Development of a decision support tool to inform resource allocation for critical infrastructure protection in Homeland Security

Loading...
Thumbnail Image
Authors
Al Mannai, Waleed I.
Subjects
Vulnerability of infrastructure analysis and risk assessment
allocation distribution
risk problems
critical infrastructure protection
defender-attack model
defender-only model
independent-objective and joint-objective functions
Advisors
Lewis, Ted
Date of Issue
2008-06
Date
June 2008
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Analysis of risk in critical infrastructure is one of the major problems facing Homeland Security today. Defining risk and applying it to systems, as opposed to individual assets, is a relatively new idea in Homeland Security policy. Thus, there is a need for a decision support tool to inform decision makers in Homeland Security of resource allocation strategies to harden assets that reduce overall network risk. Model Based Risk Assessment (MBRA) is a quantitative method designed to (1) identify the most critical assets of the network in such a way as to reduce expected loss over the entire network, (2) quantify allocation strategies that strategic planners and risk managers can apply across multi-sector systems, and (3) compute vulnerability and total risk reduction of the network. We formalized the definition of network risk in terms of the connectivity of the network as an extension to the accepted risk equation R=f(T,V,C). We use node degree as a heuristic for criticality of an asset to the overall function of the network. We then modeled the relationship between budget and vulnerability reduction and show how an exponential reduction model compares to a linear or random model. Using the stated definition of network risk, all models rank order assets exactly the same but they reduce risk differently. Lastly, we introduce a twoparty model that combines both the defender's and attacker's points of view using a game theory approach. We show the results of this model and compare them to a similar model we refer to as the "arms race model" where we allow both attacker and defender to know each other's budget. Results show that the techniques developed here are useful in conducting a systematic and repeatable analysis of an infrastructure network of assets for risk and then informing resource allocations that serve to reduce risk on the entire network, not just the selected assets.
Type
Thesis
Description
Series/Report No
Department
Computer Science
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
xiv, 85 p. ; 28 cm.
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Collections