**5. Development of dynamic multi-sided models for analyzing scenarios of terrorist attacks and developing counterterrorist measures**

In view of the specific features of terrorist threats addressed in p.3 and the analysis of the scenarios of terrorist attacks on CESs presented in p.4 of this chapter, an integrated (three-sided) terrorist risk model based on the approaches developed in Bayesian networks and game theory has been developed [8, 21–23]. The schematic representation of the model is given in **Figure 6**. Each of the three graphs represents an influence diagram from the perspective of the following players: terrorist group, administration of industrial facility subjected to terrorist threat, and municipal authorities. These three diagrams are separated to keep the decisions made by different parties separate. Oval nodes represent random variables or events with their possible realizations and probabilities assigned. Rectangular nodes represent decisions and are characterized by possible options. The arrows represent probabilistic dependences between the events, state of variables or decision variables.

Analysis of Terrorist Attack Scenarios and Measures for Countering Terrorist Threats http://dx.doi.org/10.5772/intechopen.75099 267

**Figure 6.** Multi-sided terrorist risk assessment model.

Intelligent terrorism implies maximal level of the terrorist competence (comprehensive knowledge of the *CES* and its control, operation, and protection barriers), which enables it to select the most disastrous accident scenarios and find the most effective way of their initiation, disconnection, or disruption of the *CES* monitoring systems in order to prevent prompt response to failures. The assessment of the attack scenarios is made through a hybrid scenario tree that in case of *IT* could be more complicated (**Figure** 5). It incorporates several attack trees describing the abilities and resources of terrorists and the decision tree describing the

In view of the specific features of terrorist threats addressed in p.3 and the analysis of the scenarios of terrorist attacks on CESs presented in p.4 of this chapter, an integrated (three-sided) terrorist risk model based on the approaches developed in Bayesian networks and game theory has been developed [8, 21–23]. The schematic representation of the model is given in **Figure 6**. Each of the three graphs represents an influence diagram from the perspective of the following players: terrorist group, administration of industrial facility subjected to terrorist threat, and municipal authorities. These three diagrams are separated to keep the decisions made by different parties separate. Oval nodes represent random variables or events with their possible realizations and probabilities assigned. Rectangular nodes represent decisions and are characterized by possible options. The arrows represent probabilistic dependences

**5. Development of dynamic multi-sided models for analyzing scenarios of terrorist attacks and developing counterterrorist** 

between the events, state of variables or decision variables.

system's vulnerability.

**Figure 5.** The scenario tree for intelligent terrorism.

266 Probabilistic Modeling in System Engineering

**measures**

The model is based on the assumption that all the players act in such a way as to minimize their maximum losses. This strategy is governed by so-called minimax criterion: Counterterrorist players don't know which attack scenario the terrorist group will select, that is why they should choose the defense strategy that results in the lowest possible worst-case expected losses.

Graph 1 (**Figure** 7) represents an influence diagram from the perspective of terrorists. It allows one to assess (a) the probabilities that the specified attack scenario will result in damage and (b) the expected utility of terrorist of different attack scenarios<sup>1</sup> .

$$ELI(\mathbf{s}\_{i}) = \sum\_{j=0}^{n} \left[ LI(\mathbf{s}\_{j}; \mathbf{v}\_{j}) \times P \left( V = \mathbf{v}\_{j} \mid S = \mathbf{s}\_{i} \right) \right] \text{(i = 1, 2, \dots, n)}\tag{3}$$

where *Ut*(*<sup>s</sup> i* ; *vj*) is an element of utility matrix.

$$\begin{bmatrix} \mathcal{W}(\mathbf{s}\_{1};\mathbf{\boldsymbol{\upsilon}}\_{0}) - \mathcal{Z}(\mathbf{s}\_{1}) & \mathcal{W}(\mathbf{s}\_{1};\mathbf{\boldsymbol{\upsilon}}\_{1}) - \mathcal{Z}(\mathbf{s}\_{1}) & \cdots & \mathcal{W}(\mathbf{s}\_{1};\mathbf{\boldsymbol{\upsilon}}\_{n}) - \mathcal{Z}(\mathbf{s}\_{1}) \\ \mathcal{W}(\mathbf{s}\_{2};\mathbf{\boldsymbol{\upsilon}}\_{0}) - \mathcal{Z}(\mathbf{s}\_{2}) & \mathcal{W}(\mathbf{s}\_{2};\mathbf{\boldsymbol{\upsilon}}\_{1}) - \mathcal{Z}(\mathbf{s}\_{2}) & \cdots & \mathcal{W}(\mathbf{s}\_{2};\mathbf{\boldsymbol{\upsilon}}\_{n}) - \mathcal{Z}(\mathbf{s}\_{2}) \\ \vdots & \ddots & & \\ \mathcal{W}(\mathbf{s}\_{n};\mathbf{\boldsymbol{\upsilon}}\_{0}) - \mathcal{Z}(\mathbf{s}\_{n}) & \mathcal{W}(\mathbf{s}\_{n};\mathbf{\boldsymbol{\upsilon}}\_{1}) - \mathcal{Z}(\mathbf{s}\_{n}) & \cdots & \mathcal{W}(\mathbf{s}\_{n};\mathbf{\boldsymbol{\upsilon}}\_{n}) - \mathcal{Z}(\mathbf{s}\_{n}) \end{bmatrix} \tag{4}$$

<sup>1</sup> Figures on the diagram are conditional and are presented for the illustrative purpose.

**Figure 7.** An illustrative example of the influence diagram from the perspective of terrorist group.

*s i* is attack scenario; *vj* is damage factor of the facility inflicted by the attack (*j* = 0, 1, …*n*: *j* = 0 corresponds to a not damaged system, while *j* = *n* corresponds to completely destroyed system); *<sup>P</sup>*(*<sup>V</sup>* <sup>=</sup> *vj* |*S* = *s <sup>i</sup>*) is conditional probability of inflicting damage factor *j* to the facility provided that attack scenario *i* was carried out; *W*(*<sup>s</sup> i* ; *vj*) is the outcome in case of attack scenario *i* and damage state *j*; *Z*(*<sup>s</sup> i* ) are the costs of implementing attack scenario *i*.

Calculation of expected utility values for different attack scenarios allows one to estimate probabilities of these scenarios (Eq. (5)) [8, 11]:

$$P\_{\ell}\{S=s\_{\emptyset}\} = \frac{ELl\_{\ell}(s\_{\emptyset})}{\sum\_{i=1}^{n}EL\_{\ell}(s\_{i})} \text{ ( $i=1,2,...,n$ )}.\tag{5}$$

The graph permits estimation of expected disutilities to facility administration in case of various countermeasures adopted by the facility administration, to rank countermeasures.

Analysis of Terrorist Attack Scenarios and Measures for Countering Terrorist Threats

http://dx.doi.org/10.5772/intechopen.75099

269

**Figure 8.** An illustrative example of the influence diagram from the perspective of CES's administration.

Graph 3 (**Figure 9**) represents an influence diagram from the perspective of local community authorities. Graph 2 and Graph 3 permit assessment of risk reduction benefits of different

The structure of the influence diagrams and probabilistic dependences between the variables should be developed by the joint efforts of specialists representing a broad spectrum of disciplines (these include specialists in terrorist threat assessment, reliability theory, social sciences, loss estimation), each providing insights in their relevant area of expertise. The model permits identification of effects of different factors and parameter values on the likelihood of success of different attack scenarios and on the expected utilities to different sides involved. The model described above can be used in dynamic fashion via discrete time steps. At each step, each player updates his beliefs, objectives, and decisions based on his previous step. Each of the players is uncertain about the other's actions and state of knowledge. To address the dynamics of security problem, one needs to model moves and countermoves of all three sides involved, changes in the structure of terrorist organizations and systems of protection,

At each consecutive time period, all three parties make decisions regarding their actions in the

Estimations of probabilities of various attack scenarios and countermeasures adopted by facil-

*t k* and *I t k*+1

could be treated as prior

*k*

, **Figure 10**).

upcoming time period based on the information accumulated so far (Blocks *I*

ity administration and community authorities obtained at time step *t*

countermeasures and their costs.

and lessons learned by all parties from previous attacks.

Eq. (5) assumes that (a) different attack scenarios are mutually exclusive and (b) the decision taken by terrorists is rational (i.e., they chose attack scenarios that maximize the expected utility). The results obtained in Graph 1 are then used as inputs to Graphs 2 and 3. The results of Graph 2 are then used in Graph 3.

Graph 2 (**Figure 8**) represents an influence diagram from the perspective of administration of industrial facility subjected to terrorist threat. It allows one to assess expected disutilities related to various countermeasures made by the administration of the facility involved. The probabilities *Pt* (*S* = *s i* ) (Eq. (5)) are used in Graph 2 as state probabilities of the chance node 1. Analysis of Terrorist Attack Scenarios and Measures for Countering Terrorist Threats http://dx.doi.org/10.5772/intechopen.75099 269

**Figure 8.** An illustrative example of the influence diagram from the perspective of CES's administration.

*s i*

*<sup>P</sup>*(*<sup>V</sup>* <sup>=</sup> *vj*

is attack scenario; *vj*

268 Probabilistic Modeling in System Engineering


damage state *j*; *Z*(*<sup>s</sup>*

probabilities *Pt*

that attack scenario *i* was carried out; *W*(*<sup>s</sup>*

probabilities of these scenarios (Eq. (5)) [8, 11]:

*i*

*Pt*

Graph 2 are then used in Graph 3.

(*S* = *s i* is damage factor of the facility inflicted by the attack (*j* = 0, 1, …*n*: *j* = 0 cor-

; *vj*) is the outcome in case of attack scenario *i* and

(*i* = 1, 2, …*n*). (5)

*<sup>i</sup>*) is conditional probability of inflicting damage factor *j* to the facility provided

responds to a not damaged system, while *j* = *n* corresponds to completely destroyed system);

Calculation of expected utility values for different attack scenarios allows one to estimate

Eq. (5) assumes that (a) different attack scenarios are mutually exclusive and (b) the decision taken by terrorists is rational (i.e., they chose attack scenarios that maximize the expected utility). The results obtained in Graph 1 are then used as inputs to Graphs 2 and 3. The results of

Graph 2 (**Figure 8**) represents an influence diagram from the perspective of administration of industrial facility subjected to terrorist threat. It allows one to assess expected disutilities related to various countermeasures made by the administration of the facility involved. The

) (Eq. (5)) are used in Graph 2 as state probabilities of the chance node 1.

*i*

**Figure 7.** An illustrative example of the influence diagram from the perspective of terrorist group.

) are the costs of implementing attack scenario *i*.

) <sup>=</sup> *EUt*(*si* ) \_\_\_\_\_\_\_\_ ∑ *k*=1 *n EUt*(*sk*)

(*S* = *si*

The graph permits estimation of expected disutilities to facility administration in case of various countermeasures adopted by the facility administration, to rank countermeasures.

Graph 3 (**Figure 9**) represents an influence diagram from the perspective of local community authorities. Graph 2 and Graph 3 permit assessment of risk reduction benefits of different countermeasures and their costs.

The structure of the influence diagrams and probabilistic dependences between the variables should be developed by the joint efforts of specialists representing a broad spectrum of disciplines (these include specialists in terrorist threat assessment, reliability theory, social sciences, loss estimation), each providing insights in their relevant area of expertise. The model permits identification of effects of different factors and parameter values on the likelihood of success of different attack scenarios and on the expected utilities to different sides involved.

The model described above can be used in dynamic fashion via discrete time steps. At each step, each player updates his beliefs, objectives, and decisions based on his previous step. Each of the players is uncertain about the other's actions and state of knowledge. To address the dynamics of security problem, one needs to model moves and countermoves of all three sides involved, changes in the structure of terrorist organizations and systems of protection, and lessons learned by all parties from previous attacks.

At each consecutive time period, all three parties make decisions regarding their actions in the upcoming time period based on the information accumulated so far (Blocks *I t k* and *I t k*+1 , **Figure 10**). Estimations of probabilities of various attack scenarios and countermeasures adopted by facility administration and community authorities obtained at time step *t k* could be treated as prior

estimates for the time period *t*

*Pa*(*<sup>D</sup>* <sup>=</sup> *dj*) <sup>=</sup> *EUa*(*dj*) \_\_\_\_\_\_\_\_\_

authorities *ml*

lifetime of the CES.

*k*+1

using Eq.(6) similar to Eq.(5):

∑ *g*=1 3 *EUa*(*dg*)

**6. Measures for countering terrorist threats**

terterrorist forces by including the respective chance nodes into Graph 1 at time step *t*

, *k* = 1, 2, 3; *Pm*(*M* = *ml*

The complexity of modern engineering systems and their interdependence with other systems make them vulnerable to attacks of technological and intelligent terrorism. This complexity stems largely from the vast functional and spatial dependencies and nonlinear interactions between the components of CES as well as from interdependencies that exist among the CESs which enable failures to cascade within one system and pass from one system to another.

Different historical, economic, political, social, as well as cultural traditions have formed different approaches to ensuring safety of complex engineering systems. Contemporary CESs, i.e., power, transport, and telecommunication networks, are becoming transboundary. Their significant spatial extension makes their functioning dependent on many factors and events in different parts of the world. The ensuring of CES's security is a complex interdisciplinary problem. It is impossible to solve this problem without joining efforts of experts in different fields and taking into account technical, social, psychological, and cultural-historical aspects. Analysis of major disasters at CES in different countries shows that high-risk engineering systems in many cases are being designed and constructed according to traditional design codes and norms that are based on common and quite simple linear "sequential" risk assessment models and employ traditional design, diagnostics, and protection methods and procedures. This is being done in the assumption that a bounded set of credible design-basis impacts and subsequent failure scenarios could be determined for the CES, thus allowing one to create a system of protection barriers and safeguards that could secure the CES from the identified impacts with required substantially and high probability. This bounded set of impacts referred to as design-basis impacts includes normal operation events as well as abnormal events (component failures, human errors, extreme environmental loads, attacks of technological terrorism on CES) that are expected to occur or might occur at least once during the

The currently available approach to ensuring security of complex engineering systems is based on the so-called protection approach that provides for the development of a set of protection barriers against the list of terrorist attack scenarios that were identified in advance. Within this approach, attacks of technological terrorism should be included into the list of

estimate probabilities of countermeasures adopted by facility administration *dj*

**6.1. Measures aimed at increasing protection of a CES from terrorist threats**

. Terrorist may take into account countermeasures of coun-

Analysis of Terrorist Attack Scenarios and Measures for Countering Terrorist Threats

) <sup>=</sup> *EUm*(*ml* ) \_\_\_\_\_\_\_\_\_

∑ *f*=1 3

*EUm*(*mf*)

*k*+1 and 271

and municipal

, *l* = 1, 2, 3 (6)

http://dx.doi.org/10.5772/intechopen.75099

**Figure 9.** An illustrative example of the influence diagram from the perspective of community authorities.

**Figure 10.** Dynamic multi-sided terrorist assessment model.

estimates for the time period *t k*+1 . Terrorist may take into account countermeasures of counterterrorist forces by including the respective chance nodes into Graph 1 at time step *t k*+1 and estimate probabilities of countermeasures adopted by facility administration *dj* and municipal authorities *ml* using Eq.(6) similar to Eq.(5):

$$P\_s(D = d\_j) = \frac{ELI\_s(d\_j)}{\sum\_{s^1}^{3} ELI\_s(d\_s)} , k = 1, \text{ 2, 3; } P\_m \{ M = m\_l \} = \frac{ELI\_m(m\_l)}{\sum\_{j=1}^{3} ELI\_{m\_j^{\{m\_j\}}}} , l = 1, \text{ 2, 3} \tag{6}$$
