Critical Infrastructure Security Planning with GIS

A number of events have got me thinking about security lately.  First of all, my colleague Andrew Wilkinson gave a great presentation to the American Association of Airport Executives last week in Chicago.  Secondly, I will be sitting on a panel next week at the SPAR conference in Denver that is focused on security and privacy concerns related to geospatial information.

It is an unfortunate reality of our world that there are people with terrorist intentions.  We know that there are capable terrorist organizations at large in the world with stated intentions and previous history of carrying out spectacular acts of violence against targets of particular national or religious affiliation.  A partial list of some of the more newsworthy attacks in the last dozen years or so would include:

  • Oklahoma City Bombing  April 19, 1995

  • Columbine High School - April 20, 1999

  • World Trade Center and Pentagon - September 11, 2001

  • London Underground - July 7, 2005

  • Madrid Barajas Airport - December 2006

  • Glasgow Scotland Airport - June 30, 2007

  • Mumbai India - November 26, 2008

We have no reason to believe that the fundamental conditions that give rise to terrorist intent will abate any time soon.  In fact, it would appear that the opposite true.  We must be vigilant and do everything that we can to reduce the risk of the next event.

RISK = Likelihood X Impact RISK = Likelihood X Impact

So, what do we know about the risks that we face that could help us manage those risks lower?  Security planners define risk as the likelihood of a particular threat multiplied by the impact that the threat would have if carried out.  With a little thought, it is pretty obvious that there are geographic and temporal dimensions to risk that we can model to refine where and how we deploy our forces and facilities to respond to an anticipated risk.  It is much more likely that a terrorist would want to detonate an explosive device in an airport terminal near the time of a departing flight associated with his national or religious enemy than in a remote parking lot during off hours.  We can use this information to concentrate our response effort around the places and times that we know are the most attractive targets.  We also know that security and response personnel are much more effective when they have accurate and up to date information about the terrain that they are operating in.  One of the biggest problems faced by security personnel responding in Columbine High School and Mumbai, India was that the attackers had much better intelligence about the facilities terrain then the security personnel did.

Take a look again at our list of terrorist acts.  What do they all have in common?  The attacks targeted buildings.  The reasons are pretty obvious.  Buildings offer high concentrations of people and therefore generate the opportunity for spectacular impact.  Targeted buildings are often symbols of "the enemy" as well offering the opportunity to deliver an attack that has a strong element of symbolism beyond the physical impact of the event.

I believe that one of the most effective investments that we could make today to reduce the risk of attacks on the buildings that make up our critical infrastructure is to map the insides of those buildings and provide those building maps securely to our security forces.  Mapping the interiors of our buildings would deliver value in several different ways:

Facilities Information Infrastructure Facilities Information Infrastructure

  1. Building maps can be used to locate specific vulnerabilities and to map and model our security monitoring and response plans.  (See Andrew's presentation for an excellent example of how this should be done in an airport environment)

  2. Building maps can be used to prepare response personnel in their planning and inspection workflows thereby giving them a better understanding of the operational environment that they will be working in.

  3. Building maps can be delivered securely to the field through a variety of technologies to support response during an event.

  4. Building maps can also deliver value to a wide range of interests operating inside the building including space planning, lease management, work order management, and environmental monitoring.  (One of our customers recently saved the costs of data collection in 18 months of custodial contract savings because they had over-stated their floor space in their maintenance system. )

Make no mistake about it.  There are people planning attacks on our critical infrastructure buildings as you read this.  We need to be analyzing those risks, planning our management of those risks, and arming our response personnel with the intelligence they need to operate effectively in this terrain.  We need to be better prepared than we were in Columbine or in Mumbai.   The technology to map the insides of our buildings and to manage that data is available today.  The investments in building maps will generate return on investment from a myriad other uses.  We have no excuses for inaction.