Decision Analysis Methods For the Analysis of Nuclear Terrorism Threats with Imperfect Information

Protection of commercial nuclear fuel cycles against adversary groups who may attempt to steal weapons-usable material is an issue of interest to the U.S. Department of Energy, Office of Nuclear Energy. The wide array of potential nuclear fuel cycle configurations and the security measures that could be deployed to protect them pose a daunting system design problem. In general, there are billions of potential design configurations. Moreover, the design choices are not independent – the effectiveness of one design feature or security measure can affect the desirability of other design choices. To explore this issue, we develop a mixed-integer optimization problem that solves a complex decision tree to allocate security resources across a commercial nuclear fuel cycle configuration. A nominal UREX+ reprocessing facility is used to demonstrate how the model allocates resources across a particular fuel cycle facility and shows how the problem can be scaled up to include other facilities and design features in the fuel cycle. In our model, the defender first chooses a set of safeguards to implement in order to mitigate the risk of a terrorist theft from various unit operations in the reprocessing facility. The attacker observes the defender’s strategy choice and executes an attack to acquire material, including the possibility of declining to attack at all. The model considers the terrorist as an intelligent adversary with a set of attack strategies known to the defender. The strategic choices made by both the defender and attacker affect the probability of a successful attack by the terrorist and in turn affect the distribution of consequences to the defender. We use a decision tree to illustrate the interactions among costs, decisions, correlated uncertainties, and outcomes, and then show how to formulate the problem as a mixed-integer program with an equivalent solution. The novel features of our formulation include the following. First, as discussed above, we use a sequential game-theoretic formulation (a Stackelberg game). This formulation assumes the attacker can observe the defender’s actions before the attack is executed. Many previous game-theoretic studies have assumed attacker and defender act simultaneously without knowledge of the other’s strategy choice. We believe the sequential game formulation is more applicable for knowledgeable insider adversaries, the focus of this study. Second, we build on our previous work that has developed a methodology to reflect the correlation among probability distributions represented as discrete chance nodes in a decision tree. We illustrate how this methodology can be applied to two chance nodes in a decision tree that relate the quality of the materials that might be stolen or diverted by an adversary with the yield of a weapon that might be constructed from that material. In a decision tree, the dependence of the yield on the quality of the material could be modeled with conditional probabilities of the weapon yield given the quality of the materials obtained. For three outcome discretizations, this would require the assessment of nine conditional probabilities from domain experts as part of the model building effort. In contrast, our methodology will allow this same representation of the tree based on the assessment of the correlation between these two chance nodes by the experts, which we believe is a much easier and more reliable assessment task. The advantage of this approach increases as the number of dependent chance nodes grows in a decision tree representation of this problem. Third, we extend this approach to the approximation of the dependence between discrete binary events such as success or failure represented by binary chance nodes in a decision tree or in the special case of a probabilistic risk analysis (PRA) based on an event tree. This extension is a novel application in this domain, and uses Monte Carlo simulation to determine the appropriate conditional probabilities on the binary chance nodes when the number of correlated uncertainties is more than two. Fourth, we show how these decision trees or probability trees can be formulated and solved as equivalent integer programming (IP) problems. The advantages of the IP representation include the opportunity to use the computing power associated with powerful optimization solver algorithms available on high speed computers to solve very large versions of these trees, and the ability to include several such models of different facilities into a much larger IP with connecting constraints that represent budget restrictions, number of available inspection opportunities in a given time window, or other dependencies among these facilities. Policy makers can use the resulting model to inform their decisions about how to assess terrorism risk and to safeguard the commercial nuclear fuel cycle.