Game Theory Sparks Terrorism Risk Modeling; There isn’t enough historical data to help companies keep pace with intelligent adversaries.

December 02, 2013

Game Theory Sparks Terrorism Risk Modeling

There isn’t enough historical data to help companies keep pace with intelligent adversaries.

David M. Katz

This is one of three articles in a special report on new uses of risk analytics and risk modeling. The report takes in an-depth look at how Big Data can provide CFOs with new weapons they can use to combat the risk they fear the most: the unexpected.

By factoring in the Economic Cost of Risk, CFOs can capture the ups and downs of their companies’ perils. Traditional metrics can help CFO get a firmer grasp of past or frequent events. But for future perils, risk modeling may be the way to go.Thirteen years after the attacks on the World Trade Center and the Pentagon, one thing has become clear about the challenges of modeling and analyzing terrorism risk: at the core of the peril is the intelligence of an adversary who can decide where and when to strike and have counter-moves for every move you make.

Prior to 9/11, the mathematical science of risk modeling, particularly as it applied to the perils corporations might expect, was based on the data provided by Mother Nature, a much less intelligent actor.  “We understand wind storms, we understand surf.  We understand that they’re pretty particular.  They like the coast,” says Richard Rabs, vice president of insurance and risk at Veolia Environnement North America, a water, waste and energy management company.

“But terrorism doesn’t have any of those types of things.  We can make some assumptions, but we just don’t have the data,” he adds.

The data that any one corporation might be privy to about its terror exposures comprises a sample that’s too narrow to allow for charting out probabilities — and much less manage the risks on the basis of those assumptions, according to Rabs.

Yet narrow as the sample may be, it’s dense with different kinds of data. Terrorist acts that can hurt a company’s employees, operations and financial structure, for example, can be directly aimed at individual companies or hit them indirectly, mistakenly or as a component of a broader target. The attackers can be based domestically or in a foreign country. Their weapons can range from computer viruses to stolen planes to chemicals to nuclear, biological or radiological devices. And so on.

“I don’t think the average risk manager does a lot with terror risk modeling,” Rabs says. “Not because we don’t care about it, but because, at least in my case, we’re not 100 percent convinced that there’s really a good model out there.”

It’s a different story, of course, for the property-casualty insurance industry, which can analyze the probabilities of a strike based on the data culled from client portfolios. Compared to information about natural-catastrophe risks, however, those portfolios provide a dearth of data about terrorism risk, simply because collecting it has seemed a priority for only a dozen years.

In short, terrorist catastrophes remain “black swan” events, devastating outliers that seem predictable only in retrospect. Even for the insurance industry, the brevity of modern terrorism risk has made drawing generalizations about it a fool’s game. “Given the paucity of historical data and diversity and shifting nature of expert opinions, catastrophe models used to estimate terrorism risk are relatively undeveloped compared to those used to assess natural hazard risks,” said Robert Hartwig, president and economist of the Insurance Information Industry, in testimony prepared for a U.S. House subcommittee hearing a few weeks ago. “The bottom line is that estimating the frequency of terror attacks with any degree of accuracy … is extraordinarily challenging, if not impossible in many circumstances.”

Given that figuring out the probability of an attack based on the available data is currently so difficult, how can a particular CFO gain a more precise basis for managing the risks of an attack on his or her corporation?

To be sure, probability — estimating the frequency of an event by comparing different sets of data — is still very much in use. But a consensus for a more eclectic and dynamic approach to modeling terrorism risk appears to be emerging.

Using such an approach, probabilities can be built into computer-simulation models, enabling risk analysts to determine the likelihood that terrorists will act in certain ways given certain scenarios.

Yet no matter how up-to-the minute and precise terrorism risk models are, terrorists are notorious for acting in unexpected ways. To anticipate those ways, companies are increasingly relying on game theory, under the notion that by hunting down villains in hypothetical situations, you might be able to unearth the unexpected.

The Desire of al-Qaeda
From the very beginning of terrorism risk modeling, analysts knew that a different game was afoot than that of trying to assess the likelihood of an earthquake or a tornado. Barely more than a year after the 9/11 attacks, Gordon Woo, a mathematician with Risk Management Solutions who had just created RMS’s first terrorism risk model, was declaring that a “traditional probabilistic approach, such as used for modeling natural catastrophes, is simply not up to the challenge” of quantifying terrorism risks.

In introducing the model in 2002 (two other such firms, AIR Worldwide and EQECAT also introduced models that year), Woo said he used game theory in developing it. “Game Theory helps us model the implications of the complex dynamics between… conflicting factors,” he said at a seminar then. “On one hand, we have al-Qaeda’s desire to maximize the utility of their attacks, and on the other hand, we have to consider their rational response to stepped-up security and counter-intelligence efforts and the constraints of their technological and logistical capacities.”

While such models enabled companies to zero in on protecting what are now called “trophy targets” — highly visible, highly valuable corporate assets like the Sears Tower in Chicago — they did not yet focus on analyzing the actions of terrorists in response to counter-terrorism.

In the intervening years, however, counter-terrorism has outstripped terrorism by a considerable margin, according to Woo. Testifying in September before the House Financial Services Committee, he could say that terrorism risk has become “as much about counter-terrorism action as about terrorists themselves. U.S. terrorism insurance is essentially insurance against the failure of counter-terrorism.”

While many terrorist plots are still being developed, “the vast majority are interdicted through the diligence of western intelligence and law enforcement agencies. Mass surveillance of communication links, and the intrusion of intelligence moles, elevate[s] the likelihood of plot interdiction with plot size,” Woo said.

The reasoning is that the larger the terrorist cell, the more likely it is that information will leak out about it to the authorities. RMS estimates that a plot involving as many as 10 would-be terrorists has only a 5 percent chance of not being caught. “With the intensive global surveillance conducted today by Western intelligence agencies, a plot involving as many as 19 hijackers or bombers would have only a minimal chance of eluding their attention,” Woo testified.

But if the balance of power has shifted to counter-terrorism, the chances are good that terrorists will adjust to that, too. To model the risk under current circumstances and be able predict the likelihood of attacks, government and private-sector analysts are increasingly relying on computer simulations and games, according to Barry Ezell, an associate professor of research at the Virginia Modeling, Analysis and Simulation Centerat Old Dominion University.

To explain how such a game-theory application might work, Ezell supplies the example of running a seaport. Such an operation could have many activities running simultaneously: ships, trains and other modes of transport arriving, unloading and loading cargo, and departing.

“You can create that environment in a simulated world,” Ezell says, noting that data generated for all those different activities can be used to simulate the operations of the port. “And then you can inject the effects of different terrorism scenarios into that simulation, and look at the consequences to your port operations.”

At that point, the game player (perhaps in the guise of a “blue team” playing against a terrorist “red team”) can introduce various security measures aimed at averting terrorism. Then the player would rerun the scenarios to see how each security measure “drives down the consequences” of the terrorist plot, according to Ezell.

By playing such games, he adds, “you can discover some black swan events that you would have never learned using other approaches.”

About bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (, the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

One Response to Game Theory Sparks Terrorism Risk Modeling; There isn’t enough historical data to help companies keep pace with intelligent adversaries.

  1. Terrorism is a game. The most important is not finding who is the winner and the loser but how to play the game properly. Indeed, it’s the first enemy in human history because it’s more open to recruit new members that already doing brain-washing. Terrorists are attracting innocent people to be a bomber with a promise to go to heaven when they are successful to execute the terrorists command. It’s very ridiculous because how can the ideology is true instead of many people die because of it.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: