Feds map risks of GIS

Some geographic data may be kept classified if it poses a homeland security risk, according to a draft policy from a federal working group.

Officials at the Federal Geographic Data Committee's Homeland Security Working Group published the draft policy May 3 in an attempt to advise agency officials about identifying sensitive geospatial data and the proper balance of access and security. The group published the guidelines for federal and local governments, private-sector entities and not-for-profit organizations that create and maintain geospatial data.

The policy encourages officials to answer questions such as: Should a neighborhood have access to details about a nearby nuclear plant? If a chemical plant has an emergency, how do people assess the health risks without knowing the plant's contents?

The policy states that agency officials should assess whether security risks outweigh the benefits of making such information public.

Rand Corp. officials say that open access to geospatial data does not pose much of a national security risk. A recent report from the company found that much of the information available is not sufficiently unique, critical or current to be of much use to terrorists. Less than 1 percent of the 629 federal datasets that the company reviewed were useful and unique.

Nevertheless, as long as terrorism exists, the guidelines are here to stay.

"You have to ensure that you don't have different pieces of the community taking a different approach," said Michael Domaratz, co-chairman of the working group. "The purpose of the guidelines is to have people who are already making the judgments to have a common basis."

Decisions about curtailing public access to data are always thorny. When drafting the guidelines, working group officials included representatives from the library community in setting standards.

Commitee officials are expected to approve the guidelines in the fall after they review public comments. The deadline could slip depending on the comments, they said.

Some officials, however, are not concerned that geospatial data gives terrorists new information as much as they are concerned that the available data makes

information too convenient for potential attackers.

The library community supports open access to government documents. But Linda Zellmer, who heads Indiana University's geology library and served on the working group, said she is "not sure it's sensible to have some of this information out."

"I am not concerned that they're not blocking enough," Zellmer said, adding that the data makes "it a whole lot more convenient for someone trying to do something." She cited information about Luke Air Force Base in Glendale, Ariz., as data that should not be accessible. The original map of the base, she said, shows the location of trillions of dollars of hardware, including the largest squadron of F-16s.

However, Zellmer said that some information has been public for such a long time that potential attackers already possess it. "I don't think taking it down is going to do much good," she added.

"Geospatial databases are old and things change," said Beth Lachman, a geospatial policy analyst at Rand and one of the researchers of the report. "Because of the dynamic nature of the type of information [attackers] want for target selection, they need very detailed and timely information." She added that geospatial data "may also not be as detailed as the type [of information] attackers are looking for."

"Part of the reason we didn't find much information out there, even prior to [the attacks of Sept. 11, 2001] is that there were already security reasons for not putting certain information out there," Lachman said. "A bank isn't going to advertise where their video cameras are." She said that some data, such as Web sites for scuba divers and railway enthusiasts, often carry content that could be useful to terrorists.

The committee is issuing the guidelines under the authority provided by Office of Management and Budget Circular A-16 to implement the National Spatial Data Infrastructure. They will be reviewed every five years.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above