GEOG 882
Geographic Foundations of Geospatial Intelligence

10.7 Geospatial Intelligence in Cyberspace


Dr. Michael Thomas is the author of Geography 489 Cyber-Geography in Geospatial Intelligence, and is also one of the instructors for Geography 882. He worked as an analyst for HQ EUCOM in Stuttgart, Germany in the Cyberspace Division and is currently a Professor of Cyberwarfare Studies at the AIr War College and USAF Cyber College at Maxwell AFB. He is very interested in how geographic information science and technology (GIS&T) can be applied to the emerging field of Cyberspace both within and outside the government. There are two dimensions to Cyberattacks – collection of intelligence from nations that are of interest to us, and realizing that others are constantly collecting on us.

Information is the only asset that is stolen by replication. As such, securing it is problematic because for it to be of any use it also needs to be available for access. In the wake of the September 11, 2001 attacks, the US government began instituting information protection policies aimed at increasing homeland security. The aim of these policies was to minimize the targets of opportunity that could be exploited by potential attackers using publicly available information they might obtain from authoritative public (federal, state and local) sources in planning attacks against the US homeland.

One of the outcomes of these policies is the “Department of Defense Strategy for Operating in Cyberspace” that was released in July 2011. The DoD states that “The Department and the nation have vulnerabilities in cyberspace. Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity – the security of the technologies that we use each day.”

There are thousands of networks, incalculable data assets freely in the open, and adversaries – individuals, groups, and nation-states, that can and will use our own information sources against us. It raises the question – how much information should a free society place in the open?

Read the two documents below and then consider the following questions.

Required Reading

"Mapping the Risks" is a Rand study complied in 2004. It attempts to evaluate the risks and rewards of having easily accessible Geospatial data available on the web for use by anyone. Although federal agencies produce and publicly disseminate geospatial information for a wide range of beneficial purposes, there also exists the risk that some types of geospatial information could be and has been exploited by terrorists. This is the challenge the federal agencies face in deciding which types of geospatial information should be publicly accessible, as well as whether and how to restrict new sensitive information as it becomes available.

The full study is available from The Rand Corporation Website.

NOTE: For this assignment, you need only read the Executive Summary. Reading can be accessed from the Lesson 10 Checklist.

Required Reading

The "Department of Defense Strategy for Operating in Cyberspace" was released in the summer of 2011. It has since been revised several times, the latest being the 2015 "DOD CYBER STRATEGY", which is due for revision in 2019.

Between 2004 and 2018, the evolution of Cyberspace into a recognized operating domain matured. For many reasons, many of them political or driven by DOD component infighting, no final concrete policy existed before this and the debate to establish a separate CYBERCOM took years to finalize between the sister services within the DoD, with a final definition of cyberspace finally being imposed on the DoD by Gordon England in May 2008.

Reading can be accessed from the Lesson 10 Checklist.

You will compare and contrast these two publications that lay out some of the basics of Geo-based Cyberspace analysis and cyber map production.

As you explore the site consider these questions:

  1. What aspects of the application of GIS&T in the military and the intelligence community are really applications of geospatial intelligence?
  2. Given what you know of the application of geospatial intelligence to US national security activities, compare and contrast how the DoD intelligence community leverages GIS&T and the intelligence process.
  3. Given that GIS&T includes at least the four subfields of cartography, remote sensing, GIS, and GPS, consider the central role that mapping seems to play in cyber analysis. How might the DoD and the intelligence community better leverage the other components of GIS&T and geospatial intelligence?


Cover image for "The Cyber War Threat has been Grossly Exaggerated."

Watch the video The Cyber War Threat Has Been Grossly Exaggerated.

The debate still continues. After listening, offer a perspective of whether the debate affected your view.

  • Which way did you vote at the beginning?
  • Which way did you vote at the end?
  • Offer your insights as to whether the debate is real or exaggerated.

Information technology infrastructure has changed in the last 10 years. Currently, an integration of geolocating technologies with communications infrastructures has made possible dynamic changes in Northern Africa and parts of the Middle East.

Let us examine a few facts concerning the integration of technologies in Africa over the last decade.

Figure 10.1 Undersea cables surrounding the African continent in 2009 (l), 2012 (center) and in 2018 (r).

Low-cost, abundant, easily distributed information lowers transaction costs, which affects the nature of institutions and organizations. When internet connectivity was mostly carried on satellites it (and the transaction costs) was high. As these cables come online, more and more the transactions costs are going to come down. Infrastructure increases in Africa will eventually lead to increases in information flow and associated increases in relational aspects between distant points. What could formerly be characterized as "Terra Incognita" is changing with increases in infrastructure.

Would the "Arab Spring" have been possible before 2009? The lack of infrastructure makes it doubtful. Once all the cables are in place, Africa's total bandwidth will increase from 6 terabytes/second (tbps) to well over 40tbps. Currently, there are over half a billion Africans connected to the global system through cell phones and the Internet, and this number is going to dramactically increase.

Graphic showing the ICT developments in Africa 1998-2008 penetration rates. Large sharp increase of cellphones in recent years
Figure 10.2 Africa's increase in fiber-optic cable infrastructure has been accompanied by internal increases in connectivity predominantly represented in the wireless sector that does not rely on expensive physical infrastructure in order to exist.

Figure 2 shows the continent-wide penetration rate of different Information-Communication technologies (ICTs). Notable here is the huge increase in wireless penetration - almost 33% continent-wide that does not require as much infrastructure as traditional landlines. This continent-wide picture does not paint a fully accurate picture. While the overall number is correct, the penetration rates in North Africa show a different story when reviewed separately. Too much variation is concealed in the overall continental rate but becomes apparent when examined more regionally. In the Mahgreb, the rates were almost twice as much as the continental average and increased steadily to over 100% in some places, meaning that some subscribers actually had more than 1 phone by 2010.

See image caption and text below image
Figure 3. Using Africa as a Meta-model, the combinations of 24-7 GPS location technology (external infrastructure and global in nature), the exponential increase of external connectivity of fiber optic planned or already installed since 2009 (external infrastructure and regional in nature) and the exponential growth of the wireless phone market (internal infrastructure and local in nature) makes the future of the continent as a whole unknowable using current methods. What has already occurred in the Mahgreb may pale in comparison with what's to come in the near term based on the impact of georectified enabled ICTs in sub-Saharan Africa.
Credit: Original graphic by M. Thomas.

The current DNI, General Clapper, hinted at the IC's interests in some of the aspects for intelligence collection in a recent interview in the Dec 2011 issue of Geospatial Intelligence Review,

"I see all kinds of benefits (from combining collection and analysis). There are a lot of examples that I can't cite because they are classified. But I will say that I think we will be better able to address an Arab Spring, for example, and better able to anticipate it and respond to it."

The richness of available open source data, generated either by social media or other sources, is too complex to accumulate and analyze using current approaches. Currently, analysts often use multiple sources of information in order to create actionable intelligence for a mission. The datasets are large in volume and are likely stored in multiple databases and multiple locations. This requires tailored queries into the systems to be prespecified, filtering significant amounts of data before an analyst has an opportunity to decide if it is important. This query-retrieve paradigm effectively removes the possibility of the "lucky find," because the analyst has to already know what they want to query. Looking forward, the datasets are becoming more connected and the transaction costs are decreasing. The volume of pseudo-humint available from social media is one result of the increase in this connectivity infrastructure and the impacts are both unpredictable and unforeseen. At a minimum, it raises the following questions for our consideration:

  1. The tacit-explicit knowledge transformation underway is potentially making disconnected areas such as Africa less a "Terra-Incognita" than ever before. What will this mean in terms of the geo-strategic framework?
  2. How seriously is the IC reviewing the potentials of Web 2.0 enabled sources geospatially enabled with "Volunteer Geographic Information?"
  3. How might peer and near peer opponents make use of the models?