Adversarial Risk Analysis for Critical Infrastructure

Critical infrastructure protection is a hot topic these days, including both terrorism and cyber-attacks as main concerns. Nevertheless, investments in critical infrastructure protection need to be cost-effective, requiring a risk management approach. Traditional risk analysis assumes that the opponent is Nature, whose actions are chosen purely by chance. Such risk analysis is not applicable in cases where opponents behave strategically, such as terrorism and cyber-attacks. For such cases, we need an adversarial approach to risk management, which takes the behavior of adversaries into account. In this seminar, we bring the mathematical, cyber security and counterterrorism research communities together to develop the foundations of such an approach.

Goal of the workshop

Although the communities have similarities, a real integration has been lacking, meaning that we do not have tools for integrated risk management of critical infrastructures, especially when considering adversarial risks. This makes it hard to make adequate decisions on the protection of critical infrastructures against attacks. In this seminar, we investigate the possibilities of using adversarial risk management for critical infrastructures, integrating the specific domain knowledge of the counterterrorism and cyber security communities with the adversarial risk modelling community thereby developing an analytical toolkit.  Counterterrorism brings knowledge on adversary behavior and physical vulnerabilities, cyber security on digital vulnerabilities, and mathematics on quantitative analysis of associated risks.

In addition, we will invite stakeholders from the critical infrastructure domain. A key theoretical question is how to integrate the non-malicious (probabilistic) threats that are addressed in traditional risk management with the malicious behavior of the adversaries. We will also discuss the validation of models for opponent thinking. Examples from the critical infrastructures domain will be used throughout the seminar, in talks, interactive workshops, and panels.