Dissertation Could Be Security Threat


16 févr. 2014 (il y a 7 années et 5 mois)

269 vue(s)

Infrastructure Data in Public Domain

From GIS Monitor July 17, 2003

Geography Grad Student Thesis Censored?

Caitlin and Will, among others, noted
an intriguing

Washington Post

about a grad student at George Mason
University whose work is drawing attention from many sectors. "He should turn it in
to his professor, get his grade

and then they both should burn it," said Richard
Clarke, most recently the White

House cyberterrorism chief. The concern is that Sean
Gorman's contribution to academic geography includes detailed maps of U.S.
infrastructure along with the fiber
optic network that connects businesses and
government. The data was all collected from publ
ic sources. I think that if nothing
else, work like this simply illustrates to many who don't realize what information, in
fact, is in the public domain. Said John M. Derrick Jr., chairman of the board of Pepco
Holdings Inc., a huge power company, "Why in
the world have we been! so stupid as
a country to have all this information in the public domain?"


Dissertation Could Be Security Threat

Student's Maps Illustrate Concerns About Public Information

By Laura Blumenfeld

Washington Post Staff Writer

Tuesday, July 8, 2003; Page A01

ean Gorman's professor called his dissertation "tedious and unimportant." Gorman didn't
talk about it when he went on dates because "it was so boring they'd start staring up at the
ceiling." But since the Sept. 11, 2001, attacks, Gorman's work has become s
o compelling
that companies want to seize it, government officials want to suppress it, and al Qaeda

if they could get their hands on it

would find a terrorist treasure map.

Tinkering on a laptop, wearing a rumpled T
shirt and a soul patch

goatee, this George
Mason University graduate student has mapped every business and industrial sector in the
American economy, layering on top the fiber
optic network that connects them.

He can click on a bank in Manhattan and see who has communication l
ines running into
it and where. He can zoom in on Baltimore and find the choke point for trucking
warehouses. He can drill into a cable trench between Kansas and Colorado and determine
how to create the most havoc with a hedge clipper. Using mathematical f
ormulas, he
probes for critical links, trying to answer the question: "If I were Osama bin Laden,
where would I want to attack?" In the background, he plays the Beastie Boys.

For this, Gorman has become part of an expanding field of researchers whose work

coming under scrutiny for national security reasons. His story illustrates new ripples in
the old tension between an open society and a secure society.

"I'm this

student," said Gorman, 29, amazed by his transformation from geek to
cybercommando. "
Never in my wildest dreams would I have imagined I'd be briefing
government officials and private
sector CEOs."

Invariably, he said, they suggest his work be classified. "Classify my dissertation? Crap.
Does this mean I have to redo my PhD?" he said. "They
're worried about national
security. I'm worried about getting my degree." For academics, there always has been the
imperative to publish or perish. In Gorman's case, there's a new concern: publish


"He should turn it in to his professor, get hi
s grade

and then they both should burn it,"
said Richard Clarke, who until recently was the White House cyberterrorism chief. "The
optic network is our country's nervous system." Every fiber, thin as a hair, carries
the impulses responsible for In
ternet traffic, telephones, cell phones, military
communications, bank transfers, air traffic control, signals to the power grids and water
systems, among other things.

"You don't want to give terrorists a road map to blow that up," he said.

The Washington

Post has agreed not to print the results of Gorman's research, at the
insistence of GMU. Some argue that the critical targets should be publicized, because it
would force the government and industry to protect them. "It's a tricky balance," said
Michael V
atis, founder and first director of the National Infrastructure Protection Center.
Vatis noted the dangerous time gap between exposing the weaknesses and patching them:
"But I don't think security through obscurity is a winning strategy."

Gorman compiled
his mega
map using publicly available material he found on the
Internet. None of it was classified. His interest in maps evolved from his childhood, he
said, because he "grew up all over the place." Hunched in the back seat of the family car,
he would puzz
le over maps, trying to figure out where they should turn. Five years ago,
he began work on a master's degree in geography. His original intention was to map the
physical infrastructure of the Internet, to see who was connected, who was not, and to

its economic impact.

"We just had this research idea, and thought, 'Okay,' " said his research partner, Laurie
Schintler, an assistant professor at GMU. "I wasn't even thinking about implications."

The implications, however, in the post
Sept. 11 world, w
ere enough to knock the wind
out of John M. Derrick Jr., chairman of the board of Pepco Holdings Inc., which provides
power to 1.8 million customers. When a reporter showed him sample pages of Gorman's
findings, he exhaled sharply.

"This is why CEOs of ma
jor power companies don't sleep well these days," Derrick said,
flattening the pages with his fist. "Why in the world have we been so stupid as a country
to have all this information in the public domain? Does that openness still make sense? It
sure as hel
l doesn't to me."

Recently, Derrick received an e
mail from an atlas company offering to sell him a color
coded map of the United States with all the electric power generation and transmission
systems. He hit the reply button on his e
mail and typed: "With

friends like you, we don't
need any enemies in the world."

Toward the other end of the free speech spectrum are such people as John Young, a New
York architect who created a Web site with a friend, featuring aerial pictures of nuclear
weapons storage are
as, military bases, ports, dams and secret government bunkers, along
with driving directions from Mapquest.com. He has been contacted by the FBI, he said,
but the site is still up.

"It gives us a great thrill," Young said. "If it's banned, it should be pub
lished. We like
defying authority as a matter of principle."

This is a time when people are rethinking the idea of innocent information. But it is
hardly the first time a university has entangled itself in a war. John McCarthy, who
oversees Gorman's projec
t at GMU's National Center for Technology and Law, compared
this period to World War II, when academics worked on code
breaking and atomic
research. McCarthy introduced Gorman to some national security contacts. Gorman's
critical infrastructure project, he

said, has opened a dialogue among academia, the public
sector and the private sector. The challenge? "Getting everyone to trust each other,"
McCarthy said. "It's a three
way tension that tugs and pulls."

When Gorman and Schintler presented their findings
to government officials, McCarthy
recalled, "they said, 'Pssh, let's scarf this up and classify it.' "

And when they presented them at a forum of chief information officers of the country's
largest financial services companies

clicking on a single cable

running into a
Manhattan office, for example, and revealing the names of 25 telecommunications

the executives suggested that Gorman and Schintler not be allowed to leave
the building with the laptop.

Businesses are particularly sensitive abou
t such data. They don't want to lose consumer
confidence, don't want to be liable for security lapses and don't want competitors to know
about their weaknesses. The CIOs for Wells Fargo and Mellon Financial Corp. attended
the meeting. Neither would comment

for this story.

Catherine Allen, chief executive of BITS, the technology group for the financial services
roundtable, said the attendees were "amazed" and "concerned" to see how interdependent
their systems were. Following the presentation, she said, the
y decided to hold an exercise
in an undisclosed Midwestern city this summer. They plan to simulate a cyber assault and
a bomb attack jointly with the telecommunications industry and the National
Communications System to measure the impact on financial serv

McCarthy hopes that by identifying vulnerabilities, the GMU research will help solve a
risk management problem: "We know we can't have a policeman at every bank and
switching facility, so what things do you secure?"

Terrorists, presumably, are expl
oring the question from the other end. In December 2001,
bin Laden appeared in a videotape and urged the destruction of the U.S. economy. He
smiled occasionally, leaned into the camera and said, "This economic hemorrhaging
continues until today, but requir
es more blows. And the youth should try to find the joints
of the American economy and hit the enemy in these joints, with God's permission."

Every day, Gorman tries to identify those "joints," sitting in a gray cinderblock lab
secured by an electronic loc
k, multiple sign
on codes and a paper shredder. No one other
than Gorman, Schintler or their research instructor, Rajendra Kulkarni, is allowed inside;
they even take out their own trash. When their computer crashed, they removed the hard
drive, froze it,
smashed it and rubbed magnets over the surface to erase the data.

The university has imposed the security guidelines. It is trying to build a cooperative
relationship with the Department of Homeland Security. Brenton Greene, director for
infrastructure co
ordination at DHS, described the project as "a cookbook of how to
exploit the vulnerabilities of our nation's infrastructure." He applauds Gorman's work, as
long as he refrains from publishing details. "We would recommend this not be openly
distributed," h
e said.

Greene is trying to help the center get federal funding. ("The government uses research
funding as a carrot to induce people to refrain from speech they would otherwise engage
in," said Kathleen Sullivan, dean of Stanford Law School. "If it were a

command, it
would be unconstitutional.")

All this is a bit heavy for Gorman, who is in many ways a typical student. His Christmas
lights are still up in July; his living room couch came from a trash pile on the curb. Twice
a day, Gorman rows on the Potoma
c. Out on the water, pulling the oars, he can stop
thinking about how someone could bring down the New York Stock Exchange or cripple
the Federal Reserve's ability to transfer money.

On a recent afternoon, he drove his Jeep from the Fairfax campus toward
the river. Along
the way he talked about his dilemma: not wanting to hurt national security; not wanting
to ruin his career as an academic.

"Is this going to completely squash me?" he said, biting his fingernail. GMU has
determined that he will publish on
ly the most general aspects of his work. "Academics
make their name as an expert in something. . . . If I can't talk about it, it's hard to get
hired. It's hard to put 'classified' on your list of publications on your résumé."

As he drove along Route 50, h
e pointed out a satellite tower and a Verizon installation.
Somewhere in Arlington he took a wrong turn and stopped to ask for directions. It has
always been that way with him. He's great at maps, but somehow he ends up lost.