On the Impact of Epistemic Uncertainty in Scenario Likelihood on Security Risk Analysis

Physical protection against deliberate attacks is an essential part of critical infrastructure protection. However, attacks are difficult to predict and evidence is rarely available. A challenge in security analysis is therefore a high degree of complexity and uncertainty regarding the scenarios that may occur, including possible attack sequences. The objective evaluation of physical security requires a sophisticated risk analysis. For an analysis of the security risk, threats must be identified, the effectiveness of security measures must be examined, and possible impacts must be evaluated. The quantification of risk is then subject to aleatoric and epistemic uncertainties. With the approach presented here, we intend to make the influence of uncertainties visible. The approach considers uncertainties regarding threats by a wide range of possible scenarios. In each scenario, uncertainties regarding the effectiveness of security measures are considered in a vulnerability model, taking into account possible attack sequences. The vulnerabilities are then weighted by likelihood of scenario occurrence. In a case study, we investigate the impact of epistemic uncertainties under the assumption of different levels of available information about possible attack scenarios and their likelihoods. The results show that risk quantification differs across scenarios, which would probably have an impact on the design of security measures.

Keywords: Physical security, Scenario analysis, Security risk analysis, Quantitative uncertainty assessment, Vulnerability, Critical infrastructure protection.

Download PDF