Complex-system decision framework for managing risks to rail stations at airports from terrorist threats

This paper describes a risk-based decision-making framework aimed at helping stakeholders of transport infrastructure to allocate (limited) resources eﬀectively, in order to mitigate the risk of a terrorist attack. The framework is used to model the security system, to consider a multitude of threat scenarios and to assess the decisions taken by the aggressors during the various stages of their attack. One of the key notions presented is the state of partial neutralization, which reveals the losses that incur when the terrorist does not reach the primary target. A rail station of an airport is used as an example to demonstrate this framework.


Introduction
Civil The terrorist attacks of September th, in the United States, inflicted heavy economic losses and, numerous casualties, and the unprecedented effects that followed these attacks have prompted policy makers and the public to make considerable efforts towards the development of tools and approaches that estimate the risk of terrorism and aid with the implementation of security policies to reduce this risk.Furthermore, many potential attack scenarios have been proposed, and a large number of responses have been employed or advised [ ].A better comprehension of the actions of terrorists and the way they select certain targets of attack can aid in making the decisions and helping the security designers to allocate resources in the fight against terrorism [ ].To face the challenge of terrorism, new analytical methods and new institutional arrangements must be elaborate, as per Making the Nation Safer, a report by the National Research Council [ ]. Infrastructure is not an independent system but rather is linked with other interdependent systems.A failure of the electrical power grid, for example, may affect not only the energy sector but also in a cascading effect may result in the collapse or severe disruption of transportation, telecommunications, public health, and banking and financial systems of the country [ ].As the infrastructure is typically complex, and many issues can arise during the decision-making process, a risk management framework is required to acknowledge all the parameters and uncertainties involved.Modelling risk and decision frameworks is appropriate for risk managers to derive the most suitable risk management measures [ ]. Decision analysis as a subset of decision notions has been known of since (Howard and Matheson, ).Decision analysis recognises the three main features associated with all decisions: risks, benefits, and costs.[ ] showed the cost-benefit analytical method has a wide range of applications (economics, finance, probability, reliability etc.)The effect of all these fields on decision boost is well defined in the literature e.g., [ -].Many methods have been devised in an attempt to model and assess the efficiency of counter-terrorism procedures.Some of these methods involve game-theoretic approaches which are used to model how intelligent attackers and defenders interact.Another set of methods is based on probabilistic risk assessment or PRA.PRA has been used to evaluate the risks associated with complex engineered entities and it recently started being used to assess terrorism risk.Moreover, PRA aids analysis and decision-maker to understand and describe the risks which is predict the probable consequences [ ].We presented [ ] the framework for Managing Risk to deal with the risk analysis of situations where considering the state of partial neutralization of an attacker means the likely loss incurred in two scenarios can be estimated.In the first scenario the attacker would be successful in the attack on the primary target while in the second one, in spite of failing to reach his primary target, they would still cause significant damage to the infrastructure, threaten human life and affect the financial market.By breaking down a security system into individual layers, each with their own probabilities of an attacker being detected, engaged and neutralized an accurate model can be obtained.In addition, it is also assumed that the terrorists are rational and would try to maximize their chances of succeeding with the attack.In this paper, the security improvement of an airport rail station will be used to illustrate the effectiveness of the proposed and then deals with cost assessment for mitigating the total risk and cost-effectiveness of the measures as a futur work.

Security risk analysis
The proposed framework breaks down the risk analysis into five main process components as shown in Fig. below, where a separation of these main components reveals the key risk providers and the critical parameters that add to the uncertainty and form a framework for critical asset and processes for risk analysis [ -]  .Consequence and criticality assessment this assessment provides the estimated losses of a successful attack.In the area of counterterrorism the term loss has various meanings, such as damage to the environment, human casualties, impact on society, as well as economic losses either direct or indirect due to physical damage, interruptions of business and financial market insecurity.These different types of losses can be estimated using game-theoretic methods and modeling means such as event trees, fault trees and decision trees.In order to assess the efficiency of the various countermeasures, all these losses are converted to a single value which reflects the financial loss by pricing casualties with insurance data.
. Security vulnerability assessment to understand and measure the impact of threats such as terrorism, the risk analysis and evaluation of threats and vulnerabilities are significant methods and thus the output is very valuable information for decision makers to select the optimal countermeasures to manage threats.The third step of this risk analysis reveals the probability that a terrorist is successful in attacking their target with the condition that they initiated the attack.By combining this probability with the estimates of possible losses of key assets conditioned on the success of the attack, the main conditional expected loss associated with a scenario is revealed.The successful attack is based on the terrorist's ability to defeat the security system.The defensive system comprises of a number of sequential steps: detection of the attacker, engagement upon detection and neutralization upon engagement (see Fig. ).Each security zone is represented by specific components used for detection, engagement and neutralization.Therefore, in security zone i the probability that the defenders engage the attacker upon detection would be P Di , the probability that the defenders engage the attacker in security zone i upon detection in security zone j is represented by P Ei|Dj , and the probability that the attacker is neutralized in security zone i, after engagement in security zone j, is expressed by P Ni|Dj .
Figure 3 The defensive system process The losses from an unsuccessful attack can be estimated by defining two states of neutralization.In the first state the attacker is completely neutralized and is not able to inflict any damage to his surroundings.This state is labeled as neutralization of type or full neutralization and is denoted by N i, for the security zone i with a probability of P Ni, .The second state of partial neutralization is used for the situations in which the terrorist is denied access to the following security zone but is not completely neutralized and therefore is still able to cause damage to the surroundings.The state of partial neutralization is labeled as type , denoted by N i, , with a probability of P Ni, .However, the defenders fail to neutralize the attacker, then the attacker can proceed to the next security zone.In this situation the probability is equal to -( P Ni, + P Ni, ).Taking into account that all the means of detection are interconnected in all security zones, the attacker would only need to be detected in one security zone for full detection across all security zones.It is then safe to assume that either the engagement or the neutralization of the attacker failed in zone i if they are able to pass to the next security zone i+ where they will be subsequently engaged.The probability associated with this situation would be P Ei+ |Di and an illustration is provided in Therefore, the probability that the attacker is completely neutralized, i.e., interdiction of type (m= ), or partially neutralized, i.e., interdiction of type (m= ), is shown in Eq. ( ).
The probability of a successful attack is achieved by: 1 is the probability that the defenders fail to stop the attacker and P KSA is the probability conditioned by a successful attack providing that the defenders fail to stop the attacker [ ].
. Treat likelihood assessment one of the main steps in security risk analysis is creating a model of the decision making process during which the attackers pick their best options and alternatives to execute the attack.Utility theory can be used to factor risk aversion into the decision process, and this section will infer utility functions that represent attacker profiles in threat Likelihood Assessment [ -].Their preferences can be illustrated by utility functions that order the alternative choices of the attackers by preference in a certain stage of the attack.[ ] Terrorists maximize the expected utility by choosing the appropriate attack profile, threat scenario and asset to attack.The attacker's utility function focuses on the maximum loss brought to the defenders, reducing their loss in the case of an unsuccessful attack and minimizing the cost of execution.
. Life-cycle cost assessment for the decision maker, it is essential to have analytical tools comparing and assessing risk against the costs.If the loss feature is in units other than cost (such as fatalities) and for assessing the costs and benefits of counter-terrorism (CT), which denote protective measures for infrastructure, it is concluded that to define cost-effectiveness the incremental cost-effectiveness ratio (CER) is used, as explained [ ]: cost spent on CT measure losses avoid by CT measure ( )

Conclusion
Security risk assessment aims to identify the most efficient risk reduction options while taking into account a limited budget.Generally, these options include the reduction of the probability of attacks and the potential losses following an attack.The efficiency is obtained by observing the reduction in total loss upon the application of the mitigation method while taking into account the cost of implementation.It is clear that a terrorist attack on one part of the infrastructure such as railway stations in the airports could cause a serious loss of lives and deterioration of the economy and infrastructure as a whole.Thus, management of risk to vital infrastructure is crucial for prosperity in our modern society.Terrorist attacks have been determined as a major source of risk and stakeholders and decision makers have made considerable efforts to develop tools that aid with risk mitigation.The difference between a natural risk and a terrorism risk is that the latter is planned by an intelligent aggressor and therefore it cannot be modeled using a random approach.To manage this risk, one must consider the human behaviour in identifying possible terrorist threats and their consequences.This paper presents a risk assessment of the framework presented by Shafieezadeh, etc [ ], which can be used to alleviate the risk of terrorist attacks on transport infrastructure, and it highlights the possibility of partial neutralization of the attacker.

Figure 1
Figure 1 Five main components of Security Risk Analysis

Figure 2
Figure2The forms of terrorist threats in the public transportations Fig. & Table , for a hypothetical asset with two security zones in series.

Figure 4
Figure 4 Hypothetical asset with two security zones

Table 1
The Assumed defensive system process symbols.