**3. Specific features of terrorist threats**

When assessing security-related problems for complex engineering systems, one should take into account the following characteristics of the terrorist threat [17, 19, 20].

*High level of uncertainty*: In modeling terrorist scenarios, we encounter a higher level of uncertainty. In addition to the uncertain factors inherent in threats of a natural or man-made nature, terrorist threats entail new factors of uncertainty resulting from the complexity of evaluating terrorists' system of values and behavioral logic as well as their organizational-technical potential and the resources at their disposal.

*High level of dynamism:* Terrorist attack scenarios and impact factors are more dynamic by nature than scenarios and impact factors for natural and man-made disasters to which the system is subject. A change in the spectrum and intensity of terrorism-related extreme effects on the system is significantly more rapid than in the case of natural or man-made threat. This is due to the terrorists' capacity for constantly expanding their arsenal of mechanisms for initiating emergency situations using modern means of attack, reacting to changes in protection barriers, and learning lessons from mistakes made during previous attacks on the system similar to it.

*The capability of terrorists to choose attack scenarios deliberately*: This refers to terrorists' deliberate selection of attack scenarios (places, times, and types of actions), taking into account the system vulnerability parameters and the losses expected if an attack is successfully carried out. That is, terrorists are capable of analyzing the vulnerability matrix and structure of losses for various types of actions against the CES and selecting the attack scenario that maximizes the harm to society (taking into account secondary and cascading losses). Here, in addition to probability analysis, it is also necessary to apply the tools of game theory, which makes it possible to take into account the intentional actions of terrorists.

*Terrorists' capacity for self-learning*: Because terrorists are capable of analyzing the results of previous attacks and drawing conclusions from them, their experience in "successful" and "unsuccessful" attacks can have a noticeable effect on the selection of a scenario for the next attack. Attack scenarios that proved their effective in the past are most likely to be repeated by terrorists in the future, while scenarios that ended unsuccessfully will most likely to be less attractive to terrorists and consequently are less likely to be repeated. Therefore, in assessing the chances that various attack scenarios will be realized, statistical self-learning models are

Analysis of Terrorist Attack Scenarios and Measures for Countering Terrorist Threats

http://dx.doi.org/10.5772/intechopen.75099

263

In solving the above problem of security analysis, it is necessary to assess the resources the terrorists possess. In security analysis, by resources we mean a broad set of factors that deter-

• Material resources: technical means, equipment, and "human material" that can be used

• Nonmaterial resources: experience and skills of terrorists, their knowledge, and access to

To answer the question of security analysis, experts should consider the quality of equipment the terrorists have, their skills and knowledge of *CES*, and their ability to take advantage of

The ability of terrorists to select the most vulnerable and critical elements of *CES*, choose the time and place of an attack, adapt to changes of safety barriers and defense strategies, and learn lessons from previous attacks requires that the game theory approaches be included into probabilistic risk assessment models. That means that (a) traditional scenario trees used in safety risk assessment, which include only chance nodes, have to be supplemented by decision nodes that describe rational deliberate actions and counteractions of terrorists and counterterrorists; (b) models for terrorist risk assessment should be multi-sided and describe the situation from the perspective of terrorists and counterterrorist forces [11]; (c) these models should be dynamic and allow one to update actions and counteractions of various sides

Scenarios of terrorist attacks can be divided into three types, scenarios of ordinary, technological, and intelligent terrorism, that differ in resources used by terrorists to carry out the

Scenarios of ordinary terrorism imply organization of explosions, fires, and assassinations of officials, public figures, and people at large in order to intimidate people and destabilize political situation in the country or region. Scenarios of ordinary terrorism are not considered in this paper since these scenarios are not focused on complex engineering systems. We are going to deal with two other types of terrorist attack scenarios that are directly related to *CES.*

attacks and structure of losses inflicted by the attacks (**Figure** 1) [17–19].

the existing vulnerabilities (and even create new ones) in order to organize the attack.

more effective than traditional frequency methods.

for terrorist attack

the CES internal procedures

involved at different time steps.

**4. Three types of terrorist attack scenarios**

mine the potential of a terrorist organization. These include:

*Complex nature of the terrorist threat*: The presence of a terrorist organization in a region may give rise to the possibility of a broad spectrum of attack scenarios. Thus, to counter terrorist threats and terrorist mechanisms for initiating emergency situations to an even greater degree than for natural and man-made risks, a systemic approach is needed for ensuring security and developing an optimal strategy for counterterrorism force and resource deployment. Inasmuch as concentrating resources on protecting one system element (or protecting a target from one scenario of terrorist action) could prove useless because, after evaluating the situation, the terrorists could redirect the attack against another element of the system or switch to a different attack scenario. In this case, counterterrorism efforts will fail to reduce risk and increase the system's level of protection.

*Presence of two-way linkages between the terrorist threat and system vulnerability*: The structure of linkages among the risk factors for the given *CES* in case of natural or manmade catastrophes is presented in **Figure** 3**a**. One differentiating feature of a terrorist risk assessment is the presence of two-way linkages (feedbacks) between the terrorist threat and (a) vulnerability of the system to the threat and (b) the magnitude of expected losses if the threat is successfully realized (see **Figure** 3**b**). This characteristic of terrorism must be examined in detail. In particular, reducing the vulnerability of a given system makes it possible to reduce substantially the level of the terrorist threat it faces.

In terrorist risk assessment framework, the main challenge is to estimate the probability of a terrorist attack. Some specialists believe that probabilistic measure is not adequate for the terrorist risk assessment since terrorist attack is not a stochastic event but a deliberate action based on the assessment made by terrorists regarding their skills and capabilities and the system's vulnerabilities.

Assignment of probabilities to the terrorist attack is a task which has a substantial human and behavioral dimension. The main problem is to describe the intentions of terrorists, their preferences, system of values (i.e., utility function), and decision rule. This allows assessing probability of different attack scenarios.

**Figure 3.** (a) System of linkages among risk factors for natural or man-made hazards (safety context). (b) System of linkages among risk factors for terrorist threat (security context).

*Terrorists' capacity for self-learning*: Because terrorists are capable of analyzing the results of previous attacks and drawing conclusions from them, their experience in "successful" and "unsuccessful" attacks can have a noticeable effect on the selection of a scenario for the next attack. Attack scenarios that proved their effective in the past are most likely to be repeated by terrorists in the future, while scenarios that ended unsuccessfully will most likely to be less attractive to terrorists and consequently are less likely to be repeated. Therefore, in assessing the chances that various attack scenarios will be realized, statistical self-learning models are more effective than traditional frequency methods.

In solving the above problem of security analysis, it is necessary to assess the resources the terrorists possess. In security analysis, by resources we mean a broad set of factors that determine the potential of a terrorist organization. These include:


To answer the question of security analysis, experts should consider the quality of equipment the terrorists have, their skills and knowledge of *CES*, and their ability to take advantage of the existing vulnerabilities (and even create new ones) in order to organize the attack.

The ability of terrorists to select the most vulnerable and critical elements of *CES*, choose the time and place of an attack, adapt to changes of safety barriers and defense strategies, and learn lessons from previous attacks requires that the game theory approaches be included into probabilistic risk assessment models. That means that (a) traditional scenario trees used in safety risk assessment, which include only chance nodes, have to be supplemented by decision nodes that describe rational deliberate actions and counteractions of terrorists and counterterrorists; (b) models for terrorist risk assessment should be multi-sided and describe the situation from the perspective of terrorists and counterterrorist forces [11]; (c) these models should be dynamic and allow one to update actions and counteractions of various sides involved at different time steps.
