Game Theoretic Models for Critical Infrastructure Protection. V. M. Bier, University of Wisconsin-Madison
Critical infrastructure protection involves managing an intelligent and adaptable adversary. This makes it different from many other types of risk management. For example, even the existence of a threat assessment may provide an organization’s adversaries clues on effective sabotage methods. Similarly, reducing the vulnerability of some systems may cause intelligent and knowledgeable adversaries to attack other systems that have not yet been "hardened." Thus, risk management in this context is a problem of game theory rather than decision theory. In this talk, we apply game theory to help in characterizing the changing nature of sabotage risk. The results of such analysis yield useful insights. For example, in the face of budget constraints, it is often better to harden all systems to a modest degree (especially if they are logically in series with one another), rather than hardening some systems more thoroughly and others not at all. Organizations that adopt the latter approach may find their adversaries simply shift to attack the non-hardened systems, so that the investments in infrastructure protection yield little or no benefit. By contrast, modest investments in protection of all critical systems can make it more difficult for adversaries to mount successful attacks no matter which system they target. More sophisticated models taking into account the cost-effectiveness of infrastructure protection investments and the speed or effectiveness of the adversary’s learning provide substantially more insight. Thus, under the assumption of perfect and immediate learning, all systems in series with one another should have the same probability of successfully resisting an assault, regardless of the cost-effectiveness of infrastructure protection investments for each system. By contrast, in the absence of learning by adversaries, the cost-effectiveness of infrastructure protection investments is the primary determinant of the optimal protection strategy.
Go to . . .
2001 SRA Annual Meeting Table of Contents
2001 SRA Annual Meeting Author Index
Main Abstracts Menu Page
RiskWorld Home Page