5 Conclusions
As noted above, protecting engineered systems against intentional attacks is likely to require a combination of game theory and reliability analysis. Risk and reliability analysis by itself will likely not be sufficient to address many critical security challenges, since it does not take into account the attacker’s response to the implementation of reliability or security improvements. However, most current applications of game theory to security deal with individual components or assets in isolation, and hence could benefit from the use of reliability analysis tools and methods to more fully model the risks to complex networked systems such as computer systems, electricity transmission systems, or transportation systems. In the long run, approaches that embed systems reliability models in a game-theoretic framework may make it possible to take advantage of the strengths of both approaches.
This article is a revision of an article originally published in Modern Statistical and Mathematical Methods in Reliability (2005), World Scientific Publishing Company [Bie05].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R. 2001. “Why information security is hard: An economic perspective.” 18th Symposium on Operating Systems Principles, New Orleans, LA. http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/econ.pdf.
Arce M., D. G., and T. Sandler. 2001. “Transnational public goods: Strategies and institutions.” European Journal of Political Economy 17:493–516.
Armstrong, J. S. 1985. Long-range forecasting: From crystal ball to computer. New York: Wiley.
Ayres, I., and S. Levitt. 1998. “Measuring the positive externalities from unobservable victim precaution: An empirical analysis of Lojack.” Quarterly Journal of Economics 113:43–77.
Azaiez, N., and V. M. Bier. 2004. “Optimal resource allocation for security in reliability systems.” Submitted to European Journal of Operational Research.
Banks, D., and S. Anderson. 2003. “Game-theoretic risk management for counterterrorism.” Technical Report, Office of Biostatistics and Epidemiology, Center for Biologics Evaluation and Research, U.S. Food and Drug Administration.
Bedford, T., and R. Cooke. 2001. Probabilistic risk analysis: Foundations and methods. Cambridge, UK: Cambridge University Press.
Ben-Dov, Y. 1981. “Optimal testing procedures for special structures of coherent systems.” Management Science 27:1410–1420.
Berkovitz, L. D., and M. Dresher. 1959. “A game-theory analysis of tactical air war.” Operations Research 7:599–620.
Berkovitz, L. D., and M. Dresher. 1960. “Allocation of two types of aircraft in tactica.” Operations Research 8:694–706.
Bier, V. M. 1997. “An overview of probabilistic risk analysis for complex engineered systems.” In Fundamentals of risk analysis and risk management, edited by V. Molak, 1–18. Boca Raton, FL: Lewis Publishers.
Bier, V. M. 2005. “Game-theoretic and reliability methods in counterterrorism and security.” In Modern statistical and mathematical methods in reliability, edited by A. Wilson, N. Liminios, S. Keller-McNulty, and Y. Armijo, Volume 10 of Series on Quality, Reliability, and Engineering Statistics, 17–38. Singapore: World Scientific Publishers.
Bier, V. M., and V. Abhichandani. 2003. “Optimal allocation of resources for defense of simple series and parallel systems from determined adversaries.” In Risk-based decisionmaking in water resources X, 59–76. Reston, VA: American Society of Civil Engineers.
Bier, V. M., S. Ferson, Y. Y. Haimes, J. H. Lambert, and M. J. Small. 2004. “Risk of extreme and rare events: Lessons from a selection of approaches.” In Risk analysis and society: Interdisciplinary perspectives, edited by T. McDaniels and M. J. Small. Cambridge, UK: Cambridge University Press.
Bier, V. M., and A. Gupta. 2005. “Myopia and interdependent security risks.” Submitted to The Engineering Economist.
Bier, V. M., Y. Y. Haimes, J. H. Lambert, N. C. Matalas, and R. Zimmerman. 1999. “Assessing and managing the risk of extremes.” Risk Analysis 19:83–94.
Bier, V. M., A. Nagaraj, and V. Abhichandani. 2005. “Protection of simple series and parallel systems with components of different values.” Reliability Engineering and System Safety 87:313–323.
Bier, V. M., S. Oliveros, and L. Samuelson. 2005. “Choosing what to protect: Strategic defensive allocation against an unknown attacker.” Journal of Public Economic Theory (in press).
Brams, S. J. 1975. Game theory and politics. New York: Free Press.
Brams, S. J. 1985. Superpower games: Applying game theory to superpower conflict. New Haven, CT: Yale University Press.
Brams, S. J., and D. M. Kilgour. 1988. Game theory and national security. Oxford, UK: Basil Blackwell.
Brannigan, V., and C. Smidts. 1998. “Performance based fire safety regulation under intentional uncertainty.” Fire and Materials 23:341–347.
Brauer, J., and A. Roux. 2000. “Peace as an international public good: An application to southern Africa.” Defence and Peace Economics 11:643–659.
Burke, D. 1999. “Towards a game theory model of information warfare.” Ph.D. diss., Air Force Institute of Technology. http://www.iwar.org.uk/iwar/resources/usaf/maxwell/students/2000/afit-gss-lal-99d-1.pdf.
Chaturvedi, A. M., M. Gupta, S. Mehta, and L. Valeri. 2000. “Fighting the wily hacker: Modeling information security issues for online financial institutions using the Synthetic Environments for Analysis and Simulation environment (SEAS).” INET 2000 Proceedings. Internet Society. http://www.isoc.org/inet2000/cdproceedings/7a/7a_4.htm.
Cleaves, D. J., A. E. Kuester, and D. A. Schultz. 2003. A methodology for managing the risk of terrorist acts against the U. S. Postal Service. Society for Risk Analysis Annual Meeting, Baltimore, MD.
Cohen, F. 1999. “Managing network security: Attack and defense strategies.” Technical Report 9907, Fred Cohen and Associates Strategic Security and Intelligence.
Cooke, R. M. 1991. Experts in uncertainty: Opinion and subjective probability in science. Oxford, UK: Oxford University Press.
Cox, L., S. Chiu, and X. Sun. 1996. “Least-cost failure diagnosis in uncertain reliability systems.” Reliability Engineering and System Safety 54:203–216.
Cox, L., Y. Qiu, and W. Kuehner. 1989. “Heuristic least-cost computation of discrete classification functions with uncertain argument values.” Annals of Operations Research 21:1–30.
Cox, L. A. 1990. “A probabilistic risk assessment program for analyzing security risks.” In New risks: Issues and management, edited by L. A. Cox and P. F. Ricci. New York: Plenum Press.
Dresher, M. 1961. Games of strategy: Theory and applications. Englewood Cliffs, NJ: Prentice-Hall.
Enders, W., and T. Sandler. 2004. “What do we know about the substitution effect in transnational terrorism?” In Researching terrorism: Trends, achievements, failures, edited by A. Silke and G. Ilardi. London: Frank Cass. http://www-rcf.usc.edu/tsandler/substitution2ms.pdf.
Ezell, B. C., J. V. Farr, and I. Wiese. 2000. “Infrastructure risk analysis model.” Journal of Infrastructure Systems 6(3): 114–117.
Ezell, B. C., J. V. Farr, and I. Wiese. 2000. “Infrastructure risk analysis of municipal water distribution system.” Journal of Infrastructure Systems 6(3): 118–122.
Ezell, B. C., Y. Y. Haimes, and J. H. Lambert. 2001. “Cyber attack to water utility supervisory control and data acquisition SCADA systems.” Military Operations Research 6(2): 23–33.
Fechner, G. T. 1860. Elemente der Psychophysik. Leipzig: Breitkopf und Haertel.
Frey, B. S., and S. Luechinger. 2002. “Terrorism: Deterrence may backfire.” Working paper 136, Institute for Empirical Research in Economics, University of Zurich.
Frey, B. S., and S. Luechinger. 2003. “How to fight terrorism: Alternatives to deterrence.” Defence and Peace Economics 14:237–249.
Fudenberg, D., and J. Tirole. 1991. Game theory. Cambridge, MA: MIT Press.
Garrick, B. J. 2003. “Perspectives on the use of risk assessment to address terrorism.” Risk Analysis 22:421–424.
Haimes, Y. Y. 2002. “Roadmap for modelling risks of terrorism to the homeland.” Journal of Infrastructure Systems 8:35–41.
Haimes, Y. Y. 2002. “Strategic responses to risks of terrorism to water resources.” Journal of Water Resources Planning and Management 128:383–389.
Haimes, Y. Y., and T. Longstaff. 2002. “The role of risk analysis in the protection of critical infrastructure against terrorism.” Risk Analysis 22:439–444.
Haimes, Y. Y., N. C. Matalas, J. H. Lambert, B. A. Jackson, and J. F. R. Fellows. 1998. “Reducing vulnerability of water supply systems to attack.” Journal of Infrastructure Systems 4: 164–177.
Hausken, K. 2002. “Probabilistic risk analysis and game theory.” Risk Analysis 22:17–27.
Haywood, O. G. 1954. “Military decision and game theory.” Journal of the Operations Research Society of America 2:365–385.
Heal, G. M., and H. C. Kunreuther. 2003. You only die once: Managing discrete interdependent risks. http://ssrn.com/abstract=419240.
Hershey, J., D. Asch, T. Thumasathit, J. Meszaros, and V. Waters. 1994. “The roles of altruism, free riding, and bandwagoning in vaccination decisions.” Organizational Behavior and Human Decision Processes 59:177–187.
Hirshleifer, J. 1983. “From weakest-link to best-shot: The voluntary provision of public goods.” Public Choice 41:371–386.
Hirshleifer, J. 1985. “From weakest-link to best-shot: Correction.” Public Choice 46:221–223.
Isenberg, J. 2004. Comparison of seismic and security risk criteria for bridges. 83rd Transportation Research Board Annual Meeting, Washington, DC, January 11–15.
Keohane, N. O., and R. J. Zeckhauser. 2003. “The ecology of terror defense.” Journal of Risk and Uncertainty 26:201–229.
Kunreuther, H., and G. Heal. 2003. “Interdependent security.” Journal of Risk and Uncertainty 26:231–249.
Lakdawalla, D., and G. Zanjani. 2005. “Insurance, self-protection, and the economics of terrorism.” Journal of Public Economics 89:1891–1905.
Leibowitz, M. L., and G. J. Lieberman. 1960. “Optimal composition and deployment of a heterogeneous local air-defense system.” Operations Research 8:324–337.
Lemon, D. M., and G. E. Apostolakis. 2004. “A methodology for the identification of critical locations in infrastructures.” Working paper ESD-WP-2004-01, Engineering Systems Division, Massachusetts Institute of Technology. http://esd.mit.edu/WPS/esd-wp-2004-01.pdf.
Levitin, G. 2002. “Maximizing survivability of acyclic transmission networks with multi-state retransmitters and vulnerable nodes.” Reliability Engineering and System Safety 77:189–199.
Levitin, G. 2003. “Optimal allocation of multi-state elements in linear consecutively connected systems with vulnerable nodes.” European Journal of Operational Research 150:406–419.
Levitin, G. 2003. “Optimal multilevel protection in series-parallel systems.” Reliability Engineering and System Safety 81:93–102.
Levitin, G., Y. Dai, M. Xie, and K. L. Poh. 2003. “Optimizing survivability of multi-state systems with multi-level protection by multi-processor genetic algorithm.” Reliability Engineering and System Safety 82:93–104.
Levitin, G., and A. Lisnianski. 2000. “Survivability maximization for vulnerable multi-state systems with bridge topology.” Reliability Engineering and System Safety 70:125–140.
Levitin, G., and A. Lisnianski. 2001. “Optimal separation of elements in vulnerable multi-state systems.” Reliability Engineering and System Safety 73:55–66.
Levitin, G., and A. Lisnianski. 2003. “Optimizing survivability of vulnerable series-parallel multi-state systems.” Reliability Engineering and System Safety 79:319–331.
Major, J. 2002. “Advanced techniques for modeling terrorism risk.” Journal of Risk Finance 4:15–24.
Martz, H. F., and M. E. Johnson. 1987. “Risk analysis of terrorist attacks.” Risk Analysis 7:35–47.
National Research Council. 1994. Science and judgment in risk assessment. Washington, DC: National Academies Press.
Nuclear Regulatory Commission. 1975. Reactor safety study: An assessment of accident risks in U. S. commercial nuclear power plants. WASH-1400.
O’Hanlon, M., P. Orszag, I. Daalder, M. Destler, D. Gunter, R. Litan, and J. Steinberg. 2002. Protecting the American homeland. Washington, DC: Brookings Institution.
Orszag, P., and J. Stiglitz. 2002. “Optimal fire departments: Evaluating public policy in the face of externalities.” Working paper, Brookings Institution. http://www.brookings.edu/views/papers/orszag/20020104.pdf.
Pate-Cornell, E., and S. Guikema. December, 2002. “Probabilistic modeling of terrorist threats: A systems analysis approach to setting priorities among countermeasures.” Military Operations Research 7:5–20.
Philipson, T. 2000. “Economic epidemiology and infectious diseases.” In The handbook of health economics, edited by A. Culyer and J. Newhouse, 1762–1799. Netherlands: Elsevier Science.
President’s Commission on Critical Infrastructure Protection. 1997. Critical foundations: Protecting America’s infrastructures. Washington, DC: Government Printing Office.
Raiffa, H. 1968. Decision analysis: Introductory lectures on choices under uncertainty. Reading, MA: Addison-Wesley.
Ravid, I. 2002. Theater ballistic missiles and asymmetric war. The Military Conflict Institute. http://www.militaryconflict.org/Publications.htm.
Rowe, W. D. 2002. “Vulnerability to terrorism: Addressing the human variables.” In Risk-based decisionmaking in water resources X, edited by Y. Y. Haimes and D. A. Moser, 155–159. Reston, VA: American Society of Civil Engineers.
Sandler, T., and D. G. Arce M. 2003. “Terrorism and game theory.” Simulation and Gaming 34:319–337.
Sandler, T., and W. Enders. 2004. “An economic perspective on transnational terrorism.” European Journal of Political Economy 20:301–316.
Schneier, B. 2000. Secrets and lies: Digital security in a networked world. New York: Wiley.
Schneier, B. 2001. Managed security monitoring: Network security for the 21st century. Counterpane Internet Security, Inc. http://www.counterpane.com/msm.pdf.
Shubik, M. 1987. “When is an application and when is a theory a waste of time.” Management Science 33:1511–1522.
Smith, J. E., and D. von Winterfeldt. 2004. “Decision analysis.” Management Science 50:561–574.
Weber, D., and E. Englund. 1992. “Evaluation and comparison of spatial interpolators.” Mathematical Geology 24(4): 381–391.
Werner, S. January 11–15, 2004. Use of earthquake-based highway system vulnerability assessment tool for transportation security applications. 83rd Transportation Research Board Annual Meeting.
Woo, G. 2002. “Quantitative terrorism risk assessment.” Journal of Risk Finance 4:7–14.
Woo, G. 2003. Insuring against Al-Qaeda. Insurance Project Workshop, National Bureau of Economic Research, Inc. http://www.nber.org/~confer/2003/insurance03/woo.pdf.
Zebroski, E. June 2003. “Risk management lessons from man-made catastrophes: Implications for anti-terrorism risk assessments using a simple relative risk method.” American Nuclear Society Topical Meeting on Risk Management. San Diego.
Zhuang, J., and V. M. Bier. 2005. “Subsidized security and stability of equilibrium solutions in an n-player game with errors.” Submitted to Games and Economic Behavior.
Zilinskas, R. A., B. Hope, and D. W. North. 2004. “A discussion of findings and their possible implications from a workshop on bioterrorism threat assessment and risk management.” Risk Analysis 24:901–908.
Zimmerman, R., and V. M. Bier. April 12–13, 2002. Risk assessment of extreme events. Columbia-Wharton/Penn Roundtable on Risk Management Strategies in an Uncertain World, Palisades, NY. http://www.ldeo.columbia.edu/CHRR/Roundtable/Zimmerman_WP.pdf.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Bier, V. (2006). Game-Theoretic and Reliability Methods in Counterterrorism and Security. In: Wilson, A.G., Wilson, G.D., Olwell, D.H. (eds) Statistical Methods in Counterterrorism. Springer, New York, NY. https://doi.org/10.1007/0-387-35209-0_3
Download citation
DOI: https://doi.org/10.1007/0-387-35209-0_3
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-32904-8
Online ISBN: 978-0-387-35209-1
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)