Modeling Terrorist Attack Cycles as a Stochastic Process: Analyzing Chemical, Biological, Radiological, and Nuclear (CBRN) Incidents

Abstract

To further the research agenda on chemical, biological, radiological, and nuclear (CBRN) attacks, we present a novel methodology for modeling a CBRN terrorist attack cycle as a stochastic process. With this model, we can investigate the following questions: Given an adversary’s intent to pursue unconventional weapons, what agents do different perpetrator types pursue? What is the likelihood of a CBRN adversary acquiring or deploying a weapon? At what stage is an adversary most likely to abort their planned attack or be interdicted by law enforcement? Our model successfully identifies correlations between perpetrator type, weapon type, and outcome.

Keywords:

• CBRN terrorism
• attack cycle
• stochastic process modeling
• WMD terrorism
• terrorist weapon selection

Correction Statement

This article has been republished with minor changes. These changes do not impact the academic content of the article.

Acknowledgments

The authors would like to thank Gary Ackerman, Burcu Pinar Alakoc, Leonid Koralov, and Ayushi Saxena for their invaluable contributions to this research, as well as the anonymous reviewers. The authors are solely responsible for any errors.

Notes

1 We use the term “weapon” here to describe the final deployed object for the attack, which could be only the agent, or the agent mated to a delivery mechanism. In some cases, there is no delivery mechanism needed. For example, an adversary could pursue a radiological weapon and, for their attack, decide to leave cesium-137 salts in a public area to spread radiation to an unsuspecting public.

2 The majority of CBRN attack models include a distinct stage for target selection; however, we include this in Plot to reflect the language of the dataset we used to build the model.

3 While there are examples of adversaries pursuing multiple types of CBRN weapons concurrently, for simplicity, our model assumes that an adversary will only pursue one CBRN agent at a time. We address this issue in the section on variable mapping.

4 According to the POICN codebook, “the completed weapon may be quite crude, such as radioactive material the perpetrator plans to leave in a building, as long as there is evidence the perpetrator intends to use the weapon in this crude form” (National Consortium for the Study of Terrorism and Responses to Terrorism (START), 2017, p. 28).

5 In POICN, there are also cases coded as “Threat with Possession of Weapon.” In our attack cycle and subsequent variable mapping, we do not consider this to be a stage because this coding includes cases in which the adversary has no intent to attempt to use a weapon (e.g., a terrorist group who develops a weapon for the purpose of using the threat of deployment as leverage).

6 For more information on the POICN database and the inclusion criteria, see Binder and Ackerman (2019). It is important to remember that the sample of cases we utilize for our model only include CBRN adversaries. We intentionally select this sample for our model, and our findings should not be extrapolated beyond CBRN adversaries.

7 We explain each subsequent recoding when discussing the specific variables.

8 We derive $\mathit{Prog}(x)$ from the POICN variable EVENT_TYPE, which is listed as a categorical variable because an event type can be coded as “Unknown.” Additionally, EVENT_TYPE includes values coded as “Threat with Possession of Weapon.” We recode these cases as “Weaponize Agent” because an adversary who possesses a weapon and threatens to use it has already weaponized a CBRN agent but has not yet attempted to use the weapon. Since not all adversaries may threaten to use a weapon before attempting to use it, these cases are not generalizable for an attack cycle.

9 The notation ⋛ denotes the possibility that the relationship can be “equal to,” “greater than or equal to,” or “less than or equal to” depending on the variables of interest.

10 We amended the definitions in Table 1 for clarity. See the POICN codebook for full definitions.

11 While criminal organization is included as an option, no event in POICN has its perpetrator coded as a criminal organization. Thus, we exclude this type from Table 2 and recode the values of the perpetrator variable to omit criminal organizations.

12 The indicator function is defined such that $1_{{\mathbb{A}}_j}(x)=\{\begin{array}{cc}1& x\in {\mathbb{A}}_j\\ 0& x\hspace{0.17em}\notin \hspace{0.17em}{\mathbb{A}}_j\end{array}$

13 While we choose to use 50, other researchers may opt to use other values for their $a$ and $b$ terms depending upon their simulation. Since the values for $a$ and $b$ determine the ratio of weighting in a given simulation between events with the desired characteristic and events without the characteristic, researchers may choose to change the ratio to weight one set of events more heavily than the other.

14 The Aum Shinrikyo event refers to the incident in 1995 when five Aum Shinrikyo members released sarin on subway trains in Tokyo, Japan. The Amerithrax event refers to the incident in 2001 when Bruce E. Ivins allegedly mailed four letters containing anthrax spores to the offices of four major news stations in New York City.

15 517 total events – 43 cult events = 474 non-cult events.

16 All weights reported in the table have been rounded to four significant figures. The term $w(x)$ is the weight of an event assuming perpetrator type aligns with the simulated type, and $w(x),x\hspace{0.17em}\notin \hspace{0.17em}\mathbb{A}$ is the weight of an event assuming perpetrator type does not align with the simulated type.

17 This corresponds to the POICN variable NOPROGRESSION.

18 In POICN, the NOPROGRESSION variable includes a value coded as 0 = Attempted Use or Use of Agent. Since this is already mapped using the plot progression variable, there is no state to map these values to. Additionally, the variable includes a value for “Failure to Achieve a Viable Weapon.” We recode this value as “Abandonment of Plot.” We recode these values because an adversary who could not produce a viable CBRN weapon was neither interdicted by law enforcement nor able to continue their plot. Thus, an adversary who failed to achieve a weapon is forced to abandon their plot.

19 The weighting and simulations were coded by the authors in Python using the following libraries: pandas, NumPy, matplotlib, and tqdm.

20 It is worth noting that these sum to less than 100. This arises because we do not show the percentage of simulations where an adversary does not reach the weapon selection stage. These results are in Table 4.

21 While the sum of these values is close to $100\%,$ they do not sum to exactly $100\%$ because the table does not include the percentage of times that an adversary returns to the same stage during simulations. Additionally, the success percentages in Table 6 slightly differ from those in Table 5 because simulations provide different results in Table 5 than the probabilities used to create Table 6. While the simulations converge on the probabilities, every simulation will yield slightly different results. Our substantive findings remain consistent in both results.

Additional information

Funding

This research was partially funded by the Defense Advanced Research Projects Agency through award W911NF-14-1-0178.