1
2	Problem and Objective Concerns Public access to geospatial data might increase vulnerability to attack. Really? How would one know what data are sensitive and useful to restrict? After September 11, Federal agencies and other organizations took different actions (withdrawal, sanitize, no change in access) What restrictions are sensible and at what cost? Organizational dependencies. Objective Provide guidelines for evaluating the need to reduce or eliminate public access to sensitive geospatial data.
3	Outline Sites of Concern Review RAND Report Review Indiana Public Access Laws Review FGDC Guidelines (draft) plus NSGIC Data Access Decision Tree (July 2002) Additional Guidance / Examples Discussion
4	Sites of Concern Critical infrastructure sectors (i.e., agriculture, food, water, public health, emergency services, government, defense industrial base, information and telecommunications, energy, transportation, banking and finance, chemical industry and hazardous materials, and postal and shipping) Key assets (e.g., locations of cultural significance [national monuments, major sporting events, etc.], special event locations, military installations).
5
6	“Mapping the Risks: Assessing the Homeland Security Implications of Publicly Available Geospatial Data” (RAND Report) Framework for making decisions about access Usefulness to an adversary Uniqueness of the information Balance security costs with societal benefits Available through http://www.rand.org/publications/MG/MG142/
7	RAND Report Findings Our federal geospatial information survey found that publicly available geospatial information is spread across a wide range of federal government agencies and offices. Our analysis found that very few of the publicly accessible federal geospatial sources appear useful to meeting a potential attacker’s information needs. Our analysis suggests that most publicly accessible federal geospatial information is unlikely to provide significant (i.e., useful and unique) information for satisfying attackers’ information needs. In many cases, diverse alternative geospatial and nongeospatial information sources exist for meeting the information needs of potential attackers.
8	Framework to Support Decision-Making (RAND)
9	The Attacker: Motivations, Strategies, and Modalities of Attack (RAND)
10	What Are the Attackers’ Key Information Needs? (RAND)
11	What Are the Attackers’ Key Information Needs? (RAND)
12	What Are the Attackers’ Key Information Needs? (RAND)
13	What Are the Attackers’ Key Information Needs? (RAND)
14
15	Indiana Access to Public Records Laws Sections Pertaining to Geographic Information Systems A fundamental philosophy of the American constitutional form of representative government is that government is the servant of the people and not their master. Accordingly, it is the public policy of the state that all persons are entitled to full and complete information regarding the affairs of government and the official acts of those who represent them as public officials and employees. Providing persons with the information is an essential function of a representative government and an integral part of the routine duties of public officials and employees, whose duty it is to provide the information... and place the burden of proof for the nondisclosure of a public record on the public agency that would deny access to the record and not on the person seeking to inspect and copy the record.
16	Indiana Access to Public Records IC 5-14-3-4 Records excepted from disclosure requirements; names and addresses; time limitations; destruction of Records (b) Except as otherwise provided by subsection (a), the following public records shall be excepted from section 3 of this chapter at the discretion of a public agency: (11) Computer programs, computer codes, computer filing systems, and other software that are owned by the public agency or entrusted to it and portions of electronic maps entrusted to a public agency by a utility. (continued on next slide)
17	Indiana Access to Public Records (19) A record or a part of a record, the public disclosure of which would have a reasonable likelihood of threatening public safety by exposing a vulnerability to terrorist attack. A record described under this subdivision includes: (A) a record assembled, prepared, or maintained to prevent, mitigate, or respond to an act of terrorism under IC 35-47-12-1 or an act of agricultural terrorism under IC 35-47-12-2; (B) vulnerability assessments; (C) risk planning documents; (D) needs assessments; (E) threat assessments; (F) domestic preparedness strategies; (G) the location of community drinking water wells and surface water intakes; (H) the emergency contact information of emergency responders and volunteers; (I) infrastructure records that disclose the configuration of critical systems such as communication, electrical, ventilation, water, and wastewater systems; and (J) detailed drawings or specifications of structural elements, floor plans, and operating, utility, or security systems, whether in paper or electronic form, of any building or facility located on an airport (as defined in IC 8-21-1-1) that is owned, occupied, leased, or maintained by a public agency. A record described in this clause may not be released for public inspection without the prior approval of the public agency.
18	Indiana Access to Public Records The submitting public agency: (i) is responsible for determining whether the public disclosure of a record or a part of a record has a reasonable likelihood of threatening public safety by exposing a vulnerability to terrorist attack; and ii) must identify a record described under item (i) and clearly mark the record as "confidential and not subject to public disclosure under IC 5-14-3-4(19)(I) without approval of (insert name of submitting public agency)".
19	Indiana Access to Public Records If an agency receives a request to inspect or copy a record that the agency considers to be excepted from disclosure under section 4(b)(19) of this chapter, the agency may consult with the counterterrorism and security council established under IC 4-3-20. If an agency denies the disclosure of a record or a part of a record under section 4(b)(19) of this chapter, the agency or the counterterrorism and security council shall provide a general description of the record being withheld and of how disclosure of the record would have a reasonable likelihood of threatening the public safety.
20
21	“Guidelines for Data Access in Response to Security Concerns” (FGDC) (A work in progress) http://www.fgdc.gov/fgdc/homeland/index.html FGDC Homeland Security Working Group http://www.fgdc.gov/fgdc/homeland/revised_access_guidelines.pdf How Were the FGDC Guidelines Developed? Background information: Laws, executive orders, circulars, and other documents to discern principles and broad policies. Organizations’ guidelines to understand how the concern has been addressed. RAND report. NSGIC guidelines. Members’ knowledge and contacts. (planned) Public review.
22	(FGDC) Issues Addressed Purpose: Identify sensitive geospatial data and provide appropriate restrictions for them. [Implied: Do not restrict data that are not sensitive.] Goal: Balance between restricting sensitive information and maximizing access to remaining geospatial data. Approach: A series of decisions to: Identify sensitive data. Decide if restrictions are warranted. Choose appropriate restrictions. Targeted to: “Originating” organizations. Any type of organization. Guidelines are applied under existing authorities.
23
24	(FGDC) Issues Not Addressed Internal operations of organizations. Means of protecting data (for example, ways for handling and securing data). Ability to implement guidelines (for example, identifying decision makers and developing implementation procedures). Review of decisions and responses to changing environments. Enforcement of restrictions on “downstream” users. Propagating changes in restrictions. Derived works. Appeals of decisions.
25	(FGDC) Question I: Is This Decision Yours?
26	(FGDC) Question II: Are You Ready to Decide?
27	(FGDC) Question III: Do the Data Warrant Restriction?
28	"What is success" What is success? What are the ends? What are the means? What are the activities? Selecting Planning What is the role of geospatial data?
29
30	(FGDC) Question IV: What Restrictions are Warranted?
31	(FGDC) Guidelines Review Is the decision yours? Are you ready to decide? Do the data warrant restriction? Usefulness Uniqueness Security cost and societal benefit If so, what restrictions are warranted? Change Restrict Work with “neighbors”
32
33	Summary Indiana Code allows for restriction of some data (burden on the public agency) Use Indiana Code and guidelines to make the determination Determine what restrictions are warranted (if any – FGDC guidance encourages maximum possible access to data) Document your decision following guidelines and Indiana Code (clearly label on media, in metadata, and/or license, agreement or other instrument that accompanies the data)
34	www.in.gov/ingisi
35
36	Document Your Evaluation In the metadata record, under “Identification Information > Use Constraints” you may include the following text: “<NAME_OF_DATA> data set was evaluated by <INSERT authority for action> for content sensitivity on <DATE> following the criteria provided by Indiana Code 5-14-3, the Rand Study and the FGDC Homeland Security Work Group. The following potential concerns were identified: <INSERT potential concerns>. The findings determined by the use of the guidelines is as follows: <INSERT findings>. The following actions were taken: <INSERT one of the following “none”, “parts of graphic and/or attribute data were filtered”, “data were restricted from public distribution”, "confidential and not subject to public disclosure under IC 5-14-3-4(19)(I) without approval of (insert name of submitting public agency)“ or free text>.