Applied Risk Analysis for Guiding Homeland Security Policy and Decisions Wiley Series in Operations Research and Management Science Series

Presents various challenges faced by security policy makers and risk analysts, and mathematical approaches that inform homeland security policy development and decision support

Compiled by a group of highly qualified editors, this book provides a clear connection between risk science and homeland security policy making and includes top-notch contributions that uniquely highlight the role of risk analysis for informing homeland security policy decisions. Featuring discussions on various challenges faced in homeland security risk analysis, the book seamlessly divides the subject of risk analysis for homeland security into manageable chapters, which are organized by the concept of risk-informed decisions, methodology for applying risk analysis, and relevant examples and case studies. 

Applied Risk Analysis for Guiding Homeland Security Policy and Decisions offers an enlightening overview of risk analysis methods for homeland security. For instance, it presents readers with an exploration of radiological and nuclear risk assessment, along with analysis of uncertainties in radiological and nuclear pathways. It covers the advances in risk analysis for border security, as well as for cyber security. Other topics covered include: strengthening points of entry; systems modeling for rapid containment and casualty mitigation; and disaster preparedness and critical infrastructure resilience.

• Highlights how risk analysis helps in the decision-making process for homeland security policy
• Presents specific examples that detail how various risk analysis methods provide decision support for homeland security policy makers and risk analysts
• Describes numerous case studies from academic, government, and industrial perspectives that apply risk analysis methods for addressing challenges within the U.S. Department of Homeland Security (DHS)
• Offers detailed information regarding each of the five DHS missions: prevent terrorism and enhance security; secure and manage our borders; enforce and administer our immigration laws; safeguard and secure cyberspace; and strengthen national preparedness and resilience
• Discusses the various approaches and challenges faced in homeland risk analysis and identifies improvements and methodological advances that influenced DHS to adopt an increasingly risk-informed basis for decision-making
• Written by top educators and professionals who clearly illustrate the link between risk science and homeland security policy making 

Applied Risk Analysis for Guiding Homeland Security Policy and Decisions is an excellent textbook and/or supplement for upper-undergraduate and graduate-level courses related to homeland security risk analysis. It will also be an extremely beneficial resource and reference for homeland security policy analysts, risk analysts, and policymakers from private and public sectors, as well as researchers, academics, and practitioners who utilize security risk analysis methods.

About the Editors xix

List of Contributors xxi

Preface xxv

Chapter Abstracts xxviii

Part I Managing National Security Risk and Policy Programs 1

1 On the “Influence of Scenarios to Priorities” in Risk and Security Programs 3
Heimir Thorisson and James H. Lambert

1.1 Introduction 3

1.2 Risk Programs 4

1.3 Canonical Questions Guiding Development of Risk Programs 6

1.3.1 Canonical Question I: Scope 6

1.3.2 Canonical Question II: Operational Design 7

1.3.3 Canonical Question III: Evaluation 7

1.4 Scenario-Based Preferences 8

1.5 Methodology 9

1.6 Demonstration of Methods 12

1.7 Discussion and Conclusions 20

Acknowledgments 22

References 22

2 Survey of Risk Analytic Guidelines Across the Government 25
Isaac Maya, Amelia Liu, Lily Zhu, Francine Tran, Robert Creighton and CharlesWoo

2.1 Department of Defense (DOD) Overview 25

2.1.1 Joint Risk Analysis Methodology (JRAM) for the Chairman’s Risk Assessment (CRA) 26

2.1.2 Mission Assurance (MA): Risk Assessment and Management for DOD Missions 29

2.1.3 Risk Management Guide for DOD Acquisition 31

2.2 Department of Justice (DOJ) 33

2.3 Environmental Protection Agency (EPA) Overview 36

2.3.1 EPA Risk Leadership 36

2.3.2 EPA Risk Assessment Methodology and Guidelines 37

2.3.3 Risk Assessment Case Studies 40

2.3.4 Risk Assessment Challenges of EPA 43

2.3.5 Review of EPA Risk Assessment/Risk Management Methodologies 43

2.4 National Aeronautics and Space Administration (NASA): Overview 44

2.4.1 NASA Risk Leadership 44

2.4.2 Critical Steps in NASA Risk Assessment/Risk Management 44

2.4.3 Risk Assessment/Risk Management Challenges of NASA 48

2.4.4 Review of NASA Risk Assessment/Risk Management Methodologies 49

2.5 Nuclear Regulatory Commission (NRC) Overview 49

2.5.1 NRC Leadership 51

2.5.2 Critical Steps in NRC Risk Assessment/Risk Management 52

2.5.3 Risk Assessment/Risk Management Challenges of NRC 53

2.5.4 Review of NRC Risk Assessment/Risk Management Methodologies 54

2.6 International Standards Organization (ISO) Overview 55

2.6.1 ISO Leadership 57

2.6.2 Critical Steps in ISO Risk Assessment/Risk Management 57

2.6.3 Risk Assessment/Risk Management Challenges of ISO 58

2.7 Australia Overview 58

2.7.1 Australia Leadership 59

2.7.2 Critical Steps in Australia Risk Assessment/Risk Management 60

2.7.3 Risk Assessment/Risk Management Challenges of Australia 61

2.8 UK Overview 61

2.8.1 UK Leadership 61

2.8.2 Critical Steps in UK Risk Assessment/Risk Management 62

2.8.3 Risk Assessment/Risk Management Challenges of the United Kingdom 65

Acknowledgments 65

References 65

3 An Overview of Risk ModelingMethods and Approaches for National Security 69
Samrat Chatterjee, Robert T. Brigantic and Angela M.Waterworth

3.1 Introduction 69

3.2 Homeland Security Risk Landscape and Missions 70

3.2.1 Risk Landscape 71

3.2.2 Security Missions 71

3.2.3 Risk Definitions and Interpretations from DHS Risk Lexicon 72

3.3 Background Review 73

3.3.1 1960s to 1990s: Focus on Foundational Concepts 73

3.3.2 The 2000s: Increased Focus on Multi-hazard Risks Including Terrorism 75

3.3.3 2009 to Present: Emerging Emphasis on System Resilience and Complexity 78

3.4 Modeling Approaches for Risk Elements 88

3.4.1 Threat Modeling 88

3.4.2 VulnerabilityModeling 88

3.4.2.1 Survey-Based Methods 88

3.4.2.2 Systems Analysis 89

3.4.2.3 Network-Theoretic Approaches 89

3.4.2.4 Structural Analysis and ReliabilityTheory 89

3.4.3 Consequence Modeling 89

3.4.3.1 Direct Impacts 89

3.4.3.2 Indirect Impacts 89

3.4.4 Risk-Informed Decision Making 90

3.5 Modeling Perspectives for Further Research 90

3.5.1 Systemic Risk and ResilienceWithin a Unified Framework 90

3.5.2 Characterizing Cyber and Physical Infrastructure System Behaviors and Hazards 91

3.5.3 Utilizing “Big” Data or Lack of Data for Generating Risk and Resilience Analytics 91

3.5.4 Conceptual Multi-scale, Multi-hazard Modeling Framework 92

3.6 Concluding Remarks 94

Acknowledgments 95

References 95

4 Comparative Risk Rankings in Support of Homeland Security Strategic Plans 101
Russell Lundberg

4.1 Introduction 101

4.2 Conceptual Challenges in Comparative Risk Ranking 102

4.3 Practical Challenges in Comparative Ranking of Homeland Security Risks 103

4.3.1 Choosing a Risk Set 104

4.3.1.1 Lessons from the DMRR on Hazard Set Selection 105

4.3.2 Identifying Attributes to Consider 105

4.3.2.1 Lessons from the DMRR on Attribute Selection 107

4.3.3 Assessing Each Risk Individually 109

4.3.3.1 Lessons from the DMRR on Assessing Individual Homeland Security Risks 111

4.3.4 Combining Individual Risks to Develop a Comparative Risk Ranking 112

4.3.4.1 Lessons from the DMRR on Comparing Homeland Security Risks 114

4.4 Policy Relevance to Strategic-Level Homeland Security Risk Rankings 116

4.4.1 Insights into Homeland Security Risk Rankings 116

4.4.2 Risk vs. Risk Reduction 118

Acknowledgments 120

References 120

5 A Data ScienceWorkflow for Discovering Spatial Patterns Among Terrorist Attacks and Infrastructure 125
Daniel C. Fortin, Thomas Johansen, Samrat Chatterjee, GeorgeMuller and Christine Noonan

5.1 Introduction 125

5.2 The Data: Global Terrorism Database 126

5.3 The Tools: Exploring Data Interactively Using a Custom Shiny App 127

5.4 Example: Using the App to Explore ISIL Attacks 130

5.5 TheModels: StatisticalModels for Terrorist Event Data 134

5.6 More Data: Obtaining Regional Infrastructure Data to Build Statistical Models 135

5.7 A Model: Determining the Significance of Infrastructure on the Likelihood of an Attack 137

5.8 Case Study: Libya 138

5.9 Case Study: Jammu and Kashmir Region of India 139

5.9.1 The Model Revisited: Accounting for Many Regions with No Recorded Attacks 141

5.9.2 Investigating the Effect of Outliers 145

5.9.3 The Insight: What Have We Learned? 147

5.10 Summary 148

References 148

Part II Strengthening Ports of Entry 151

6 Effects of Credibility of Retaliation Threats in Deterring Smuggling of Nuclear Weapons 153
Xiaojun Shan and Jun Zhuang

6.1 Introduction 153

6.2 Extending Prior Game-Based Model 158

6.3 Comparing the Game Trees 158

6.4 The Extended Model 161

6.5 Solution to the Extended Model 162

6.6 Comparing the Solutions in Prior Game-Based Model and This Study 163

6.7 Illustration of the Extended Model Using Real Data 164

6.8 Conclusion and Future Research Work 165

References 167

7 Disutility of Mass Relocation After a Severe Nuclear Accident 171
VickiM. Bier and Shuji Liu

7.1 Introduction 171

7.2 Raw Data 174

7.3 Trade-Offs Between Cancer Fatalities and Relocation 177

7.4 Risk-Neutral DisutilityModel 179

7.5 Risk-Averse DisutilityModel 179

7.6 DisutilityModel with Interaction Effects 182

7.7 Economic Analysis 185

7.8 Conclusion 190

References 191

8 Scheduling Federal Air Marshals Under Uncertainty 193
KeithW. DeGregory and Rajesh Ganesan

8.1 Introduction 193

8.2 Literature 196

8.2.1 Commercial Aviation Industry 196

8.2.2 Homeland Security and the Federal Air Marshals Service 198

8.2.3 Approximate Dynamic Programming 199

8.3 Air Marshal Resource Allocation Model 200

8.3.1 Risk Model 200

8.3.2 Static Allocation 202

8.3.3 Dynamic Allocation 203

8.4 Stochastic Dynamic Programming Formulation 204

8.4.1 System State 205

8.4.2 Decision Variable 205

8.4.3 Post-decision State 206

8.4.4 Exogenous Information 206

8.4.5 State Transition Function 206

8.4.6 Contribution Function 206

8.4.7 Objective Function 207

8.4.8 Bellman’s Optimality Equations 207

8.5 Phases of Stochastic Dynamic Programming 207

8.5.1 Exploration Phase 207

8.5.2 Learning Phase 208

8.5.2.1 Algorithm 208

8.5.2.2 Approximation Methods 208

8.5.2.3 Convergence 209

8.5.3 Learned Phase 210

8.6 Integrated Allocation Model 210

8.7 Results 211

8.7.1 Experiment 211

8.7.2 Results from Stochastic Dynamic Programming Model 211

8.7.3 Sensitivity Analysis 212

8.7.4 Model Output 214

8.8 Conclusion 217

Acknowledgments 218

References 218

Part III Securing Critical Cyber Assets 221

9 Decision Theory for Network Security: Active Sensing for Detection and Prevention of Data Exfiltration 223
Sara M. McCarthy, Arunesh Sinha,Milind Tambe and Pratyusa Manadhatha

9.1 Introduction 223

9.1.1 Problem Domain 224

9.2 Background and RelatedWork 226

9.2.1 DNS Exfiltration 226

9.2.2 Partially Observable Markov Decision Process (POMDP) 228

9.3 Threat Model 229

9.3.1 The POMDP Model 230

9.4 POMDP Abstraction 232

9.4.1 Abstract Actions 232

9.4.2 Abstract Observations 234

9.4.3 VD-POMDP Factored Representation 234

9.4.4 Policy Execution 236

9.5 VD-POMDP Framework 239

9.6 Evaluation 241

9.6.1 Synthetic Networks 241

9.6.2 DETER Testbed Simulation 241

9.6.3 Runtime 242

9.6.4 Performance 244

9.6.5 Robustness 246

9.7 GameTheoretic Extensions 247

9.7.1 Threat Model 248

9.8 Conclusion and FutureWork 249

Acknowledgments 249

References 249

10 Measurement of Cyber Resilience from an Economic Perspective 253
Adam Z. Rose and NoahMiller

10.1 Introduction 253

10.2 Economic Resilience 254

10.2.1 Basic Concepts of Cyber Resilience 254

10.2.2 Basic Concepts of Economic Resilience 254

10.2.3 Economic Resilience Metrics 255

10.3 Cyber System Resilience Tactics 257

10.4 Resilience for Cyber-Related Sectors 267

10.4.1 Resilience in the Manufacturing of Cyber Equipment 267

10.4.2 Resilience in the Electricity Sector 268

10.5 Conclusion 269

References 270

11 Responses to Cyber Near-Misses: A Scale to Measure Individual Differences 275
Jinshu Cui, Heather Rosoff and Richard S. John

11.1 Introduction 275

11.2 Scale Development and Analysis Outline 277

11.3 Method 278

11.3.1 Measures 278

11.3.1.1 Cyber Near-Miss Appraisal Scale (CNMAS) 278

11.3.1.2 Measures of Discriminant Validity 281

11.3.1.3 Measure of Predictive Validity 281

11.3.1.4 Participants and Procedures 281

11.4 Results 284

11.4.1 Dimensionality and Reliability 284

11.4.2 Item Response Analysis 284

11.4.3 Differential Item Functioning (DIF) 287

11.4.4 Effects of Demographic Variables 289

11.4.5 Discriminant Validity 290

11.4.6 Predictive Validity 290

11.5 Discussion 291

Acknowledgments 292

References 292

Part IV Enhancing Disaster Preparedness and Infrastructure Resilience 295

12 An InteractiveWeb-Based Decision Support Systemfor Mass Dispensing, Emergency Preparedness, and Biosurveillance 297
Eva K. Lee, Ferdinand H. Pietz, Chien-Hung Chen and Yifan Liu

12.1 Introduction 297

12.2 System Architecture and Design 299

12.3 System Modules and Functionalities 301

12.3.1 Interactive User Experience 301

12.3.2 Geographical Boundaries 301

12.3.3 Network of Service, Locations, and Population Flow and Assignment 302

12.3.4 ZIP Code and Population Composition 304

12.3.5 Multimodality Dispensing and Public–Private Partnership 305

12.3.6 POD Layout Design and Resource Allocation 308

12.3.7 Radiological Module 309

12.3.8 Biosurveillance 309

12.3.9 Regional Information Sharing, Reverse Reporting, Tracking and Monitoring, and Resupply 310

12.3.10 Multilevel End-User Access 311

12.4 Biodefense, Pandemic Preparedness Planning, and Radiological and Large-Scale Disaster Relief Efforts 312

12.4.1 Biodefense Mass Dispensing Regional Planning 312

12.4.2 Real-Life Disaster Response Effort 315

12.4.2.1 RealOpt-Haiti© 315

12.4.2.2 RealOpt-Regional and RealOpt-CRC for Fukushima Daiichi Nuclear Disaster 316

12.4.2.3 RealOpt-ASSURE© 318

12.5 Challenges and Conclusions 319

Acknowledgments 321

References 321

13 Measuring Critical Infrastructure Risk, Protection, and Resilience in an All-Hazards Environment 325
Julia A. Phillips and Frédéric Petit

13.1 Introduction to Critical Infrastructure Risk Assessment 325

13.2 Motivation for Critical Infrastructure Risk Assessments 326

13.2.1 Unrest pre-September 2001 326

13.2.2 Post-911 Critical Infrastructure Protection and Resilience 326

13.3 Decision Analysis Methodologies for Creating Critical Infrastructure Risk Indicators 327

13.3.1 Decision Analysis 328

13.3.2 Illustrative Calculations for an Index: Buying a Car 328

13.4 An Application of Critical Infrastructure Protection, Consequence, and Resilience Assessment 331

13.4.1 Protection and Vulnerability 334

13.4.1.1 Physical Security 335

13.4.1.2 Security Management 335

13.4.1.3 Security Force 335

13.4.1.4 Information Sharing 337

13.4.1.5 Security Activity Background 338

13.4.2 Resilience 339

13.4.2.1 Preparedness 341

13.4.2.2 Mitigation Measures 341

13.4.2.3 Response Capabilities 342

13.4.2.4 Recovery Mechanisms 343

13.4.3 Consequences 343

13.4.3.1 Human Consequences 345

13.4.3.2 Economic Consequences 346

13.4.3.3 Government Mission/Public Health/Psychological Consequences 346

13.4.3.4 Cascading Impact Consequences 347

13.4.4 Risk Indices Comparison 349

13.5 Infrastructure Interdependencies 350

13.6 What’s Next for Critical Infrastructure Risk Assessments 352

References 354

14 Risk AnalysisMethods in Resilience Modeling: An Overview of Critical Infrastructure Applications 357
Hiba Baroud

14.1 Introduction 357

14.2 Background 358

14.2.1 Risk Analysis 358

14.2.2 Resilience 359

14.2.3 Critical Infrastructure Systems 360

14.3 Modeling the Resilience of Critical Infrastructure Systems 361

14.3.1 Resilience Models 361

14.3.1.1 Manufacturing 361

14.3.1.2 Communications 362

14.3.1.3 Dams, Levees, andWaterways 363

14.3.1.4 Defense 363

14.3.1.5 Emergency Services 363

14.3.1.6 Energy 363

14.3.1.7 Transportation 364

14.3.1.8 Water/Wastewater 364

14.3.2 Discussion 365

14.3.2.1 Economic Impact 365

14.3.2.2 Social Impact 367

14.3.2.3 Interdependencies 367

14.4 Assessing Risk in Resilience Models 368

14.4.1 Probabilistic Methods 368

14.4.2 UncertaintyModeling 369

14.4.3 Simulation-Based Approaches 369

14.4.4 Data-Driven Analytics 370

14.5 Opportunities and Challenges 370

14.5.1 Opportunities 370

14.5.2 Challenges 371

14.6 Concluding Remarks 372

References 373

15 Optimal Resource Allocation Model to Prevent, Prepare, and Respond to Multiple Disruptions, with Application to the Deepwater Horizon Oil Spill and Hurricane Katrina 381
Cameron A.MacKenzie and Amro Al Kazimi

15.1 Introduction 381

15.2 Model Development 383

15.2.1 Resource Allocation Model 383

15.2.2 Extension to Uncertain Parameters 385

15.3 Application: Deepwater Horizon and Hurricane Katrina 386

15.3.1 Parameter Estimation 386

15.3.1.1 Oil Spill Parameters 387

15.3.1.2 Hurricane Parameters 388

15.3.2 Base Case Results 391

15.3.3 Sensitivity Analysis on Economic Impacts 394

15.3.4 Model with Uncertain Effectiveness 395

15.4 Conclusions 397

References 398

16 Inoperability Input–Output Modeling of Electric Power Disruptions 405
Joost R. Santos, Sheree Ann Pagsuyoin and Christian Yip

16.1 Introduction 405

16.2 Risk Analysis of Natural and Man-Caused Electric Power Disruptions 407

16.3 Risk Management Insights for Disruptive Events 408

16.4 Modeling the Ripple Effects for Disruptive Events 411

16.5 Inoperability Input–Output Model 412

16.5.1 Model Parameters 412

16.5.2 Sector Inoperability 413

16.5.3 InterdependencyMatrix 413

16.5.4 Demand Perturbation 414

16.5.5 Economic Resilience 414

16.5.6 Economic Loss 415

16.6 Sample Electric Power Disruptions Scenario Analysis for the United States 416

16.7 Summary and Conclusions 421

References 422

17 Quantitative Assessment of Transportation Network Vulnerability with Dynamic Traffic Simulation Methods 427
Venkateswaran Shekar and Lance Fiondella

17.1 Introduction 427

17.2 Dynamic Transportation Network Vulnerability Assessment 429

17.3 Sources of Input for Dynamic Transportation Network Vulnerability Assessment 431

17.4 Illustrations 432

17.4.1 Example 1: Simple Network 432

17.4.2 Example II: University of Massachusetts Dartmouth Evacuation 437

17.5 Conclusion and Future Research 439

References 440

18 Infrastructure Monitoring for Health and Security 443
Prodyot K. Basu

18.1 Introduction 443

18.2 Data Acquisition 447

18.3 Sensors 447

18.3.1 Underlying Principles of Some of the Popular Sensors Listed in Table 18.1 451

18.3.1.1 Fiber Optics 451

18.3.1.2 VibratingWire 451

18.3.1.3 Piezoelectric Sensors 456

18.3.1.4 Piezoresistive Sensors 456

18.3.1.5 Laser Vibrometer 456

18.3.1.6 Acoustic Emission Sensing 457

18.3.1.7 GPS and GNSS 458

18.3.2 Selection of a Sensor 459

18.4 Capturing and Transmitting Signals 459

18.5 Energy Harvesting 461

18.6 Robotic IHM 462

18.7 Cyber-Physical Systems 464

18.8 Conclusions 464

References 465

19 Exploring Metaheuristic Approaches for Solving the Traveling Salesman Problem Applied to Emergency Planning and Response 467
Ramakrishna Tipireddy, Javier Rubio-Herrero, Samrat Chatterjee and Satish Chikkagoudar

19.1 The Traveling Salesman Problem 467

19.1.1 Definition 467

19.1.2 Computational Complexity 467

19.1.3 Solution Algorithms 468

19.1.4 Emergency Response Application 468

19.2 Emergency Planning and Response as a Traveling Salesman Problem 468

19.3 Metaheuristic Approaches 469

19.3.1 Simulated Annealing 470

19.3.1.1 Overview 470

19.3.1.2 Pseudocode 471

19.3.1.3 Case Study Results 473

19.3.2 Tabu Search 473

19.3.2.1 Overview 473

19.3.2.2 Pseudocode 474

19.3.2.3 Case Study Results 476

19.3.3 Genetic Algorithms 476

19.3.3.1 Overview 476

19.3.3.2 Pseudocode 478

19.3.3.3 Case Study Results 479

19.3.4 Ant Colony Optimization 479

19.3.4.1 Overview 479

19.3.4.2 Stochastic Solution Construction 480

19.3.4.3 Pheromone Update 480

19.3.4.4 Pseudocode 481

19.3.4.5 Case Study Results 481

19.4 Discussion 482

19.5 Concluding Remarks 482

References 484

Index 487

SAMRAT CHATTERJEE, PhD, is Senior Operations Research/Data Scientist and the Decision Modeling and Optimization Team Lead in the Computing and Analytics Division within the National Security Directorate at Pacific Northwest National Laboratory (PNNL). He is also Affiliate Professor of Civil and Environmental Engineering with Northeastern University in Boston.

ROBERT T. BRIGANTIC, PhD, is Chief Operations Research Scientist and the Statistical Modeling and Experimental Design Team Lead in the Computing and Analytics Division within the National Security Directorate at PNNL. He is also Adjunct Professor of Operations Research with the Carson College of Business at the Washington State University.

ANGELA M. WATERWORTH, MS, is Senior Operations Research/Data Scientist in the Computing and Analytics Division within the National Security Directorate at PNNL.