Are GIS Systems a Cybercrime Target?

Security experts at the Black Hat USA conference weigh in.

by / August 14, 2014

How attractive are city, county and state geospatial data to cybercriminals? Government Technology asked experts at the Black Hat USA conference in Las Vegas last week, and their opinions were mixed.
"Those are systems that affect a lot of customers, they are usually connected to the outside world, either through the Internet or through other networks, and there [are] quite a few reasons why an attacker would want to get inside those networks and affect those assets," said Andrey Dulkin, senior director of cyberinnovation for secure storage firm Cyber Ark.
But Bob Hansmann of data security firm Websense didn't see GIS as a unique target except in cases where the data was connected to something else that may be of interest.
"We're now seeing threats that might target infrastructure, that might target power systems," Hansmann said. "We've already seen threats targeting a specific research device, we've seen threats that targeted specific medical devices, so anybody using specialized equipment does have to deal with targeted threats."
William Gardner of end-point security firm Bromium saw GIS as a critical subset of overall enterprise security.
"Tracking information is a critical component across the board. It's ubiquitous in today's environment, so ensuring that that information remains confidential and is not subject to manipulation by hostile third parties is a critical aspect and a critical subset of the security challenges we're seeing today," he said.
Government Technology
attended the Esri User Conference in July to speak with geolocation specialists, and at least one of them said users are becoming more confident in the security of GIS applications hosted in the cloud.
"For a while, public agencies wanted to have their data behind their firewalls," said Brian Wienke, product manager for civic app provider Accela. "I think there's a trust in the cloud nowadays, and security has really been beefed up with Internet technologies in the cloud. I think they're starting to adopt it more because [of] the IT infrastructure."
Securing GIS and other information assets is taking on growing importance as these resources play an expanding role in facilitating communication during emergencies. As agencies and regions open GIS and other decision-making resources to a wider user base, security demands expand with them.
"When you've got something like 9/11, Benghazi [or the] Boston Marathon bombings, if you have any kind of delay in making a decision, or if you don't have the right people involved that are making the decision, that's going to create a slew of issues, worst case being deaths of innocent civilians," said Bob Pette, CEO of TouchShare, which provides geospatial collaboration software. "They want to make sure that everybody's looking at the same information at the same [time], and they want to make sure that people can sort through what has become increasingly an issue of information overload."

Hilton Collins

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.

Platforms & Programs