The administrative attack surfaceΒΆ
The risk is not that any one publication exposes a secret. None does. The risk is what a few weeks of patient cross-reading turn that publication regime into: a targeting picture for a foreign service, search narrowing for a sabotage planner, queue ordering for a pre-conflict state. Collection is expensive and sometimes detectable. Correlation is cheap, legal, and increasingly automated.
A method, some worked Dutch cases, and an SOS correlation proof-of-concept can be found in the infrastructure aggregation threat model, alongside de-anonymisation, where the same logic reassembles a person rather than a site.
Focus here is on the strategic frame: why standard classification and security frameworks miss aggregation risk, whose remit it falls into, and the organisational reasons the gap stays open. The cases are the evidence; this is an exploration of what to do with it.
Last updated: 3 July 2026