1. CREATE OVERVIEW Detlof von Winterfeldt Professor of Industrial and Systems Engineering Professor of Public Policy and Management Center for Risk and Economic Analysis of Terrorism Events University of Southern California Fall, 2008

2. Four Years of CREATE July, 2008March, 2004

3. Why Risk Analysis? “….We have to identify and prioritize risks -- understanding the threat, the vulnerability and the consequence. And then we have to apply our resources in a cost-effective manner….. “

4. Why Economic Analysis? “If their economy is destroyed, they will be busy with their own affairs rather than enslaving the weak peoples. It is very important to concentrate on hitting the US economy through all possible means.”

5. CREATE is an Interdisciplinary Center Social Science –Economics –Psychology –Political Science Engineering –Industrial and Systems Engineering (OR) –Civil Engineering –Computer Science Other –Public Policy –Decision Science –International Relations

6. CREATE is an (Inter)national Center

7. CREATE Researchers 40 faculty members –40 tenure track faculty members –10 adjunct, research professors, etc. 20 Other Researchers –6 Postdoctoral Research Associates –14 research scientists, computer scientists, etc. 40 Research Assistants –Mix of Ph.D. and Masters students –First batch of Ph.D. students graduated in 2007 Quality Indicators –Ten researchers with 1,000+ citations (ISI Web of Science) –One member of the NAS, two members of the NAE –Two presidents, four fellows of INFORMS

8. CREATE Models Risk Assessment –Probabilistic Risk Analysis –Game Theory –Terrorist Utility Models Economic Assessment –Advanced Economic Impact Models (I/O and CGE) –Economic Analyses of Terrorist Behavior –Models of Public Responses and Resilience Risk Management –Dynamic, Adaptive Decision Analysis –Game theoretic models for inspections and patrols –Optimal Resource Allocation Models

9. Examples of Center Projects and Products Applied Research Projects Analysis of dirty bomb attacks on ports Allocation of funds to critical infrastructure Economic analysis of bioterrorism events Randomization of inspections and patrols Fundamental Research Projects Game theory extensions to terrorism problems Decision analysis with adaptive responses Probabilistic models of terrorist preferences Network reliability and failure models Software Development Risk Analysis Workbench (RAW) MANPADS Decision Tree Software National Interstate Economic Impact Model Randomization software

11. CREATE Research Framework Risk Assessment Economic Assessment Risk Management

12. CREATE Research Framework Threat Assessment Consequence Assessment Vulnerability Assessment Risk Assessment

13. CREATE Research Framework Threat Assessment Consequence Assessment Vulnerability Assessment Valuation of Direct Econ. Consequences Estimation of Indirect Econ. Consequences Risk Assessment Economic Assessment Assessment of Resilient Responses

14. Overall Framework Threat Assessment Consequence Assessment Vulnerability Assessment Assessment of Indirect Econ. Consequences Response Recovery PreventionProtection Cost-Benefit & Decision Analysis Risk Assessment Economic Assessment Risk Management Valuation Of Direct Consequences

15. Risk Analysis: Over 30 Years of Experience Reliability engineering (aerospace industry) Nuclear power plant risks Chemical and other industrial risks Environmental risks Natural disaster risks Business, project and R&D risks Medical risks

16. Attempts to Apply Risk Analysis to Terrorism –Probabilistic risk analysis –Dynamic adaptive decision tree analysis –Game theory –Vulnerability and risk scoring systems ____________________________________ Hardest Part: Threat Analysis

17. Lugar Report: Threat Probabilities

18. Selected Participants in the Luger Study Richard Allen Graham Allison Frank Carlucci Bill Cohen James Dobbins Amitai Etzione Bob Galluci Sig Hecker Ron Lehman Michael Moodie Sam Nunn Noman Schwarzkopf Strobe Talbott James Woolsey + 70 others

19. Assessing the Threat of Bioterrorism Non-communicable

20. Expert Elicitation Elicitation of selection probabilities of 28 agents Four bioterrorism experts Two risk analysts (Hora, von Winterfeldt) Hierarchical elicitation Software support

21. Expert Elicitation- Observations A few biological agents float to the top for all experts (and non-experts) Worked well with experts who had biological knowledge Some problems with experts who did not have biological knowledge Nevertheless: High correlation between experts’ risk assessments (0.87)

22. Terrorists’ Utility Functions Develop a muliattribute utility function for terrorists’ preferences for attack modes and targets –Initial focus on Al Quaeda and selected attack modes Develop an expected utility function –Folding in probability of success Develop a random expected utility model –Using parameter uncertainty Derive probabilities of choice –Initially for Al Quade and choice of attack modes

23. Radical Islamist Fundamentalists’ Goals Re-establish the Caliphate Expel US from Middle East Replace Secular Governments In Middle East Eliminate Israel Expand Muslim Influence Attack US Attack Arab States Attack Israel Recruit Followers

24. The expanse of the Caliphate by 1500 included most of Africa, the middle east, much of SW Asia, and SE Europe. The enemy is focused on the history of the Muslim world – which drives much of the extremist ideology In A.D. 900, the Caliphate included most of present day Spain and portions of France and Italy 24 Source: Admiral Sullivan, 2006

25. Restoring the Historical Caliphate (Source: Admiral Sullivan, 2006) 25

26. Terrorists’ Value Tree Increased power base Maximize recruitment Maximize pop. support (sympathizers) Maximize funding Minimize “backlash” To Al Qaeda Low operational expenditures Minimize cost Minimize resources High impact on the United States Human causalities Economic impact Instill fear ST immediate damage LT ripple effects High Value Attack on US

27. Attack Alternatives Considered ALTERNATIVES No attack (baseline) IED engine room of naval vessel Explosion resulting in dam failure MANPADS attack on airplane Portable nuclear bomb in major city Explosions on mass transport(s) Release of anthrax (movie or sports) Detonation of dirty bomb Smallpox release in major city

28. Event Tree: Indicates various possible points of failure PMPM 1-P M PIPI 1-P I PSPS 1-P S Material Acquisition? Failed Attack Failure Success Interdiction? Failed Attack Failed Attack Trigger Event Success Failure Successful Attack Success Failure

29. Attack Utility (conditional on Success) Attack TypeUtility (assuming successful attack) No Attack0.16 IED0.18 Dam Explosion0.17 Manpad0.16 Portable Nuclear Device0.45 Transport. Systems0.17 Anthrax0.26 Dirty Bomb0.18 Smallpox0.46

30. Expected Utility of Attack (including event tree uncertainties) Attack Type Expected Utility No Attack0.16 IED0.14 Dam Explosion0.11 Manpad0.10 Portable Nuclear Device0.06 Transport. Systems0.12 Anthrax0.11 Dirty Bomb0.08 Smallpox0.07

31. Overall Framework Threat Assessment Consequence Assessment Vulnerability Assessment Assessment of Indirect Econ. Consequences Response Recovery PreventionProtection Cost-Benefit & Decision Analysis Risk Assessment Economic Assessment Risk Management Valuation Of Direct Consequences

32. Smart Randomization (Tambe et al) Terrorists monitor defenses, exploit patterns Examples: Patrols, inspections, surveillance Randomize defenses, maintain quality

33. Defender and Attacker Game (Stackelberg game)

34. Expected Utility of Attacker

35. Solution Set p(Defend A) to minimize attackers maximum expected utility Also maximizes defender’s minimum expected utility Example:p = 11/17

36. Extensions Non-zero sum Multiple targets Multiple attackers Constraints on real world patrols Fast algorithms Real world implementation

37. Assistant for Randomized Monitoring Over Routes (ARMOR) Project An Interdisciplinary Counter-Terrorism Research Partnership: Los Angeles World Airports & The University of Southern California

38. ARMOR System DOBSS: GAME THEORY ALGORITHMS Provide inputs, constraints Randomized Schedule generation Weights for randomization Schedule evaluation ARMOR Knowledge Base

40. The Element of Surprise To help combat the terrorism threat, officials at Los Angeles International Airport are introducing a bold new idea into their arsenal: random placement of security checkpoints. Can game theory help keep us safe? Security forces work the sidewalk at LAX September 28, 2007

41. Resource Allocation to Protect Infrastructure Assets Develop practical decision analysis tools for allocating Department of Homeland Security funds First case study: BZPP Fund Allocation Conducted with the California Governor's Office of Homeland Security

42. Selected Sites in California Chemical: High fatality potential Commercial: high threat Dams: Fatality & economic impact potential

43. “Only” Five Inputs Required per Site 1.Threat: Probability of Attack (P) 2.Vulnerability:Probability Attack Succeeds (Q) 3.Consequences:Expected Loss if Attack Succeeds (L) [$-equivalent losses] 4.Loss Reduction:Loss Reduction with RMP (0 < R < 1) 5.Cost:Cost of Risk Reduction (C) Expected loss:No RMP:EL = P∙Q∙L With RMP: EL´ = P∙Q∙L∙(1-R) + C Net loss reduction: (EL - EL´) = P∙Q∙L∙R – C

44. Three Sectors Appeared to Be Higher Risk Sector Comparisons (CREATE) Fatality Range Economic Impacts Threat and Vulnerability Risk ReductionNotes Chemical and Hazmat 1,000-50,0000.1b – 1.3bMedium High fatalities Dams 100-10,000~100bMediumEffectiveHigh economics Commercial (Buildings / Tourism) 100-8,0002b – 10bHighMediumHigh threat Oil Refineries 10-1000.1b -- 0.6bLowMediumMostly economics Electrical Grid 10-1000.7b – 2.8bLowMediumMostly economics Transportation - Bridges 10-1000.01b – 0.04bMedium Mostly psychological Transportation - Rail 100-10000.5b – 7.4bHighMediumMostly psychological Water Treatment 100-10000.1b – 1.3bLowMediumMostly chemicals Defense Industry Base 10-100?Medium DHS/DOE responsibility Postal and Shipping 10-100?Medium DHS responsibility Nuclear Power Plants 0-100,00012b – 40bMedium NRC/DHS responsibility

45. Consequence Analysis for Dams

46. Sector Prioritizations: Dams

47. Consequence Analysis for Chemical Plants

48. Observations CA OHS found the analysis useful –Much improved over previous year –Increased credibility –Sector based prioritization was considered very helpful Identified critical needs for future analyses: –Threat probability is still a problem –Need to better assess effectiveness of risk reduction Ongoing work –Develop criteria for assessment of risks –Assess risks and risk reduction effectiveness –Robust allocation models

49. Some Conclusions Risk assessment remains difficult –Too many possible attack scenarios – need screening –Adversaries seek vulnerabilities and high impact - need improved threat and vulnerability analysis –Probabilities of threats and attacks shift - need game sciences Economic impacts are critical –Indirect economic impacts often overshadow direct ones –Public responses can create large indirect economic impacts –Need strategy for addressing public concerns Risk management focus helps –Focus on what can be done, not what to worry about –Many variables do not matter for decisions –Eliminate clearly inferior options

50. The Main Challenge: How Secure is Secure Enough? We will never be completely secure The costs of increasing security increase dramatically when we get close to zero risk Increasing security may create other risks, inconveniences, and restrict civil liberties