Of Cats and Bags

The Australian Nuclear Science and Technology Organisation recently became concerned about overhead imagery of the Lucas Heights HIFAR reactor on Google Earth, and on Sunday called upon Google to censor the imagery. (This is something that Google has already done for certain sensitive sites, such as the White House.) Curiously, a few days later, presumably after consultations with Australian security intelligence agencies (who reportedly have responsibility for monitoring open-source intelligence about critical sites) ANSTO dropped the demand. "Aerial photographs of the site have been available to the public on a cost basis for some years and Google Earth does not add to the publicly available data," it explained. "ANSTO does not believe the pictures pose a security risk." [Hat tip: IATAC]

This episode highlights a growing concern over the availability of relatively high-grade geospatial information through convenient web-based interfaces like Google Earth or Microsoft Virtual Earth. Perhaps more interesting than the mere availability of such data, however, is ANSTO's public zig-zag, which suggests that security agencies themselves are still the process of figuring out how to respond. "Although the buildings are clearly visible," explained ANSTO somewhat cryptically, "critical infrastructure is not." One wonders exactly what criteria is being applied here. Certainly those who have responsibility for securing other critical sites that may be the subjects of web-based overhead photography should be asking themselves some very similar questions.

Ultimately, this all raises two interesting things to consider: (a) to what extent is a critical site's public information signature unalterable after a certain amount of exposure; and (b) if a particular signature cannot be effectively reduced, is there anything that can be done to address the resulting vulnerability?