Sidebar: Is the Genie Out of the E-bottle?

Computerworld - As the three-year anniversary of the Sept. 11, 2001, terrorist attacks approaches, the Web remains a treasure trove of information for terrorists who may be planning or refining attack strategies.
Despite the increased concern about the possible targeting of nuclear or chemical processing facilities in the U.S., a disturbing amount of profile data about these facilities remains accessible online. And while most of the data is useless to a terrorist, security analysts say that critical data elements are available that could assist terrorists in their planning.
The Indian Point nuclear power plant, for example, located on the east bank of the Hudson River in Buchanan, N.Y., and operated by Entergy Corp., remains an open book in terms of providing details of reactor design, including the thickness of the reactor's various layers and the types of steel reinforcement used.
"With this information all you have to do is the math to figure out how much explosive power is needed to breach the wall," said Eric Friedberg, a former computer crime coordinator at the U.S. Department of Justice.
"When we talk about nuclear power plants, the stakes are even higher" than in the financial services sector, said MacDonnell Ulsch, managing director of Janus Risk Management Inc. in Marlborough, Mass. "Such information should be considered proprietary, like bank vault and bank construction details. Is this any way to manage risk? Hell no."
Entergy could not be reached for comment by posting deadline.
Shortly after 9/11, the Environmental Protection Agency removed data from its Web site pertaining to the location of chemical facilities in the U.S., as well as information pertaining to risk management at those facilities. The agency also began restricting access to various online databases that contained information on chemicals and environmental threat issues.
However, a review last week of EPA Web pages found that the locations of hazardous chemical facilities in the U.S. are provided via an interactive map including address and grid coordinates.
John Millett, a spokesman for the EPA, said on Friday that the agency has conducted an extensive review of its Web content and concluded that "very few of the publicly accessible federal geospatial sources appear useful to meeting a potential attacker's information needs."

Read more about security in Computerworld's Security Knowledge Center.