*Gerald G. Brown*

*Distinguished Professor, Department of Operations Research*

*Naval Postgraduate School, Monterey, California*

*W. Matthew Carlyle*

*Associate Professor, Department of Operations Research*

*Naval Postgraduate School, Monterey, California*

*R. Kevin Wood*

*Professor, Department of Operations Research*

*Naval Postgraduate School, Monterey, California*

The U.S. Department of Homeland Security (DHS) is investing billions of dollars to protect us from terrorist attacks and their expected damage (i.e., risk). We present prescriptive optimization models to guide these investments. Our primary goal is to recommend investments in a set of available defense options; each of these options can reduce our vulnerability to terrorist attack, or enable future mitigation actions for particular types of attack. Our models prescribe investments that minimize the maximum risk (i.e., expected damage) to which we are exposed. Our “Defend-Attack-Mitigate risk-minimization model” assumes that terrorist attackers will observe, and react to, any strategic defense investment on the scale required to protect our entire country. We also develop a more general tri-level “Defender-Attacker-Defender risk-minimization model” in which (a) the defender invests strategically in interdiction and/or mitigation options (for example, by inoculating health-care workers, or stockpiling a mix of emergency vaccines), (b) the attacker observes those investments and attacks as effectively as possible, and (c) the defender then optimally deploys the mitigation options that his investments have enabled. We show with simple numerical examples some of the important insights offered by such analysis. As a by-product of our analysis we elicit the optimal attacker behavior that would follow our chosen defensive investment, and therefore we can focus intelligence collection on telltales of the most-likely and most-lethal attacks.

Since September 11, 2001, the U.S. Department of Homeland Security (DHS) has marshaled significant resources to assess the risk to our populace from terrorist attacks of all kinds. The work we report here is directly motivated by just one such risk assessment: pursuant to Homeland Security Presidential Directive 10 (HSPD-10) (The White House, 2004), DHS has conducted an extensive bioterrorism risk-assessment exercise, referred to here as the Biological Threat Risk Assessment (BTRA) (DHS, 2006). BTRA estimates risks of many bioterror attack possibilities, and classifies a list of particular bioterror agents as *most-*, *intermediate-*, and *least-threatening*.

The BTRA risk assessment depends upon subject-matter experts (SMEs) advising, with perfect knowledge, the probability that the “attacker” (terrorist or terrorist group), or “defender” (the federal government), will choose some particular option at each stage of an 18-stage probability risk assessment tree.

We contend that representing intelligent adversarial decisions with static probabilities elicited from SMEs is an untenable paradigm: Not only can experts make mistakes, but static probabilities make no sense when the attacker can observe and react, dynamically, to any earlier decisions made by the defender.

We also hold that the business of DHS lies not just in assessing risks, but also in wisely guiding investments of our nation’s wealth to reduce these risks. These are strategic *decisions* that must be made now, in a deliberative fashion.

Here, we try to adopt the same problem context as BTRA to recoup its estimable investment in risk modeling. But, we distinguish between (a) strategic investment decisions that DHS makes that are visible to terrorists, (b) the decision a terrorist makes to attempt an attack and, finally, (c) the after-attack mitigation efforts that prudent DHS investments will have enabled.

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.

Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 90

Appendix E
Optimizing Department of Homeland Security Defense
Investments: Applying Defender-Attacker (-Defender)
Optimization to Terror Risk Assessment and Mitigation
Gerald G. Brown
Distinguished Professor, Department of Operations Research
Naval Postgraduate School, Monterey, California
W. Matthew Carlyle
Associate Professor, Department of Operations Research
Naval Postgraduate School, Monterey, California
R. Kevin Wood
Professor, Department of Operations Research
Naval Postgraduate School, Monterey, California
The U.S. Department of Homeland Security (DHS) is assess the risk to our populace from terrorist attacks of all kinds.
investing billions of dollars to protect us from terrorist The work we report here is directly motivated by just one such
attacks and their expected damage (i.e., risk). We present risk assessment: pursuant to Homeland Security Presidential
prescriptive optimization models to guide these invest- Directive 10 (HSPD-10) (The White House, 2004), DHS has
ments. Our primary goal is to recommend investments in conducted an extensive bioterrorism risk-assessment exercise,
a set of available defense options; each of these options referred to here as the Biological Threat Risk Assessment
can reduce our vulnerability to terrorist attack, or enable (BTRA) (DHS, 2006). BTRA estimates risks of many bioterror
future mitigation actions for particular types of attack. Our attack possibilities, and classifies a list of particular bioterror
models prescribe investments that minimize the maximum agents as most-, intermediate-, and least-threatening.
risk (i.e., expected damage) to which we are exposed. Our The BTRA risk assessment depends upon subject-matter
“Defend-Attack-Mitigate risk-minimization model” as- experts (SMEs) advising, with perfect knowledge, the prob-
sumes that terrorist attackers will observe, and react to, any ability that the “attacker” (terrorist or terrorist group), or
strategic defense investment on the scale required to protect “defender” (the federal government), will choose some
our entire country. We also develop a more general tri-level particular option at each stage of an 18-stage probability
“Defender-Attacker-Defender risk-minimization model” risk assessment tree.
in which (a) the defender invests strategically in interdic- We contend that representing intelligent adversarial
tion and/or mitigation options (for example, by inoculating decisions with static probabilities elicited from SMEs is an
health-care workers, or stockpiling a mix of emergency untenable paradigm: Not only can experts make mistakes,
vaccines), (b) the attacker observes those investments and but static probabilities make no sense when the attacker can
attacks as effectively as possible, and (c) the defender then observe and react, dynamically, to any earlier decisions made
optimally deploys the mitigation options that his investments by the defender.
have enabled. We show with simple numerical examples We also hold that the business of DHS lies not just in
some of the important insights offered by such analysis. As assessing risks, but also in wisely guiding investments of
a by-product of our analysis we elicit the optimal attacker our nation’s wealth to reduce these risks. These are strategic
behavior that would follow our chosen defensive investment, decisions that must be made now, in a deliberative fashion.
and therefore we can focus intelligence collection on telltales Here, we try to adopt the same problem context as BTRA
of the most-likely and most-lethal attacks. to recoup its estimable investment in risk modeling. But, we
distinguish between (a) strategic investment decisions that
DHS makes that are visible to terrorists, (b) the decision
INTRODUCTION
a terrorist makes to attempt an attack and, finally, (c) the
Since September 11, 2001, the U.S. Department of Home- after-attack mitigation efforts that prudent DHS investments
land Security (DHS) has marshaled significant resources to will have enabled.
0

OCR for page 90

APPENDIX E
Our work applies equally well to any category of threat interceptor platforms to protect against a theater bal-
that concerns DHS enough to warrant investments so signifi- listic missile attack (Brown et al., 2005b).
cant they cannot be hidden from our taxpayers, and thus not
from terrorists, either. Such threats cover biological, tadioac- The message here is that, with experience, we have gained
tive, chemical, and conventional attacks on our infrastructure confidence that these new mathematical methods produce
and citizens, as well as sealing our borders against illegal results that exhibit the right level of detail, solve the right deci-
immigration, and a host of military topics. sion problems, and convey useful advice and insight to policy
The modeling presented here has been motivated and makers. Such capabilities have not been available before.
validated by more than one hundred worldwide infrastructure
vulnerability analyses conducted since 9/11 by the military-
THE MODEL, “MXM”
officer students and the faculty of the Naval Postgraduate
School (Brown et al., 2005a, 2006a). Some of these stud- The Biological Threat Risk Assessment (BTRA) uses
ies have been developed into complete decision-support a descriptive model. Our focus is prescriptive, rather than
systems: descriptive: our models suggest prudent investment and
mitigation plans for biodefense, and we strive to provide a
• Salmerón et al. (2004) have received DHS and Depart- realistic representation of the attack decisions made by an
ment of Energy support to create the Vulnerability of intelligent adversary.
Electric Grids Analyzer (VEGA), a highly detailed, As the defender, we seek to allocate a limited budget
optimization-based decision-support system. VEGA among biodefense investment options to form a defense
can evaluate, on a laptop computer, the vulnerability strategy that minimizes the maximum risk from the actions
and optimal defense of electrical generation and dis- of a terrorist attacker. We might define risk as the expected
tribution systems in the United States, where risk is number of fatalities, or as the expected 95th percentile of
measured as expected unserved demand for energy fatalities, or as any other gauge that appeals. Risk is a some-
during any repair-and-recovery period. what ambiguous term when used to discuss our bilateral view
• We have developed a decision-support system to of conflict between intelligent adversaries, so we hereafter
advise policy makers regarding the interdiction of a substitute “expected damage to the defender.” We assume
proliferator’s industrial project to produce a first batch that an intelligent adversary will attempt to inflict maximum
of nuclear weapons (Brown et al., 2006b, 2007). expected damage. The following, simplified model mini-
• The U.S. Navy has developed a decision-support mizes a reasonable upper bound on expected damage; we
system to optimally pre-position sensor and defensive discuss generalizations later.
• Indices
d∈D defense strategy, e.g., stockpile vaccines A and B, but not C
a∈A attack alternative, e.g., release infectious agent V
m∈M after-attack, mitigation activity, e.g., distribute vaccine A
m ∈ Md mitigation activities enabled by defense option d, e.g., distribute vaccine A, distribute vaccine B
d ∈ Dm defense strategies that enable mitigation activity m
k∈K resource types used by mitigation activities, e.g., aircraft for distributing vaccine, personnel for
administering vaccine
• Data
expected damage if defense strategy d and attack alternative a are chosen, given no mitigation
damaged,a
expected damage reduction of after-attack mitigation effort m, given investment strategy d and
mitigated,a,m
attack a (assumes additive reduction and ∑ mitigationd ,a, m ≤ damaged ,a)
m
total mitigation resource of type k available if defense strategy d is chosen
rk,d
consumption of mitigation resource k provided by defense option d for mitigation activity m
qk,d,m

OCR for page 90

2 DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT
• Decision Variables
1 if defense strategy d chosen, otherwise 0
wd
probability attacker chooses attack alternative a (0 ≤ xa ≤ 1)
xa
fraction of defense strategy d effort devoted to mitigation activity type m
yd,m
• Formulation: MIN-MAX-MIN (MXM) (Defender-Attacker-Mitigator)
∑ damaged ,a wd xa - ∑
z* = min max min (D0)
mitigated ,a, m xa yd ,m
wd yd ,m
xa d ,a d ,a ,m
∑ wd = 1 (D1)
d
∑ xa = 1 ( A1)
a
∑ qk ,d ,m yd ,m ≤ ∑ rk ,d wd ∀k ∈ K (M1)
d ,m d
yd ,m ≤ wd ∀d ∈ D, m ∈ M d (M2)
wd ∈{0,1}, x a ≥ 0, yd ,m ≥ 0 ∀d ∈ D, a ∈ A, m ∈ M d
Description most naturally modeled using integer attacker variables, our
model with continuous attack (ya) variables will at least pro-
The order of appearance of the operators, min, followed
vide a conservative estimate of the defender’s objective; i.e.,
by max, followed by min, in the objective function (D0)
the attacker’s abilities to inflict damage are over-estimated
represents the sequential nature of the decisions we are
by our model.
modeling, from the outside to the inside. The coefficient
damaged,a in the objective accounts for any interdiction ef-
Discussion of MXM
fects that strategy d has on attack a, effects that are indepen-
dent of any mitigation activities. (For example, vaccinating
Figure E.1 depicts a tree showing the sequential actions
emergency and health-care providers falls under the category
of the defender (selecting a defense strategy), the attacker
of “interdiction”: after an attack, no follow-up mitigation
(choosing attack alternatives), and the defender (mitigating
efforts apply to this vaccination.) The right-most minimiza-
damage with resources put in place by the defense strategy).
tion term, over yd,m, subtracts from expected damage if a
(We use the generic term “tree” to represent the sequence of
mitigating effort has been enabled by the defense plan, and if
defender and attacker decisions we model. The “decision
some amount of that mitigation is applied. For simplicity of
tree” of Raiffa [1968] pits a single decision maker against
exposition, we assume that mitigation results are additive and
Mother Nature, while here we have two opponents try-
restricted to sum to some value not exceeding total expected
ing to shape an outcome governed by Mother Nature. The
damage. (See the definition of mitigated,a,m.) Constraint (D1)
term “game tree” [Kuhn, 1953] is a more appropriate term
simply limits the defender to choosing one defense strategy.
for our bioterror situation.) Each defense strategy has an
Constraint (A1) limits the attacker to choosing a mixed at-
immediate effect on the maximum damage of any attack,
tack strategy, which of course admits a pure attack as well.
reflected in damaged,a; it can also enable the capability to
Constraints (M1) are joint resource constraints on mitigation
reduce after-attack damage by as much as mitigated,a,m, if the
efforts; constraints (M2) stipulate that mitigation efforts are
chosen defense strategy permits a full allocation of mitiga-
permitted only if the enabling defense strategy has been
tion resources to mitigation action m. Given a fixed defense
chosen. Constraints (M1) subsume those of type (M2), but
strategy, we assume the attacker will first observe this strat-
we keep these separate for later clarity. The attack variables,
egy and then respond with a mixed strategy over the set of
xa, and the mitigation variables, yd,m, are continuous. If the
possible attacks. As we have said, this might be a relaxation
attacker variables are restricted to be integer (for instance,
of the original optimization problem faced by the attacker,
they might be binary variables indicating whether or not
and therefore grants him or her more attack capability than
the terrorists decide to fully develop and deploy a particular
the attacker really has in this sequential decision-making.
pathogen in an attack), then the resulting analysis becomes
In general we cannot tell how weak this relaxation is, but
significantly more complicated than that which we present
for specific cases (especially those with a moderate number
here. Although dealing with bioterrorist attacks might be

OCR for page 90

APPENDIX E
FIGURE E.1 This tree depicts, left-to-right, a leading
defense strategy choice wd, consisting of component
.
defense investment options, and visible to an attacker,
.
followed by attack alternative choice(s) xa that (each)
.
inflict expected damage damaged,a. Square nodes
indicate defender decisions, and circle nodes indicate
attacker decisions. We only illustrate a mitigation sub-
yd,m tree (yd,m decisions) for one (wd, xa) pair. For a given
xa damaged,a − mitigated,a,m
wd defense strategy wd =1, the optimization recommends
.
.
a mixed attack strategy for the attacker and a mixed
. .
. mitigation response yd,m from the defender. The de-
.
. fense strategy establishes all mitigation resources that
. can be used after an attack. That strategy is seen by
the attacker when he or she develops the attack plan.
Enabled mitigation resources can reduce expected
. damage through -mitigated,a,mxayd,m. (Our conserva-
tive model does not allow the defender to observe
.
the precise type of attack, however, so the mitigation
.
response may not be optimal.)
.
of feasible attacker decisions) we Figure E-1
R01268, can use enumeration to probability distributions yields an objective function that
bound the effect of this relaxation on the optimal objective measures “expected damage.”
function value.
A “mixed attack strategy” means that the optimal at-
Solving MXM
tacker decision includes multiple attacks and then we choose
Temporarily fixing w = w in MXM, we take the linear-
mitigation responses, and this results in some damage that ˆ
can only be estimated, and some part of that estimation can programming dual (hereafter referred to simply as “the dual”)
involve an expectation. (For example, the damage could of the innermost minimizing linear program, using dual vari-
ables αk for constraints (M1), and bd,m for constraints (M2).
involve an expectation taken over a probability distribution
for the time between when an attack is launched to when it This converts the inner “max-min problem” into a “max-max
is discovered.) Thus, integrating damage over one or more problem,” which is a simple maximization:
• Formulation: MAX-ATTACKER-LP (w)
ˆ
∑ damaged ,a wd xa - ∑ rk ,d α k - ∑
zmax = max wd b d ,m
ˆ ˆ
x,
d ,m∈Md
d ,a k
α ,b
∑ xa = 1
s.t. ( A1)
a
∑ qk ,d ,m α k + bd ,m ≥ ∑ mitigated ,a,m xa ∀d ∈ D, m ∈ M d (DM1)
k a
αk ≥ 0 ∀k ∈ K
b d ,m ≥ 0 ∀d ∈ D, m ∈ M d
Now, leaving w = w as shown in MAX-ATTACKER-LP, then release w to vary as before, to achieve the following
ˆ
we take the dual of this linear program, using dual variables integer linear program which is essentially equivalent to
ℜ for constraint (A1) and yd,m for constraints (DM1), and MXM:

OCR for page 90

DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT
• Formulation: MIN-ILP (Defender-Attacker-Mitigator)
zmin = ℜ
min (DILP0)
ℜ,
wd , yd ,m
ℜ ≥ ∑ damaged ,a wd - ∑ mitigated ,a,m yd ,m ∀a ∈ A ( DILP1)
s.t.
d ,m
d
∑ wd = 1 (D1)
d
∑ qk ,d ,m yd ,m ≤ ∑ rk ,d wd ∀k ∈ K (M1)
d ,m d
yd ,m ≤ wd ∀d ∈ D, m ∈ M d (M2)
wd ∈{0, 1}, yd ,m ≥ 0 ∀d ∈ D, m ∈ M d
The optimal solution to MIN-ILP prescribes among other characterizing component investment options in defense
things a choice for the defense strategy, w*, to be implemented strategies.
immediately by the defender, before an attack occurs. Given Damage estimates in Table E.3 include any synergies
optimal incumbent solution w*, we recover the attacker’s among or interference between component investment op-
optimal strategy x* by solving MAX-ATTACKER-LP(w*). tions in each defense strategy preparing for each attack. This
is key. BTRA makes a point of such dependencies, and we
represent these in complete, realistic detail here.
A Numerical Example of MXM
Table E.4 represents estimated mitigation capabilities.
We provide a small numerical example to illustrate the These mitigation estimates correspond to a single, “full-
features of MXM. strength” mitigation effort being applied to a single attack
We introduce a number of defensie inestment options, alternative. If the attacker chooses a mixed attack strategy,
programs that can be composed in groups into defense we may need to spread mitigation effort across multiple ac-
strategies. Table E.1 displays defensive investment options tivities, reducing the expected effectiveness of each activity
and costs. accordingly.
In our example, the defensive investment options are de- The choice of defense strategy is limited by a total bud-
noted “i01,” “i02,” and “i03.” From this set, policy makers get, which we vary over the integers from 0 to 11. We allow
have determined 6 combinations that comprise the subset full employment of either mitigation effort, or any convex
of admissible defense strategies whose implementation will combination of them.
depend on the available budget; see Table E.2. Table E.3 dis- Because the defender is minimizing the optimal objec-
plays expected damage resulting from each defense strategy tive function value of a maximization problem, the optimal
and each attack alternative, i.e., the terms damaged,a.
Figure E.2 illustrates the generic relationship relating
investment options to the ability to reduce expected dam-
age from any terrorist attack before it is carried out, and/or TABLE E.2 Defensive investment options in each
mitigate damage after an attack occurs. This is a complicated potential defense strategy.
function, neither convex nor concave, but our sampling Investment options
of representative points can be used to represent this in i01 i02 i03
Defensive d00
strategies d01 x
d02 x
d03 x
TABLE E.1 Defensive investment options and costs.
d04 x x
i costi d05 x x
i01 2
Strategy “d00” makes no investment at all. Defense strategy “d05” includes
i02 3
investment options “i02” and “i03.” Logical, political, or other consider-
i03 5
ations preclude some of the strategies, for example, {“i01,” “i03”}. The
total available budget, not yet specified, can also preclude certain strate-
For example, option “i03” costs 5. Total budget, logical, and perhaps po-
gies. For instance, {“i02” and “i03”} cannot be selected if the total budget
litical considerations will limit the combinations of these options that can
comprise admissible defense strategies is less than 8.

OCR for page 90

APPENDIX E
12
10
Expected Damage
8
6
4
2
0
0 5 10 15 20 25 30
Investment Option Cost
FIGURE E.2 The purpose of Department of Homeland Security defensive investment options is to reduce expected damage before an attack
occurs, and/or allow mitigation of expected damage after one occurs. The generic relationship illustrated here conjectures little to no effect
at low investment levels, followed by increased effectiveness, and eventually leveling off with diminishing returns. The triangles represent
points we might use as alternate investment options to adequately represent the entire function.
R01268, Figure E-2
TABLE E.3 Expected damage resulting from each defense solution invests to reduce the expected damage, given future
strategy (row) and each attack alternative (column), mitigation capability, of the most-threatening mixed attack.
accounting for interdiction but not mitigation. This requires that the defender invest in a defense strategy
that enables him or her to mitigate several very-damaging
attacks, and not just the worst one.
a01 a02 a03
Figure E.3 shows minimized maximum expected damage
d00 10 10 10
as a function of total defense budget, and Table E.5 summa-
d01 10 5 7
rizes the solutions for each budget break-point. For instance,
d02 6 8 7
with a budget of 3, the optimal defense plan in MXM is to
d03 6 6 6
d04 4 3 5 choose defense option “d02.” The terrorists’ optimal attack
d05 5 5 4
is a mixed strategy, with a probability of 0.50 of choosing
“a02” and probability 0.50 of choosing “a03.” The result-
(This table gives the values for damaged,a for MXM. We use integral data
ing expected damage, after mitigation, is 6.5. Analysis of
to permit reproduction of our results.)
this simple case reveals that we have optimally allocated
our mitigation effort among the two worst attacks, reduc-
ing the expected damage in each attack to the same value,
6.5. We can do no better than this, given our conservative
TABLE E.4 (A, left; B, right) Maximum expected damage
approximation.
reduction from a mitigation activity enabled (prior to an
attack) by a defense strategy (and applied after an attack).
Generalizing Beyond Tri-level Decision Problems
m = m1 a01 a02 a03 m = m2 a01 a02 a03
The DHS biological threat risk assessment (BTRA) con-
d00 0 0 0 d00 0 0 0
sists of an 18-stage probability risk assessment tree, where
d01 1 0 0 d01 1 0 0
each decision has been replaced by an a priori probability, as
d02 0 1 1 d02 0 2 0
shown in Chapter 3 of this report. In the case of the each op-
d03 0 0 1 d03 0 0 1
d04 1 1 1 d04 0 1 2 ponent, these probabilities are determined by subject-matter
d05 0 1 1 d05 0 0 2
experts assessing how terrorists might make each decision,
and how well DHS will do thwarting a bioagent attack at
These tables specify mitigated,a,m for MXM, for each of two mitigation
options (Table E.4.A, “m = m1,” and Table E.4.B, “m = m2”), for each
some intermediate stage of its development.
combination of defense and attack. For example, with defense option “d04”
We could instead model the BTRA as a 19-stage defender-
and attack “a03,” if we choose mitigation “m = m1” we reduce the damage
attacker-defender model, with a new stage zero describ-
by one unit, but if we choose mitigation “m = m2” we reduce the expected
ing how DHS can invest in strategic biological defense
damage by two units (circled values).

OCR for page 90

DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT
12
10
8
Expected Damage
6
4
2
0
0 2 4 6 8 10
Defense Budget
FIGURE E.3 Expected damage as a function of defense budget. This display is for policy makers: as we devote more and more defense
budget, we achieve less and less expected damage. Because the defender’s investment options here are discrete, each improvement appears as
a staircase drop as soon as sufficient budget permits some new, improved cohort of investment defense options, i.e., a new defense strategy.
The law of diminishing returns is evident: expected damage reduced by each budget dollar decreases as budget increases. Policy makers can
usually put their finger on the spot that appeals in an illustration such as this, perhaps based on criteria not part of the underlying modeling.
The uppermost, solid line displays the expected damage when all mitigationd,a,m values are set to zero (i.e., we have no mitigation capabil-
R01268, Figure E-3
ity) and only consider the expected damage from adopting a defense strategy, and then suffer the worst-case attack per expected damage in
Table E.3. The dashed line illustrates the expected damage from MXM, the tri-level optimization.
strategies, and each of the intermediate stages represented investment decisions to minimize expected damage assuming
by a set of decision variables that prescribe attacker or de- each opponent makes the optimal decision at each node of the
fender behavior, and solve a multi-stage defender-attacker- corresponding tree. To fully represent the sequential nature
defender(-attacker-...) model to determine optimal stage-zero of these decisions, we would require all decisions (except
maybe those in the final stage) to be modeled with integer
variables. However, solving such a model for just two stages
of integer decisions is difficult.
TABLE E.5 For each budget just sufficient to afford a
We do not have the technology to handle three, much less
new defense strategy, we show the Defender-Attacker
solution and expected damage (i.e., for MXM with y = 0), 18, stages of alternating integer decisions. Allowing continu-
ous decision variables in each of the stages except stage zero
the Defender-Attacker-Defender solution (for MXM) and
(our defense decision variables) would again be a relaxation
expected damage.
of the restrictions on the attacker, and could, in some cases,
MXM with y = 0 MXM
yield extremely weak bounds on our defensive capability.
Budget w x wx y
z* z*
We now show in the case of a two-stage model how this
0 d00 a01 10 d00
a01 — 10
2 d01 a01 10 d01
a01 m01 9 relaxation from integer to continuous variables reduces the
3 d02 a02 8 d02
a02(.50) m01(.50) 6.5
sequential decision problem to a simultaneous two-person
a03(.50) m02(.50)
zero-sum game.
5 d04 a03 5 d04 a01(.50) m01(.50) 3.5
Consider the bi-level, attacker-defender, max-min optimi-
a03(.50) m02(.50)
For example, with a budget of 3, the optimal defense strategy in MXM is zation formulation: (ALDL), where the subscript “L” denotes
“d02.” The terrorists’ optimal attack is a mixed strategy, choosing alternative
a linear program (i.e., continuous decision variables, and
“a02” with probability 0.50, and “a03” with probability 0.50. We anticipate
objective and constraints that are linear in those decision
responding accordingly with “m01,” the optimal response to “a01,” with the
variables):
same probability (0.50), and similarly with “m02” with probability 0.5. The
resulting expected damage, after optimal mitigation in each case, is 6.5.

OCR for page 90

APPENDIX E
– –
(ALDL) We observe that (ALDL) and (DL AL) are linear program-
ming duals of each other, and thus (assuming both are
[ dual variables ]
g T x + x T Qy + cT y
max min feasible) have the same optimal objective-function values,
y
x
which is the same as the optimal objective value of (ALDL).
[π ] ( B1)
≤b
s.t. Ax Therefore, the sequence in which the decisions are made
[μ] ( B2 )
≥d (either attacker first, followed by defender, or defender first,
Dy
followed by attacker) has no impact on the optimal objective-
x≥0
function value.
y≥0
We have therefore proved the following:
(ALDL) is a more general version of the model used by
Fulkerson and Harding (1977) and Golden (1978) for their Theorem 1: For any attacker-defender model in the
work on continuous network interdiction models. form (ALDL), we can exchange the order of deci-
sions without affecting the optimal objective function
Take the dual of the inner (defender, “y”) problem in value.
(ALDL):
Theorem 1 is a simple extension of von Neumann’s
–
(ALDL) (1928) minimax theorem for polyhedral feasible regions
using a proof technique similar to Ville (1938), but using
+d T μ
gT x
max
the more modern technology of linear programming duals
x ,μ
directly. This exchange argument, along with the observation
[π ] ( B1)
≤b
s.t. Ax
that any two consecutive decision stages controlled by the
[ y] ( D2)
)
-Q T x DT μ ≤c same decision maker are equivalent to a single stage (since
x≥0 both stages are either a maximization or both are a minimi-
zation over a set of decision variables, this is equivalent to
μ≥0
a single maximization, or minimization, over all of those
This is our standard way to convert a “max-min” problem, variables simultaneously), can be repeated for any number of
for which there is no conventional optimization method, into consecutive stages with continuous decision variables. The
an equivalent “max-max” problem that is nothing more than final model obtained in this manner is a simple maximization
a conventional linear program. or minimization problem.
Now, reverse the order of play in (ALDL) to (DLAL): Specifically, if we were to apply this to the 18-stage
BTRA model (i.e., the model we would solve for any fixed,
(DLAL) known defense decision in stage zero), we would aggregate
adjacent attacker stages (and adjacent defender stages, if
[ dual variables ]
g T x + x T Qy + cT y
min max
there are any) and reduce the 18-stage BTRA tree to 8 stages.
y x
[π ] ( B1) We would then require that all decision variables be continu-
≤b
s.t. Ax
ous, and then swap adjacent defender-attacker pairs of stages
[μ ] ( B2 )
≥d
Dy until we obtain a model having all of the attacker decisions
x≥0 in stage 1 and all of the defender decisions in stage 2. This
resulting model is equivalent to model (ALDL), above, and
y≥0
hence is equivalent to a simultaneous game.
This variation on (ALDL) is formulated as if the defender
The optimal solution would prescribe mixed strategies
makes a decision first.
for the attacker and defender, eliminating the sequential
Take the dual of the inner, attacker, (“x”) problem in
nature of the real decisions that must be made. In general,
(DLAL):
the results from such an analysis might not be very accu-
– rate, as every relaxation of a block of integer variables to
(DL AL)
continuous and the subsequent interchange and aggregation
of adjacent stages can result in a significant relaxation of
bT π +cT y
min
y,π attacker restrictions; in some models these approximations
[x] ( D1) could get significantly less informative with each additional
AT π -Qy ≥g
s.t.
stage exchanged in this manner.
[μ ] ( B2 )
≥d
Dy
However, if the sequencing of two adjacent attacker-
π≥0 defender stages is not a critical component of the formula-
y≥0 tion, then the optimal solution of the relaxation might not be
far off from that of the original model. As a simple example,
This formulation is equivalent to (DLAL), and is also a linear
if the attacker chooses which pathogen to load into a truck,
program.

OCR for page 90

DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT
and the defender then chooses whether or not to emplace ning industrial and military operations that precisely mimic a
transportation blockades, relaxing the decision variables and bioterror-agent production program, or a defense plan.
exchanging these two stages might not be as significant a re- We recommend eliciting from SMEs an explicit assess-
laxation as in a situation where the attacker decides whether ment of the resources and capabilities of each opponent, and
or not to release a pathogen, and the defender then chooses the way and rate at which various alternate activities would
whether or not to employ his stockpile of a certain vaccine consume these. This is, in fact, the way that the BTRA
that can treat the attacker’s pathogen. In the former case reports that the SMEs explained their reasoning to support
the blockades will work against the truck regardless of the probability assessments. We advise using these technologi-
pathogen chosen, while in the second example committing cal estimates as explicit inputs, and letting MXM determine
to use the vaccine before a pathogen is released is clearly a attacker mixed-strategy probabilities and expected conse-
bad idea, and allows the attacker to cause significantly more quences as outputs. This would be much more transparent
damage. modeling, provide better documentation, and be less likely to
be influenced by poor SME guesses about high-dimensional
decisions governed by complicated resource limitations.
How to Generalize BTRA to a Decision Model
This also avoids the current step where SMEs convert ca-
Prescribing Defense Investments
pabilities assessments into just a few discrete, qualitative
probability classes (e.g., “not likely” = 0.2, “likely” = 0.5,
If we are to leverage the considerable effort that went
“very likely” = 0.8).
into the development of the BTRA, we must use the data
obtained, and elicit subject-matter-expert input, to develop The initial linear integer program and subsequent pair of
a two- or three-stage sequential decision model of defensive linear programs afford us a great deal of flexibility and fidel-
investments, attacks, and mitigation responses such that the ity in describing the actions of each opponent, and we can
relaxation obtained by allowing continuous attacker vari- solve these at very large scale with off-the-shelf optimization
ables, as in MXM, is at least a reasonable approximation. software. Also, solutions to such optimization models can be
If we are successful in our new modeling effort, then analyzed to discover the “why” as well as the “what” of each
the decisions at each stage except our new stage-zero will plan. Powerful, effective sensitivity and parametric analysis
be continuous (and, more specifically, interpreted as mixed techniques are well known for these optimization models.
strategies), but now the values of these mixed-strategy prob- We represent defensive investment strategy selection
abilities will be prescribed by the optimization model: for simply, as we think realistic and politically palatable during
the stage under control of the terrorists, these will represent this early phase of homeland security capital planning. We
the worst-case mix of attack decisions the terrorists can de- anticipate that this will eventually mature to more closely
ise; in the mitigation stage, under DHS control, these will resemble classic military capital planning (e.g., Brown et
represent the best response to each of the attacker’s possible al., 2004).
decisions in the previous stages. We present a deterministic model that minimizes the max-
It is not lost on us that some of the BTRA probabilistic imum expected risk. If stochastic evaluation proves essential,
risk assessment tree’s probabilities exhibit dependence on our model can be used within a simulation. Banks and An-
the outcomes of some prior stages in the tree. A reformu- derson (2006) demonstrate such exogenous simulation with
lation to a two- or three-stage sequential decision model a two person, zero-sum game. Tintner (1960) shows this for
would necessarily require some reworking of these data. For a linear program. Our integer linear program is amenable to
brute-force permutation of (potentially aggregated) stages, such simulation.
we could unwind the conditional probabilities with Bayes’
theorem (just as DHS already does when it splits the single
Secrecy in Planning
BTRA tree into 28 independent trees, one for each bioagent,
where selection of bioagent is the third terrorist stage in the If, as the defender, we strongly believe that we are able to
original tree). conceal some of our defensive capability from the attacker,
However, we hope to move away from subject-matter- then the transparency of model MXM is likely to be inap-
expert (SME) elicitations of highly dependent probabilities propriate for determining optimal defense decisions. Instead,
as follows. These dependencies are presumably due to the we find ourselves in an asymmetric conflict: the attacker and
influence of prior stages on the state of the terrorist (or DHS) the defender do not agree on the objectie function. This
in terms of exhaustion of limited resources. MXM would more general case falls in the domain of bilevel and multi-
explicitly guide strategic defensive investment in stage zero, level programming (see, for example, Candler and Townsley
and subsequently offer all the explicit resource-limiting [1982], Bard and Moore [1992], and Migdalas et al. [1998]),
features of a linear program for all the attacker decisions, and the associated mathematical models are more difficult to
and in parallel all the defender’s mitigation decisions that solve than those we have presented here.
consume the mitigation resources provided by stage zero. In an extreme case, for example, we might believe that
Linear programming has long been widely applied to plan- even though the attacker can observe our strategic defensive

OCR for page 90

APPENDIX E
investments, he or she is completely unaware of our mitiga- the mitigation efforts do not produce drastically different
tion capabilities. We could then assume that the attacker results from each other relative to the defense-and-attack
will make decisions based only upon the damaged,a values, combination they are applied to), it makes no sense to take
whereas, given that we are perfectly aware of our mitigation extreme measures to conceal our mitigation capability. In
capabilities, we will make our investment decisions based fact, we should broadcast it widely, in hopes that it will deter
on damaged,a-mitigated,a,m values. This would be formu- attacker efforts.
lated as a tri-level integer programming model, the most However, in the case where our mitigation capabilities are
general versions of which are difficult to solve. However, much more (or less) effective for one (or a small number of)
a straightforward heuristic for solving our problem would attacks than for the rest, and this fact fundamentally changes
solve an attacker-defender version of the problem with no the worst-case attack decision for each of our defense op-
mitigation options (i.e., by fixing yd,m = 0), and then choose tions, then we conjecture that we should conceal this capabil-
the optimal mitigation decision for whatever defense and ity to maintain our advantage (or conceal our weakness) for
attack decisions are made. that attack, and hopefully “shape” the attacker’s decisions
Clearly this can lead to a suboptimal defense investment, toward the attacks that we are more capable of handling.
especially when there are defense options that do not directly However, every situation is different, and it is extremely
reduce expected damage (i.e., damaged,a might be high hard to predict what the effect any given “secrecy policy”
for those defenses) but that enable mitigation efforts that will have on the optimal outcome, much less on the actual
are significantly more effective than those available under attacker behavior. More research in this area is required.
other defensive investments. We can use the stockpiling
of a vaccine as an example; creating the stockpile will not
Solving MXM at Very Large Scale with Decomposition
reduce the damage of any attack, but the mitigation activity
of distributing the vaccine and inoculating the susceptible Although we have solved large attacker-defender models
population can be extremely effective. In this case, the of the same form as MXM (Brown et al., 2005b), if instances
optimal defense and the resulting worst-case attack damage of MXM become too large to solve using commercial off-
can differ significantly from the myopic defense. There are the-shelf integer linear programming software, we can use
other, more effective heuristics for multilevel optimization (and have used) a version of Benders decomposition (e.g.,
in the literature, the breadth of which is beyond the scope Bazaraa, Jarvis, and Sherali, 1990, pp. 366-367) to solve
of this appendix. MIN-ILP, with integer stage-zero investment decisions and
In the case where the “secret” objective values maintain continuous mitigation decisions in the master problem, and
the same relative ranking between each pair of feasible the resulting attacker LP subproblems. Israeli and Wood
defense and attack combinations as discloseded by the (2002) explicitly develop such a decomposition for the case
“public” objective function, then the optimal defense and of shortest-path network interdiction problems.
resulting worst-case attack do not change. For example, if We modify MIN-ILP, replacing equations (DILP1) with
the mitigation effects mitigated,a,m are always a fixed percent- a set of constraints (DILP-CUTS), and calling the resulting
model MIN-ILP-DECOMP({ˆ N}), where {ˆ N} represents
age of damaged,a, then the optimal defensive investments, x x
and the corresponding worst-case attack, will be the same, the set of all attacker plans from completed decomposition
iterations: {ˆ N} ≡ {ˆ n, n = 1,…, N}.
and the overall expected damage will be reduced by that x x
fixed percentage. In this case (and similar cases, in which
ℜ ≥ ∑ damaged ,a wd xa - ∑
ˆn n = 1,..., N
ˆn (DILP-CUTS) .
mitigated ,a, m x a yd ,m
d ,a d ,a ,m
The complete decomposition algorithm is as follows:
• Algorithm DHS-MXM-DECOMP
Input: Data for bio-terror defense problem, optimality tolerance e ≥ 0;
Output: e-optimal (MXM) defender plan (w*,y*);
1) Initialize best upper bound zUB ← ∞, best lower bound zUB ← 0, define the incumbent, null (MXM) defender
plan (w* ← w1 ≡ "d00",y* ← y1 ← 0) as the best found so far, and set iteration counter N ← 1;
ˆ
2) Subproblem: Using w = w N, solve the linear program subproblem MAX-ATTACKER-LP (ˆ to determine the
ˆˆ w)
optimal attack plan x N; the bound on the associated total expected target damage is zmax(ˆ N);
ˆ x
3) If (zUB > zmax (ˆ N) ) set zUB ← zmax (ˆ N) and record improved incumbent MXM defender plan
x x
(w*, y*) ← (ˆ N, y N);
wˆ

OCR for page 90

00 DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT
4) If (zUB - zLB ≤ e) go to End;
5) Given attack plans {ˆ N}, attempt to solve master problem MIN-ILP-DECOMP({ˆ N}) to determine an
x x
optimal defender plan (ˆ N+1, y N+1). The bound on the total expected target damage is zmin(ˆ , y );
w ˆ wˆ
6) If zLB < zmin(ˆ , y ) set zLB ← zmin(ˆ , y );
wˆ wˆ
7) If (zUB - zLB ≤ e) go to End;
8) Set N ← N + 1 and go to step (2) (Subproblem);
9) End: Print “(w*, y*) is an e-optimal (MXM) defender solution,” and halt.
[18]. The first attacker event sequence addresses selection of
The optimal attacker plan x* can be recovered by solving
agent, target method of dissemination, and acquisition; the
MAX-ATTACKER-LP(w*).
next attacker sequence involves details of agent production
Each instance of MAX-ATTACKER-LP(ˆ is a linear w)
and processing; the following attacker sequence describes
program of a form we expect to be easy to solve even at
transport and storage; and the last estimates repeated attacks.
large scale.
MIN-ILP-DECOMP({ˆ N}) is easy to solve, but might get These attacker sequences are interrupted by opportunities
x
for the defender to interdict. The last stage [18] represents
more challenging if embellished with too many more linear
Mother Nature influencing consequences. For our purposes,
constraints. For a difficult instance, or at very large scale, we
can solve MIN-ILP-DECOMP({ˆ N}) with an approximate, there are merely four alternations from attacker to defender,
x
but very fast heuristic, and our decomposition is still valid. followed by one truly random event governed by Mother
The iterative behavior of the decomposition is instruc- Nature at the end.
tive. Set a defense plan, and observe the attack response. Set Second, we decide how to reckon damaged,a as a function
another defense plan that is robust with respect to the attack of defense strategy d and attack alternative a. This is not a
response observed, and then observe another attack response. glib statement, but rather a meta-design guide to return to the
As such iterations continue, the defender learns more about foundations of BTRA and critically review the assumptions
the attacker, and refines his defense plan accordingly. Ulti- of sequence-dependence and level of detail.
mately, the defender learns enough to declare that his best In theory, this could be achieved by setting a defender
defense plan is (e-) optimal against the best possible attacker option d, and estimating the consequences of this action on
plan, and attains a mathematical certificate of the quality of BTRA for each pure attacker response. This is no harder than
his defense preparations. (See Table E.6.) for BTRA, and if we concentrate on estimating damaged,a
The decomposition mathematically represents two op-
posed sets of subject-matter experts: a Blue Team (defender),
and Red Team (attacker). The decomposition iterations
mathematically mimic a wargame between these opponents, TABLE E.6 Decomposition iterations reveal learning by
where the defender suffers the disadvantage of not being able opponents. Here, the defender starts with defense strategy
to hide the defense strategy, but the players play the game “d00” (do nothing), the attacker responds with his most-
again and again, honing their respective strategies, until damaging alternative “a03” inflicting damage 10.
neither opponent can improve.
At ultra-large scale, we can nest decompositions. We do Defense Lower Attack Upper
Iteration Strategy Bound Alternative Bound
not anticipate this will be necessary for this application.
We have implemented MXM and our decomposition al- n MIN-ILP- MAX- Mitigation
zLB zUB
DECOMP ATTACKER-
gorithm for solving it in GAMS (2007). All model instances
LP
have been solved optimally. The complete implementation
1 “d00” 0 “a03” 10 “m01”
is available from the authors. 2 “d05” 2 “a01” 5 “m02”
3 “d04” 3.5 “a01”(0.5) 3.5 “m01”(0.5)
“a03”(0.5) “m02”(0.5)
How Do We Get Here from a Descriptive
Risk Assessment (e.g., DHS BTRA)? Subsequent iterations adjust defense strategy based on elicited attacker
behavior, until neither opponent can take another turn for any further
First, we must recognize and accept that each event-tree improvement. Our subject-matter experts (SMEs) are now optimization
path in the BTRA consists almost exclusively of a set of models. The last iteration yields the same optimal solution as shown in
Table E.5. Instead of using a “do-nothing” solution to initialize the algo-
decisions—these are not random events. There are 18 succes-
rithm, we can just as easily take any feasible incumbent proposed by any
sive “events” in the National Research Council rendition of
decision maker as our first attempt: the algorithm will evaluate this solution,
BTRA (see Tables E.3 and E.4). From start to finish, we show and then either obtain a certificate of its optimality, or find a better incum-
each event number, using parentheses to distinguish defender bent. This is the distinguishing advantage of viewing these decomposition
actions, and brackets for Mother Nature at the end: the BTRA algorithms as “learning” methods that iteratively improve upon an incum-
bent, possibly suboptimal, solution.
event sequence is 1-5; (6); 7-11; (12); 13; (14-15); 16; (17);

OCR for page 90

0
APPENDIX E
as a function of defense option d and a more palatable (i.e., (c) Are part of an integrated weapons of mass destruction
consequence management approach informed by current risk
unlike BTRA, a less minutely-detailed and less overwhelm-
assessments of threats, vulnerabilities, and capabilities; and
ingly numerous) set of attack alternatives a, we would
create a risk-calculation engine that is at once credible and (d) Include the development of effective, feasible, and prag-
efficient. matic concepts of operation for responding to and recovering
By whatever means, we must estimate damaged,a for each from an attack. (The White House, 2007)
defense option d and each attack alternative a. If we cannot
estimate risks at this fidelity, we hae no business doing risk We can see from these policy directives that the highest-
analysis. level DHS problem is planning inestments—huge invest-
We would prefer to be able to choose a number of defense ments—to prepare to mitigate the consequences of any
strategies, rather than just one. But, current risk analysis pro- attack.
duces a single damage estimate distribution for each attack The material presented here follows both the letter and
scenario. We assume these damage estimates are neither ad- the spirit of this direction.
ditive nor separable between and among attacks, so we must
rely on the simplified risk analysis we have. Accordingly,
REFERENCES
we endow each defense strategy with the number of defense
investment options reflected in each BTRA path. Banks, D., and S. Anderson. 2006. “Combining Game Theory and Risk
Analysis in Counterterrorism: A Smallpox Example.” Pp. 9-22 in A.
Our attack alternatives have not specified any particular
Wilson, G. Wilson, and D. Olwell (eds.), Statistical Methods in Coun-
agent. Our methods can accommodate attacks by classes terterrorism. New York: Springer.
of agents that include engineered and future agents not yet Bard, J., and J. Moore. 1992. “An Algorithm for the Discrete Bilevel Pro-
known. gramming Problem.” Naal Research Logistics 39(3):419-435.
Solving the tri-level model achieved here isolates an op- Bazaraa, M.S., J. Jarvis, and H.D. Sherali. 1990. Linear Programming and
Network Flows. New York: Wiley.
timal defense strategy, and all its component investment op-
Brown, G., R. Dell, and A. Newman. 2004. “Optimizing Military Capital
tions. Because this optimal strategy dominates every attack Planning.” Interfaces 34(6):415-425.
by any agent, we have presented an intrinsic risk analysis Brown, G., M. Carlyle, J. Salmerón, and K. Wood. 2005a. “Analyzing the
that highlights the most-critical, achievable defense strategy. Vulnerability of Critical Infrastructure to Attack, and Planning De-
We can trivially rule out this best strategy, and solve for the fenses.” In H. Greenberg and J. Smith (eds.), Tutorials in Operations
Research: Emerging Theory, Methods, and Applications, Hanover, Md.:
second-best, and so forth. This renders an explicit, unam-
Institute for Operations Research and Management Science.
biguous prioritization of defense strategies. Brown, G., M. Carlyle, D. Diehl, J. Kline, and K. Wood. 2005b. “A Two-
Sided Optimization for Theater Ballistic Missile Defense.” Operations
Research 53(5):745-763.
Mere Probabilistic Risk Assessment Is Not Enough Brown, G., M. Carlyle, J. Salmerón, and K. Wood. 2006a. “Defending
Critical Infrastructure.” Interfaces 36(6):530-544.
What we are proposing here responds directly to the
Brown, G., M. Carlyle, R. Harney, E. Skroch, and K. Wood. 2006b.
explicit language of HSPD-10 (The White House, 2004): “Anatomy of a Project to Produce a First Nuclear Weapon.” Science
“the United States requires a continuous, formal process for and Global Security 14(2/3):163-182.
conducting routine capabilities assessments to guide priori- Brown, G., M. Carlyle, R. Harney, E. Skroch, and K. Wood. 2007. “Inter-
tization of our on-going investments in biodefense-related dicting a Nuclear Weapons Project.” In review.
Candler, W., and R. Townsley. 1982. “A Linear Two-Level Programming
research, development, planning, and preparedness.”
Problem.” Computers and Operations Research 9(1):59-76.
Further, we could not agree more with this: “Successful DHS (Department of Homeland Security). 2006. Bioterrorism Risk Assess-
implementation of our program requires optimizing critical ment. Biological Threat Characterization Center of the National Biode-
cross-cutting functions” (The White House, 2004). fense Analysis and Countermeasures Center. Fort Detrick, Md.
Recently, HSPD-18 (The White House, 2007) has further Fulkerson, D.R., and G.C. Harding. 1977. “Maximizing the Minimum
Source-Sink Path Subject to a Budget Constraint.” Mathematical Pro-
clarified our direction: “optimize the investments neces-
gramming 13(1):116-118.
sary for medical countermeasures development, and ensure GAMS (General Algebraic Modeling System). 2007. “General Algebraic
that our activities significantly enhance our domestic and Modeling Language GAMS.” Available at http://www.gams.com/. Ac-
international response and recovery capabilities.” Further: cessed January 12, 2007.
“Mitigating illness and preventing death are the principal Golden, B. 1978. “A Problem in Network Interdiction.” Naal Research
Logistics Quarterly 25(4):711-713.
goals of our medical countermeasure efforts.”
Israeli, E., and R.K. Wood. 2002. “Shortest-Path Network Interdiction.”
Moving beyond mere descriptive risk analysis, we want Networks 40(2):97-111.
to address: Kuhn, H. 1953. “Extensive Games and the Problem of Information.” Pp.
193-216 in H. Kuhn and A. Tucker (eds.), Contributions to the Theory
(a) Target threats that have potential for catastrophic impact
of Games, Vol. II. Princeton, N.J.: Princeton University Press.
on our public health and are subject to medical mitigation; Migdalas, A., P.M. Pardalos, and P. Varbrand. 1998. Multileel Optimiza-
tion: Algorithms and Applications. Dordrecht, Germany: Kluwer.
(b) Yield a rapidly deployable and flexible capability to ad-
Raiffa, H. 1968. Decision Analysis. Reading, Mass.: Addison-Wesley.
dress both existing and evolving threats;

OCR for page 90

02 DEPARTMENT OF HOMELAND SECURITY BIOTERRORISM RISK ASSESSMENT
Salmerón, J., K. Wood, and R. Baldick. 2004. “Analysis of Electric Grid The White House. 2004. Homeland Security Presidential Directive 10
Security Under Terrorist Threat,” IEEE Transactions on Power Systems [HSPD-10]: Biodefense for the 2st Century. Available at www.fas.
19(2):905-912. org/irp/offdocs/nspd/hspd-10.html. Accessed January 16, 2008.
Tintner, G. 1960. “A Note on Stochastic Linear Programming.” Economet- The White House. 2007. Homeland Security Presidential Directive 18
rica 28(2):490-495. [HSPD-18]: Medical Countermeasures Against Weapons of Mass
Ville, J. 1938. “Sur la theorie generale des jeux ou intervient l’habilite Destruction. Available at www.fas.org/irp/offdocs/nspd/hspd-18.html.
des joueurs.” Pp. 105-113 in E. Borel et al. (eds.), Traite du calcul des Accessed January 16, 2008.
probabilites et de ses applications, Vol. II. Paris: Gautheir-Villars.
von Neumann, J. 1928. “Zur Theorie der Gesellshaftsphiele.” Annals of
Mathemetics 100:295-320.