Threats Analysis and Security Analysis for Critical Infrastructures: Risk Analysis Vs. Game Theory

The last twenty years have brought numerous enhancements in technologies for Critical Infrastructure Protection, but risk assessment still represents a significant challenge to be addressed, as threats strongly depend on human action. This paper presents a novel model for addressing threats and security analysis, based on fundamental concepts of Game theory, basing it only from intelligent and rational decisionmakers, without any other definition. The framework aims to identify preferred strategies of the attacker's action and to measure the propensity to perpetrate an attack. Assessment begins with the analysis of experiences (developed through processing of the cases collected in the Global Terrorism Database and the study of propaganda materials of terrorist organizations) and proceeds through the identification of clusters of attacker strategies. The purpose of the paper is to reach the definition of the utility function of the attacker, including indicators of the expected damage due to the specific threat and of the deterrent strategies adopted by the defender using, as a case study, a free access area of Rome-Fiumicino international airport, Italy.