Probabilities and background knowledge as a tool to reflect uncertainties in relation to intentional acts

doi:10.1016/j.ress.2013.06.044

Reliability Engineering & System Safety

Volume 119, November 2013, Pages 229-234

https://doi.org/10.1016/j.ress.2013.06.044 Get rights and content

Abstract

In security applications probabilities are commonly avoided – it is said that they are impossible to determine and that they are of little interest as a tool to support the decision making and the risk management. Often qualitative assessments are performed on the basis of judgments of actors' intentions and capacities, without references to a probability scale. An example of such a structure is the grading done by the Norwegian Police Security Service (PST), which defines for example a moderate threat level as “One or more parties have the intention and capacity to strike at specific interests. There is an unspecified threat”. In this paper we carry out an in-depth analysis of the meaning of the concept probability in a setting with intentional acts, the main aim being to provide new insights on the scope and use of probabilities in such situations. Comparisons are made with qualitative structures as the PST grading. We question if probabilities have in fact a role to play in security management. The paper concludes that the security field cannot and should not do without judgments of uncertainties using some scale of likelihood or confidence, but such judgments need to be supplemented by other approaches which highlight the background knowledge (including assumptions) that these judgments are based on.

Introduction

The Norwegian Police Security Service (PST) has defined four categories of threat levels [14]:

1)
Low: The likelihood of a terrorist attack is low. One or more parties may have the intention of, but are not thought to have the capacity to strike at specific interests.
2)
Moderate: The likelihood of a terrorist attack is moderate. One or more parties may have the intention of and capacity to strike at specific interests.
3)
High: The likelihood of a terrorist attack is significant. One or more parties have the intention and capacity to strike at specific interests. There is an unspecified threat.
4)
Extreme: The likelihood of a terrorist strike is extremely high. One or more parties have the intention to strike at specific interests. There is a specific threat. No further warnings are to be expected before a strike is carried out.

Similar systems exist in other countries, for example the UK Government uses the five categories: low – an attack is unlikely, moderate – an attack is possible but not likely, substantial – an attack is a strong possibility, severe – an attack is highly likely, and critical – an attack is expected imminently [16].

These levels refer to likelihood, in the sense that the likelihood is said to be low, moderate, significant and extremely high (or that the attack is unlikely, not likely, highly likely), but without any reference to the quantitative scale of [0,1] normally used for probabilities. In the PST system the categories are linked to some conditions concerning parties' capacities and intentions to strike some interests. These examples are not uncommon in the security community. There is a skepticism about the use of probabilities in the normal sense. The issue is discussed by for example [11], see also [12]. These authors point to some of the problems raised:

a)
Security failures are deliberate and thus not open to probabilistic analysis and modeling. The attackers know what they are doing so where are the uncertainties?
b)
Probability is difficult to use because of the essentially unrepeatable nature of the key events.

As commented by [11], the system owner and the defenders will not normally have the knowledge available when the attacker will act and in what way, there are uncertainties. And as probability is a tool for representing or expressing uncertainties, probability enters the scene also in such contexts. The events considered are often on–off situations which excludes frequentist probabilities – but subjective (also referred to as judgmental or knowledge-based) probabilities can always be used.

But why then do we see so seldom subjective probabilities used in security contexts? Are there special problems in using them in security settings or is their absence just a result of the security environment not knowing what these probabilities represent and how to apply them? These are the main issues we discuss in the present paper. Two hypotheses that initiated the present paper were that (i) the security community rejects the use of probabilities as their reference is frequentist probabilities, and (ii) there is a potential for meaningful use of subjective probabilities (including also interval subjective probabilities) in such settings provided that these probabilities are adequately defined and interpreted.

The latter hypothesis is the main focus in this paper. How should we understand and use such probabilities in practice? A well-known problem with specifying (subjective) probabilities in security contexts is that they are so linked to the risk management responses (see e.g. [5]): the analysts may for example assign a high probability number for an attack against some specific facility, the result being that some protective measures are implemented. This action may however cause potential attackers not to consider these facilities as suitable targets, and hence the probability of an attack needs to be reduced.

The example demonstrates clearly how important it is to be precise on what is the background knowledge that the subjective probabilities are based on. In the paper this issue is analyzed in detail: is it possible by proper structuring of the background knowledge to still use such probabilities in a meaningful and useful way? In the paper we also question if it is possible to reformulate qualitative statements such as (1)–(4) above by means of such probabilities? Before we go into the discussion a brief summary of fundamental ideas and definitions related to probability are given.

Section snippets

Fundamental ideas and definitions related to probability

The most general interpretation of a probability is simply to say that a probability is a measure for representing or expressing uncertainty, following the rules of probability calculus. However, this is not sufficiently precise, as the measure is not defined, and, depending on the measure, we are led to completely different perspectives. Basically, as noted for example by [4], there are two alternative interpretations that could be used; a probability of an event A is either:

i)
A frequentist

Discussion of the meaning and use of probabilities in a security context using some examples

We discuss a context for the probabilities where a set of attacks A may occur, leading to some consequences C, with respect to something that humans value, for example economic values, health and the environment. The type of the events may be known to varying degree. We distinguish between three types of unforeseen and surprising events [1], [2]:

I)
Events that were completely unknown to the scientific environment (strict unknown unknowns).
II)
Events that were not on the list of known events from the

Conclusions

We have argued in this paper that security level judgments cannot be based on on–off considerations of intentions and capacities only. We need a tool that can measure the uncertainties and the degrees of belief, and subjective probability (exact assignments and intervals) is the natural choice. However, we need to see beyond the probability numbers and also reflect the knowledge that the probabilities are based on. A suggestion for a classification system for threat levels is presented in line

References (16)

T. Aven
Practical implications of the new risk perspectives
Reliability Engineering and System Safety
(2013)
T. Aven et al.
Some considerations on the treatment of uncertainties in risk assessment for practical decision-making
Reliability Engineering and System Safety
(2011)
T. Aven et al.
The ontological status of the concept of risk
Safety Science
(2011)
T. Aven et al.
A new way of thinking about risk which draws on the concept of mindfulness and ideas from the quality discourse
Reliability Engineering and System Safety
(2013)
G.G. Brown et al.
How probabilistic risk assessment can mislead terrorism risk analysts
Risk Analysis
(2011)
D. Dubois
Representation, propagation and decision issues in risk analysis under incomplete probabilistic information
Risk Analysis
(2010)
R. Flage et al.
Expressing and communicating uncertainty in relation to quantitative risk analysis (QRA)
Reliability and Risk Analysis: Theory and Applications
(2009)

There are more references available in the full text version of this article.

Cited by (18)

On the gap between theory and practice in defining and understanding risk
2023, Safety Science
The risk concept is used in all types of situations and applications, ranging from technology to medicine and security issues. Many definitions of the concept exist, and there is an ongoing discussion on what is the most suitable way of defining and understanding the concept. In recent years, several overriding frameworks have been developed, aiming at providing conceptual clarity and structure and including most of the existing definitions as special cases. A key feature of these frameworks is that uncertainty is a main component of risk. Risk science literature and recognized societies and organizations have actively promoted these frameworks and definitions. Nonetheless, applied risk analysis and management is characterized by all types of definitions and understandings of risk, many that go back to conventions made several decades ago. It can be argued that there is a considerable gap between contemporary risk science knowledge and the practice of risk analysis and risk management in these areas. This paper discusses why we have this gap, why it is important to close it and how this can be achieved. A main goal of the paper is to refute the claim that the gap is due to a disconnection between risk science and the application of risk science.
Probabilistic assessment aimed at the evaluation of escalating scenarios in process facilities combining safety and security barriers
2022, Reliability Engineering and System Safety
Citation Excerpt :
As reported in literature, such numbers would be affected by epistemic uncertainty due to the impossibility of obtaining some information or clearly shaping dependencies [57]. Nevertheless, according to Aven [61], the field of security should not do without expert judgments. Based on such considerations, the present work relies on performance data for PPSs derived from expert elicitation and used for the quantification.
Over the last twenty years, physical security threats to chemical and process facilities became more and more relevant all around the world. Intentional attacks have the potential to trigger severe escalation scenarios. However, in literature there is not a comprehensive and consolidated approach to account for the effect of physical protection systems (PPSs) in the framework of conventional process safety analysis and to consider their contribution with the prevention and mitigation actions of safety barriers. Therefore, the aim of the present work is to develop a probabilistic study dedicated to chemical and process facilities accounting for the combined contribution of safety barriers and PPSs in the prevention of cascading events triggered by security attacks. The quantitative performance of PPSs was characterized in terms of availably and effectiveness, building a specific data repository. The performance data obtained were included into event trees, in which safety barriers were implemented. The analysis of an industrial case study demonstrated the potentially of the methodology in analysing complex escalation scenarios, identifying the critical PPS elements and, at the same time, showing the critical role of safety barriers in protecting against scenarios triggered by security attacks.
Vulnerability assessment of chemical facilities to intentional attacks based on Bayesian Network
2018, Reliability Engineering and System Safety
Citation Excerpt :
In this study, the objective of carrying out the performance assessment of physical protection systems adopted to secure process industry is met through the conduction of an expert judgment exercise, which involved security managers of companies, security consultants, sites managers and safety managers having specific security expertise and responsibilities. It is worth mentioning that the expert elicitation of performance data may be a sound support to the present subjective probabilistic assessment based on knowledge judgment, that is a key element to strengthen the implementation of probabilistic assessment into security risk studies [38]. The elicitation of query variables selected in [65] was sufficient to quantify all network modules concerning PPS adopted herein; in fact, it concerned:
Chemical facilities may be targets of deliberate acts of interference triggering major accidents (fires, explosion, toxic dispersions) in process and storage units. Standard methodologies for vulnerability assessment are based on qualitative or semi-quantitative tools, currently not tailored for this type of facilities and not accounting for the role of physical protection systems. In the present study, a quantitative approach to the probabilistic assessment of vulnerability to external attacks is presented, based on the application of a dedicated Bayesian Network (BN). BN allowed the representation of interactions among attack impact vectors and resistance of process units, which determine the final outcomes of an attack. A specific assessment of protection systems, based on experts’ elicitation of performance data, allowed providing a knowledge support to the evaluation of probabilities. The application to an industrial case study allowed the assessment of the potentialities of the approach, which may support both the evaluation of the vulnerability of a given facility, and the performance assessment of the security physical protection system in place.
Issues for security risk assessment in the process industries
2017, Journal of Loss Prevention in the Process Industries
The safety risks of accidents in process plants usually are managed with some form of risk assessment. Similarly, the security risks of malevents, that is deliberate actions to cause harm, also are managed with risk assessment. However, security risks differ in various ways from safety risks and security risk assessment poses special challenges. Current methods for security risk assessment in the process industries use approaches that are seriously flawed. This includes methods incorporated into several industry standards that employ risk scoring methods such as risk matrices. Issues that affect security risk assessment are identified and discussed in this article in order to provide a set of criteria that can be used to judge the adequacy of security risk assessment methods. A number of recommendations are made to address the issues and several questions are posed for future study.
Moving beyond probabilities – Strength of knowledge characterisations applied to security
2017, Reliability Engineering and System Safety
Citation Excerpt :
The validity of the risk analysis results is hence conditional on these assumptions holding true. Aven [4] gives some examples of assumptions in a security setting, including: It is assumed that a specific actor has the capacity to carry out an attack.
Many security experts avoid the concept of probability when assessing risk and vulnerabilities. Their main argument is that meaningful probabilities cannot be determined and they are consequently not useful for decision-making and security management. However, to give priority to some measures and not others, the likelihood dimension needs to be addressed in some way; the question is how. One approach receiving attention recently is to add strength of knowledge judgements to the probabilities and probability intervals generated. The judgements provide a qualitative labelling of how strong the knowledge supporting the probability assignments is. Criteria for such labelling have been developed, but not for a security setting. The purpose of this paper is to develop such criteria specific to security applications and, using some examples, to demonstrate their suitability.
Risk assessment and risk management: Review of recent advances on their foundation
2016, European Journal of Operational Research
Citation Excerpt :
There seems to be a huge potential for significant improvements in the way security is assessed by developing frameworks that integrate the standard security approaches and ways of assessing and treating uncertainty. The paper by Aven (2013c) provides an example of a work in this direction. Societal risk decision-making is more and more challenging—it is characterised by many and diverse stakeholders.
Risk assessment and management was established as a scientific field some 30–40 years ago. Principles and methods were developed for how to conceptualise, assess and manage risk. These principles and methods still represent to a large extent the foundation of this field today, but many advances have been made, linked to both the theoretical platform and practical models and procedures. The purpose of the present invited paper is to perform a review of these advances, with a special focus on the fundamental ideas and thinking on which these are based. We have looked for trends in perspectives and approaches, and we also reflect on where further development of the risk field is needed and should be encouraged. The paper is written for readers with different types of background, not only for experts on risk.

View all citing articles on Scopus

View full text

Probabilities and background knowledge as a tool to reflect uncertainties in relation to intentional acts

Abstract

Introduction

Section snippets

Fundamental ideas and definitions related to probability

Discussion of the meaning and use of probabilities in a security context using some examples

Conclusions

Reliability Engineering and System Safety

Reliability Engineering and System Safety

Safety Science

A new way of thinking about risk which draws on the concept of mindfulness and ideas from the quality discourse

Reliability Engineering and System Safety

How probabilistic risk assessment can mislead terrorism risk analysts

Risk Analysis

Representation, propagation and decision issues in risk analysis under incomplete probabilistic information

Risk Analysis

Expressing and communicating uncertainty in relation to quantitative risk analysis (QRA)

Reliability and Risk Analysis: Theory and Applications