1 decision theory and risk analysis: some organising questions david rios insua jesus rios risk...
TRANSCRIPT
1
Decision Theory and Risk Analysis: Some organising
questions
David Rios Insua Jesus Rios
Risk Analysis, Extreme Event and Decision Theory Program, SAMSI
Stats and OR, U. Rey Juan Carlos Interneg, Concordia U.
Durham NC, September ‘07
2
Outline
Background
Risk analysis: framework
Adversarial risk analysis: several approaches
Final questions
3
Background: Risk analysis
1. Risk assessment. Information on the extent and characteristics of risk attributed to a hazard.
2. Risk management. Activities undertaken to control the hazard
3. Risk communication. Exchange of info and opinion concerning risk and risk-related factors among risk assessors, risk managers and other interested parties.
4
Background: Our interest in RA
Interest in risk management in project management driven by auctions
Interest in negotiation analysis in political decision making
5
Background:Risk: challenges in a complex world
Sao Paulo airport accidentPopulation has increased: facilities previously remote, now close to lots of
population
Chinese toysUse of toxic or potentially toxic materials increased, genetically modified
organisms
Climate change Public much more aware of hazards posed to humans
Estonian hacker attackNeed to protect critical infrastructures to assure continuity of a nation.
Interconnected international infrastructures
EU Water directivesGovernment agencies tend to involve the public, multiplicity of stakeholdersAwareness about equity with respect to risks
…..
6
Back: Risk mgt in project mgt Standard practice 1Increase costs by a default 25%. If very uncertain,
further add 5%…Risk management is current top priority for top
executives
Standard practice 2For each incurred cost: provide minimum, most
likely, maximum. Fit triangular distributions. Simulate.
7
Background: risk mgt in ICT Singpurwalla (2006)
… they often do a credible job analyzing the causes of software failure, but then quantify their uncertainties using a myriad of analytical techniques, many of them ad hoc. This has caused concern about the state-of-the-art of software risk assessment…
www.enisa.europa.eu/rmra/rm_ra_tools.html
(2007) Putting numbers on such risks may be at best dubious and at worse will only result in spurious accuracy
Probabilities (ordinal scale)1 zero, 2 very low,…., 6 very high, 7 certain
Impact (ordinal scale)1 none, 2 small, 3 large, 4 catastrophic
Comparison with current system1 additional, 2 increased, 3 neutral, 4 decreased, 5 eliminated
8
Background: Many criteria, guiding principles, some unformalised
Many methods for assessing (eg Covello, Merkhofer, 93) and expressing (eg Stern, Fineburg 96)
Value at RiskMaximum loss over a target horizon such that there is a low,
prespecified probability (defined as the confidence level) that the actual loss will be larger
As Low as Reasonably Practicable/Achievable
Ideal and Upper Limits to probability of death as a result of operation of a system
9
Question 1
Many unformalised criteria, very different in various fields.
Could we unify them through decision theory, decision analysis?
10
A framework for risk analysis/mgt: starting assumptions
Firstly informed by project management, auctions. Later by counterterrorism
Only interested in (project) cost, initially
An existing project design, initially
Only another participant (if any)
Aim. Maximise expected utility (most times)
11
Risk analysis and mgt. framework (Single DM)
Forecast costs under normal circumstances
Identify hazard events, estimate probabilities and impacts on costs (additional induced costs)
Forecast costs (a “mixture” model). Compute expected utility
Identify interventions, estimate impact on probabilities and/or costs.
Compute expected utilities. Choose best intervention
12
Basic setting
Design given (no interventions, status quo)
13
Question 2. Uncertainty in costs??
SAMSI RA-EV-DT pageTo a significant extent costs are not treated as random
RAND, 2006. Better methods for analyzing Cost Uncertainty can improve acquisition decisionmaking
OSD have historically underestimated the cost of buying new
weapon systems Davey (2000)Preventing project escalation costs
Garvey (2000) Probability Methods for Cost Uncertainty Analysis
14
Question 2. Uncertainty in costs??
Model (Palomo, RI, Ruggeri, 2008)
Impact of future technological Advances (Harville, Yaschin, 2007)
15
Basic setting
Design given
Including choice of design
16
Risk assessement
Impact of risks:
Expected utility after risk assessed:
Likelihood and impact of identified hazards:
17
Question 3? Modeling hazards: Risk assessment
Extreme event models
As in Palomo, Rios Insua, Ruggeri (2007) K potentially disruptive events+nothing
happens. “Beta binomial” for their probabilities q Independent case Beta marginals+Deterministic constraints Copulas Limiting interactions (Dirichlet-multinomial)
Gravity (Additional cost). (max, min, mode) Beta
18
Risk management Intervention to be chosen:
Gain through managed risk:
19
Adversarial risks
Other intelligent participants Auctions for large projects, Counterterrorism, Regulators,
…
Their actions influence my risks
My actions influence their risks
Some nodes might be shared…
Possibly conflicting interests, but possibly cooperating,…
20
Adversarial risks: Just me
21
Adversarial risks: Me and other
22
Adversarial risks: Modelling 3
23
Adversarial risks. Solving 1 Game Theoretic approach
Forecast costs and model preferences for me Forecast costs under normal circumstances It. under abnormal circumstances (RA) Model preferences
Estimate costs and preferences for others
Solve problem (Nash equilibrium??)
Summarise solutions
24
Adversarial risks. Solving 2 Game Theoretic approach
Computing best responses Computing my best intervention
given…
Computing my best strategy given…
25
Adversarial risks. Solving 3 Game Theoretic approach
Iterative elimination of dominated actions
Mainly used in discrete settings but SEF
Sample policies, Evaluate policies, Filter dominated ones
May be used to focus attention on interesting policies
26
Adversarial risks. Solving 4 Game Theoretic approach
Nash equilibrium
27
Adversarial risks. Solving 5 Game Theoretic approach
Nash equilibrium (Auctions with risk I)
Decision to be made: bid
If winner, win bid-costs (once costs realised)
If not, win 0
28
Adversarial risks. Solving 5 bis Game Theoretic approach
Nash equilibrium (Auctions with risk II)
29
Adversarial risks. Solving 5 tris Game Theoretic approach
Nash equilibrium (Auctions with risk III)
Under certain technical general conditions, if all participants are constant risk averse, there is a unique equilibrium
Palomo, Rios Insua, Ruggeri (2008)….
30
Adversarial risks. Questions 4,5,6… Game Theoretic approach
Compute equilibria in influence diagrams,Common and uncommon structures (Koller and Milsch,
2003; Rios and Rios Insua, 2008;…)
Compute equilibria for various types of utility functions
Summarise solutions
Efficient implementations of SEF
Role of MCMC (Augmented probability simulation)
….
31
Adversarial risks. Solving 6 Game Theoretic approach
Critics to game theoretic approach Full and common knowledge of the game by the
players… FOTE, FOTID
Simultaneous decision making… What if not unique… Social dilemmas
Implementation of security initiatives in international networks requires contribution of all members
each member is better off if he defects and the rest contribute
But if everyone defects the result is worse than if they would cooperate
Cooperation incentives Disclose free rider identities, reward for cooperation,
punishment for defect,.. Equilibria are not tools for giving partisan advise
32
Adversarial risks: Bayesian approach
An symmetrically prescriptive/descriptive approach to negotiation analysis (Raiffa, Kadane, Larkey,…) Prescriptive advice to one party conditional on a
(probabilistic) description of how others will behave
Based on MABOO analysis from auctions Estimate
Probabilities of the other’s uncertain costsThink about how the other would assess these probabilities
Preferences of the other over his costs Treat the other participant decisions as uncertain
Assess probabilities over the others’ decision actions Choose strategy that maximises my expected utility
33
Adversarial risks: Bayesian approach
34
Question 7
How to assess the probability of other participant’s actions, e.g.
Sensitivity/Robustness analysis
35
Adversarial risks. A negotiation approach
Even in disputed settings, negotiate Terrorism, example of Spain
Until a few months ago, government negotiating with Basque terrorist organisation; the opposition party strongly against it. Now, at least in public, no negotiations.
Auctions, temporary unions of (competing) enterprises
Cooperation between France and Spain against terrorism
Negotiation: a decision making process in which two or more parts communicate and exchange ideas, arguments and offers to satisfy their needs and achieve their objectives educating and informing their rivals, possibly modifying their relations and making concessions to reach an agreement
(Concessions, Joint gains, Pareto frontier exploration)
36
Adversarial risks: How to reach a solution? Balanced increment method
Bliss point, Kalai-Smorodinsky solution
37
Adversarial risks: Negotiations with BIM, first steps
Desirable properties of a negotiated solution: Feasibility Efficiency Fairness
Discreteness
Rios, Kim,Rios Insua (2007)
UTILITY SPACE
38
Questions
BIM and other methods like BCM? How do they compare
Computational implementations in specific structures like influence diagrams
Role of MCMC (augmented probability simulation)
…
39
Negotiations for adversarial risks. Intervention portfolios
Security system FMEA
Critical event (successful terrorist attack): E Failure modes: Logical relations between them, e.g. Adversarial agent 's (terrorists) possible actions: Elicit probabilities of failure modes given adversarial
actions
and probabilities of each adversarial action
40
Negotiations for adversarial risks. Intervention portfolios
Compute probability of critical event under the logical model
(ind)
Is it below an acceptable bound,
41
Questions Probability elicitations
Include consequences (not just successful attack)
Formalise through DT
Assess acceptable level
Should we consider values form experts, public, stakeholders?
42
Negotiations for adversarial risks. Intervention portfolios
If not acceptable Propose interventions
improving failure mode occurrence
Interventions entail limited resource consumption (money, human resources, …)
C: maximum amount of money that can be spent H: human resources R: other limited resources
Each proposal needs ci euros hi people working on it ri units of other limited resources
43
Negotiations for adversarial risks. Intervention portfolios
If proposal i is implemented
Choosing a portfolio of interventions to improve system security affordable under limited resources
44
Negotiations for adversarial risks. Intervention portfolios
Portfolio of intervention proposals
A feasible portfolio F should satisfy
Select feasible portfolio of proposals which minimise failure probability p(E|F)?
45
Negotiations for adversarial risks. Intervention portfolios
Assessment of P(E|F) probabilities of adversarial actions (may be influenced
by F)
probabilities of failure modes when F is implemented
46
Negotiations for adversarial risks. Intervention portfolios
P(E|F) under the previous logical model ( ) ind
Optimization problem
Is p* below acceptable bounds,
47
Questions
Effective reassessment of probabilities
Computation of objective function (when dependencies arise)
Efficient solution of problem
Other formulations Minimise costs for acceptable solution
48
Negotiations for adversarial risks. Intervention portfolios
If optimal portfolio of interventions not acceptable? Acceptable failure risk as a constraint
Nondominated (infeasible) portfolios: P.F.(c,h,r) How to select a unique F* such that
Multiobjective optimization:
Goal programming: Goal G:= (C,H,R)
Look for a point x := (c; h; r) such that
49
Question
Acceptable but infeasible interventions F.P.(c,h,r) & F* can be used as preparation for a negotiation with somebody for additional resources
How to conduct such negotiations? Add new issues and trade them for necessary resources Logrolling
50
Negotiations for adversarial risks. Risk sharing negotiations
Terrorism as an international problem Uncertainty about which countries are targets of terrorism
Responses to terrorist attacks (ex-post antiterrorist actions) requires resources that not all countries have
This leads to international antiterrorist cooperation
How to negotiate a priori a contingent ex-post antiterrorist response?
Sharing risks & resources
51
Negotiations for adversarial risks. Risk sharing negotiaitions
Participants Governments of two negotiating countries (G and G’ ) Terrorists (T)
T's possible actions:
Resources needed to respond to : x*
G and G’ negotiate who contributes with how much resources
Contribution of G : x Contribution of G’ : x’
Negotiators’ bottom line Limited resources of G: R
x < R Limited resources of G’: R’
x’ < R’
x + x’ >= x*
52
Negotiations for adversarial risks. Risk sharing negotiations
Set resource contributions depend on what T will do
Probabilistic assessments over Viewpoint of G :
Viewpoint of G’ :
A contingent contract specifies each one’s contribution per
53
Negotiations for adversarial risks. Risk sharing negotiations
G and G’ agree on the contingent contract
Analysis of joint gain opportunities FOTE or FOTID Is agreement Q a dominated contract?
G: G’:
54
Negotiations for adversarial risks. Risk sharing negotiations
R
R’
x
x’Q
G
G’
min
mi
n
Joint gains
Bliss point
55
Questions
Securing insecure agreements Is agreement Q secure? Convert agreement Q in a Nash equilibrium
Do we implement BIM or BCM or …
56
Some final questions Public involvement in risk analysis is increasing
Producing better decisions and outcomes Changing the manner in which decisions are made or deliberations are
conducted Better information, better communication, increased confidence in institutions,
…
More costs, Delayed processes
Deliberative polls Referenda Workshops Negotiated rule making …
How to rationally support public involvement? E-democracy, E-participation
Gregory, Fischoff, Mac Daniels (2005), Rios Insua, Kersten, Rios (2007)
Risk communication
What if not only cost??
57
IT COULD BE A FUN AT RISK YEAR AT SAMSI !!!!