Immediately after the terrorist attacks on New York City and Washington, D.C.,
on Sept. 11, 2001, government agencies pulled data off their Web sites that
they thought might be useful to someone planning a strike against U.S. targets.
Agencies such as NASA directed employees to remove satellite imagery, and the
U.S. Army Corps of Engineers among others removed data on the location of dams
and other infrastructure (Geotimes, April 2003).
But according to a new report and related guidelines, such removals were probably
Unique geospatial information that might be used for nefarious purposes turns out to be a rare commodity, according to a report released in April by the nonprofit RAND Corporation. The reports considerations also inform new guidelines distributed for comment in May by the Federal Geographic Data Committee (FGDC) Homeland Security Working Group. The guidelines aim to assist government and nongovernment data creators in determining whether or not new geospatial databases may be considered potentially sensitive with regard to security risks and whether they should be made publicly available.
The new RAND report, prepared for the National Geospatial-Intelligence Agency (formerly the National Imagery and Mapping Agency) in partnership with the U.S. Geological Survey, does not deny that some geospatial information could be used for ill. However, in their report, the RAND authors note that there are few truly unique federal databases.
In a search of more than 450 federal sources that led to about 650 databases, the federally funded RAND researchers found that only 6 percent actually contained difficult-to-find data that was potentially useful to someone considering an attack. And less than 1 percent of all sites examined may be unique.
John Baker, co-author of the RAND report, notes that security advisors told the authors that attackers can get away with less exact information [and have the] flexibility to compensate for gaps in the information they receive, generally by relying on direct observation of locations.
In most cases, good maps and good data are out there, Baker says, but whether thats an essential information source for an attacker, in most cases we found its fairly marginal. It is better to keep data available in general, he says, and restrict layers that may be more sensitive, protecting them with passwords or other measures to ensure that only the right people obtain access.
The RAND report also emphasizes the need to weigh the potential societal costs of restricting public access, Baker says. If information is available from other sources, he says, you havent improved homeland security by restricting public access to federal sources of geospatial information.
The report seems to endorse more access to data rather than less, which pleasantly surprised Keith Clarke, chair of the geography department at the University of California, Santa Barbara, and a member of the National Research Councils Mapping Science Committee. Clarke says that the past culture of open access to data led to the use of the Internet to meet federal agencies obligations for public distribution of information. That data have fed economic growth in the mapping industry, where GIS specialists can transform the information for a variety of users.
Although restricting access is possible and sometimes desirable, Clarke says, the information can still be made available to people who need it, at an appropriate level of detail. For example, first responders approaching a disaster scene should have access to floor plans for storage facilities with hazardous chemicals; however, such details should not be available to the broader public for security concerns. At the same time, Clarke says, people have the right to know whether they live near such a storage site information that is contained, for example, in the toxic release inventory maintained by the Environmental Protection Agency.
Vulnerable targets, however, most likely are not in the federal realm but in the private sector, such as the electric grid, says Bob Samborski, executive director of the Geospatial Information & Technology Association, a nonprofit organization that represents a variety of utilities (both public and private) that use GIS. Utilities in general are reluctant to provide detailed data on pipelines, gas mains, water mains and things like that, Samborski says, which cover approximately 85 percent of the nations infrastructure.
For agencies that hold such potentially sensitive data and are considering making it publicly accessible, the FGDC guidelines (released in May for public comment) attempt to provide a template. Closely following the RAND report criteria, the FGDC decision tree takes a step-by-step approach to determining whether data is unique and sensitive.
Michael Domaratz of the U.S. Geological Survey, who co-chaired the FGDC committee, says that legitimate security concerns versus the rights of the beneficiaries of publicly accessible information create the major creative tension in making these decisions.
Its a question of scale and detail of the database, says David Morehouse of the Department of Energys Energy Information Administration, who helped draft the FGDC guidelines. After September 11, information was pulled offline without coordination and a concept of what the real threat was, or an understanding of adversaries, he says. The guidelines are a way to get that back up without compromising security.
"Mapping secure boundaries for data," Geotimes, May 2003
Back to top