Port of Boston Not Playing Games with Its Security

• By Laura Williams
• Apr 25, 2011

Studying robot interactions is not typically a career path that leads to a central role in infrastructure security – after all, the Department of Homeland Security doesn’t trust just anyone with vital information about the nation’s critical structures.

Unlikely though it was, it was exactly that research interest that led Milind Tambe, a computer science professor at the University of Southern California, to a project helping the U.S. Coast Guard create a complex patrol schedule that the Port of Boston has been piloting for the past month.

In 2002, Tambe and a student began working on a game-theory algorithm to optimize interactions between robots, and their result turned out to be that randomized interactions worked most effectively. At a 2004 conference, though, this finding received a chilly reception.

“We were so fascinated by the randomization process itself that we didn’t want to give it up,” Tambe said, and so they continued their exploration.

At about that time, USC was establishing a homeland security center, and Tambe said there was a great deal of discussion about how the predictability that typifies American interactions makes the country a vulnerable to an attack.

“It sort of clicked that we could use this focus on randomization to create more effective security – more random interactions would mean less of this ‘clockwork-like society,’” Tambe said.

Game theory, by the way, is a branch of mathematics that models social interactions where two or more parties have to make choices to obtain certain outcomes, and those outcomes are dependent the choices each party makes. The Prisoner’s Dilemma is the classic example.

The particular game, a Bayesian Stackelberg game, involves an attacker and a defender. The attacker is conducting surveillance on the defender, making him able to determine whether there is a pattern to the defender’s actions. Tambe’s work is to add the constraints particular to the Boston port to the game and optimize it for real-world conditions.

Such constraints include the port’s terrain; the agency’s “heterogeneous resources,” meaning the different kinds of boats and aircraft the Coast Guard has at its disposal; and a few other attributes that Tambe is looking to add in the future: the weather and the ability to coordinate among multiple agencies that could be involved in port security.

To “solve” the game, the defender must act randomly, so as to avoid exploitation by the always-watching attacker. When a computer runs the model, the result is a randomized patrol strategy, which the Coast Guard then at the Boston Port. “It’s not a randomizer,” Tambe said, “but rather produces randomized outcomes.”

A benefit of using this game instead of a randomizer – say, a random number generator or the roll of a pair of dice – is that it allows the Coast Guard, or whomever is doing the patrolling, to place a greater emphasis on protecting critical assets without making it obvious to anyone watching their activities.

“Some targets you may visit more often, but you don’t want to visit them too often – certainly not every day at 10 o’clock,” said Craig Baldwin, a senior analyst with the Coast Guard’s Research and Development Center.

Computer modeling also takes the burden of creating an intricate schedule off of humans, who are awful at randomizing anyway (which is why this program will, in the long run, beat you at rock, paper, scissors).

Los Angeles International Airport was the first organization to test out Tambe’s model, and its deployment sparked the interest of the Federal Marshals program – which now employs it – and the TSA, which is testing it for non-passenger screening uses.

So far, Baldwin said, the pilot at the Port of Boston is going well. “One of the key features of measuring the effectiveness of a theoretical model is ... finding out whether the scheduling function is implementable in an operational environment,” he said, meaning that the model doesn’t schedule crews or boats in unrealistic shifts. “So far it is. And that’s huge, because if it’s not operational or implementable, then all the theoretical information in the world won’t help.”