National Infrastructure Protection Center Internet Content Advisory: Considering The Unintended Audience --- NIPC/FBI --- Online Security

Online Security, a global provider of computer forensics and information technology risk mitigation since 1997

Original Source: http://www.nipc.gov

National Infrastructure Protection Center Internet Content Advisory: Considering The Unintended Audience
Author: NIPC/FBI

National Infrastructure Protection Center
Internet Content Advisory: Considering The Unintended Audience
Advisory 02-001
17 January 2002

As worldwide usage of the Internet has increased, so too have the vast resources available to anyone online. Among the information available to
Internet users are details on critical infrastructures, emergency response plans and other data of potential use to persons with criminal intent.

Search engines and similar technologies have made arcane and seemingly isolated information quickly and easily retrievable to anyone with access to the Internet. The National Infrastructure Protection Center (NIPC) has received reporting that infrastructure related information,available on the Internet, is being accessed from sites around the world. While in and of itself this information is not significant, it highlights a potential vulnerability.

The NIPC is issuing this advisory to heighten community awareness of this potential problem and to encourage Internet content providers to review the data they make available online. A related information piece on "Terrorists and the Internet: Publicly Available Data should be Carefully Reviewed" was published in the NIPC's HIGHLIGHTS 11-01 on December 7, 2001 and is
available at the NIPC Web site www.nipc.gov. Of course, the NIPC remains mindful that, when viewing information access from a security point of view, the advantages of posting certain information could outweigh the risks of doing so. For safety and security information that requires wide-dissemination and for which the Internet remains the preferred means, security officers are encouraged to include in corporate security plans mechanisms for risk management and crisis response that pertain to malicious use of open source information.

When evaluating Internet content from a security perspective, some points to consider include:

1. Has the information been cleared and authorized for public release?

2. Does the information provide details concerning enterprise safety and security? Are there alternative means of delivering sensitive security information to the intended audience?

3. Is any personal data posted (such as biographical data, addresses, etc.)?

4. How could someone intent on causing harm misuse this information?

5. Could this information be dangerous if it were used in conjunction with other publicly available data?

6. Could someone use the information to target your personnel or resources?

7. Many archival sites exist on the Internet, and that information removed from an official site might nevertheless remain publicly available
elsewhere.

The NIPC encourages the Internet community to apply common sense in deciding what to publish on the Internet. This advisory serves as a reminder to the community of how the events of 9/11/2001 have shed new light on our security
considerations.

The NIPC encourages recipients of this advisory to report information concerning criminal activity to their local FBI office
FBI or the NIPC, and to other appropriate authorities. Recipients may report incidents online at www.nipc.gov, and can reach the NIPC Watch and Warning Unit at (202) 323?3205, 18885859078 or nipc.watch@fbi.gov.