open government data - security risk or mean for threat prevention
DESCRIPTION
Presentation for FOCUS Winter School #FocusFP7TRANSCRIPT
OpenGovernment
Data
Security Risk orSecurity Risk orMean for Threat Prevention?Mean for Threat Prevention?
Agenda
▪ Political Mindset
▪What is Open Govt. Data and What Not
▪ OGD Risk Assessment
▪ Future prospects of OGD Security Research
http://datos.fundacionctic.org/sandbox/catalog/faceted/
Datasets by Government or Public Body
Political Mindset
Transparency Participation Collaboration
““My Administration is committed to creating anMy Administration is committed to creating anUnprecedented level of openness in Government.“Unprecedented level of openness in Government.“
Barack Obama, “Memorandum for the Heads of Executive Departments and Agencies - Barack Obama, “Memorandum for the Heads of Executive Departments and Agencies - Transparency and Open Government,” Jan. 2009.Transparency and Open Government,” Jan. 2009.
“Take the example of public sector information – possibly a €30 billion market in Europe. I have said it before, and I say it again: yes to open data!”
Neelie KroesNeelie KroesVice-President of the European CommissionVice-President of the European Commissionresponsible for the Digital Agendaresponsible for the Digital Agenda
““Lift-Off towards Open Government" conference, Brussels, 15 December 2010Lift-Off towards Open Government" conference, Brussels, 15 December 2010http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/752http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/752
Re-Iteration
What isOpen Government Data
Why and What Not
Open Government Data
Open Government Data are data sets released by the government on public interest. Usage is unconstrained with the right to re-share and re-purpose
without further notice.
Open Data Principles Complete
From a Primary Resource
Timely Easily Findable and Accessible
Machine Processable Content shall be non-Discriminating
Using Open Standards Liberal Licensing
Reliable Resources
Free of Charge or Non-Discriminating fees
[1] http://sunlightfoundation.com/policy/documents/ten-open-data-principles/[2] von Lucke and C.P. Geiger, “Open Government Data - Frei verfügbare Daten des öffentlichen Sektors,” Dec. 2010.
Open Data Principles ctd.
Non-personal Unclassified
● Non-negative economic, military or security related effects
Examples
http://data.gov.au/data/?category=Emergencies
http://data.gov.uk/apps/crime-spy-uk
Why?▪ More information leads to better decisions
● UK Audit Commission, “Improving information to support decision making: standards for better quality data”, London, 2007.
▪ Higher degree of effectiveness & efficiency● P. Weiss, "Borders in Cyberspace: Conflicting Public Sector Information Policies and their
Economic Impacts," ed: U.S. Department of Commerce, 2004.
▪ Strengthen trust in establishment● R. Marcella and G. Baxter, "Information need, information seeking behaviour and
participation, with special reference to needs related to citizenship: results of a national survey," Journal of Documentation, vol. 56, pp. 136-160, 2002.
▪ Leverage benefits of peer production
▪ New business models● D. Tapscott and A. D. Williams, Wikinomics: How Mass Collaboration Changes Everything,
Expanded. Portfolio Trade, 2010.
▪ “Peoples right to know”
Open Govt. Data - What's Not
. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ \______/ |__/|________/ \______/ \_______/ \_______/ //Laughing at your security since 2011!
+
__ )| ________________________.------,_ _ _/o|_____/ ,____________.__;__,__,__,__,_Y...:::---===````// #anonymous|==========\ ; ; ; ; ; \__,__\__,_____ --__,-.\ OFF (( #anarchists `----------|__,__/__,__/__/ )=))~(( '-\ THE \\ #antisec \ ==== \ \\~~\\ \ PIGS \\ #lulzsec `| === | ))~~\\ ```"""=,)) #fuckfbifriday | === | |'---') #chingalamigra / ==== / `=====' ´------´
A. Bruns, J. Burges, K. Crawford, and F. Shaw, “#qldfloods and @QPSMedia: Crisis Communication on Twitterin the 2011 South East Queensland Floods,” ARC Centre of Excellence for Creative Industries & Innovation (CCI),Brisbane, Jan. 2012.
Open Govt. Data - What's Not (2)Social Media Analysis – Mapping Publics Online
OGD Risk Assessment
Mashup?
http://afterschoolsf.org/http://afterschoolsf.org/
More …
● The Nuclear Regulatory Commission publishes both the U.S. Nuclear Power Reactor Inspection Reports (Data.gov Dataset, 2010) and the U.S. Nuclear Power Reactor Plant Status Reports (Data.gov Dataset, 2010).
Can multiple nuclear power reports be correlated to find weaknesses in a nuclear power plant’s system?
V. Houghton and M. L. Garnar, “Data.gov: The Risks and Benefits of Transparency,”University of Denver, Denver, LIS 4020, May 2011.
and more …
● The U.S. Geological Survey publishes the National Water Information System dataset with information on the quantity and quality of potable water at over 1.5 million sites around the U.S. (Data.gov Dataset, 2002).
Can this data be used to contaminate waterways with biotoxins rendering the water undrinkable?
… even more
● Department of Agriculture publishes geospatial data on global crop conditions complete with satellite imagery and weather data on CropExplorer (Data.gov Dataset, 2010).
Can this geospatial data be used to locate crops targeted for eradication via infestation? When datasets are combined, is there the potential to use the data to commit biological warfare?
Actions and Prospect forOGD Security Research
Actions
▪ Remove data sets?● Problematic to assess the risks of open data,
without also assessing the opportunity
▪ Make data less granular?
● Security by obscurity seldom works● Devaluation also leaves positive potential behind● Not intended by the open data activists –
Pandora's box has been opened
Future research topics
▪ Are isolated data sets safe for release?
● Data of different federal bodies on one meta-platform
● Semantically linked, layered data
● Data enriched by other public sources like Social Media Networks
▪ Selection of Open Data by govt. agencies based on utility and risk assessment
▪ Data security on the gateway between internal data systems and open data platforms
+ security
+ welfare
+ overall net effect
- security
- welfare
- overall net effect
Model to assess the effective direction of open data,incorporating risk and security research methodologies
+ security
+ welfare
+ net effect
- security
- welfare
- net effect
+ security
+ welfare
+ net effect
- security
- welfare
- net effect
+ security
+ welfare
+ net effect
- security
- welfare
- net effect
Overall positive
or negative effect ?
Thank you!
Dr. Johann HöchtlCenter for E-Governance
Danube University Krems, Austria
10. Security Conference KremsFOCUS Dissemination Event
3. October 2012 Krems, Danube University Krems
Call for Papers now open:http://www.donau-uni.ac.at/en/department/gpa/sicherheit/security/14962/index.php
Questions & Contact: