Identification of Protective Actions to Reduce the Vulnerability of Safety-Critical Systems to Malevolent Intentional Acts: An Optimization-Based Decision-Making Approach

An empirical classification model based on the Majority Rule Sorting (MR-Sort) method has been previously proposed by the authors to evaluate the vulnerability of safety-critical systems (in particular, nuclear power plants [NPPs]) with respect to malevolent intentional acts. In this article, the model serves as the basis for an analysis aimed at determining a set of protective actions to be taken (e.g., increasing the number of monitoring devices, reducing the number of accesses to the safety-critical system) in order to effectively reduce the level of vulnerability of the safety-critical systems under consideration. In particular, the problem is here tackled within an optimization framework: the set of protective actions to implement is chosen as the one minimizing the overall level of vulnerability of a group of safety-critical systems. In this context, three different optimization approaches have been explored: (i) one single classification model is built to evaluate and minimize system vulnerability; (ii) an ensemble of compatible classification models, generated by the bootstrap method, is employed to perform a “robust” optimization, taking as reference the “worst-case” scenario over the group of models; (iii) finally, a distribution of classification models, still obtained by bootstrap, is considered to address vulnerability reduction in a “probabilistic” fashion (i.e., by minimizing the “expected” vulnerability of a fleet of systems). The results are presented and compared with reference to a fictitious example considering NPPs as the safety-critical systems of interest.