Student Demonstrates That Some Information Is Too Much

One graduate student's dissertation project proves that terrorists can get their hands on enough information about the nation's most valuable assets to wreak havoc on the U.S. economy.

George Mason University graduate student Sean Gorman (search) is taking heat for his Ph.D. dissertation project in which he mapped every industrial and business sector in the economy and displayed the fiber-optic network that connects them all. He got all his information off public Internet sites.

America's fiber-optic connections are considered the backbone of the U.S. economy and if the network is damaged, a domino effect could bring down more than one of the nation's critical infrastructures.

Some national security experts say this project could serve as a road map for terrorists and should be either burned or classified.

"I think if the document really were a playbook for terrorists … then it should probably be burned. But it's not really what the dissertation is," Gorman told Fox News, adding that he worked with government agencies to make sure the data was protected. "I don't think it's a one-stop shop anywhere out there."

After the Sept. 11, 2001, terrorists attacks, government agencies, the business sector and others took a hard look at just how much "sensitive" material is on their Web sites and whether it could be used against them.

Focus was put on how to increase security among the nation's critical infrastructures — telecommunications servers, banking and finance, water supply systems, transportation, emergency services, government operations, electrical power grids and gas and oil storage and delivery.

The result: The Nuclear Regulatory Commission removed from its Web site some information about the nation's 104 nuclear power reactors. The Environmental Protection Agency took down information on emergency plans and chemicals at 15,000 locations around the country. The Office of Pipeline Safety also restricted its mapping software and pipeline data to industry and government officials.

"There is definitely information relating to our power grid, our communication networks and so on that is now being much more tightly managed than it ever has before," said John Voeller, a critical infrastructure security expert and chief knowledge/technology officer at Black and Veatch Corp.

"There's clearly a line that may have shifted because of 9/11," regarding how much information is available for the public to see, said Dave McCurdy, president of the Electronics Industry Alliance (search) and executive director of the Internet Security Alliance (search).

"Blue Cascade," an exercise sponsored by the Pacific Northwest Economic Region (search), demonstrated last year just how dependent the nation is on its critical infrastructures.

It found that an attack against one region's electrical power grid could cause power outages to other states, and could throw out of whack telecommunications, natural gas and local water systems and ports. Transportation, emergency services, law enforcement and hospitals could be crippled in the event of an emergency.

McCurdy, who served in the House of Representatives from 1981-1995, chaired the House Intelligence Committee and served on the Weapons of Mass Destruction Commission, said during the late 1990s, "we were astounded at some of the information that was available on the Web — not maliciously divulged, but for people who have the right ability, it could be potentially dangerous."

Experts say the problem is not so much that individual bits of information about the nation's most valuable assets exist on the World Wide Web, it is the ability to combine the information.

People understand how many different parts there are to an airplane, McCurdy said, but being able to build one and integrate the systems necessary to operate it is an entirely different story.

"Taken separately, they may not mean much but if you have the capability to merge them, you may come up with something that has great impact," McCurdy said. "That's always been the challenge. I don't think you can resolve that one."

But in the open society that defines America, some experts say the answer isn't simply to take all the available information off the Web.

"We are an open nation and a lot of what we take for granted — the highways, bridges, water plants, power plants … you paid for them, so telling you you need to pay for them but you can't see information about them … is not really very workable," Voeller said.

Voeller, who has been working with the Department of Homeland Security (search) on such issues, said the agency has come up with a new classification of information called "sensitive but not secret," or "safeguarded," a term from the nuclear sector. This category of information would not be readily accessible on the Web but people interested in viewing it could qualify to get access to it.

Information that would fall under this category would include the nation's sewer systems — "one of the greatest ways in the world to enter and exit a place without being seen," according to Voeller.

But Voeller said the focus on protecting information about such huge assets like water treatment plants may be misguided.

"How many water plants have been disrupted in Israel? How many power plants have been blown up in Northern Ireland? The big, obvious targets are not the most interesting and of most concern," Voeller said.

"A terrorist doesn't necessarily want to do damage to something material — their goal is to terrify — that's much easier done by a guy with some C-4 strapped to him in a shopping mall."