On Pareto Optimality of Physical Security Concepts Balancing Multiple Protection Objectives

Operators of critical infrastructures are confronted with safeguarding their assets against a wide range of potential threats. Conventional risk analysis include the assessment of scenario likelihoods, but for security risks, these are difficult to estimate. This poses a significant challenge for decision making. In order to configure a physical security system, an approach for decision making considering these uncertainties must be found. As a solution, we propose to specify multiple protection objectives and base the formulation of the decision problem on the fulfillment of these protection objectives as well as security system cost. In our approach, we initially develop relevant scenarios via morphological analysis. Based on these scenarios, we define site-specific protection objectives including minimum requirements and analyze their fulfillment by qualitative or quantitative models, depending on the level of available information. With these models, we search for Pareto-optimal security system configurations regarding protection objectives and costs. We demonstrate our approach using a notional case study on a generic critical infrastructure site. There, the conducted optimization yields a manageable number of optimal configurations. Additionally, the resulting optimal configurations show varying trade-offs between protection objectives, as well as costs. Out of this Pareto-optimal set, a selection may be narrowed by the operator's assessment of appropriateness. In this way, the proposed approach enables operators to identify an optimal security system configuration that is tailored to their specific requirements, thus supporting decision making.

Keywords: Cost-benefit analysis, Physical security, Vulnerability, Critical infrastructure protection, Pareto optimality, Multi-criteria decision-making.