Applying game theory for improving security in the process industries
a discussion
DOI:
https://doi.org/10.18757/jiss.2018.1.2033Abstract
Why should game theory be introduced and used in the chemical security practitioners?
Security risks are initiated by deliberate behaviours for certain goals. For instance, thieves
intentionally intrude a plant for stealing valuable materials, or terrorists maliciously set a fire on a
chemical facility to cause societal fear. Initiators of security events (henceforth, attackers) would
intelligently observe the defender’s defence plan and then schedule their attack accordingly.
Powell (2007) illustrated how resources can be mis-allocated if intelligent interactions between the
defender and the attacker are not considered. Game theory was invented in the economic domain
for modelling both the cooperative and competitive behaviours in a multiple actors system. In the
last 100 years, game theory has been theoretically improved and practically applied to various
domains, such as the evolutionary biology, the nuclear balance, computer science etc. These
researches have demonstrated the capability of game theory in modelling intelligent interactions.
Industrial managers need quantitative recommendations to support their decision making.
Conventional security risk assessment methodologies (e.g., the API SRA framework (API, 2013)),
being good at studying security systematically, are not able to provide quantitative insights.
Moreover, results of these conventional methodologies are not repeatable which means that
applying the same methodology to the same plant, different analysts may come to different
conclusions. Some quantitative security risk assessment models, for instance, by employing a
Bayesian Network framework (e.g., Argenti et al. (2018); Landucci et al. (2017); Fakhravar et al.
(2017)), can provide quantitative and repeatable results as well. Nevertheless, these models fail on
modelling the intelligent interactions between the defender and the attacker. Game theory,
conversely, has a rigorous mathematical foundation and models the intelligent interactions. A
game theoretic model explicitly indicates 1) who is involved in the game; 2) what actions can each
participant take; 3) what results (numbers) will each participant obtain, for each participants’
strategy combination; 4) how much information that each participant has about the game.
Furthermore, outputs of a game theoretic model (i.e., equilibrium) clearly and quantitatively
indicates what should the participants do (i.e., the equilibrium strategy) and what will each
participant obtain (i.e., the equilibrium payoff).
A critical issue is that industrial managers often prefer a qualitative approach and they have
difficulties on understanding (the physical meaning of) the quantitative outputs of a game
theoretical model. This issue can be addressed by requiring game developers to do a further step
work by also translating/mapping their quantitative outputs to qualitative descriptions, and the
latter should be expressed in terminologies that industrial practitioners are familiar with. Figure 1
illustrates the idea.
