July 13, 2003
Infrastructure Database Project Seen As National Security Risk

George Mason University geography Ph.D. candidate Scott Gorman and assistant professor research Laurie Schintler have created a computer database that maps the entire United States telecommunications network overlaid with all major industries.

He can click on a bank in Manhattan and see who has communication lines running into it and where. He can zoom in on Baltimore and find the choke point for trucking warehouses. He can drill into a cable trench between Kansas and Colorado and determine how to create the most havoc with a hedge clipper. Using mathematical formulas, he probes for critical links, trying to answer the question: "If I were Osama bin Laden, where would I want to attack?" In the background, he plays the Beastie Boys.

I hope they are encrypting their data.

Schintler sees this work as necessary to identifying vulnerabilities for defensive purposes.

"Only by trying to understand critical infrastructure can we begin to formulate plans and policies designed to mitigate the effects that could occur as the result of a targeted physical and/or cyber attack on infrastructure in the developed world," wrote Schintler in an August, 2002 CIP Report article. "And we need understand our complex infrastructure even better than the enemy."

One problem here is that this sort of data needs to be collected in order to identify vulnerabilities for defensive purposes. But by collecting it the data becomes vulnerable to being stolen by the Bad Guys. Obviously, security precautions can be taken to make the data more difficult to steal. The Washington Post article mentions that the researchers are using some physical security devices to make it hard for anyone to get to their computers. But my guess is those devices could be defeated by sufficiently sophisticated thieves. Hence my hope that they are encrypting their data.

But there is a longer run problem here that probably can not be solved: it will become increasingly easy for anyone to collect the information that Gorman and Schintler have collected. Gorman collected much of his information using the internet. Well, companies and government agencies can remove some information from their web sites. But are electronic map databases going to remove the location information for companies? Also, some of the information ends up being fairly accessible because construction companies and government agencies have to know where it is not safe to dig. A large number of people need fairly easy access to the information.

There is also the separate question of whether important vulnerabilities, once identified, will be dealt with. Redundant systems cost money. Parallel fiber optiic cables and switching facilities would have to be built. Companies compete with each other and need to keep their costs low. Who is going to have sufficient incentive to build in the amount of redundancy that would effectively protect against terrorist attacks? Also, can it even be done? If one switching station is too important and two more get built then the terrorists have to blow up 3 buildings rather than 1 building. Well, an organization that can get the material together to make one van into a bomb the total effort needed to scale up to make 3 bomb vehicles will probably less than 3 times as much as to make and deliver one of them.

It might make more sense to approach the problem by developing better capabilities for doing really rapid repair. Mobile fiber optic switching equipment that could be transported in less than a day to anywhere in the country to be installed to replace destroyed facilities might make more sense than redundant fully installed equipment. Also, pre-installed hooks across major bridges and even on the sides of some buildings could be used to quickly extend a fiber optic cable into a place like Manhattan if major chunks of existing cables were cut.

Share |      Randall Parker, 2003 July 13 12:58 PM  Dangers Tech Terrorism


Comments
Patrick said at July 13, 2003 4:44 PM:

Randall,

Am I the only guy who writes in your comments box?

Post a comment
Comments:
Name (not anon or anonymous):
Email Address:
URL:
Remember info?

                       
Go Read More Posts On FuturePundit
Site Traffic Info
The contents of this site are copyright