Guidance for Transportation Agencies on Managing Sensitive Information (2005)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

32 Identifying Sensitive Information DOTs generate thousands of electronic and paper documents every year. Most infor- mation produced by DOTs requires no protection. For example, project-related docu- ments for a simple guardrail installation or road-widening project would likely not require any sort of special management. Agencies should be sensitive to the fact that arbitrary and unnecessary restrictions on non-sensitive information increase bureau- cracy and may jeopardize legitimate efforts to protect sensitive information. A subset of DOTs’ documents, however, can potentially be misused by someone intending to cause harm to the transportation system, its users, its employees, or the general public. Access to this information should be controlled. WHAT KINDS OF SENSITIVE INFORMATION DO DOTS HAVE? For most DOTs, information is likely to be considered sensitive if it is useful for (1) selecting a target for an attack and/or (2) planning and executing an attack. Infor- mation commonly found in DOTs that may meet these criteria include the following:
Vulnerability/Countermeasure/RiskAssessment Reports. These data provide de- tailed information about the vulnerability of a state’s transportation infrastructure to terrorist attack; such data are used in planning for protection against future attacks. Most state DOTs have conducted such assessments in the wake of the terrorist attacks of September 11, 2001; and, as AASHTO publishes further guidance on this topic and the federal government develops new rules, many states are likely to continue prepar- ing new or revised reports.
Emergency Response Plans. These materials provide detailed information about state DOT protocols for responding to and recovery from a range of disasters, including terrorist attacks. Most DOTs are reviewing and updating their emergency response plans to address terrorism. The plans contain sensitive information that could be used by ter- rorists in planning attacks that injure emergency responders or disrupt their efforts.
Other Sensitive Information. Visual and textual architectural and engineering data are vital to understanding the core operations and structural components of transporta- tion infrastructure. This information may include information such as building or struc- ture plans, schematic drawings and diagrams, security system plans, and threat analy- ses related to the design or security of critical infrastructure—all of which may be of interest to terrorists and could be dangerously misused by someone intending to cause harm to the system or its users, employees, or the general public. Such documents are

created and retained for many reasons, including use as emergency reference during the construction and reconstruction of transportation infrastructure. As part of these processes, design documents are often copied and distributed for use by architects, con- tractors, subcontractors, inspectors, third-party reviewers, and others—all of whom need access to blueprints, engineering schematics, and other technical documents to be able to safely and effectively fulfill their responsibilities. HOW CAN DOTS DETERMINE WHICH INFORMATION TO PROTECT? To help ensure the information protection efforts they undertake are effective, effi- cient, and defensible, DOTs should use consistent, objective, and documented proce- dures for identifying sensitive documents. These procedures should be applicable under all circumstances. Scrutinizing all information based on a general set of questions can be an effective tool for ensuring consistent decision making. States may wish to con- sider the following questions as they develop their own decision-making tools: • Could this information be used to aid in selecting a target for an attack, and/or for planning and executing an attack? • Is this information available from other sources (e.g., via the internet or a simple visual inspection of a facility)? • Is this information regularly distributed outside the agency? • Will disclosure of this information create potential for loss of life or economic harm? • Does this information reveal any security features or vulnerabilities? • Is this information critical to continuity of operations at the DOT? • Does the agency keep track of the number of existing copies of the document and the locations of these copies? • Does this information require special software or other devices to be read and understood? How readily available is the software? • Can the information be sanitized to remove sensitive information? Transportation agencies are encouraged to tailor their general list of questions to meet their own needs. 4