Quantifying the Security of Physical Facilities: A Game Theoretic Framework

We develop a framework for quantifying the security of physical facilities-airports, government or industrial-and for evaluating their performance. We abstract the contest between the attackers and the defense as a game with two sides: N-levels of security on one side and M coordinated attackers on the other. The different security systems in place, such as walk-in metal detectors or X-ray machines, or even human personnel are described by their detection rates and false alarm rates for objects inspected by them. We assume that the M attackers share all of their knowledge through perfect communication. Under these conditions we derive the optimal strategies for both the security system and the criminals for static detection thresholds of the security devices; under conditions of randomization of the detection thresholds; and for certain kinds of feedback when an attacker is caught. Our results show that current security levels can be maintained at significantly lower personnel costs (up to 50%) or equivalently, the potential for attaining much higher throughput (up to 200%) without any changes to hardware, and with little change to personnel training.