[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] WP: Dissertation Could Be Security Threat
So, da der Text wirklich ganz nett ist, werde ich nochmal verschicken.
Interessant ist, dass seine Arbeit auf =F6ffentlichen Daten beruht. Mit
gen=FCgend Aufwand l=E4sst sie sich also reproduzieren.
Dissertation Could Be Security Threat
Student's Maps Illustrate Concerns About Public Information
By Laura Blumenfeld
Washington Post Staff Writer
Tuesday, July 8, 2003; Page A01
Sean Gorman's professor called his dissertation "tedious and unimportant."=
Gorman didn't talk about it when he went on dates because "it was so
boring they'd start staring up at the ceiling." But since the Sept. 11, 20=
attacks, Gorman's work has become so compelling that companies want to
seize it, government officials want to suppress it, and al Qaeda operative=
if they could get their hands on it -- would find a terrorist treasure map=
Tinkering on a laptop, wearing a rumpled T-shirt and a soul patch goatee,
this George Mason University graduate student has mapped every business
and industrial sector in the American economy, layering on top the fiber-
optic network that connects them.
He can click on a bank in Manhattan and see who has communication lines
running into it and where. He can zoom in on Baltimore and find the choke
point for trucking warehouses. He can drill into a cable trench between
Kansas and Colorado and determine how to create the most havoc with a
hedge clipper. Using mathematical formulas, he probes for critical links,
trying to answer the question: "If I were Osama bin Laden, where would I
want to attack?" In the background, he plays the Beastie Boys.
For this, Gorman has become part of an expanding field of researchers
whose work is coming under scrutiny for national security reasons. His sto=
illustrates new ripples in the old tension between an open society and a
"I'm this grad student," said Gorman, 29, amazed by his transformation
from geek to cybercommando. "Never in my wildest dreams would I have
imagined I'd be briefing government officials and private-sector CEOs."
Invariably, he said, they suggest his work be classified. "Classify my
dissertation? Crap. Does this mean I have to redo my PhD?" he said.
"They're worried about national security. I'm worried about getting my
degree." For academics, there always has been the imperative to publish or=
perish. In Gorman's case, there's a new concern: publish and perish.
"He should turn it in to his professor, get his grade -- and then they bot=
should burn it," said Richard Clarke, who until recently was the White
House cyberterrorism chief. "The fiber-optic network is our country's
nervous system." Every fiber, thin as a hair, carries the impulses
responsible for Internet traffic, telephones, cell phones, military
communications, bank transfers, air traffic control, signals to the power
grids and water systems, among other things.
"You don't want to give terrorists a road map to blow that up," he said.
The Washington Post has agreed not to print the results of Gorman's
research, at the insistence of GMU. Some argue that the critical targets
should be publicized, because it would force the government and industry t=
protect them. "It's a tricky balance," said Michael Vatis, founder and fir=
director of the National Infrastructure Protection Center. Vatis noted the=
dangerous time gap between exposing the weaknesses and patching them:
"But I don't think security through obscurity is a winning strategy."
Gorman compiled his mega-map using publicly available material he found
on the Internet. None of it was classified. His interest in maps evolved f=
his childhood, he said, because he "grew up all over the place." Hunched i=
the back seat of the family car, he would puzzle over maps, trying to figu=
out where they should turn. Five years ago, he began work on a master's
degree in geography. His original intention was to map the physical
infrastructure of the Internet, to see who was connected, who was not, and=
to measure its economic impact.
"We just had this research idea, and thought, 'Okay,' " said his research
partner, Laurie Schintler, an assistant professor at GMU. "I wasn't even
thinking about implications."
The implications, however, in the post-Sept. 11 world, were enough to
knock the wind out of John M. Derrick Jr., chairman of the board of Pepco
Holdings Inc., which provides power to 1.8 million customers. When a
reporter showed him sample pages of Gorman's findings, he exhaled
"This is why CEOs of major power companies don't sleep well these days,"
Derrick said, flattening the pages with his fist. "Why in the world have w=
been so stupid as a country to have all this information in the public
domain? Does that openness still make sense? It sure as hell doesn't to
Recently, Derrick received an e-mail from an atlas company offering to sel=
him a color-coded map of the United States with all the electric power
generation and transmission systems. He hit the reply button on his e-mail=
and typed: "With friends like you, we don't need any enemies in the world.=
Toward the other end of the free speech spectrum are such people as John
Young, a New York architect who created a Web site with a friend, featurin=
aerial pictures of nuclear weapons storage areas, military bases, ports,
dams and secret government bunkers, along with driving directions from
Mapquest.com. He has been contacted by the FBI, he said, but the site is
"It gives us a great thrill," Young said. "If it's banned, it should be pu=
We like defying authority as a matter of principle."
This is a time when people are rethinking the idea of innocent information=
But it is hardly the first time a university has entangled itself in a war=
McCarthy, who oversees Gorman's project at GMU's National Center for
Technology and Law, compared this period to World War II, when
academics worked on code-breaking and atomic research. McCarthy
introduced Gorman to some national security contacts. Gorman's critical
infrastructure project, he said, has opened a dialogue among academia, the=
public sector and the private sector. The challenge? "Getting everyone to
trust each other," McCarthy said. "It's a three-way tension that tugs and
When Gorman and Schintler presented their findings to government
officials, McCarthy recalled, "they said, 'Pssh, let's scarf this up and c=
And when they presented them at a forum of chief information officers of
the country's largest financial services companies -- clicking on a single=
cable running into a Manhattan office, for example, and revealing the
names of 25 telecommunications providers -- the executives suggested that
Gorman and Schintler not be allowed to leave the building with the laptop.=
Businesses are particularly sensitive about such data. They don't want to
lose consumer confidence, don't want to be liable for security lapses and
don't want competitors to know about their weaknesses. The CIOs for Wells
Fargo and Mellon Financial Corp. attended the meeting. Neither would
comment for this story.
Catherine Allen, chief executive of BITS, the technology group for the
financial services roundtable, said the attendees were "amazed" and
"concerned" to see how interdependent their systems were. Following the
presentation, she said, they decided to hold an exercise in an undisclosed=
Midwestern city this summer. They plan to simulate a cyber assault and a
bomb attack jointly with the telecommunications industry and the National
Communications System to measure the impact on financial services.
McCarthy hopes that by identifying vulnerabilities, the GMU research will
help solve a risk management problem: "We know we can't have a
policeman at every bank and switching facility, so what things do you
Terrorists, presumably, are exploring the question from the other end. In
December 2001, bin Laden appeared in a videotape and urged the
destruction of the U.S. economy. He smiled occasionally, leaned into the
camera and said, "This economic hemorrhaging continues until today, but
requires more blows. And the youth should try to find the joints of the
American economy and hit the enemy in these joints, with God's
Every day, Gorman tries to identify those "joints," sitting in a gray
cinderblock lab secured by an electronic lock, multiple sign-on codes and =
paper shredder. No one other than Gorman, Schintler or their research
instructor, Rajendra Kulkarni, is allowed inside; they even take out their=
trash. When their computer crashed, they removed the hard drive, froze it,=
smashed it and rubbed magnets over the surface to erase the data.
The university has imposed the security guidelines. It is trying to build =
cooperative relationship with the Department of Homeland Security.
Brenton Greene, director for infrastructure coordination at DHS, described=
the project as "a cookbook of how to exploit the vulnerabilities of our
nation's infrastructure." He applauds Gorman's work, as long as he refrain=
from publishing details. "We would recommend this not be openly
distributed," he said.
Greene is trying to help the center get federal funding. ("The government
uses research funding as a carrot to induce people to refrain from speech
they would otherwise engage in," said Kathleen Sullivan, dean of Stanford
Law School. "If it were a command, it would be unconstitutional.")
All this is a bit heavy for Gorman, who is in many ways a typical student.=
Christmas lights are still up in July; his living room couch came from a t=
pile on the curb. Twice a day, Gorman rows on the Potomac. Out on the
water, pulling the oars, he can stop thinking about how someone could
bring down the New York Stock Exchange or cripple the Federal Reserve's
ability to transfer money.
On a recent afternoon, he drove his Jeep from the Fairfax campus toward
the river. Along the way he talked about his dilemma: not wanting to hurt
national security; not wanting to ruin his career as an academic.
"Is this going to completely squash me?" he said, biting his fingernail. G=
has determined that he will publish only the most general aspects of his
work. "Academics make their name as an expert in something. . . . If I can=
talk about it, it's hard to get hired. It's hard to put 'classified' on yo=
ur list of
publications on your r=E9sum=E9."
As he drove along Route 50, he pointed out a satellite tower and a Verizon=
installation. Somewhere in Arlington he took a wrong turn and stopped to
ask for directions. It has always been that way with him. He's great at ma=
but somehow he ends up lost
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.