**2. General risk assessment model**

According to the traditional risk assessment model, risk is considered to be a function of threat *T*, vulnerability *V*, and consequences *C*: *R* = *f*(*T*, *V*, *C*). The model was developed to assess risks of technological catastrophes and natural disasters and now is widely used in terrorist risk assessments. Here threat is defined as probability of terrorist attack on a certain complex engineering system, *T* = *P*(*A*); vulnerability is estimated as conditional probability of a system's failure given the attack occurs, *V* = *P*(*F*|*A*) and consequences are defined as losses that occur as a result of the attack and the system failure, *C* = *E*(*U*|*A*, *F*). Then terrorist risk index is determined by Eq. (1):

$$R = P(A) \cdot P(F \mid A) \cdot E(U \mid A, F). \tag{1}$$

Unfortunately, Eqs. (1) and (2) could only be considered first-order indicators of the terrorist risk. The problem is that these equations do not allow one to account for a number of specific

Analysis of Terrorist Attack Scenarios and Measures for Countering Terrorist Threats

http://dx.doi.org/10.5772/intechopen.75099

261

When assessing security-related problems for complex engineering systems, one should take

*High level of uncertainty*: In modeling terrorist scenarios, we encounter a higher level of uncertainty. In addition to the uncertain factors inherent in threats of a natural or man-made nature, terrorist threats entail new factors of uncertainty resulting from the complexity of evaluating terrorists' system of values and behavioral logic as well as their organizational-technical

*High level of dynamism:* Terrorist attack scenarios and impact factors are more dynamic by nature than scenarios and impact factors for natural and man-made disasters to which the system is subject. A change in the spectrum and intensity of terrorism-related extreme effects on the system is significantly more rapid than in the case of natural or man-made threat. This is due to the terrorists' capacity for constantly expanding their arsenal of mechanisms for initiating emergency situations using modern means of attack, reacting to changes in protection barriers, and learning lessons from mistakes made during previous attacks on the system similar to it. *The capability of terrorists to choose attack scenarios deliberately*: This refers to terrorists' deliberate selection of attack scenarios (places, times, and types of actions), taking into account the system vulnerability parameters and the losses expected if an attack is successfully carried out. That is, terrorists are capable of analyzing the vulnerability matrix and structure of losses for various types of actions against the CES and selecting the attack scenario that maximizes the harm to society (taking into account secondary and cascading losses). Here, in addition

into account the following characteristics of the terrorist threat [17, 19, 20].

features of terrorism.

**Figure 2.** General risk assessment framework.

**3. Specific features of terrorist threats**

potential and the resources at their disposal.

For complex engineering systems that are subjected to multiple threats and multiple failure scenarios, risk assessment implies assessment of a scenario tree (**Figure** 2). This is being done using graph models called scenario trees [6, 7, 9]. The system is designed to fulfill the so-called success scenario *S*<sup>0</sup> (i.e., a transition from its initial state *IS* to the designed end state *ES*<sup>0</sup> ). Since any failure scenario *S*<sup>∗</sup> presents a deviation from the success scenario *S*<sup>0</sup> that corresponds to the successful functioning of the *CES*, the scenario *S*<sup>∗</sup> must have a disturbance point at which an extreme event, or, in case of terrorism, a terrorist attack (*Ak* ), occurs (**Figure** 2). Each attack gives rise to a branch of a scenario tree that has a corresponding set of scenarios *Si* that ends with an end state (*ESi* ). In this case, one can get a similar risk index using matrix expression:

$$\begin{array}{rcl} R & = & \underbrace{\left\{ P(A\_{\text{i}}); P(A\_{\text{2}}); \dots; P(A\_{\text{i}}) \right\}}\_{\begin{subarray}{c} \text{Total} \ \text{T} \end{subarray}} \times \underbrace{\begin{bmatrix} P \left[ \begin{ES\_{1}} \mid \ A\_{\text{i}} \right] P \left[ \begin{ES\_{2}} \mid \ A\_{\text{i}} \right] \cdots P \left[ \begin{ES\_{m}} \mid \ A\_{\text{i}} \right] \right] \\ P \left[ \begin{ES\_{1}} \mid \ A\_{\text{2}} \right] P \left[ \begin{ES\_{2}} \mid \ A\_{\text{2}} \right] \cdots P \left[ \begin{ES\_{m}} \mid \ A\_{\text{i}} \right] \end{ES\_{m} \end{pmatrix}} \end{array} \right]\_{\text{X}}}\_{\text{VaRfally}} \times \begin{cases} \underbrace{\mathcal{U}\_{\text{ES}\_{1}}}\_{\begin{subarray}{c} \text{U}\_{\text{ES}\_{1}} \text{-} \\ \text{U}\_{\text{ES}\_{1}} \end{subarray}} \underbrace{\begin{bmatrix} \mathcal{U}\_{\text{ES}\_{1}} \\ \mathcal{U}\_{\text{ES}\_{1}} \end{bmatrix}}\_{\text{Cyltianity}} \end{array} \right]\_{\text{U}} \begin{cases} \underbrace{\mathcal{U}\_{\text{ES}\_{1}}}\_{\text{U}\_{\text{ES}\_{1}}} \underbrace{\begin{bmatrix} \mathcal{U}\_{\text{ES}\_{1}} \\ \mathcal{U}\_{\text{ES}\_{1}} \end{bmatrix}}\_{\text{Cyltianity}} \end{cases}$$

Eqs. (1) and (2) give first-order indicators of terrorist risk. They also determine three main ways of risk reduction: Reduction of terrorist threat is in the sphere of responsibility of law enforcement and intelligence communities, while reduction of vulnerability and consequences are the domains of engineering community and emergency management agencies, respectively.

In terrorist risk assessment framework, the main challenge is to estimate the probability of a terrorist attack. Some specialists believe that probabilistic measure is not adequate for the terrorist risk assessment since terrorist attack is not a stochastic event but a deliberate action based on the assessment made by terrorists regarding their skills and capabilities and the system's vulnerabilities.

Assignment of probabilities to the terrorist attack is a task which has a substantial human and behavioral dimension. The main problem is to describe the intentions of terrorists, their preferences, system of values (i.e., utility function), and decision rule. This allows one to assess the probability of different attack scenarios. The probability of each attack scenario is a function of the scenario's successful realization and their preferences regarding the expected consequences of that scenario.

**Figure 2.** General risk assessment framework.

**2. General risk assessment model**

260 Probabilistic Modeling in System Engineering

success scenario *S*<sup>0</sup>

any failure scenario *S*<sup>∗</sup>

with an end state (*ESi*

system's vulnerabilities.

quences of that scenario.

the successful functioning of the *CES*, the scenario *S*<sup>∗</sup>

*<sup>R</sup>* <sup>=</sup> {*P*(*A*1); *<sup>P</sup>*(*A*2);. . .; *<sup>P</sup>*(*An*)}

*Threat T*

an extreme event, or, in case of terrorism, a terrorist attack (*Ak*

×

⎡

⎢ ⎣

According to the traditional risk assessment model, risk is considered to be a function of threat *T*, vulnerability *V*, and consequences *C*: *R* = *f*(*T*, *V*, *C*). The model was developed to assess risks of technological catastrophes and natural disasters and now is widely used in terrorist risk assessments. Here threat is defined as probability of terrorist attack on a certain complex engineering system, *T* = *P*(*A*); vulnerability is estimated as conditional probability of a system's failure given the attack occurs, *V* = *P*(*F*|*A*) and consequences are defined as losses that occur as a result of the attack and the system failure, *C* = *E*(*U*|*A*, *F*). Then terrorist risk index is determined by Eq. (1):

*R* = *P*(*A*) ⋅ *P*(*F*|*A*) ⋅ *E*(*U*|*A*, *F*). (1)

For complex engineering systems that are subjected to multiple threats and multiple failure scenarios, risk assessment implies assessment of a scenario tree (**Figure** 2). This is being done using graph models called scenario trees [6, 7, 9]. The system is designed to fulfill the so-called

presents a deviation from the success scenario *S*<sup>0</sup>

Eqs. (1) and (2) give first-order indicators of terrorist risk. They also determine three main ways of risk reduction: Reduction of terrorist threat is in the sphere of responsibility of law enforcement and intelligence communities, while reduction of vulnerability and consequences are the domains of engineering community and emergency management agencies, respectively.

In terrorist risk assessment framework, the main challenge is to estimate the probability of a terrorist attack. Some specialists believe that probabilistic measure is not adequate for the terrorist risk assessment since terrorist attack is not a stochastic event but a deliberate action based on the assessment made by terrorists regarding their skills and capabilities and the

Assignment of probabilities to the terrorist attack is a task which has a substantial human and behavioral dimension. The main problem is to describe the intentions of terrorists, their preferences, system of values (i.e., utility function), and decision rule. This allows one to assess the probability of different attack scenarios. The probability of each attack scenario is a function of the scenario's successful realization and their preferences regarding the expected conse-

gives rise to a branch of a scenario tree that has a corresponding set of scenarios *Si*

(i.e., a transition from its initial state *IS* to the designed end state *ES*<sup>0</sup>

). In this case, one can get a similar risk index using matrix expression:

*P* [*ES*<sup>1</sup> ∣ *A*1] *P* [*ES*<sup>2</sup> ∣ *A*1]⋯*P* [*ESm* ∣ *A*1] *<sup>P</sup>* [*ES*<sup>1</sup> <sup>∣</sup> *<sup>A</sup>*2] *<sup>P</sup>* [*ES*<sup>2</sup> <sup>∣</sup> *<sup>A</sup>*2]⋯*<sup>P</sup>* [*ESm* <sup>∣</sup> *<sup>A</sup>*2]. . .

*P* [*ES*<sup>1</sup> ∣ *An*] *P* [*ES*<sup>2</sup> ∣ *An*]⋯*P* [*ESm* ∣ *An*]

*Vulnerability* **V**

). Since

that ends

⎫ ⎪ ⎬ ⎪ ⏟<sup>⎭</sup> *Consequences* **C**

(2)

that corresponds to

must have a disturbance point at which

), occurs (**Figure** 2). Each attack

⎤

×

⎧ ⎪ ⎨ ⎪ ⎩

*UES*<sup>1</sup> *UES*<sup>2</sup> . . . *UESm*

⎥ ⎦ Unfortunately, Eqs. (1) and (2) could only be considered first-order indicators of the terrorist risk. The problem is that these equations do not allow one to account for a number of specific features of terrorism.
