Does Geographic Location Matter in Cybersecurity?

Google Maps is really cool, no doubt.

I happened to check out two separate incident databases recently (one datalossdb, the other a private beta), and both have leveraged Google Maps. I guess what I am struggling with is the utility of the feature. With physical incidents, it seems useful to track threat trends – terrorist / pirate hotspots, etc. – so that we can act in accordance with our risk tolerance levels.

While we may find geographic patterns in cybersecurity, these patterns rarely if ever reflect a concentration of threat – this being one of the significant differences between physical and logical attacks.

I don't think the value is nearly as high, and given the screen real estate required to display it, I am not sure using geographic maps is beneficial. Even the maps of things like worm/virus spreading across a globe are more about computer usage patterns (e.g. follow the sun) than anything meaningful (I think).

So I am curious what use cases you can come up with for geographic maps in the cybersecurity realm. Here are some ideas:

  1. Wireless hotspots showing areas of high/low concentration of vulnerable areas.
  2. Jurisdictional use – identifying countries or regions that have various differing compliance regimens.

What benefits do you see with geographic mapping in cybersecurity? Or put differently – what geographic information would provide input into a cybersecurity decision you need to make?

1 comment for “Does Geographic Location Matter in Cybersecurity?

  1. July 28, 2009 at 1:36 pm

    Commercial companies are having some success selling it:

    A title for one of’s reports is “Digital Resolve’s fraud detection blends IP geo-location and behavior analysis”. I don’t have access to it, but the title purports to the utility.

    Geographic information can be useful to answer questions like:
    - should anyone be successfully VPNing into our corporate network from IP addresses outside of the US

    Maybe the distinction here is between possessing geo-tagged IP data versus using actual maps?

Comments are closed.