Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] WP: Dissertation Could Be Security Threat



Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

So, da der Text wirklich ganz nett ist, werde ich nochmal verschicken. 
Interessant ist, dass seine Arbeit auf =F6ffentlichen Daten beruht. Mit 
gen=FCgend Aufwand l=E4sst sie sich also reproduzieren.
MH



http://www.washingtonpost.com/wp-dyn/articles/A23689-2003Jul7.html

Dissertation Could Be Security Threat
Student's Maps Illustrate Concerns About Public Information

 By Laura Blumenfeld
Washington Post Staff Writer
Tuesday, July 8, 2003; Page A01 


Sean Gorman's professor called his dissertation "tedious and unimportant."=
 
Gorman didn't talk about it when he went on dates because "it was so 
boring they'd start staring up at the ceiling." But since the Sept. 11, 20=
01, 
attacks, Gorman's work has become so compelling that companies want to 
seize it, government officials want to suppress it, and al Qaeda operative=
s -- 
if they could get their hands on it -- would find a terrorist treasure map=
. 

Tinkering on a laptop, wearing a rumpled T-shirt and a soul patch goatee, 
this George Mason University graduate student has mapped every business 
and industrial sector in the American economy, layering on top the fiber-
optic network that connects them. 

He can click on a bank in Manhattan and see who has communication lines 
running into it and where. He can zoom in on Baltimore and find the choke 
point for trucking warehouses. He can drill into a cable trench between 
Kansas and Colorado and determine how to create the most havoc with a 
hedge clipper. Using mathematical formulas, he probes for critical links, 
trying to answer the question: "If I were Osama bin Laden, where would I 
want to attack?" In the background, he plays the Beastie Boys. 

For this, Gorman has become part of an expanding field of researchers 
whose work is coming under scrutiny for national security reasons. His sto=
ry 
illustrates new ripples in the old tension between an open society and a 
secure society. 

"I'm this grad student," said Gorman, 29, amazed by his transformation 
from geek to cybercommando. "Never in my wildest dreams would I have 
imagined I'd be briefing government officials and private-sector CEOs." 

Invariably, he said, they suggest his work be classified. "Classify my 
dissertation? Crap. Does this mean I have to redo my PhD?" he said. 
"They're worried about national security. I'm worried about getting my 
degree." For academics, there always has been the imperative to publish or=
 
perish. In Gorman's case, there's a new concern: publish and perish. 

"He should turn it in to his professor, get his grade -- and then they bot=
h 
should burn it," said Richard Clarke, who until recently was the White 
House cyberterrorism chief. "The fiber-optic network is our country's 
nervous system." Every fiber, thin as a hair, carries the impulses 
responsible for Internet traffic, telephones, cell phones, military 
communications, bank transfers, air traffic control, signals to the power 
grids and water systems, among other things. 

"You don't want to give terrorists a road map to blow that up," he said. 

The Washington Post has agreed not to print the results of Gorman's 
research, at the insistence of GMU. Some argue that the critical targets 
should be publicized, because it would force the government and industry t=
o 
protect them. "It's a tricky balance," said Michael Vatis, founder and fir=
st 
director of the National Infrastructure Protection Center. Vatis noted the=
 
dangerous time gap between exposing the weaknesses and patching them: 
"But I don't think security through obscurity is a winning strategy." 

Gorman compiled his mega-map using publicly available material he found 
on the Internet. None of it was classified. His interest in maps evolved f=
rom 
his childhood, he said, because he "grew up all over the place." Hunched i=
n 
the back seat of the family car, he would puzzle over maps, trying to figu=
re 
out where they should turn. Five years ago, he began work on a master's 
degree in geography. His original intention was to map the physical 
infrastructure of the Internet, to see who was connected, who was not, and=
 
to measure its economic impact. 

"We just had this research idea, and thought, 'Okay,' " said his research 
partner, Laurie Schintler, an assistant professor at GMU. "I wasn't even 
thinking about implications." 

The implications, however, in the post-Sept. 11 world, were enough to 
knock the wind out of John M. Derrick Jr., chairman of the board of Pepco 
Holdings Inc., which provides power to 1.8 million customers. When a 
reporter showed him sample pages of Gorman's findings, he exhaled 
sharply. 

"This is why CEOs of major power companies don't sleep well these days," 
Derrick said, flattening the pages with his fist. "Why in the world have w=
e 
been so stupid as a country to have all this information in the public 
domain? Does that openness still make sense? It sure as hell doesn't to 
me." 

Recently, Derrick received an e-mail from an atlas company offering to sel=
l 
him a color-coded map of the United States with all the electric power 
generation and transmission systems. He hit the reply button on his e-mail=
 
and typed: "With friends like you, we don't need any enemies in the world.=
" 

Toward the other end of the free speech spectrum are such people as John 
Young, a New York architect who created a Web site with a friend, featurin=
g 
aerial pictures of nuclear weapons storage areas, military bases, ports, 
dams and secret government bunkers, along with driving directions from 
Mapquest.com. He has been contacted by the FBI, he said, but the site is 
still up. 

"It gives us a great thrill," Young said. "If it's banned, it should be pu=
blished. 
We like defying authority as a matter of principle." 

This is a time when people are rethinking the idea of innocent information=
. 
But it is hardly the first time a university has entangled itself in a war=
. John 
McCarthy, who oversees Gorman's project at GMU's National Center for 
Technology and Law, compared this period to World War II, when 
academics worked on code-breaking and atomic research. McCarthy 
introduced Gorman to some national security contacts. Gorman's critical 
infrastructure project, he said, has opened a dialogue among academia, the=
 
public sector and the private sector. The challenge? "Getting everyone to 
trust each other," McCarthy said. "It's a three-way tension that tugs and 
pulls." 

When Gorman and Schintler presented their findings to government 
officials, McCarthy recalled, "they said, 'Pssh, let's scarf this up and c=
lassify 
it.' " 

And when they presented them at a forum of chief information officers of 
the country's largest financial services companies -- clicking on a single=
 
cable running into a Manhattan office, for example, and revealing the 
names of 25 telecommunications providers -- the executives suggested that 
Gorman and Schintler not be allowed to leave the building with the laptop.=
 

Businesses are particularly sensitive about such data. They don't want to 
lose consumer confidence, don't want to be liable for security lapses and 
don't want competitors to know about their weaknesses. The CIOs for Wells 
Fargo and Mellon Financial Corp. attended the meeting. Neither would 
comment for this story. 

Catherine Allen, chief executive of BITS, the technology group for the 
financial services roundtable, said the attendees were "amazed" and 
"concerned" to see how interdependent their systems were. Following the 
presentation, she said, they decided to hold an exercise in an undisclosed=
 
Midwestern city this summer. They plan to simulate a cyber assault and a 
bomb attack jointly with the telecommunications industry and the National 
Communications System to measure the impact on financial services. 

McCarthy hopes that by identifying vulnerabilities, the GMU research will 
help solve a risk management problem: "We know we can't have a 
policeman at every bank and switching facility, so what things do you 
secure?" 

Terrorists, presumably, are exploring the question from the other end. In 
December 2001, bin Laden appeared in a videotape and urged the 
destruction of the U.S. economy. He smiled occasionally, leaned into the 
camera and said, "This economic hemorrhaging continues until today, but 
requires more blows. And the youth should try to find the joints of the 
American economy and hit the enemy in these joints, with God's 
permission." 

Every day, Gorman tries to identify those "joints," sitting in a gray 
cinderblock lab secured by an electronic lock, multiple sign-on codes and =
a 
paper shredder. No one other than Gorman, Schintler or their research 
instructor, Rajendra Kulkarni, is allowed inside; they even take out their=
 own 
trash. When their computer crashed, they removed the hard drive, froze it,=
 
smashed it and rubbed magnets over the surface to erase the data. 

The university has imposed the security guidelines. It is trying to build =
a 
cooperative relationship with the Department of Homeland Security. 
Brenton Greene, director for infrastructure coordination at DHS, described=
 
the project as "a cookbook of how to exploit the vulnerabilities of our 
nation's infrastructure." He applauds Gorman's work, as long as he refrain=
s 
from publishing details. "We would recommend this not be openly 
distributed," he said. 

Greene is trying to help the center get federal funding. ("The government 
uses research funding as a carrot to induce people to refrain from speech 
they would otherwise engage in," said Kathleen Sullivan, dean of Stanford 
Law School. "If it were a command, it would be unconstitutional.") 

All this is a bit heavy for Gorman, who is in many ways a typical student.=
 His 
Christmas lights are still up in July; his living room couch came from a t=
rash 
pile on the curb. Twice a day, Gorman rows on the Potomac. Out on the 
water, pulling the oars, he can stop thinking about how someone could 
bring down the New York Stock Exchange or cripple the Federal Reserve's 
ability to transfer money. 

On a recent afternoon, he drove his Jeep from the Fairfax campus toward 
the river. Along the way he talked about his dilemma: not wanting to hurt 
national security; not wanting to ruin his career as an academic. 

"Is this going to completely squash me?" he said, biting his fingernail. G=
MU 
has determined that he will publish only the most general aspects of his 
work. "Academics make their name as an expert in something. . . . If I can=
't 
talk about it, it's hard to get hired. It's hard to put 'classified' on yo=
ur list of 
publications on your r=E9sum=E9." 

As he drove along Route 50, he pointed out a satellite tower and a Verizon=
 
installation. Somewhere in Arlington he took a wrong turn and stopped to 
ask for directions. It has always been that way with him. He's great at ma=
ps, 
but somehow he ends up lost

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.