Analyzing the Vulnerability of Critical Infrastructure to Attack, and Planning Defenses

The article of record as published may be located at http://dx.doi.org//10.1287/inte.1060.0252We describe new bilevel programming models to (1) help make the country’s critical infrastructure more resilient to attacks by terrorists, (2) help governments and businesses plan those improvements, and (3) help influence related public policy on investment incentives, regulations, etc. An intelligent attacker (terrorists) and defender (us) are key features of all these models, along with information transparency: These are Stackelberg games, as opposed to two-person, zero-sum games. We illustrate these models with applications to electric power grids, subways, airports, and other critical infrastructure. For instance, one model identifies locations for a given set of electronic sensors that minimize the worst-case time to detection of a chemical, biological, or radiological contaminant introduced into the Washington, D.C. subway system. The paper concludes by reporting insights we have gained through forming “red teams,” each of which gathers open-source data on a real-world system, develops an appro- priate attacker-defender or defender-attacker model, and solves the model to identify vulnerabilities in the system or to plan an optimal defense