A Bayesian Game Approach to Insider Threats to Nuclear Security

With the Safety-Security-Safeguards (3S) interface emerging as a critical juncture in the assurance of nuclear security, increasing effort has been made to understand the nature of and ensure effective management of insider threats to nuclear security. Unlike a nuclear accident or failure due to non-human causes that can be easily modeled within the Probabilistic Risk Assessment (PRA) framework, insider threats pose a unique challenge to the 3S interface as they involve strategic interactions between human agents that are not accounted for sufficiently in the existing framework. This study proposes a Bayesian game-theoretic model for the strategic interaction underlying an insider threat to a nuclear facility. While various types of games have been applied to strategic situations germane to critical infrastructures, most of them remain static in the sense that they do not capture the process of information update characteristic of a sequential deployment of actions under uncertainty. In this study, we develop a Bayesian game model that captures a key feature of insider threat – asymmetric information between a defender and an insider – separating, partially pooling/separating, and pooling – by incorporating Bayesian belief updates and comparing payoffs from equilibrium and deviations strategies. We demonstrate three types of equilibria with corresponding belief sets and further illustrate the scope of a defensive measure as a function of information asymmetry between the defender and the insider.