Immediately after the terrorist attacks on New York City and Washington, D.C.,
on Sept. 11, 2001, government agencies pulled data off their Web sites that
they thought might be useful to someone planning a strike against U.S. targets.
Agencies such as NASA directed employees to remove satellite imagery, and the
U.S. Army Corps of Engineers among others removed data on the location of dams
and other infrastructure (Geotimes, April 2003).
But according to a new report and related guidelines, such removals were probably
overly cautious.
Unique geospatial information that might be used for nefarious purposes turns
out to be a rare commodity, according to a report released in April by the nonprofit
RAND Corporation. The report’s considerations also inform new guidelines
distributed for comment in May by the Federal Geographic Data Committee (FGDC)
Homeland Security Working Group. The guidelines aim to assist government and
nongovernment data creators in determining whether or not new geospatial databases
may be considered potentially sensitive with regard to security risks —
and whether they should be made publicly available.
The new RAND report, prepared for the National Geospatial-Intelligence Agency
(formerly the National Imagery and Mapping Agency) in partnership with the U.S.
Geological Survey, does not deny that some geospatial information could be used
for ill. However, in their report, the RAND authors note that there are few
truly unique federal databases.
In a search of more than 450 federal sources that led to about 650 databases,
the federally funded RAND researchers found that only 6 percent actually contained
difficult-to-find data that was potentially useful to someone considering an
attack. And less than 1 percent of all sites examined may be unique.
John Baker, co-author of the RAND report, notes that security advisors told
the authors that attackers “can get away with less exact information …
[and have the] flexibility to compensate for gaps in the information they receive,”
generally by relying on direct observation of locations.
“In most cases, good maps and good data are out there,” Baker says,
“but whether that’s an essential information source for an attacker,
in most cases we found it’s fairly marginal.” It is better to keep
data available in general, he says, and restrict layers that may be more sensitive,
protecting them with passwords or other measures to ensure that only the right
people obtain access.
The RAND report also emphasizes the need to “weigh the potential societal
costs of restricting public access,” Baker says. If information is available
from other sources, he says, “you haven’t improved homeland security
by restricting public access to federal sources of geospatial information.”
The report seems to endorse more access to data rather than less, which pleasantly
surprised Keith Clarke, chair of the geography department at the University
of California, Santa Barbara, and a member of the National Research Council’s
Mapping Science Committee. Clarke says that the past culture of open access
to data led to the use of the Internet to meet federal agencies’ obligations
for public distribution of information. That data have fed economic growth in
the mapping industry, where GIS specialists can transform the information for
a variety of users.
Although restricting access is possible and sometimes desirable, Clarke says,
the information can still be made available to people who need it, at an appropriate
level of detail. For example, first responders approaching a disaster scene
should have access to floor plans for storage facilities with hazardous chemicals;
however, such details should not be available to the broader public for security
concerns. At the same time, Clarke says, people have the right to know whether
they live near such a storage site — information that is contained, for
example, in the toxic release inventory maintained by the Environmental Protection
Agency.
Vulnerable targets, however, most likely are not in the federal realm but in
the private sector, such as the electric grid, says Bob Samborski, executive
director of the Geospatial Information & Technology Association, a nonprofit
organization that represents a variety of utilities (both public and private)
that use GIS. “Utilities in general are reluctant to provide detailed data
on pipelines, gas mains, water mains and things like that,” Samborski says,
which cover approximately 85 percent of the nation’s infrastructure.
For agencies that hold such potentially sensitive data and are considering making
it publicly accessible, the FGDC guidelines (released in May for public comment)
attempt to provide a template. Closely following the RAND report criteria, the
FGDC decision tree takes a step-by-step approach to determining whether data
is unique and sensitive.
Michael Domaratz of the U.S. Geological Survey, who co-chaired the FGDC committee,
says that legitimate security concerns versus the rights of the “beneficiaries”
of publicly accessible information create “the major creative tension in
making these decisions.”
“It’s a question of scale and detail” of the database, says David
Morehouse of the Department of Energy’s Energy Information Administration,
who helped draft the FGDC guidelines. After September 11, information was pulled
offline “without coordination and a concept of what the real threat was,
or an understanding of adversaries,” he says. The guidelines are “a
way to get that back up without compromising security.”
Naomi Lubick
Links:
"Mapping secure boundaries for data,"
Geotimes, May 2003
Back to top
 |
Geotimes Home | AGI Home | Information Services | Geoscience Education | Public Policy | Programs | Publications | Careers  |