Ebook: Comparative Analysis of Technological and Intelligent Terrorism Impacts on Complex Technical Systems

The focus of this volume is the comparative analysis of technological and intelligence terrorism. Technological terrorism is the unauthorized impact on complex technical systems intending to breakdown protection systems, initiate secondary catastrophic processes (possibly caused by hazardous substances, power, or information stored or processed at a facility), and inflict secondary damages and losses outside the facility boundaries. Intelligent terrorism (or highly-sophisticated insiders terrorism), in contrast, is unauthorized purposeful interference into processes of design, construction, or maintenance of complex technical systems aimed at increasing existing vulnerabilities or creating new ones. These vulnerabilities, insider's knowledge about the system, and access to its elements are used for triggering most disastrous scenarios of a terrorist attack.

Approaches to grappling with technological terrorism and with intelligence terrorism differ. The approach to grappling with technological terrorism involves a study of the vulnerabilities of complex technical systems, potential sources of secondary catastrophic processes, and weaknesses of safety barriers. The most effective scenarios of attack need to be identified because at its root, technological terrorism makes use of vulnerabilities that are inherent to the complex technical system. This means identifying powerful initiating impacts that have the possibility of breaching safety system, and assessing scenario trees to determine the most disastrous scenario with severe secondary losses.

In contrast, the approach to grappling with intelligence terrorism involves a vulnerability assessment of a system under design, construction, or operation with respect to scenarios of terrorist impacts, leading to identification the most critical failure scenario. This consideration must include insertion of latent changes into the system at the stage of its design, construction or operation to create new vulnerabilities to be exploited by technological terrorism; disconnection or disruption of a complex technical system monitoring system and safety barriers; “weak” impacts that use complex technical systems vulnerabilities for initiating the most disastrous failure scenario that can be achieved by bringing the system into critical or supercritical states, at which point even “weak” initial impacts can trigger cascading failures.

The specific features of risks related to attacks of technological and intelligence terrorism at complex technical systems are determined by the ability of terrorists to make a rational selection of attack scenarios. This selection is based on the capability of terrorists to assess vulnerabilities and weaknesses of the complex technical systems, and estimate potential losses inflicted by attacks of different scenarios. This constitutes a strong feedback between vulnerabilities towards attack scenarios and expected consequences or outcomes, on the one side, and terrorist hazard on the other side. The main challenge is to describe intentions of terrorists, their preferences and the system of values (i.e., utility functions). It is also important that terrorist can choose the time and place of an attack, adapt to changes of safety barriers and defense strategies and learn lessons from previous attacks.

Due to the above assessment, terrorist risk is a problem with intrinsic human and behavioral dimension. Therefore it requires a new set of mathematical modeling tools, and a more substantial input from human and social sciences than is the case with natural and anthropogenic hazards. Assessment of the risk of technological terrorism and intelligence terrorism attacks must be conducted in a game oriented manner that treats terrorist values, intentions and resources related to selecting the attack scenarios, as well as values, resources, and motivations of the antiterrorist forces.

Estimating terrorist risk for complex technical systems has primarily been a carried out using non-behavioral, physical engineering methods. It is now acknowledged that this approach needs input from other disciplines. There is a dangerous disconnect among professionals from multiple disciplines that are involved in designing, constructing, operating, maintaining, and managing complex technical systems. To address the issue of technological and intelligence terrorism, a comprehensive approach is required. There is a need to bring together specialists representing engineering and social sciences. The human dimension is critical for addressing terrorist problems in general and intelligence terrorism in particular. It is necessary to assess intentions of terrorists, their system of values, and their physical and intellectual resources.

The objective of the Workshop on ‘Comparative Analysis of Technological and Intelligent terrorism Impacts on Complex Technical Systems’ was to lay the foundation for a risk-informed approach to modeling, analyzing, managing, and controlling complex technical systems in the face of terrorist attacks. It is necessary to combine the insights of a spectrum of disciplines across engineering, human and social sciences, and economics.

The workshop focused on the urgent need to develop an understanding for the behaviors and vulnerabilities of complex technical systems; create a risk-informed analysis capability for modeling and predicting the behavior of complex technical systems; and apply emerging technology to the problems of designing, constructing, monitoring, and operating complex technical systems taking into account the possibility of sophisticated terrorist attack.

The goal of the workshop has been to develop an understanding of vulnerabilities of complex technical systems to various scenarios of terrorist attacks. Such understanding can reduce vulnerabilities and contain or limit the propagation of failure within a complex technical system in case of terrorist attack, thus limiting the impact of terrorism. This will also lead to development of a set of design criteria and design codes that should take into account possible scenarios of terrorist attacks at complex technical systems. Areas of further research have been identified, along with opportunities for future exchange and collaboration, a project team can be created.

Nikolay A. Makhutov

Gregory B. Baecher

The methodological foundation and methods for risk reduction have been developed in all countries of the world in the framework of the analysis of natural and technogenic risks. The problem was also intensively addressed to in Russia during the realization of the State Scientific Program “Safety of People and National Economy Assets in view of Risks of Accidents and Catastrophes” (1990-2000) and the Federal Research Program “Reduction of Risks and Mitigation of Consequences of Natural and Technogenic Emergencies in the RF until 2010.” In 1990-s it was suggested that the human factor be incorporated into the system of risk assessment in connection with unauthorized and erroneous actions. In the beginning of the 21^st century that approach proved to be insufficient taking into account the acts of local, national and international terrorism. The generalization of terrorism evaluations led us to the concept of three kinds of terrorism – traditional, technological and intelligent ones. They differ in damage factors and in their initial, secondary and cascade effects as well. In view of the above it becomes possible to improve the evaluations of terrorist actions and to incorporate the results of the study into the complex system of safety research.

By 2050, 80% of the world's population will live in urban areas and be totally dependent on infrastructure service systems. Immediate steps need to be taken to insure that future infrastructures meet the constraints of reliability, security, and global sustainability. Infrastructures mediate between societal behaviors and environmental conditions. The sustainability of modern civilization, in balance with a sustained global environment, will necessarily rely on implementing sustainable global infrastructures; and yet we know so little of how interconnected infrastructure systems perform, or how to manage them at large scales, or how they interact with social and environmental processes. To this end, efforts are in progress in North America and Europe to develop an analytical understanding of the behaviors and vulnerabilities of interacting infrastructure systems; to create a risk-informed analysis capability for modeling the behavior of complex infrastructure; to apply emerging information technology to the problems of designing, constructing, monitoring, and operating sustainable infrastructures; and to build an understanding of the social, economic, and environmental factors that effect, and are effected by, infrastructure systems and networks. The major education objective is to develop a new generation of globally engaged scientists and engineers who will facilitate the development of sustainable global infrastructures.

Safety problem in a social, natural and technogenic sphere is of particular importance at present in Russia. In the areas of a direct threat to human-beings life and health in case of man-made emergencies of various origin there are over one hundred million people. In the industrially developed regions, where the largest clusters of potentially hazardous industries are concentrated together with complex social and economic situation, terrorist risks are increasing gravely.

A fundamental analysis of crime and the juridical systems to punish crime has yielded a starting point for quantitative risk analysis of security risks. This method is called the MMO concept as a generic concept for the design of security barriers and their evaluation by quantitative risk analysis methods. It is based on a simplification of the basic elements for proving criminal liability that a defendant committed a crime under US law: motive, means and opportunity. These three elements form the preconditions that are needed to let an ill meaning person to develop into a hazard or threat. The MMO concept also forms the key to the development of successful barriers against the completion of the actual act. Taking one of these three away would render the hazard ineffective. This enables the development of a model for security threats along the same lines as safety threats and opens the possibility for similar qualitative and quantitative analysis. The MMO concept may seem relatively straightforward but the derivation of the theoretical foundation is not simple.

The paper addresses specific features of assessing terrorist risks for complex technical systems (CTS). These include feedback between CTS vulnerability towards a specific type of terrorist attack and the threat of such attack, ability of terrorists to learn lessons from previous attacks, react upon actions taken by counterterrorist forces; high level of uncertainty regarding terrorists' intentions, resources, and system of values. Conventional safety analysis for CTS is to be focused on the question: What is the way for an accident scenario to be realized in the given system? When addressing security problems for CTS one should also consider the situation from the terrorist's standpoint. Hence the modified question for security analysis should be: What is to be done for the given scenario to be realized in CTS? Two types of attacks at complex technical systems are assessed: (1) Attack of technological terrorism implies powerful unauthorized impacts at CTS capable of: (a) breaking through the CTS protection system; (b) initiating secondary catastrophic processes due to hazardous substances, energy, and information, stored or processed at the CTS; (c) escalation of the accident outside the CTS boundaries with substantially increased secondary and cascade losses. (2) Attack of intelligent terrorism (smart terrorism, insiders terrorism), i.e. a purposeful unauthorized interference into the process of designing, building and/or operating the CTS aimed at the increase of its existing vulnerabilities and creation of new ones in the system so that to use these input vulnerabilities, insider's knowledge of the system and access to its elements for future realization of most disastrous scenarios of a terrorist attack. Comparative assessment of these two types of terrorism is presented. Dynamic three-sided models that allow one to assess the situation from standpoints of terrorists, law enforcement agencies and administrations of CTS and analyze actions and counteractions of various sides involved.

Critical Infrastructure systems provide the basis for modern urban life. While they deliver the material and services we have come to depend upon for daily survival, they are as extended network systems vulnerable to both large-scale threats such as earthquakes and hurricanes and to specific attack at key nodes. Risk and Resilience management of regional infrastructure systems requires detailed understanding of the vulnerabilities and dependencies of the constituent assets that make up individual systems and the dependencies and interdependencies between systems and the consequences of cascading failures across systems. Regional resilience management requires tools for the identification and prioritization of coordinated investments at a range of points across regional infrastructure systems. This requires the understanding of both the physical and administrative dimensions of regional infrastructures. This research is directed to the development of such analytical tools.

The technical approaches applied during supply sea and off-shore oil and gas objects protection from illegal actions are considered in this article, concepts of base threat for such objects are entered. The questions of rating features of sea and off-shore objects according to risk of commitment of illegal actions are considered and the requirements to levels of their security depending on a category are entered. The importance of the state participation in creation of considered objects protection system and their functioning safety ensuring are noticed.

Nowadays most security relevant processes and workflows are statically defined and performed and hence all the necessary security measures must be determined in advance. Current research shows that the security level can be enhanced if these processes take into account real time risk information collected during their execution. We will present two application scenarios we developed for research projects: airport checkpoints with dynamically adapted security processes considering risk information from check-in luggage and passenger screening; and neutralization of improved explosive devices considering information from real-time risk mitigation. Both scenarios show that real-time risk mitigation and dynamically adapted workflows have the potential to enhance security and reduce risk. We will present basic conditions for the underlying information system infrastructure and the dynamic adaptation of the processes and workflows.

The goal of safety management is to ensure that every infrastructure presents a tolerable level of risk and that such risk be as low as reasonably practicable. This document comments on dam safety decision making, focusing on risk evaluation criteria. More detailed discussion of the philosophy of dam safety decision making is found in Hartford et. al. (2004). The objective of dam safety management is based on the principle that the standard of care should be commensurate with risk and should reflect society's values in allocating resources to protect life and property. ‘Risk’ incorporates both the consequences of an adverse event and the probability of the event occurring, taken here as the product, Risk = [Probability] × [Consequence]. In practice, however, the traditional approach to dam safety management has been to apply classification schemes in which consequences alone are used as a proxy for risk and probability is not considered. Because data are often limited, the assessor tends to be conservative in estimating consequences and the result is a “Maximum Loss” approach unrelated to risk. A quantified risk analysis is preferable to such classification schemes as long as scientific tools are available.

General principles for ensuring safety of complex technical facilities (CTF), including critical infrastructure facilities (CIF), should be taken into account at all stages of their operation life cycle. For the aim of safe operation of CTF it is necessary to reduce a probability of uncontrolled release of potentially hazardous substances, W, of energy, E, of information clusters, I, and of risks of failures and catastrophes. The above aim can be attained by modeling of systems for monitoring, diagnostics and protection.

The cause of a significant part of technogenic catastrophes is destruction of hazardous objects. This destruction occurs as a result of: catastrophic failures, operator errors, natural influences; terrorist activities. A methodology of modeling and investigation of safety for Complex Technical Systems is proposed. Complex Technical Systems are considered as unique technogenic objects which are designed in one or two instances, implementing extreme technologies and are subjected to influence of mechanical, physical and chemical factors. The generalized cause-and-effect complex and the scenario of violation of reliability and safety for such systems are formulated. Dynamic models related to formation of system's states are grounded – from the initial defectiveness of the construction to the damages, destruction, failure, pre-emergency, -emergency and possible technogenic catastrophe. A concept of an intelligent program system, which is intended for computer-aided investigation of reliability and safety at all stages of existence, has been developed. The results obtained provide for efficient and qualitative investigation of revealing of hazards and grounding techniques and aids for provision of reliability and safety.

This paper describes a technique that could be utilized to estimate the probabilities and consequences required in vulnerability assessment for terrorist threats of civil works projects. The Expert-Opinion Elicitation (EOE) methodology developed by the U.S. Army Corps of Engineers is presented in detail. The USACE EOE methodology limits the use of words of estimative probabilities to reduce the anchoring bias that is present with qualitative descriptors. A demonstration vulnerability EOE example will as be included to show how the process and opinion data may be properly analyzed. Conclusions are drawn to show the major benefits of using the EOE methodology to estimate probabilities for vulnerability assessment.

The developed technology allows to prevent or considerably reduce consequences of man-made emergency situations, including those caused by acts of terrorism: fires, explosions, increase of the level of chemically dangerous substances; increase of the level of radiation or biologically dangerous substances, sudden collapse of framework constructions. In Russia prevention of ES, caused by the accidents on PDO is one of the elements of the mechanism of legal regulation of man-made character ES and rather actual problem of the legislation. Partly, the problem of creation of such situations prevention mechanism in the legislation is solved.

Maritime terrorism is the maritime dimension of contemporary asymmetric warfare conducted by international terrorist organizations. Maritime terrorism is the undertaking of terrorist acts and activities within the maritime environment against vessels or fixed platforms at sea or in port, or against any one of their passengers or personnel, against coastal facilities or settlements, including tourist resorts, port areas and port towns or cities as well as any maritime activity intended to support the existence or the purposes of one or more terrorist organizations through licit or illicit means sea-born migration flows when exploited for the movements of terrorists, of terrorism backers/supporters and for financial profit when it involves people trafficking and migrants smuggling perpetrated by transnational organized crime depending on a terrorist organization. Criminal trafficking's are directly relevant activities for terrorist organizations for perpetrating their purposes. Maritime dimension offers an ideal environment to be exploited by criminal and terrorist organizations. Maritime environment and industry have intrinsic hinders to properly counter illicit phenomena and facilitating legal commercial and migration flows meanwhile which are vital for contemporary and future interdependent economy. Piracy and armed robbery against vessels are a plague to maritime security and global shipping. Such phenomena have implications for maritime shipping and are a meaningful damage for international trade and maritime traffic. Piracy has a functional role for terrorist organizations when it pursues aims of terrorism funding. According to many analysts, some terrorist groups are directly linked with piratical aggressions. Terrorist groups demonstrated to be trained to exploiting maritime environment for attacking offshore and ashore civilian and commercial targets as well as military vessels and to acquire sensitive information. Key factors enabling maritime terrorism are open registers and flags of convenience. National Maritime shipping industries would require stricter rules and implementation of policies not offering the possibility to easily conceal the real identity of ship owners and maritime companies' businessmen. Corruption and lack of accountability characterize flags of convenience offering good opportunities for criminals money launderers, or the insane practice of sinking a ship for profiting over insurance damages. Flags of convenience are the maritime sphere of offshore financial centers and bank secrecy. Phantom ships are assets of terrorist organizations and they compose certain fleet operating across the world. Maritime terrorism poses serious concerns to the international supply chain security as it affects worldwide international commercial shipping. When estimating harbors risks and exposition to terrorist attacks, if they serve as hubs for terrorist purposes such function could be a deterrent for this type of incidents. Activities aimed at countering maritime terrorism are a significant contribution to reduce international instability since the high exploitation of the sea for terrorist and criminal purposes is a concerning aspect of contemporary global (dis)order.

Being aware that the understanding of all risk factors involved in dam and reservoir management activities constitutes the conceptual basis to implement logic systems or models aimed to inform decision making, the main objective of the very recently started project entitled “IPRESARA: Incorporation of manmade risk components into general risk management systems for dams, BIA2010-17852, Spanish Ministry of Science and Innovation, Dec 2010-Dec 2013” consists in incorporating all factors and components of security risk to the overall safety management of dams and reservoirs, so that needed actions and investments on such critical infrastructures may be justified and prioritized using a comprehensive risk informed approach.

It is known that underestimation of human factor and insufficient attention to it is the principal risk in the field of management of complex technical systems (CTS) in conditions of the terrorist threats. The innovation aspects of organizational behavior presented by authors concern modern and specific approach to the dynamics of activity of terrorist and counterterrorism structures not only inside the CTS areas, but also in the adjacent areas, including the information, communication and control systems. Special attention has to be paid to growing international character of the terrorist and counterterrorist activity. In accordance with the estimation of modern situation in the field examined it is expedient to establish a new research project «Forecast and Prevention of Technogenic Emergencies Caused by the Troubles in the CTS Normal Operation as a Result of Terrorist Attacks» within the framework of NATO «SCIENCE FOR PEACE» program. The main targets of the project are the increasing of readiness of emergency forces on different levels to respond to the warning about the troubles, and prevention of accidents on critical facilities.

In the last decade, substantial progress has been made in improving safety & security for nuclear material worldwide, both by states' own domestic actions and through international cooperation. Al Qaeda continuously expressed interest in unleashing radiological terrorism by building and using radiological dispersal devices (RDDs), known as “dirty bomb” for instance. Common radioactive materials, such as commercial radioactive sources used in medicine, industry scientific research could fuel RDDs. Since 1998, in Albania a special centralized building exists for radioactive waste management and temporary storage facility situated inside the INP territory. Radioactive waste conditioned with or without shielding was successively placed into this building for long-term storage.

The social system stability under terrorist impacts is considered from the perspective of nonlinear dynamics of systems and deterministic chaos. The traits of social system dynamics and system stability are determined by the properties of potential functions, i.e. characteristic points on potential hyper surfaces, and by their distribution in configuration space, or by special points in the corresponding phase space. The possibility for the system subjected to minor disturbances to transit from the stable state into the chaos area where its further behavior is unpredictable is shown. The special states of social systems when the system can be withdrawn from the stable state by minor disturbance can now be determined by means of monitoring the system state, analysis of complex quantitative and qualitative indices of strategic risks, and Kondratiev cycles.

After defining Societal Technological Systems (STS) as a class of systems intended to improve the economy, the security, the health and the environment (the well-being) in human societies, and Intentional Disturbance Actions (IDA) as the planned activities intended to weaken or to interrupt the appropriate management and/or performance of such systems, the author investigates the relationship between System Societal Value (SSV), System Exogenous Support (SES) and System Redundancy Level (SRL). A risk assessment is effected concerning to the risk of eventual degradation of System Societal Value, and the System Redundancy Level is selected as a management tool for the mitigation of such a risk. The transfer between Exogenous Support and Redundancy Level is adopted as a procedure for optimizing resources allocation. Finally, the sensitivity characteristics of this relationship and the main proprieties of its optimal configuration are considered.

People choose to live in risky landscapes for a variety of reasons: they derive benefits from those places despite the risk. From a planning perspective, how much protection is it reasonable to provide these populations against the risk of death due to coastal flooding? The acceptability of risk due to natural hazard, and the levels of protection that infrastructure should provide, may be approached from several directions: from economic calculations on the value of a statistical life saved, from people's willingness-to-pay to reduce risk, from stated preferences, and from other risks that people willingly accept. This paper focuses on societal risks deemed tolerable from the last consideration, as now widely used for dam safety guidelines. Recent recommendations have been made that coastal defenses should be designed to provide the exceptionally low levels of societal risk associated with modern, well-engineered dams. These seem unreasonable. For fatalities fewer than the low thousands, the tolerable level of risk for coastal protection—based on other risks society accepts—is arguably on the order of 10⁻³ per year. This implies a corresponding acceptable level perhaps two orders of magnitude lower, to be consistent with current practice in other sectors of civil infrastructure. Between these bounds, as-low-as-reasonably-practicable (ALARP) practices seem a reasonable precaution.

The fundamental goal of protective construction is to improve the probability of survival of people and other contents in a given facility for a given threat. It is important to realize that the protective building is the last layer of defense against a threat and that all other protective measures (intelligence, law enforcement, surveillance, barriers, etc.) have failed if the threat can be projected onto a facility. This implies that a designer must “know” the threat before conceptualizing the design and this may not be possible in many cases. Attackers can use various weapon systems in different combinations and such events cannot be predicted. However, using reliable information and objective threat and risk assessment can produce effective estimates of such incidents. Usually, a facility design is based on a standard threat (for example, a specific bomb at a given stand-off distance). In other cases, a statistical approach, requiring that a specific percentage of facilities and contents will survive if a site is attacked, may be employed. Physical security can be achieved by a variety of means and devices with a wide range of capabilities. These capabilities can be used to enable detection, deterrence, delay, and prevention of hostile activities. Structural hardening is a passive defense capability; it is only one aspect of these considerations and should be addressed in the broader context of physical security. As with any other fortification technology, passive defense alone cannot be used to protect against mobile and constantly varying threats. A structure must be designed to prevent catastrophic failure and to protect its contents (personnel and equipment) from the effects of an explosion. Such effects may include nuclear and thermal radiation, electromagnetic pulse (EMP), air blast, ground shock, debris, fragments, and dust (protection from chemical and biological (CB) threats should be considered, as appropriate). In order for a military facility to survive, the continuation of its operational mission must be ensured. For civilian facilities, however, the main concern is protecting people and/or critical assets. Therefore, survivability requirements (criteria) vary from one type of facility to another.