The industry still talks about anonymous facilities: unmarked buildings, no signage, an LLC on the land registry. Then the planning application publishes the floor plan, the utility filing publishes the power draw, the general contractor posts a milestone photo, and a job listing announces the commissioning date by asking for engineers "to support Q3 go-live". Adversaries do not breach your perimeter to learn your layout. They read the planning portal.
The perimeter leaks upstream of the fence, in documents you filed and posts you congratulated.
What actually leaks
- Planning and permitting: layouts, setbacks, generator counts, water and power capacity, all public by design in most jurisdictions.
- Hiring: job posts that date your go-live, name your technology stack, and map your team structure.
- Contractors and vendors: milestone photography, award announcements, and site selfies with wide-angle backgrounds.
- The sky and the street: hobbyist drone footage and street-view imagery that refresh faster than your security plan does.
Managed exposure, not imaginary anonymity
You cannot unfile a planning application, and you should not pretend the campus is a secret; the town can see it. What you can do is manage the delta between what is public and what matters: review what filings must contain versus what they conveniently contain, put publication clauses in contractor agreements, give site staff social-media guidance that is specific instead of scolding, and run a self-OSINT review on a calendar, the same way you patch. The goal is simple: when you walk the site with an adversary’s dossier in hand, nothing in it should surprise you.
We compile self-OSINT dossiers for operators regularly. Seeing your site from the outside is clarifying.