Applying game theory for improving security in the process industries: a discussion

Why should game theory be introduced and used in the chemical security practitioners? Security risks are initiated by deliberate behaviours for certain goals. For instance, thieves intentionally intrude a plant for stealing valuable materials, or terrorists maliciously set a fire on a chemical facility to cause societal fear. Initiators of security events (henceforth, attackers) would intelligently observe the defender’s defence plan and then schedule their attack accordingly. Powell (2007) illustrated how resources can be mis-allocated if intelligent interactions between the defender and the attacker are not considered. Game theory was invented in the economic domain for modelling both the cooperative and competitive behaviours in a multiple actors system. In the last 100 years, game theory has been theoretically improved and practically applied to various domains, such as the evolutionary biology, the nuclear balance, computer science etc. These researches have demonstrated the capability of game theory in modelling intelligent interactions. Industrial managers need quantitative recommendations to support their decision making. Conventional security risk assessment methodologies (e.g., the API SRA framework (API, 2013)), being good at studying security systematically, are not able to provide quantitative insights. Moreover, results of these conventional methodologies are not repeatable which means that applying the same methodology to the same plant, different analysts may come to different conclusions. Some quantitative security risk assessment models, for instance, by employing a Bayesian Network framework (e.g., Argenti et al. (2018); Landucci et al. (2017); Fakhravar et al. (2017)), can provide quantitative and repeatable results as well. Nevertheless, these models fail on modelling the intelligent interactions between the defender and the attacker. Game theory, conversely, has a rigorous mathematical foundation and models the intelligent interactions. A game theoretic model explicitly indicates 1) who is involved in the game; 2) what actions can each participant take; 3) what results (numbers) will each participant obtain, for each participants’ strategy combination; 4) how much information that each participant has about the game. Furthermore, outputs of a game theoretic model (i.e., equilibrium) clearly and quantitatively indicates what should the participants do (i.e., the equilibrium strategy) and what will each participant obtain (i.e., the equilibrium payoff). A critical issue is that industrial managers often prefer a qualitative approach and they have difficulties on understanding (the physical meaning of) the quantitative outputs of a game theoretical model. This issue can be addressed by requiring game developers to do a further step work by also translating/mapping their quantitative outputs to qualitative descriptions, and the latter should be expressed in terminologies that industrial practitioners are familiar with. Figure 1 illustrates the idea.