In 2003, The Washington Post published an article on Sean Gorman’s thesis, which mapped out the telecommunications fiber optic network in the US. This thesis caused a stir within government and industry over its potential security implications because it identified the locations of parts of the network infrastructure, and its vulnerabilities and interdependencies.
Gorman’s book, which is based on his thesis, is an examination of critical information infrastructure, what the threats are and aren’t, and vulnerabilities and interdependencies. Gorman begins by outlining his work on mapping the physical geography of the Internet using open source information. He then reviews the work undertaken on critical infrastructure protection, the complexities involved, and the issue of private efficiencies versus public vulnerabilities. After discussing the threats to the national information infrastructure, Gorman provides a literature review of the framework used to address the efficiency versus vulnerability issue, particularly in relation to the agglomeration of economic activity. The chapters that follow address a series of research questions raised by Gorman regarding the role of public policy in critical infrastructure protection, and provide solutions for addressing these. In broad terms, these questions are based on spatial (geographic) issues, dependencies (particularly electricity), resource allocation, and diversification.
This book certainly is an interesting read, although it does feel like a rewrite of Gorman’s thesis. As such, it can be hard to wade through at times. The chapters dealing with the research questions (5 to 8) provide some very detailed maps and diagrams, although they tend to be steeped in academic theory.
Overall, the book provides an informative view of national information infrastructure protection, addressing issues such as geographic location and resource allocation that have wide implications for both government and the private sector. Although the book suffers from being more theoretical than practical, it would be a suitable reference point for those involved in policy decisions for information infrastructure protection.