— Volume VIII (2012) —

How to Quantify Deterrence and Reduce Critical Infrastructure Risk


View all comments / Add Comment
CHDS Comment Policy
Eric F. Taquechel

Eric F. Taquechel is a lieutenant commander in the United States Coast Guard and currently serves as chief of Contingency Planning and Force Readiness, Sector Boston. He has ten years of active duty commissioned Coast Guard service and previously served in USCGC GALLATIN, Marine Safety Office and Sector Houston-Galveston, and the Domestic Port Security Evaluation Division at USCG Headquarters. He most recently authored “Layered Defense: Modeling Terrorist Transfer Threat Networks and Optimizing Network Risk Reduction,” in IEEE Network Magazine. LCDR Taquechel earned a master’s degree in security studies from the Naval Postgraduate School and prior to that earned his undergraduate degree at the US Coast Guard Academy. LCDR Taquechel may be contacted at eric.taquechel@uscg.mil

Ted G. Lewis

Ted G. Lewis is a professor of computer science and executive director of the Center for Homeland Defense and Security at the Naval Postgraduate School. He has forty years experience in academic, industrial, and advisory capacities, ranging from academic appointments at the University of Missouri-Rolla, University of Louisiana, and Oregon State University, to senior vice president of Eastman Kodak Company, to CEO and president of DaimlerChrysler Research and Technology, North America. Dr. Lewis has published over thirty books and 100 research papers. He is the author of Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation (2006) and, most recently, Network Science: Theory and Applications (2009). He received his PhD in computer science from Washington State University. Dr. Lewis may be contacted at tlewis@nps.edu.

We propose a definition of critical infrastructure deterrence and develop a methodology to explicitly quantify the deterrent effects of critical infrastructure security strategies. We leverage historical work on analyzing deterrence, game theory and utility theory. Our methodology quantifies deterrence as the extent to which an attacker’s expected utility from an infrastructure attack changes after a defender has invested to deter attacks, as compared to their expected utility absent deterrence. We derive expected utilities from a modified game theory approach, which uses probabilistic utility functions, wherein utility function probabilities are functions of investment. We vary these functions based on different information availability assumptions (e.g., perfect vs imperfect attacker information). We produce evidence that it is quantifiably more advantageous to overtly deter, rather than conceal security information, under specific conditions. We also leverage these utility functions to determine the unconditional risk to a defender if deterrence strategies fail, and we determine cost efficiency of those strategies.

Read full article.

Taquechel, Eric F., and Ted G. Lewis. “How to Quantify Deterrence and Reduce Critical Infrastructure Risk.” Homeland Security Affairs 8, Article 12 (August 2012)