information security risks and controls of public geospatial datasets · 2014. 6. 25. ·...
TRANSCRIPT
-
Information Security Risks and Controls of Public Geospatial Datasets July 17, 2014
David Lanter PhD GISP
-
This Presentation…
CDM Smith applies GIS and develops custom applications –producing, deploying and disseminating geospatial datasets for our public agency clients We are responsible for understanding the unique information security risks and controls associated with protecting public geospatial data…
Risks and Controls of Public Geospatial Datasets
-
Presentation
Risks and Controls of Public Geospatial Datasets
1. Background 2. GIS Data are Important 3. National Spatial Data Infrastructure 4. Critical National Infrastructure 5. Risks to Critical National Infrastructure 6. Inherent Risks 7. Mitigating Controls 8. Research Opportunities
-
Background
Risks and Controls of Public Geospatial Datasets
• 1950’s – 60’s Will Garrison and his students at the University of Washington in Seattle (dubbed the “space cadets”) lead the quantitative revolution in geography
• • 1961 – Lee Pratt of Canada Land Inventory boards plane
and sits next to Roger Tomlinson and describes his problem – Unfeasible estimate of $8 million to produce maps and
analyze land use of >100 million sq. miles of rural lands
• 1963 – Tomlinson proposes $3 million project to solve the problem with computers
-
Background
Risks and Controls of Public Geospatial Datasets
• 1970’s – First GIS: Tomlinson’s Canada GIS – spatial queries and analyses of Earth’s surface
• Situational awareness • Resource inventories • Change detection monitoring • Raster to Vector conversion • …
• 1976 – Ford Foundation funds Geography Chair at Harvard – Brian Berry (Garrison’s student) appointed Chair and directs
the Laboratory for Computer Graphics and Spatial Analysis where research leading to ArcGIS (PIOS, Whirlpool, etc…) and Spatial Analyst (GRID) was conducted
-
Background
Risks and Controls of Public Geospatial Datasets
Over the decades, GIS capabilities improve… – Proprietary commercial, academic and governmental open
source GIS packages developed and bundled
– Migrated across hardware platforms and operating systems
• Ported from mainframe to mini-computers, to personal computers
– Geocoding, navigation, and display reengineered and fused with real-time location and geographic sensors
• On-board computers in cars, planes and boats
-
Background…
Risks and Controls of Public Geospatial Datasets
• Over the decades, GIS capabilities improve – Geo-relational “geospatial” data structures associating
descriptive attributes with spatial representations – Complex disk file storage formats evolved into enterprise
relational databases containing spatial indexes (for rapid spatial searches)
– Spatially enabled middleware connected to a wide-range of custom and commercial off the shelf client applications
– Client-server and n-tier architectures move GIS back to larger enterprise computer servers and onto web servers supporting distributed personal computers, laptops, and other mobile platforms
-
GIS Data are Important
GIS Data play a central role in the United States – Geographic location is key element of 80-90% of all
governmental data (FGDC, 2006) – Essential to >50% of Nation’s domestic economic activities
(National Academy of Public Administration, 1998)
-
GIS Data are Important • Free flow of geographic information between government
and public is recognized as essential – Informs public for participation in democratic decision
making – Private businesses reuse the public’s investment in
government information
• Disseminating public geospatial data is central to the missions of many public, private and non-profit organizations
-
National Spatial Data Infrastructure 1994 President Clinton signs Executive Order 12906
– Federal Geographic Data Committee (FGDC) to create National Spatial Data Infrastructure (NSDI), and…
• Address $ billions wasted – Redundant collection of
undocumented hard to find geospatial data stored in incompatible formats
• Encourage Agencies to stand-up NSDI Clearing House nodes on Internet
– Populated with geospatial data and their descriptive metadata
-
National Spatial Data Infrastructure
FGDC 1998. Content Standard for Digital Geospatial Metadata
-
Critical National Infrastructure In 1996, President Clinton signed Executive Order 13010 which formally identified certain infrastructure as vulnerable to attack by explaining:
“Certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the United States”
• Water supply systems • Transportation • Electrical power systems • Continuity of government • Telecommunications • Gas and oil storage and transport • Banking and finance • Emergency services
-
Critical National Infrastructure After 9/11/2001 attention focused on protecting critical infrastructure that the U.S. advisories might seek to attack
U.S. officials began instituting policies to protect information
…it was not too long before GIS data made available through Clearinghouse nodes of NSDI became recognized as at risk of being exploited by those seeking to attack U.S. major cities and critical infrastructure
-
Risks to Critical National Infrastructure In 2003, Director of U.S. National Imagery and Mapping Agency (in 2004 renamed National Geospatial-Intelligence Agency) asked RAND Corporation for a:
Framework to “guide public and private decision makers in weighing homeland security implications related to release of geospatial information”
-
Risks to Critical National Infrastructure
RAND’s 2004 Deliverable included a Survey and Analysis of – 465 programs/offices/initiatives at 30 agencies and departments
identified as providing geospatial information to the public • 628 public datasets sampled from NSDI Clearinghouse nodes • 37 (~6%) found to be useful in helping an attacker select a target or
plan an attack against a site – None were so critical that an “attacker could not perform the attack
without” them
– Conclusions • Publically available geospatial “information needed for identifying
and locating potential targets is widely accessible” • “…detailed and up-to-date information required for attack planning
against a particular target is much less readily available”
-
Risks to Critical National Infrastructure
-
Risks to Critical National Infrastructure
“Does knowledge of the location and purpose of a feature as described in the data, have the potential to significantly compromise the security of persons, property, or systems?” FGDC Guidelines 2005 -based on RAND’s 2004 study
-
Inherent Risks
Classification of geospatial data “sensitivity” is based on usefulness to terrorists…
Does it contain Choke points that can increase effectiveness of an attack ?
-
Inherent Risks
“Does it include information that can be used to find the best way to cause catastrophic failure ?”
Does it contain temporal information identifying times of increased security vulnerability?
-
Mitigating Controls
-
Mitigating Controls If security risks outweigh benefits of releasing the data to the public, agency can choose to safeguard data by: – Modifying data
• Remove or reduce detail in offending data elements
– either in the attributes, spatial representations, or both
– Restricting access to data
• If agency lacks authority to change data, or believes modifying data will undermine its value to the public, then agency can restrict access
-
Mitigating Controls Remove, or reduce detail in offending data elements…
– Apply techniques of Cartographic Generalization
1. Selective Omission 2. Simplification 3. Combination 4. Exaggeration 5. Displacement
-
Mitigating Controls Restricting Access to Geospatial Data is accomplished through identification, permissions and authorization systems of IT data management systems and applications
Security Risk Management Process Diagram - Microsoft
Restricting Access – SANS Institute
-
Control Policies
-
Control Policies (1), (3), (4)
Note: See www.fgdc.gov for Crosswalk from FGDC CSDCM to ISO 19115 metadata standard
http://www.fgdc.gov/
-
Control Policies (2)
-
Mitigating Controls (4)
-
Supporting metadata development tools
-
An Inherent Weakness as Mitigating Controls Other than Security Classification, FGDC Metadata are “unstructured”…
Type: text Domain: “None” free text
-
Research Opportunities in Automating Mitigating Controls 1. Structured metadata
+ 2. Reliable identity and
authorization management system
= Automated security policy implementation tools to: ÿ Block access to data by unauthorized
users ÿ Determine whether to present FOUO
original version or generalized version to the user
-
Research Opportunities in Automating Mitigating Controls 1. Structured metadata
+ 2. Reliable identity and authorization
management system
+ 3. Automated security policy implementation
tools to block access of unauthorized users “Security Policy Language” (Kotenko et al. 2007)
= Tools able to detect, identify, and help resolve inconsistencies among policies within and among Agencies which provide sensitive geospatial data to NSDI
Kotenko, Igor, Artem Tishkov, Olga Chervatuk, Ekaterina Sidelnikova, 2007. Security Policy Verification Tool for Geographic Information Systems, in Information Fusion and Geographic Information Systems – Lecture Notes in Geoinformation and Cartography, Springer, pp.128-46
-
Presentation
Risks and Controls of Public Geospatial Datasets
¸ Background ¸ GIS Data are Important ¸ National Spatial Data Infrastructure ¸ Critical National Infrastructure ¸ Risks to Critical National Infrastructure ¸ Inherent Risks ¸ Mitigating Controls ¸ Research Opportunities
-
Information Security Risks and Controls of Public Geospatial Datasets July 17, 2014
David Lanter PhD GISP
Slide Number 1This Presentation…PresentationBackgroundBackgroundBackgroundBackground…GIS Data are ImportantGIS Data are ImportantNational Spatial Data InfrastructureNational Spatial Data InfrastructureCritical National InfrastructureCritical National InfrastructureRisks to Critical National InfrastructureRisks to Critical National InfrastructureRisks to Critical National InfrastructureRisks to Critical National InfrastructureInherent RisksInherent RisksMitigating ControlsMitigating ControlsMitigating ControlsMitigating ControlsControl PoliciesControl Policies (1), (3), (4)Control Policies (2)Mitigating Controls (4)Supporting metadata development toolsAn Inherent Weakness as Mitigating ControlsResearch Opportunities in Automating Mitigating ControlsResearch Opportunities in Automating Mitigating ControlsPresentationSlide Number 33