench (RAW) MANPADS Decision Tree Software National Interstate Economic Impact Model Randomization software
CREATE Research Framework Risk Assessment Economic Assessment Risk Management
CREATE Research Framework Threat Assessment Consequence Assessment Vulnerability Assessment Risk Assessment
CREATE Research Framework Threat Assessment Consequence Assessment Vulnerability Assessment Valuation of Direct Econ. Consequences Estimation of Indirect Econ. Consequences Risk Assessment Economic Assessment Assessment of Resilient Responses
Overall Framework Threat Assessment Consequence Assessment Vulnerability Assessment Assessment of Indirect Econ. Consequences Response Recovery PreventionProtection Cost-Benefit & Decision Analysis Risk Assessment Economic Assessment Risk Management Valuation Of Direct Consequences
Risk Analysis: Over 30 Years of Experience Reliability engineering (aerospace industry) Nuclear power plant risks Chemical and other industrial risks Environmental risks Natural disaster risks Business, project and R&D risks Medical risks
Attempts to Apply Risk Analysis to Terrorism –Probabilistic risk analysis –Dynamic adaptive decision tree analysis –Game theory –Vulnerability and risk scoring systems ____________________________________ Hardest Part: Threat Analysis
Lugar Report: Threat Probabilities
Selected Participants in the Luger Study Richard Allen Graham Allison Frank Carlucci Bill Cohen James Dobbins Amitai Etzione Bob Galluci Sig Hecker Ron Lehman Michael Moodie Sam Nunn Noman Schwarzkopf Strobe Talbott James Woolsey + 70 others
Assessing the Threat of Bioterrorism Non-communicable
Expert Elicitation Elicitation of selection probabilities of 28 agents Four bioterrorism experts Two risk analysts (Hora, von Winterfeldt) Hierarchical elicitation Software support
Expert Elicitation- Observations A few biological agents float to the top for all experts (and non-experts) Worked well with experts who had biological knowledge Some problems with experts who did not have biological knowledge Nevertheless: High correlation between experts’ risk assessments (0.87)
Terrorists’ Utility Functions Develop a muliattribute utility function for terrorists’ preferences for attack modes and targets –Initial focus on Al Quaeda and selected attack modes Develop an expected utility function –Folding in probability of success Develop a random expected utility model –Using parameter uncertainty Derive probabilities of choice –Initially for Al Quade and choice of attack modes
Radical Islamist Fundamentalists’ Goals Re-establish the Caliphate Expel US from Middle East Replace Secular Governments In Middle East Eliminate Israel Expand Muslim Influence Attack US Attack Arab States Attack Israel Recruit Followers
The expanse of the Caliphate by 1500 included most of Africa, the middle east, much of SW Asia, and SE Europe. The enemy is focused on the history of the Muslim world – which drives much of the extremist ideology In A.D. 900, the Caliphate included most of present day Spain and portions of France and Italy 24 Source: Admiral Sullivan, 2006
Restoring the Historical Caliphate (Source: Admiral Sullivan, 2006) 25
Terrorists’ Value Tree Increased power base Maximize recruitment Maximize pop. support (sympathizers) Maximize funding Minimize “backlash” To Al Qaeda Low operational expenditures Minimize cost Minimize resources High impact on the United States Human causalities Economic impact Instill fear ST immediate damage LT ripple effects High Value Attack on US
Attack Alternatives Considered ALTERNATIVES No attack (baseline) IED engine room of naval vessel Explosion resulting in dam failure MANPADS attack on airplane Portable nuclear bomb in major city Explosions on mass transport(s) Release of anthrax (movie or sports) Detonation of dirty bomb Smallpox release in major city
Event Tree: Indicates various possible points of failure PMPM 1-P M PIPI 1-P I PSPS 1-P S Material Acquisition? Failed Attack Failure Success Interdiction? Failed Attack Failed Attack Trigger Event Success Failure Successful Attack Success Failure
Attack Utility (conditional on Success) Attack TypeUtility (assuming successful attack) No Attack0.16 IED0.18 Dam Explosion0.17 Manpad0.16 Portable Nuclear Device0.45 Transport. Systems0.17 Anthrax0.26 Dirty Bomb0.18 Smallpox0.46
Expected Utility of Attack (including event tree uncertainties) Attack Type Expected Utility No Attack0.16 IED0.14 Dam Explosion0.11 Manpad0.10 Portable Nuclear Device0.06 Transport. Systems0.12 Anthrax0.11 Dirty Bomb0.08 Smallpox0.07
Overall Framework Threat Assessment Consequence Assessment Vulnerability Assessment Assessment of Indirect Econ. Consequences Response Recovery PreventionProtection Cost-Benefit & Decision Analysis Risk Assessment Economic Assessment Risk Management Valuation Of Direct Consequences
Smart Randomization (Tambe et al) Terrorists monitor defenses, exploit patterns Examples: Patrols, inspections, surveillance Randomize defenses, maintain quality
Defender and Attacker Game (Stackelberg game)
Expected Utility of Attacker
Solution Set p(Defend A) to minimize attackers maximum expected utility Also maximizes defender’s minimum expected utility Example:p = 11/17
Extensions Non-zero sum Multiple targets Multiple attackers Constraints on real world patrols Fast algorithms Real world implementation
Assistant for Randomized Monitoring Over Routes (ARMOR) Project An Interdisciplinary Counter-Terrorism Research Partnership: Los Angeles World Airports & The University of Southern California
ARMOR System DOBSS: GAME THEORY ALGORITHMS Provide inputs, constraints Randomized Schedule generation Weights for randomization Schedule evaluation ARMOR Knowledge Base
The Element of Surprise To help combat the terrorism threat, officials at Los Angeles International Airport are introducing a bold new idea into their arsenal: random placement of security checkpoints. Can game theory help keep us safe? Security forces work the sidewalk at LAX September 28, 2007
Resource Allocation to Protect Infrastructure Assets Develop practical decision analysis tools for allocating Department of Homeland Security funds First case study: BZPP Fund Allocation Conducted with the California Governor's Office of Homeland Security
Selected Sites in California Chemical: High fatality potential Commercial: high threat Dams: Fatality & economic impact potential
“Only” Five Inputs Required per Site 1.Threat: Probability of Attack (P) 2.Vulnerability:Probability Attack Succeeds (Q) 3.Consequences:Expected Loss if Attack Succeeds (L) [$-equivalent losses] 4.Loss Reduction:Loss Reduction with RMP (0 < R < 1) 5.Cost:Cost of Risk Reduction (C) Expected loss:No RMP:EL = P∙Q∙L With RMP: EL´ = P∙Q∙L∙(1-R) + C Net loss reduction: (EL - EL´) = P∙Q∙L∙R – C
Three Sectors Appeared to Be Higher Risk Sector Comparisons (CREATE) Fatality Range Economic Impacts Threat and Vulnerability Risk ReductionNotes Chemical and Hazmat 1,000-50,0000.1b – 1.3bMedium High fatalities Dams ,000~100bMediumEffectiveHigh economics Commercial (Buildings / Tourism) 100-8,0002b – 10bHighMediumHigh threat Oil Refineries b bLowMediumMostly economics Electrical Grid b – 2.8bLowMediumMostly economics Transportation - Bridges b – 0.04bMedium Mostly psychological Transportation - Rail b – 7.4bHighMediumMostly psychological Water Treatment b – 1.3bLowMediumMostly chemicals Defense Industry Base ?Medium DHS/DOE responsibility Postal and Shipping ?Medium DHS responsibility Nuclear Power Plants 0-100,00012b – 40bMedium NRC/DHS responsibility
Consequence Analysis for Dams
Sector Prioritizations: Dams
Consequence Analysis for Chemical Plants
Observations CA OHS found the analysis useful –Much improved over previous year –Increased credibility –Sector based prioritization was considered very helpful Identified critical needs for future analyses: –Threat probability is still a problem –Need to better assess effectiveness of risk reduction Ongoing work –Develop criteria for assessment of risks –Assess risks and risk reduction effectiveness –Robust allocation models
Some Conclusions Risk assessment remains difficult –Too many possible attack scenarios – need screening –Adversaries seek vulnerabilities and high impact - need improved threat and vulnerability analysis –Probabilities of threats and attacks shift - need game sciences Economic impacts are critical –Indirect economic impacts often overshadow direct ones –Public responses can create large indirect economic impacts –Need strategy for addressing public concerns Risk management focus helps –Focus on what can be done, not what to worry about –Many variables do not matter for decisions –Eliminate clearly inferior options
The Main Challenge: How Secure is Secure Enough? We will never be completely secure The costs of increasing security increase dramatically when we get close to zero risk Increasing security may create other risks, inconveniences, and restrict civil liberties