Ann Oper Res (2011) 187:137–158DOI 10.1007/s10479-009-0665-6

Analytical method to identify the number of containersto inspect at U.S. ports to deter terrorist attacks

Vicki M. Bier · Naraphorn Haphuriwat

Published online: 1 November 2009© Springer Science+Business Media, LLC 2009

Abstract In this paper, we investigate how many containers would need to be screened inorder to deter attackers from attempting to smuggle weapons into a defending country incontainer freight. We hypothesize that with a sufficiently high probability of being detected,attackers might be deterred from smuggling attempts. Thus, our goal is to identify the op-timal proportion of containers to inspect in order to minimize the defender’s expected loss,using game theory to reflect the fact that attackers are simultaneously trying to maximizetheir expected rewards. Moreover, our model recognizes that the container-screening pol-icy must simultaneously protect against different types of threats (such as nuclear bombs,dirty bombs, and assault rifles). Finally, our model also suggests that threatening to retaliateagainst attacks may be beneficial to defenders, as long as the threat is credible.

Keywords Port security · Cargo screening · Game theory · Deterrence · Decision analysis ·Smuggling of weapons

1 Introduction

Ever since the terrorist attacks on September 11, 2001, the U.S. government has been work-ing to protect the country against terrorism. Container security has become a particular con-cern, to prevent terrorists from smuggling weapons (including weapons of mass destruction)into the U.S. In addition, a shutdown at a major port would be costly to the U.S. economy;for example, the Federal Bureau of Investigation claims that “a month-long shutdown of amajor port due to a terrorist act could cost the economy as much as $60 billion” (WaltersIII 2006) (see also Gordon 2005). Flynn and Kirkpatrick (2003) therefore testify that trade

V.M. Bier · N. Haphuriwat (�)University of Wisconsin-Madison, 3237 Mechanical Engineering Building, 1513 University Avenue,Madison, WI 53706, USAe-mail: nhaphuriwat@wisc.edu

V.M. Biere-mail: bier@engr.wisc.edu

138 Ann Oper Res (2011) 187:137–158

security should be a “global priority,” and observe that the system of transporting goods is“vulnerable to mass disruption by terrorists.”

Bjorkholm (2003) presents current inspection techniques to detect nuclear weapons andradiological dispersal devices. In particular, passive detection can detect gamma and/or neu-tron radiation from either inside or outside containers. However, this technique generallycannot be used to detect low-level or heavily shielded radiation. By contrast, in active detec-tion, neutrons, gamma rays, or high-energy X-rays are passed through a container to obtainan image of the contents. Bjorkholm claims that high-energy X-ray imaging technology ismore effective, since it is “sensitive to both weapons of mass destruction and radiologicaldispersal devices.” He also claims that 100% inspection is technically feasible.

In principle, the ideal strategy for ensuring security might be to inspect 100% of allcontainers, but the costs of this strategy would likely prove prohibitive. Martonosi et al.(2005) argue that inspecting 100% of all containers is unlikely to be cost effective. Theypoint out that achieving 100% inspection with a sufficiently short turnaround time wouldbe extremely costly, and may not be justified unless the cost of a successful attack is quitehigh. Cirincione et al. (2007) identify five main obstacles to 100% container screening:“poorly defined goals and objectives of 100% screening policies; the lack of 100% screeningtechnology; high costs; logistical difficulties; and the lack of decision-maker support.”

However, technology limitations might not be as significant of a barrier as Cirincione etal. claim. In particular, in 2006, while U.S. ports inspected only 5% of high-risk containers,Hong Kong created a pilot program that inspected 100% of all outbound containers (Brem-ner 2006). Therefore, Representative Markey has argued that “we have the technology toaccomplish 100 percent scanning overseas” (Kimery Report 2007).

Currently, U.S. Customs and Border Protection (CBP) has mandated 100% inspectionin U.S. ports only for containers that are classified as “high risk”; in addition, CBP has an-nounced a policy of 100% scanning at several large overseas ports (Kimery Report 2007).100% container screening has been controversial among both importers and exporters, withretailers claiming that the policy will hinder product transportation, resulting in higher prod-uct prices. Cohen (2006) emphasizes that it is impossible to open every container to look forweapons, and suggests that intelligence is one way to solve this problem.

In this paper, we explore a different approach—in particular, investigating how manycontainers would need to be screened in order to deter smuggling attempts. We hypothesizethat with a sufficiently high probability of being detected, attackers might be deterred fromattempting to smuggle weapons into the U.S. in container freight, in order to avoid detectionfrom smuggling attempts. Thus, our goal is to identify the optimal proportion of containersto inspect in order to minimize the defender’s expected loss, using game theory to reflect thefact that attackers are simultaneously trying to maximize their expected rewards. This idea issupported by Moffitt et al. (2005), who suggest that it is possible to identify a suitable num-ber of containers to inspect while still assuring on-time delivery of products to consumers.Moreover, our model recognizes that the container-screening policy of the U.S. must simul-taneously protect against different types of threats (such as nuclear bombs, dirty bombs, andassault rifles). Finally, our model also suggests that threatening to retaliate against attacksmay be beneficial to defenders, as long as the threat is credible.

2 Summary of past results

Thee (1977) has noted that since the development of the hydrogen bomb and ballistic mis-siles during the cold war between the U.S. and the Soviet Union, the main concern of the

Ann Oper Res (2011) 187:137–158 139

U.S. is to deter the use of nuclear weapons. Therefore deterrence has gained serious atten-tion from researchers since the 1960’s. Snyder (1961) defines deterrence as “the power todissuade as opposed to the power to coerce or compel.” Schelling (1966) first introducesthe idea of using force to achieve deterrence. Wagner (1982) introduces a game-theoreticmodel suggesting that the U.S. would have an advantage in achieving deterrence by movingfirst. Cioffi-Revilla (1983) reviews progress in deterrence theory from the 1940’s throughthe early 1980’s, and specifically addresses the problem of credibility in nuclear deterrence.

In addition to research on deterrence, there has also been extensive research on inspectiongames in arms control. The first inspection game is introduced by Dresher (1962); in thisgame the inspector can allocate a fixed number of inspections over a fixed number of stages,deciding whether it is optimal to inspect at a given stage, assuming simultaneous movesbetween the inspector and the inspectee. Dresher’s initial model has been extended by otherresearchers, with the main focus still on arms control and disarmament. Avenhaus et al.(1996) reviews applications of game theory to arms control as of the mid 1990’s. Those ap-plications assume an inspector who establishes some legal obligation, and an inspectee whoaims to violate that obligation. Early models generally assume that the inspector maximizesthe probability of detection in a zero-sum game, while later models apply utility theory tothe inspection game, and consider variants such as non-zero-sum games, signaling games,and the possibility of bargaining in the context of arms control. Avenhaus et al. (1996) alsopresent a model that explores inspection of multiple classes of material. This model yieldsan optimal sample size for each class of material, again maximizing the probability of de-tection; however, the model does not consider the possibility of deterring the inspectee’sillegal action. Kilgour and Brams (1992) compare simultaneous and sequential moves for atwo-person inspection game, and Kilgour (1992) studies how to select which site to inspect.

More recently, Avenhaus and Kilgour (2004) extend the inspection game to find the levelof resources needed to deter all violations, and also how to allocate limited resources amongmultiple inspectees to minimize expected damage. Avenhaus and Canty (2005) model in-spection over multiple time periods. Wein et al. (2006) apply queuing theory to a modelwith multiple layers of security in order to find the most effective way to achieve detection,in a model of immigrant screening. Madigan et al. (2007) solve a binary decision tree tominimize the total cost of inspection. Boros et al. (2006) apply a large-scale linear programto decide whether a container coming into the U.S. should be opened, and Goldberg et al.(2008) apply integer programming and dynamic programming to solve for optimal sequen-tial inspection policies.

To our knowledge, Avenhaus and Kilgour (2004) and Avenhaus and Canty (2005) are theonly researchers who focus specifically on deterring undesirable behavior through inspec-tion. However, in their model, inspection effort must be divided among multiple inspectees,because inspection of different nations must be conducted in different locations. By contrast,we focus here on the case where a single inspection effort and technology can detect mul-tiple different types of attacks. For example, radiation detection of container freight couldbe used to detect both nuclear weapons and dirty bombs; similarly, X-ray imaging could beused to detect both radiological and conventional weapons.

3 Basic model and assumptions

The objective of our proposed model is to find the optimal number of containers to inspect.We adapt a model developed by Dighe et al. (2009), who showed that under some circum-stances, attacks can be deterred with less than 100% defenses, if the defender discloses the

140 Ann Oper Res (2011) 187:137–158

overall level of defenses (e.g., how many containers are inspected), but not which specificassets are defended. We assume that containers are homogeneous (i.e., all containers havethe same valuations). We allow the effectiveness of the chosen screening method to vary fordifferent weapon types, but assume that the cost to inspect each container is the same re-gardless of whether it contains a weapon. We also assume that a single inspection procedurecan detect all types of weapons being considered.

In this work, we define an “attack” to be a smuggling attempt, regardless of whether theattempt is successful. We measure the “cost” of a smuggling attempt to the attacker by thecost of acquiring or developing the weapon to be smuggled, and any logistical costs requiredfor the smuggling attempt. However, when there is a successful attack, the attacker mightalso have to pay the cost of retaliation from the defender, since for example a successfulattack might lead the defender to disable the attacker’s network. Therefore, we also considerthe possibility that the defender may retaliate or otherwise impose high cost on an attackerafter a successful attack.

We now define the following notation:

n = The number of containers that are inspected

N = The total number of containers

m = The number of attackers (where in general each attacker is attempting to smuggle in

a different type of weapon)

Vi = The expected damage if the weapon being smuggled by attacker i is successfully

smuggled into the U.S. without detection (e.g., the expected damage that could be

caused using that type of weapon)

Cd = The cost to the defender of inspecting a container

Ci = The cost of a smuggling attempt by attacker i, where we assume that 0 < Ci < Vi ,

∀i = 1,2, . . . ,m (since otherwise, the attackers will have no incentive to attack)

Rdi= The cost of retaliating against attacker i to the defender

Rai= The cost of retaliation to attacker i

pi = The probability of successfully detecting the type of weapon being smuggled

by attacker i, if inspecting a container that includes such a weapon

Di ={

1 if the defender decides to retaliate against attacker i after a successful attack

0 otherwise

Ai(n,Di) =

⎧⎪⎨⎪⎩

1 if attacker i would decide to smuggle a weapon into the U.S. in the face

of an inspection level n and retaliation policy Di

0 otherwise.

In this game, the defender is assumed to move first, and commits to a publicly announcedinspection level n and set of retaliation policies Di , chosen to minimize expected losses

Ann Oper Res (2011) 187:137–158 141

(including both the inspection cost and the losses from successful attacks) according to:

minn = 1, . . . ,N

Di = 0,1

{m∑

i=1

[(Vi + Rdi

Di)

(1 − n

Npi

)Ai(n,Di)

]+ nCd

}

Here Ai(n,Di) is attacker i’s best response to the defender’s policy, chosen to maximize hisexpected reward according to:

Ai(n,Di) = argmaxAi (n,Di )=0,1

{[(Vi − Rai

Di)

(1 − n

Npi

)− Ci

]Ai(n,Di)

}

Of course, we recognize that the value of an attack to the attacker may not be the sameas its value to the defender. Our model could be extended to reflect such differences in astraightforward manner, but for simplicity, we assume that the loss to the defender is equalto the reward to the attacker.

4 Analysis and results

Given the attacker objective function, attacker i would choose to attack if the expectedreward, (Vi − Rai

Di)(1 − nN

pi) − Ci , is greater than zero. Therefore, we know that attackeri will choose to attack if n ≤ N

pi(1 − Ci

Vi−RaiDi

), and not otherwise. This condition implies

that when the defender chooses to retaliate against attacker i, that attacker can be deterredwith fewer containers inspected than when the defender chooses not to retaliate; however,the cost of retaliation to the defender may be so great as to make retaliation suboptimal. Notealso that N

pi(1 − Ci

Vi−RaiDi

) may be larger than N if pi , Ci , and Raiare sufficiently small.

When 1 < 1pi

(1 − Ci

Vi−RaiDi

), attacker i would always choose to launch an attack, even

if all containers are inspected, since the effectiveness of detection, the cost of an attack,and the cost of retaliation are so small that the attacker would be willing to risk detection.In this case, since the attacker choice is fixed, the defender’s objective function will belinear in n. Thus, if the attackers always choose to attack, the optimal number of containersto inspect would be either zero or 100%. If

∑m

i=1(Vi + RdiDi)pi ≤ NCd , the defender’s

optimal decision would be to inspect no containers; if NCd <∑m

i=1(Vi + RdiDi)pi , then

the defender’s optimal decision would be to inspect 100% of all containers.By contrast, when 1

pi(1 − Ci

Vi−RaiDi

) ≤ 1 for some i, then by the attacker’s best-response

function, there exists a value n ≤ N for which attacker i would be deterred, suggesting thatsome intermediate level of inspection may be optimal. Presumably, the defender would wishto set such an intermediate level of screening just barely high enough to deter one or moreattackers.

4.1 Special case of no retaliation

We first assume that the defender would not retaliate against any attacker, in order to il-lustrate the model results more simply. Later, in the next section, we will determine whenretaliation may be optimal.

142 Ann Oper Res (2011) 187:137–158

4.1.1 Two attackers

To begin, we consider only two attackers, each one attempting to smuggle in a particu-lar type of weapon. From the previous discussion, we know that if 1

pi(1 − Ci

Vi) > 1 for

i = 1,2, then both attackers would always choose to attack. In this case, we know fromthe discussion in the previous section that the defender’s optimal action would be to inspecteither 0 or N containers. If the defender inspects 0 containers, the expected loss is V1 + V2,and the expected reward to attacker i is Vi − Ci . If the defender inspects N containers, theexpected loss is V1(1 − p1) + V2(1 − p2) + NCd , and the expected reward to attacker i isVi(1 − pi) − Ci . Therefore, if NCd ≥ V1p1 + V2p2, then the defender’s optimal decision isto inspect no containers; otherwise, the defender would wish to perform 100% inspection.

Alternatively, we may have 1pi

(1 − Ci

Vi) ≤ 1 for at least one of i = 1,2. Without loss

of generality, we assume that 1p1

(1 − C1V1

) ≤ 1p2

(1 − C2V2

) throughout this section (except inthe figures, where symmetry allows us to show all cases). We first consider the case where1p1

(1 − C1V1

) ≤ 1 < 1p2

(1 − C2V2

). In this case, the defender cannot deter attacker 2, and must

choose between inspecting 0 containers, Np1

(1 − C1V1

) containers1 (just barely enough to deter

attacker 1), or N containers. Next, we consider the case where 1p1

(1− C1V1

) ≤ 1p2

(1− C2V2

) ≤ 1.In this case, when the defender inspects 0 containers, no attackers would be deterred; whenthe defender inspects N

p1(1 − C1

V1) containers, only attacker 1 would be deterred; and when

the defender inspects Np2

(1 − C2V2

) containers, both attackers would be deterred. Note that thedefender would never inspect N containers in this case, since both attackers can be deterredat a lower cost. Table 1 summarizes the various numbers of containers that the defendermay wish to inspect, the expected losses to the defender, and the expected rewards to eachattacker.

When 1p1

(1 − C1V1

) ≤ 1 < 1p2

(1 − C2V2

), it is straightforward to see from Table 1 that deter-ring attacker 1 (with less than 100% inspection) is better than inspecting 100% of all con-tainers if and only if (NCd −V2p2)[ 1

p1(1− C1

V1)] < NCd −V2p2. Therefore, if NCd ≥ V2p2,

inspecting just barely enough containers to deter attacker 1 (at least weakly) dominatesthe strategy of inspecting all containers (because the inspection cost Cd is too great). IfNCd < V2p2, then under the assumption that 1

p1(1 − C1

V1) ≤ 1, inspecting all N containers

would be better than inspecting just enough containers to deter attacker 1.To portray the optimal strategies graphically, we consider the case 1

p1(1 − C1

V1) ≤ 1

p2(1 −

C2V2

) ≤ 1, where both attackers can be deterred at less than 100% inspection. From Table 1, wecan determine the conditions under which the defender would prefer to inspect 0 containers,Np1

(1 − C1V1

) containers (deterring only attacker 1), or Np2

(1 − C2V2

) containers (deterring bothattackers). The defender inspects no containers (and deters no attackers) when

C1 ≤(

NCd − V1p1 − V2p2

NCd − V2p2

)V1 (1)

and

C2 ≤(

NCd − (V1 + V2)p2

NCd

)V2 (2)

1Note that this and other similar expressions developed in this paper will generally not be integers. Strictlyspeaking, they should be rounded up to the next larger integer, but for simplicity we suppress that notation.Because N is so large, we anticipate that any discrepancies due to rounding will be small in percentage terms.

Ann Oper Res (2011) 187:137–158 143

Table 1 Defender and attacker payoffs as a function of n for two attackers

Number n of Defender’s expected Expected reward

containers inspected loss Attacker 1 Attacker 2

0 V1 + V2 V1 − C1 V2 − C2Np1

(1 − C1V1

) V2 + (NCd − V2p2) 1p1

(1 − C1V1

) 0 V2 − C2 − V2p2p1

(1 − C1V1

)

Np2

(1 − C2V2

) Np2

(1 − C2V2

)Cd 0 0

N (defender can V2(1 − p2) + NCd 0 V2(1 − p2) − C2

deter only attacker 1)

N (defender cannot V1(1 − p1) + V2(1 − p2) + NCd V1(1 − p1) − C1 V2(1 − p2) − C2

deter any attacker)

The defender would inspect Np1

(1 − C1V1

) containers (and deter only attacker 1) when

C1 >

(NCd − V1p1 − V2p2

NCd − V2p2

)V1 (3)

and

C1 >

(1 − p1

p2+ NCdp1C2

V2p2(NCd − V2p2)

)V1 (4)

Finally, the defender would inspect Np2

(1 − C2V2

) containers (and deter both attackers) when

C2 >

(NCd − (V1 + V2)p2

NCd

)V2 (5)

and

C2 ≥(

1 − p2

p1+ p2C1

p1V1

)((NCd − V2p2)V2

NCd

)(6)

Under the assumption that the defender can deter both attackers, we now illustrate how theregions within which different defender strategies are optimal depends on C1 and C2 fordiffering ranges of the cost of 100% inspection, NCd .

Case 1: NCd ≥ (V1 + V2)[max(p1,p2)]

Figure 1 shows the defender’s optimal strategy as a function of the attack costs C1 andC2 when 100% inspection is high in cost, for the case where p1 < p2. (A similar figureis obtained when p2 < p1). From Fig. 1, we see that the defender should not inspect anycontainers when the costs incurred by both attackers are relatively small. This is becausewhen Ci is relatively small, the defender would need to inspect so many containers to deterattacker i that it would not be worthwhile. When the cost of attacks to attacker i is relativelyhigh, it is optimal for the defender to deter only attacker i, since it would be excessivelycostly to deter the other attacker. When both attackers would incur high attack costs to at-tack, then the defender should inspect enough containers to deter both attackers.

Case 2: V1p1 + V2p2 ≤ NCd < (V1 + V2)[max(p1,p2)]

144 Ann Oper Res (2011) 187:137–158

Fig. 1 Defender strategy as afunction of attack costs for NCd

large

Fig. 2 Defender strategy as a function of attack costs for NCd moderate

In this case, the shape of the “Do not deter” region depend on the detection probabili-ties, pi . In the left part of Fig. 2, the defender may wish to deter both attackers even when thecost of attacks to attacker 2 is small, because the detection probability p2 is high. Similarly,in the right part of Fig. 2, the defender may wish to deter both attackers even when the costof attacks to attacker 1 is small.

Case 3: max(V1p1,V2p2) ≤ NCd < V1p1 + V2p2

In this case, the expected damages from both types of attacks are sufficiently high, andthe inspection cost is sufficiently small, that at least one attacker would always be deterredat optimality. Figure 3 shows the case when V1p1 < NCd and V2p2 < NCd . From this fig-ure, we see that the defender would deter both attackers when the costs of attacks to bothattackers are roughly comparable, and would deter only attacker i when the cost of attacksto attacker i is relatively high.

Case 4: min(V1p1,V2p2) ≤ NCd < max(V1p1,V2p2)

Ann Oper Res (2011) 187:137–158 145

Fig. 3 Defender strategy as a function of attack costs for max(V1p1,V2p2) ≤ NCd < V1p1 + V2p2

Fig. 4 Defender strategy as a function of attack costs when min(V1p1,V2p2) ≤ NCd < max(V1p1,V2p2)

146 Ann Oper Res (2011) 187:137–158

Fig. 5 Defender strategy as afunction of detectionprobabilities

Figure 4 shows the cases V1p1 < NCd < V2p2, and V2p2 < NCd < V1p1. When V1p1 <

NCd < V2p2, it is never optimal to deter only attacker 1 (and similarly for attacker 2 whenV2p2 < NCd < V1p1). The top left picture shows that when p1 < p2 and the cost of anattack to attacker 1 is small, attacker 1 would always attack, and cannot be deterred at op-timality. Therefore, when the cost of an attack to attacker 1 is small, the defender woulddeter only attacker 2. When the cost of an attack to attacker 1 is sufficiently large, the de-fender would deter both attackers. In the upper right picture, attacker 1 can be deterred evenwith arbitrarily small attack cost because the inspection effort required to deter attacker 2is already almost sufficient to also deter attacker 1. (The bottom half of Fig. 4 shows thesymmetric case when V2p2 < NCd < V1p1.) Finally, when NCd < min(V1p1,V2p2), thedefender would inspect all containers, but would not be able to deter either attacker.

Another way to represent the defender optimal strategies is to graph the optimal strategiesas a function of the detection probabilities, p1 and p2. If we use the same assumptions aspreviously, rearranging terms in inequalities 1 through 6 shows that the defender inspects nocontainers (and does not deter any attackers) when p1 and p2 are both small, and inspectsNp1

(1 − C1V1

) containers (and deters only attacker 1) when p1 is large and p2 is small, and

inspects Np2

(1 − C2V2

) containers (deterring both attackers) when p1 and p2 are both large.Since the results from equilibrium strategies as a function of detection probabilities aresimilar to the results as a function of attack costs, we show only the case for NCd ≥ (V1 +V2)[max(p1,p2)] (as in case 1 above). Figure 5 shows the defender’s optimal strategy as afunction of the detection probabilities p1 and p2 in this case.

From Fig. 5, we see that the defender should not inspect any containers when the detec-tion probabilities are too small. When the probability of detecting a weapon from attacker i

is relatively high, it is worthwhile for the defender to deter only attacker i, since the prob-ability of detecting a weapon from the other attacker is small. When the probabilities ofdetecting weapons from both attackers are high, the optimal strategy is to deter both attack-ers.

4.1.2 Three attackers

Using the same approach, we now consider the case of three attackers. Without loss ofgenerality, we assume that 1

p1(1− C1

V1) ≤ 1

p2(1− C2

V2) ≤ 1

p3(1− C3

V3). When 1

p1(1− C1

V1) > 1, the

defender cannot deter any attacker. In this case, the defender’s optimal strategy depends on∑3i=1 Vipi . In particular, if

∑3i=1 Vipi ≤ NCd , then the defender’s optimal decision would

Ann Oper Res (2011) 187:137–158 147

be to inspect no containers; on the other hand, if∑3

i=1 Vipi > NCd , then the defender’soptimal decision would be to inspect 100% of all containers.

If 1p1

(1 − C1V1

) ≤ 1 < 1p2

(1 − C2V2

), then the defender cannot deter attackers 2 and 3; the

defender would prefer to deter attacker 1 when C1 > (NCd−V1p1−V2p2

NCd−V2p2)V1, and not otherwise.

If 1p2

(1 − C2V2

) ≤ 1 < 1p3

(1 − C3V3

), then the defender cannot deter attacker 3, and the optimaldefensive strategy would be similar to that in the two-attacker case when both attackers 1and 2 can be deterred. Finally, when 1

p3(1 − C3

V3) ≤ 1, the defender and attacker payoffs are

shown in Table 2. In the analysis of this final case, we will consider the defender’s optimalstrategy as a function of the Ci .

From Table 2, the defender inspects no containers (and does not deter any attackers)when

C1 ≤(

NCd − V1p1 − V2p2 − V3p3

NCd − V2p2 − V3p3

)V1, (7)

C2 ≤(

NCd − V1p2 − V2p2 − V3p3

NCd − V3p3

)V2 (8)

and

C3 ≤(

NCd − V1p3 − V2p3 − V3p3

NCd

)V3 (9)

The defender inspects N(1 − C1V1

) containers (and deters attacker 1) when

C1 >

(NCd − V1p1 − V2p2 − V3p3

NCd − V2p2 − V3p3

)V1, (10)

C1 >

(1 − p1

p2+ (NCd − V3p3)C2p1

(NCd − V2p2 − V3p3)V2p2

)V1 (11)

and

C1 >

(1 − p1

p3+ NCdC3p1

(NCd − V2p2 − V3p3)V3p3

)V1 (12)

The defender inspects N(1 − C2V2

) containers (and deters attackers 1 and 2) when

C2 >

(NCd − V1p2 − V2p2 − V3p3

NCd − V3p3

)V2, (13)

C2 ≥(

1 − p2

p1+ p2C1

p1V1

)(NCd − V2p2 − V3p3)V2

(NCd − V3p3)(14)

and

C2 >

(1 − p2

p3+ NCdC3p2

(NCd − V3p3)V3p3

)V2 (15)

Finally, the defender inspects N(1 − C3V3

) containers (and deters all three attackers) when

C3 >

(NCd − V1p3 − V2p3 − V3p3

NCd

)V3, (16)

148 Ann Oper Res (2011) 187:137–158

Tabl

e2

Def

ende

ran

dat

tack

erpa

yoff

sas

afu

nctio

nof

nfo

rth

ree

atta

cker

s,w

hen

allt

hree

atta

cker

sca

nbe

dete

rred

Num

ber

ofD

efen

der’

sex

pect

edE

xpec

ted

rew

ard

cont

aine

rsin

spec

ted

loss

Atta

cker

1A

ttack

er2

Atta

cker

3

0V

1+

V2

+V

3V

1−

C1

V2

−C

2V

3−

C3

N(1

−C

1V

1)

V2

+V

3+

(NC

d−

V2p

2−

V3p

3)

1 p1(1

−C

1V

1)

0V

2−

C2

−V

2p

2p

1(1

−C

1V

1)

V3

−C

3−

V3p

3p

1(1

−C

1V

1)

N(1

−C

2V

2)

V3

+(N

Cd

−V

3p

3)

1 p2(1

−C

2V

2)

00

V3

−C

3−

V3p

3p

2(1

−C

2V

2)

N(1

−C

3V

3)

N p3(1

−C

3V

3)C

d0

00

Ann Oper Res (2011) 187:137–158 149

Fig. 6 Defender strategy as a function of attack costs for three attackers

C3 ≥(

1 − p3

p1+ p3C1

p1V1

)(NCd − V2p2 − V3p3)V3

NCd

(17)

and

C3 ≥(

1 − p3

p2+ p3C2

p2V2

)(NCd − V3p3)V3

NCd

(18)

For simplicity, since the results are similar to those for the two-attacker case, we assumethat p1 ≤ p2 ≤ p3, and show only the results for the case where the inspection cost is ex-tremely high; i.e., NCd > (V1 +V2 +V3)p3. Figure 6 shows the defender’s optimal strategyfor this case as a function of the attack costs C1, C2, and C3. As shown in Fig. 6, the fea-sible region corresponding to the inequality 1

p1(1 − C1

V1) ≤ 1

p2(1 − C2

V2) ≤ 1

p3(1 − C3

V3) ≤ 1 is

a tetrahedron. The “Do not deter” region is where C1, C2, and C3 are all small. The “Deter

150 Ann Oper Res (2011) 187:137–158

attacker 1 only” region is where C1 is large relative to C2 and C3. “Deter attackers 1 and 2”represents the region where C1 and C2 are large relative to C3. Finally, “Deter all attackers”occurs where the costs to all attackers are high (at the apex of the tetrahedron). We omit theillustration of the defender’s optimal strategies as a function of the detection probabilities,since the results are similar to the two-attacker case.

4.1.3 Arbitrary number of attackers

For the case of m attackers, we consider only the case when all attackers can be deterred,since the case when h attackers cannot be deterred (h ≤ m) can be modeled by assumingthat there are only m− h attackers, all of which can be deterred. Assuming that all attackerscan be deterred, we have the following scenarios.

The defender inspects no containers (and does not deter any attackers) when

Cj <

(NCd − pj

(∑j

i=1 Vi

) − ∑m

i=j+1,j<m Vipi

NCd − ∑m

i=j+1,j<m Vipi

)Vj ∀j = 1,2,3, . . . ,m (19)

The defender inspects N(1 − Cj

Vj) containers (and deters the first j attackers) when

Cj >

(NCd − pj

(∑j

i=1 Vi

) − ∑m

i=j+1,j<m Vipi

NCd − ∑m

i=j+1,j<m Vipi

)Vj , (20)

Cj >

(1 − pj

pi

+(NCd − ∑m

k=i+1,i<m Vkpk

)Cipj(

NCd − ∑m

k=j+1,j<m Vkpk

)Vipi

)Vj ∀i > j (21)

and

Ci <

(1 − pi

pj

+(NCd − ∑m

k=j+1,j<m Vkpk

)Cjpi(

NCd − ∑m

k=i+1 Vkpk

)Vjpj

)Vi ∀i < j (22)

In other words, the defender inspects no containers when the cost of attacks to all attack-ers is small (since we have assumed that the detection probabilities pi are too small to justify100% inspection). When the cost of attacks to attackers 1 through j is high relative to thecost of attacks to the remaining attackers, the defender deters the first j attackers. When thecosts of all attacks are relatively high, the defender deters all attackers.

4.2 Extended model with retaliation option

In this section, we consider the option for the defender to retaliate after a successful attack.Our model of retaliation depends critically on the idea of a “credible threat”; i.e., if thedefender’s announced or anticipated strategy is to retaliate, and an attacker still chooses toattack, the attacker must have reason to believe that the defender would retaliate even ifthat is no longer advantageous for the defender. Otherwise, if attackers know that retaliationwould not be in the defender’s interest after the fact, they would not believe the threat ofretaliation, and would regard it as “cheap talk” (Haubrich 1995) (which does not directlyaffect the payoffs of the game).

Although not explicitly modeled here, the most realistic way to ensure that retaliationis a credible threat may be to assume a repeated game, so that the payoff to the defenderfrom retaliation is the benefit of having the threat believed in future games. The assumption

Ann Oper Res (2011) 187:137–158 151

of a repeated game is widely used in game theory. For example, Morrow (2005) assumestwo players (an initiator, and a target); in order for the threat to be credible in this game,the target must believe that the initiator might prefer war to the status quo if the target doesnot comply with the initiator’s request. Brams and Hessel (1984) assume that a threatenerbuilds up its own reputation by keeping its threats credible. Schelling (1966) presents somehistorical evidence to support the assumption that some threats can be credible when thethreatener has the capacity to retaliate.

In our context, there is reason to believe that the threat of retaliation by the defenderwould be credible when the cost of retaliation is low relative to the damage from an attack;otherwise, if the damage from a successful attack is sufficiently small, attackers would notbelieve that the defender would retaliate after an attack. Moreover, a credible threat wouldlikely also require that the damage to the attackers from retaliation is sufficiently large, andthe cost of retaliation to the defenders is sufficiently small.

Assuming that the threat of retaliation is credible, the retaliation option reduces the num-ber of containers required to deter any given attacker, since we have N

pi(1 − Ci

Vi−Rai) ≤

Npi

(1 − Ci

Vi) for all retaliation losses Rai

> 0. We begin by considering the case of two at-tackers. Let R = {r0, r1, r2, r12} be the set of retaliation options, where r0 represents thestrategy in which the defender would never choose to retaliate, ri represents the strategy inwhich the defender would retaliate only against attacker i, and r12 represents the strategyin which the defender would retaliate against successful attacks by both attackers. We alsolet D = {d0, d1, d2, dN } be the defender’s options for the number of containers to inspect,where d0 represents the strategy in which the defender inspects no containers, di representsthe strategy in which the defender inspects exactly enough containers to deter attacker i

when inspection is combined with a credible threat of retaliation (assuming that attacker i

can be deterred with less than 100% inspection), and dN represents the strategy in which thedefender inspects all containers. (Note that the defender would inspect all containers only ifat least one attacker cannot be deterred with less than 100% inspection.) Table 3 shows thematrix of payoffs to the defender and the two attackers when the defender has the option ofretaliation.

In this analysis, without loss of generality, we assume Np1

(1 − C1V1−Ra1

) ≤ Np2

(1 − C2V2−Ra2

).

In Table 3, we show the payoffs only for those strategies that are desirable to either thedefender, or at least one of the two attackers. In determining which strategies are desirableto the defender, we note that the defender would retaliate against attacker i only if retaliationcan deter that attacker. In other words, if 1

pi(1 − Ci

Vi) < 1, the defender would achieve lower

cost by threatening to retaliate against attacker 1, in order to reduce the number of containersthat must be inspected in order to achieve deterrence. Otherwise, retaliation would onlyincrease the cost to the defender, for no benefit. Similarly, in determining which strategiesare desirable for attacker i, we note that attacker i would attack only if the expected rewardfrom doing so is non-negative.

Note that if Ci < (Vi −Rai)(1−pi), then the defender cannot deter attacker i by any com-

bination of inspection and retaliation. If (Vi − Rai)(1 − pi) ≤ Ci < Vi − Rai

, the defendercan deter attacker i by inspection combined with retaliation. Finally, if Vi − Rai

≤ Ci , thedefender can deter attacker i by the threat of retaliation alone. Therefore, in Fig. 7, we defineCi “small” as Ci ≤ (Vi − Rai

)(1 − pi), “moderate” as (Vi − Rai)(1 − pi) < Ci ≤ Vi − Rai

,and “large” as Vi − Rai

< Ci . Figure 7 shows the defender’s optimal strategies for all com-binations of C1 and C2.

From Fig. 7, when both attack costs are small, the defender’s optimal strategy is (d0, r0)

if the cost of inspection is large (Cd >V1p1+V2p2

N). Otherwise, the defender’s optimal strat-

egy is (dN , r0). When the attack cost Ci is small, but the attack cost Cj is moderate, the

152 Ann Oper Res (2011) 187:137–158

Tabl

e3

Payo

ffm

atri

xw

ithth

ere

talia

tion

optio

n

Def

ende

r’s

Def

ende

r’s

Exp

ecte

dre

war

da

stra

tegy

expe

cted

loss

Atta

cker

1A

ttack

er2

(d0,r 0

)V

1+

V2

00

(d0,r 1

)V

20

V2

−C

2

(d0,r 2

)V

1V

1−

C1

0

(d0,r 1

2)

00

0

(d1,r 1

)V

2+

(NC

d−

V2p

2)

1 p1(1

−C

1V

1−R

a1)

0V

2−

C2

−V

2p

2p

1(1

−C

1V

1−R

a1)

(d2,r 2

)V

1+

(NC

d−

V1p

1)

1 p2(1

−C

2V

2−R

a2)

V1

−C

1−

V1p

1p

2(1

−C

2V

2−R

a2)

0

(d1,r 1

2)

NC

dp

1(1

−C

1V

1−R

a1)

00

(d2,r 1

2)

NC

dp

2(1

−C

2V

2−R

a2)

00

(dN

,r 0

)V

1(1

−p

1)+

V2(1

−p

2)+

NC

dV

1(1

−p

1)−

C1

V2(1

−p

2)−

C2

(dN

,r 1

)V

2(1

−p

2)+

NC

d0

V2(1

−p

2)−

C2

(dN

,r 2

)V

1(1

−p

1)+

NC

dV

1(1

−p

1)−

C1

0

(dN

,r 1

2)

NC

d0

0

a In

case

sw

here

the

expe

cted

rew

ard

toat

tack

eri

is0,

then

the

equi

libri

umst

rate

gyof

atta

cker

iis

nott

oat

tack

;oth

erw

ise,

atta

cker

iw

ould

atta

ck

Ann Oper Res (2011) 187:137–158 153

Fig. 7 Defender strategy as a function of attack and inspection costs

defender’s optimal strategy is:

(d0, r0)

when

(Vj − Raj)Vjpj + (Vj − Raj

− Cj)Vipi

(Vj − Raj− Cj)N

< Cd;

(dj , rj )

when

154 Ann Oper Res (2011) 187:137–158

Fig. 7 (Continued)

Vipi

N< Cd ≤ (Vj − Raj

)Vjpj + (Vj − Raj− Cj)Vipi

(Vj − Raj− Cj)N

;

and

(dN , rj )

when

Cd ≤ Vipi

N.

When the attack cost Ci is small, but the attack cost Cj is large, the defender’s optimalstrategy is (d0, rj ) when Vipi

N< Cd , and (dN , rj ) otherwise.

When both attack costs are moderate, the defender can deter both attackers by a com-bination of inspection and retaliation. As noted earlier, we assume that N

p1(1 − C1

V1−Ra1) ≤

Np2

(1 − C2V2−Ra2

). Therefore, the defender’s optimal strategy is:

(d0, r0)

when

(V1 − Ra1)V1p1 + (V1 − Ra1 − C1)V2p2

(V1 − Ra1 − C1)N< Cd;

(d1, r1)

when

V2p2

N

[ 1 − p2p1

(1 − C1V1−Ra1

)

(1 − C2V2−Ra2

) − p2p1

(1 − C1V1−Ra1

)

]< Cd ≤ (V1 − Ra1)V1p1 + (V1 − Ra1 − C1)V2p2

(V1 − Ra1 − C1)N;

and

Ann Oper Res (2011) 187:137–158 155

(d2, r12)

when

Cd ≤ V2p2

N

[1 − p2

p1(1 − C1

V1−Ra1)

(1 − C2V2−Ra2

) − p2p1

(1 − C1V1−Ra1

)

].

When the attack cost Ci is moderate, but the attack cost Cj is large, the defender’s op-

timal strategy is (d0, rj ) if(Vi−Rai

)Vipi

(Vi−Rai−Ci)N

< Cd , and (di, r12) otherwise. Finally, when both

attack costs are large, the defender can deter both attackers by the threat of retaliation alone.Therefore, the defender’s optimal strategy in this case is (d0, r12).

5 Conclusion

The public debate about whether to inspect all containers has not yet been resolved. Ourresults suggest that it may not always be optimal to inspect all containers, if attackers can bedeterred by lower levels of inspection. Note, however, that if attackers cannot be deterred,100% inspection might be desirable in order to detect smuggling attempts that are not de-terred. Of course, we could relax the assumption that it is possible to inspect all containersby introducing some type of resource constraint. However, even in the absence of such aconstraint explicitly incorporated in our model, our results still shed light on the nature ofthe optimal decision in the face of such resource constraints. In particular, our model canbe used to explore the effects of any given level of inspection, and compare those results tothose of the optimal level of inspection.

When it is possible to deter some or all attackers, defenders can deter those attackerswho incur sufficiently high attack costs. For example, attackers attempting to smuggle rela-tively low-value weapons (such as assault rifles) into the U.S. are unlikely to be deterred byinspection, since the cost of the weapons is low. By contrast, if a terrorist group has spentseveral years developing (or acquiring) a nuclear weapon, even a modest probability of de-tection may be sufficient to deter a smuggling attempt because of the effort spent to obtainthe weapon. This is encouraging, since it suggests (somewhat counterintuitively) that themost severe attack strategies may actually be the most easily deterred.

The idea that partial inspection can be effective due to its deterrence effect is not neces-sarily obvious, as evidenced by the active debate over whether 100% inspection is necessary(e.g., Kimery Report 2007). In particular, given the potentially catastrophic nature of sometypes of attacks, many decision makers may feel that anything less than 100% inspectionwould be disastrous, while other stakeholders are concerned that 100% inspection would beinfeasible or excessively costly, creating an impasse on how to effectively address defensiveinspection needs. Moreover, even if it is recognized that partial inspection could in principlebe sufficient to deter attacks, guidance is still needed on the conditions under which thisis true, and the appropriate level of inspection. Therefore, we believe that our results sheduseful light on the inspection policies that should be deployed at U.S. ports. In particular,our study provides a justification for considering partial inspection as at least one possiblemethod of achieving a cost-effective combination of deterrence and detection.

Moreover, when the defender has the option of retaliation, our results suggest that thedefender should threaten to retaliate against any attacker that it wishes to deter throughinspection, since this would reduce the level of inspection needed to achieve deterrence.

156 Ann Oper Res (2011) 187:137–158

However, this reduction in inspection needs will clearly hold only in cases where the threatof retaliation is credible. Interestingly, if the cost of an attack is sufficiently large (and thethreat of retaliation is credible), retaliation alone may even be sufficient to deter attacks, ananalogy to this is mutual assured destruction in the context of arms control (Gaddis 1982).

One caveat to our results, however, is that deterrence may simply deflect attacks. For ex-ample, Sandler (2003) suggests that deterrence may result in deflection of attacks to coun-tries with little defensive investment. Rothberg (1997) also notes that attackers can transportweapons into the U.S. using smaller boats instead of container ships, or overland from Mex-ico or Canada. This will tend to reduce the benefits of deterrence, making inspection lesscost-effective than it appears.

In conclusion, we believe that our results shed light on the inspection policies that shouldbe deployed at U.S. ports. In particular, our study provides a basis for estimating how manycontainers the U.S. should inspect in order to achieve the most cost-effective combinationof deterrence and detection. Some parameters in our model can be quantified using publiclyavailable data. For example, Lewis (2007) estimates the cost of the raw material for a nuclearbomb to be $4 million; Cohen (2006) estimates the cost of inspection per container to be$200; and Loy and Ross (2002) estimate the number of containers entering the U.S. annuallyto be more than 7.5 million. Unfortunately, we have not yet been able to obtain numericalestimates for other parameters in our model, such as detection probabilities or the cost ofretaliation, but we believe that this would be worthwhile to do. In fact, as an extension tothis work, we are currently in the process of quantifying this model to the extent possiblegiven publicly available data, to find the optimal level of inspection to address smuggling ofnuclear weapons.

One possible extension to the model would be to study the case of nonhomogeneouscontainers, since different containers may be perceived as having different risk levels. Forexample, CBP has currently mandated 100% inspection in U.S. ports only for containersthat are classified as “high risk” (Kimery Report 2007). Therefore, it would be interest-ing to find the optimal levels of inspection for containers of different risks. Incorporationof per-container inspection costs that are increasing in the number of containers inspected(i.e., nonlinear total inspection costs) could help capture concerns about excessive delays incontainer processing with high rates of inspection (Willis and Ortiz 2004).

Finally, of course, there are trade-offs between border security and target hardening, sinceenhanced levels of target hardening may reduce the need for border security, and vice versa.Therefore, it would be interesting to incorporate decisions regarding border security intomodels like that of Bier et al. (2008), to facilitate identification of a globally optimum strat-egy (rather than suboptimizing border security given an assumed level of target hardening).

Acknowledgements This project was funded through the Center for Risk and Economic Analysis of Ter-rorism Events (CREATE) under grant number 2007-ST-061-000001 from the Department of Homeland Se-curity, Science and Technology Directorate, Office of University Programs. The project was also supportedby the University of Wisconsin-Madison Center for World Affairs and the Global Economy (WAGE) and aVilas Associate Award from the University of Wisconsin-Madison. However, any opinions, findings, and con-clusions or recommendations in this document are those of the authors and do not necessarily reflect viewsof the U.S. Department of Homeland Security or the other sponsors.

References

Avenhaus, R., Canty, M., Kilgour, D. M., von Stengel, B., & Zamir, S. (1996). Inspection games in armscontrol. European Journal of Operational Research, 90, 383–394.

Avenhaus, R., & Canty, M. J. (2005). Playing for time: a sequential inspection game. European Journal ofOperational Research, 167(2), 475–492.

Ann Oper Res (2011) 187:137–158 157

Avenhaus, R., & Kilgour, D. M. (2004). Efficient distributions of arms-control inspection effort. Naval Re-search Logistics, 51(1), 1–27.

Bier, V. M., Haphuriwat, N., Menoyo, J., Zimmerman, R., & Culpen, A. M. (2008). Optimal resource alloca-tion for defense of targets based on differing measures of attractiveness. Risk Analysis, 28(3), 763–770.

Bjorkholm, P. J. (2003). Detection of weapons of mass destruction. Proceedings of the SPIE, 5048, 46–51.Boros, E., Fedzhora, L., Kantor, P. B., Saeger, K., & Stroud, P. (2006). Large scale LP model for

finding optimal container inspection strategies (Technical Report No. RRR-26-2006). Center forDiscrete Mathematics and Theoretical Computer Science, Rutgers University. http://rutcor.rutgers.edu/pub/rrr/reports2006/26_2006.pdf.

Brams, S. J., & Hessel, M. P. (1984). Threat power in sequential games. International Studies Quarterly,28(1), 23–44.

Bremner, B. (2006). A homegrown solution for safe ports. Business Week.Cioffi-Revilla, C. (1983). A probability model of credibility: analyzing strategic nuclear deterrence systems.

The Journal of Conflict Resolution, 27(1), 73–108.Cirincione, R., Cosmas, A., Low, C., Peck, J., & Wilds, J. (2007). Barriers to the success of 100% mar-

itime cargo container scanning. Working Paper Series, Executive Summary, Massachusetts Institute ofTechnology, Engineering Systems Division.

Cohen, S. S. (2006). Boom boxes: containers and terrorism. In Protecting the nation’s seaports: balancingsecurity and cost (pp. 91–124). San Francisco: Public Policy Institute of California.

Dighe, N. S., Zhuang, J., & Bier, V. M. (2009). Secrecy in defensive allocations as a strategy for achievingmore cost-effectiveness attacker deterrence. International Journal of Performability Engineering, 5(1),31–43.

Dresher, M. (1962). A sampling inspection problem in arms control agreements: a game-theoretic analysisRAND Corporation. http://www.rand.org/pubs/research_memoranda/2008/RM2972.pdf.

Flynn, S. E., & Kirkpatrick, J. J. (2003). The fragile state of container security. Written Testimony before ahearing of the U.S. Senate Governmental Affairs Committee Stephen E. Flynn, Ph.D. Commander, U.S.Coast Guard (ret.) Jeane J. Kirkpatrick Senior Fellow in National Security Studies and Director, Councilon Foreign Relations Independent Task Force on Homeland Security Imperatives.

Gaddis, J. L. (1982). Strategies of containment: a critical appraisal of postwar American national security.New York: Oxford University Press.

Goldberg, N., Word, J., Boros, E., & Kantor, P. (2008). Optimal sequential inspection policies (TechnicalReport No. RRR-14). Center for Discrete Mathematics and Theoretical Computer Science, RutgersUniversity. http://rutcor.rutgers.edu/pub/rrr/reports2008/14_2008.pdf.

Gordon, P., Moore, J. E., II, Richardson, H. W., & Pan, Q. (2005). The economic impact of a terrorist attackon the twin ports of Los Angeles-Long Beach (Technical Report No. 05-012). National Center for Riskand Economic Analysis of Terrorism Events. http://www.usc.edu/dept/create/assets/001/50771.pdf.

Haubrich, J. G. (1995). Vagueness, credibility, and government policy. Economic Review, 31(1), 13–19.Kilgour, D. M. (1992). Site selection for on-site inspection in arms control. Contemporary Security Policy,

13(3), 439–462.Kilgour, D. M., & Brams, S. J. (1992). Putting the other side “on notice” can induce compliance in arms

control. Journal of Conflict Resolution, 36(3), 395–414.Kimery Report (2007). 100 percent air, ship cargo screening unlikely to get past Congress. Homeland Security

Today.Lewis, J. G. (2007). The economics of nuclear terrorism. In Expert series on threat convergence: new patways

to proliferation. Cambridge: Harvard University.Loy, J. M., & Ross, R. G. (2002). Global trade: America’s Achilles’ heel. In Defense horizons. Suite: Center

for Technology and National Security Policy, National Defense University.Madigan, D., Mittal, S., & Roberts, F. (2007). Sequential decision making algorithms for port of entry in-

spection: overcoming computational challenges. In IEEE conference proceedings on intelligence andsecurity informatics, New Brunswick, New Jersey.

Martonosi, S. E., Ortiz, D. S., & Willis, H. H. (2005). Evaluating the viability of 100 per cent con-tainer inspection at America’s ports. RAND Corporation. http://www.rand.org/pubs/reprints/2006/RAND_RP1220.pdf.

Moffitt, L. J., Stranlund, J. K., & Field, B. C. (2005). Inspections to avert terrorism: Robustness under severeuncertainty. Journal of Homeland Security and Emergency Management, 2(3), 1–20.

Morrow, J. D. (2005). (1999). How could trade affect conflict? Journal of Peace Research, 36(4), 481–489.Rothberg, B. L. (1997). Averting Armageddon: preventing nuclear terrorism in the United States. Duke Jour-

nal of Comparative and International Law, 8(1), 79–134.Sandler, T. (2003). Collective action and transnational terrorism. World Economy, 26(6), 779–802.Schelling, T. C. (1966). Arms and influence. New Haven: Yale University Press.

158 Ann Oper Res (2011) 187:137–158

Snyder, G. H. (1961). Deterrence and defense: toward a theory of national security. Princeton: PrincetonUniversity Press.

Thee, M. (1977). Arms control: the retreat from disarmament the record to date and the search for alternatives.Journal of Peace Research, 14(2), 95–114.

Wagner, R. H. (1982). Deterrence and bargaining. The Journal of Conflict Resolution, 26(2), 329–358.Walters, K. L., III (2006). Industry on alert: legal and economic ramifications of the Homeland Security Act

on maritime commerce. Tulane Maritime Law Journal, 30, 311–334.Wein, L. M., Wilkins, A. H., Baveja, M., & Flynn, S. E. (2006). Preventing the importation of illicit nuclear

materials in shipping containers. Risk Analysis, 26(5), 1377–1393.Willis, H. H., & Ortiz, D. S. (2004). Evaluating the security of the global containerized supply chain. RAND

Corporation. http://www.rand.org/pubs/technical_reports/2004/RAND_TR214.pdf.