Analyzing the Vulnerability of Critical Infrastructure to Attack and Planning Defenses

Brown, Gerald G.; Carlyle, W. Matthew; Salmerón, Javier; Wood, R. Kevin

doi:10.1287/educ.1053.0018

Cited by 104 publications

(82 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An important part of this work has been the connection to two-person zero-sum games (Washburn and Wood 1995), and their application to stochastic network interdiction (Cormican et al 1998), shortest path problems (Israeli and Wood 2002), and multicommodity network models (Lim and Smith 2007). Most recently, these ideas have been applied to the study of critical infrastructure systems (e.g., Brown et al 2005Brown et al , 2006, with specific attention toward electric power systems (Salmeró n et al 2004(Salmeró n et al , 2009, facility location problems (e.g., Church 2008), supply chain networks (Snyder et al 2006), telecommunication systems (Murray et al 2007), and transportation problems (Alderson et al 2011). Lunday and Sherali (2012) pose and solve some minmax models depicting interdiction planning to maximize the probability of intercepting a lone evader attempting to traverse a network from some source to some destination.…”

Section: Introductionmentioning

confidence: 99%

Sometimes There Is No ''Most-Vital'' Arc: Assessing and Improving the Operational Resilience of Systems

Alderson¹,

Brown²,

Carlyle³

et al. 2013

Military Oper Res

Self Cite

View full text Add to dashboard Cite

T his paper shows that no simple, common-sense rule of thumb can be used to identify a most-vital arc, even in a simple maximum-flow problem. The correct answer requires analysis equivalent in difficulty to completely solving the maximum-flow problem, perhaps repeatedly. This insight generalizes to finding a most-vital component, or set of components, in a system whose operation is described by a more general model. Our paper shows how to evaluate the criticality of sets of components, how to assess the worst-case set of components that might be lost to a given number of simultaneous hostile attacks (or engineering failures, or losses to Mother Nature), and how to allocate limited defensive resources to minimize the maximum damage from a subsequent attack. Collateral insights include the fact that there is no way to prioritize individual components by criticality, and that the analysis that determines critical component sets also yields objective assessments of operational system resilience and can provide constructive advice on how to increase it.

show abstract

Section: Introductionmentioning

confidence: 99%

Sometimes There Is No ''Most-Vital'' Arc: Assessing and Improving the Operational Resilience of Systems

Alderson¹,

Brown²,

Carlyle³

et al. 2013

Military Oper Res

Self Cite

View full text Add to dashboard Cite

show abstract

“…This case is equivalent to a standard DA model with full transparency, as in [5], where the defender's goal is to minimize his worst-case outcome for any possible route the attackers might find. The defender places transparent interdictions on arcs 118-128, 218-228, and 328-335 (indicated by thick arrows in Fig.…”

Section: Baseline Network: Detailed Results For Selected Runsmentioning

confidence: 99%

“…Constraints to establish that x c. As the objectives of defender and attacker are different, the well-known technique of dualization of the "inner" problem to obtain a min-min formulation (see e.g., [5]) is not applicable. However, for every defender choice y, we may use strong duality theory with the attacker's problem (5) and (6) to characterize an optimal x, similar to the technique used in [13]. Specifically, we replace (6) by setting the objective value equal to that of its dual counterpart, and by adding all necessary dual constraints:…”

Section: Reformulation: the Ntda Mip Modelmentioning

confidence: 99%

“…One of these players seeks, for example, to maximize flow through the network, or to minimize cost to supply the demand, while the other player tries to disrupt the network by interdicting selected components [18]. The associated problems are commonly referred to as defender-attacker (DA) and attacker-defender (AD) models (see, e.g., [5] and references therein). In many of these problems, players make their decisions in a specified order, as in bi-level programming and Stackelberg games [16].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Deception tactics for network interdiction: A multiobjective approach

Salmerón

2011

Networks

Self Cite

View full text Add to dashboard Cite

This article develops defender-attacker network interdiction models with deception. Here, deception refers to a preemptive and intelligent use of concealed interdiction assets and decoys by the defender, in addition to transparent assets commonly employed in modeling defender-attacker problems. These models can help security planners to locate a limited number of checkpoints and sensors of various types to, for example, detect the smuggling of illegal products. The problem is complex, in part, because the objective functions of the defender and the attacker are different, and because the latter (which represents the attacker's behavior) is difficult to predict by the defender. First, we use duality theory and a generalized network flow model to devise an equivalent mixed-integer programming formulation, and develop its Benders decomposition. We extend this formulation with a multiobjective approach to account for several behaviors simultaneously. The computational effort to solve these models is considerable, as exemplified by our testing on a variety of cases for a mediumsized, notional network.

show abstract

“…The objective of the interdictor is to maximize the demandweighted total distance with demands assigned to the closest non-interdicted facilities, while the defender attempts to minimize this worst-case cost by defending a subset of the facilities. Brown et al (2005) provide an excellent tutorial on this class of defender/attacker problems. We adopt a somewhat different approach, first suggested by and Daskin et al (2006).…”

Section: Xx42 Reliable and Unreliable Facilitiesmentioning

confidence: 99%

Models for Reliable Supply Chain Network Design

Snyder

Daskin

Critical Infrastructure

View full text Add to dashboard Cite

Analyzing the Vulnerability of Critical Infrastructure to Attack and Planning Defenses

Cited by 104 publications

References 18 publications

Sometimes There Is No ''Most-Vital'' Arc: Assessing and Improving the Operational Resilience of Systems

Sometimes There Is No ''Most-Vital'' Arc: Assessing and Improving the Operational Resilience of Systems

Deception tactics for network interdiction: A multiobjective approach

Models for Reliable Supply Chain Network Design

Contact Info

Product

Resources

About