Research Brief

With the ever-growing presence of the Internet in people's lives, it is easier than ever to obtain information from publicly available sources on a wide range of topics. This raises the question of whether terrorists can exploit this availability of information when planning terrorist attacks. Conversely, familiarity with public sources of information can also be useful to policymakers in defending potential targets. However, given the vast array of publicly available information, identifying all the information relevant to a potential target and assessing its possible value to terrorist planners is daunting. What is needed is a way to define the kinds of information that would be useful for planning and executing attacks on particular targets.

A RAND Corporation study developed a framework to guide assessments of the availability of such information for planning attacks on the U.S. air, rail, and sea transportation infrastructure and applied the framework in a red-team information-gathering exercise. Working with six plausible attack scenarios—two each in air, rail, and sea transportation infrastructures—and a modified intelligence preparation of the battlefield (ModIPB) framework based on U.S. Army doctrine, red-team members serving as proxies for terrorists were instructed to find information sufficient to complete an operation plan for each of the six scenarios.

Based on the exercise, the study found the following:

  • The ModIPB framework is a useful guide to identifying information relevant to the planning and execution of terrorist attacks. Relying on checklists provided by the study team, red-team members were able to identify information that, with scattered exceptions, proved useful for planning the hypothetical terrorist attacks in all six scenarios. The results of three validation exercises support this assertion.
  • Ease of identifying relevant information varied across information categories. General, descriptive information was the easiest to find, and detailed information about security procedures was the most difficult to find. Some types of information could be found for one class of infrastructure target or for one scenario but not others.

Based on these findings, the authors recommend that, to prevent information that includes security details from becoming public, infrastructure owners should review and revise procedures for operational and informational security. This is especially pertinent given that new information becomes public every day, as do new capabilities for searching and fusing information.

The authors also recommend that infrastructure owners consider information that can be obtained from easily accessible public-information sources, such as the Internet, in vulnerability assessments. Given that new information can become publicly available at any time, such vulnerability assessments should be conducted frequently.

This report is part of the RAND Corporation research brief series. RAND research briefs present policy-oriented summaries of individual published, peer-reviewed documents or of a body of published work.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.