Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Open Government Data - Security Risk or mean for Threat Prevention

2,100 views

Published on

Presentation for FOCUS Winter School #FocusFP7

Published in: Education, Technology, Business
  • Be the first to comment

Open Government Data - Security Risk or mean for Threat Prevention

  1. 1. OpenGovernment DataSecurity Risk orMean for Threat Prevention?
  2. 2. Agenda▪ Political Mindset▪ What is Open Govt. Data and What Not▪ OGD Risk Assessment▪ Future prospects of OGD Security Research
  3. 3. Datasets by Government or Public Bodyhttp://datos.fundacionctic.org/sandbox/catalog/faceted/
  4. 4. Political Mindset
  5. 5.  Transparency  Participation  Collaboration“My Administration is committed to creating anUnprecedented level of openness in Government.“ Barack Obama, “Memorandum for the Heads of Executive Departments and Agencies - Transparency and Open Government,” Jan. 2009.
  6. 6. Neelie Kroes Vice-President of the European Commission responsible for the Digital Agenda“Take the example of public sector information –possibly a €30 billion market in Europe. I have said itbefore, and I say it again: yes to open data!” “Lift-Off towards Open Government" conference, Brussels, 15 December 2010 http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/752
  7. 7. Re-Iteration What isOpen Government Data Why and What Not
  8. 8. Open Government DataOpen Government Data are data setsreleased by the government on publicinterest. Usage is unconstrained withthe right to re-share and re-purpose without further notice.
  9. 9. Open Data Principles  Complete  From a Primary Resource  Timely  Easily Findable and Accessible  Machine Processable  Content shall be non-Discriminating  Using Open Standards  Liberal Licensing  Reliable Resources  Free of Charge or Non-Discriminating fees[1] http://sunlightfoundation.com/policy/documents/ten-open-data-principles/[2] von Lucke and C.P. Geiger, “Open Government Data - Frei verfügbare Daten des öffentlichen Sektors,” Dec. 2010.
  10. 10. Open Data Principles ctd. Non-personal Unclassified ● Non-negative economic, military or security related effects
  11. 11. Examples
  12. 12. http://data.gov.au/data/?category=Emergencies
  13. 13. http://data.gov.uk/apps/crime-spy-uk
  14. 14. Why?▪ More information leads to better decisions ● UK Audit Commission, “Improving information to support decision making: standards for better quality data”, London, 2007.▪ Higher degree of effectiveness & efficiency ● P. Weiss, "Borders in Cyberspace: Conflicting Public Sector Information Policies and their Economic Impacts," ed: U.S. Department of Commerce, 2004.▪ Strengthen trust in establishment ● R. Marcella and G. Baxter, "Information need, information seeking behaviour and participation, with special reference to needs related to citizenship: results of a national survey," Journal of Documentation, vol. 56, pp. 136-160, 2002.▪ Leverage benefits of peer production▪ New business models ● D. Tapscott and A. D. Williams, Wikinomics: How Mass Collaboration Changes Everything, Expanded. Portfolio Trade, 2010.▪ “Peoples right to know”
  15. 15. Open Govt. Data - Whats Not . /$$ /$$ /$$$$$$ .| $$ | $$ /$$__ $$ .| $$ /$$ /$$| $$ /$$$$$$$$| $$ __/ /$$$$$$ /$$$$$$$ .| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/ .| $$ | $$ | $$| $$ /$$$$/ ____ $$| $$$$$$$$| $$ .| $$ | $$ | $$| $$ /$$__/ /$$ $$| $$_____/| $$ .| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$ .|________/ ______/ |__/|________/ ______/ _______/ _______/ //Laughing at your security since 2011! + __ )| ________________________.------,_ _ _/o|_____/ ,____________.__;__,__,__,__,_Y...:::---===````// #anonymo |========== ; ; ; ; ; __,____,_____ --__,-. OFF (( #anarchi `----------|__,__/__,__/__/ )=))~(( - THE #antisec ==== ~~ PIGS #lulzsec `| === | ))~~ ```"""=,)) #fuckfbi | === | |---) #chingal / ==== / `===== ´------´
  16. 16. Open Govt. Data - Whats Not (2) Social Media Analysis – Mapping Publics OnlineA. Bruns, J. Burges, K. Crawford, and F. Shaw, “#qldfloods and @QPSMedia: Crisis Communication on Twitterin the 2011 South East Queensland Floods,” ARC Centre of Excellence for Creative Industries & Innovation (CCI),Brisbane, Jan. 2012.
  17. 17. OGD Risk Assessment
  18. 18. Mashup?
  19. 19. http://afterschoolsf.org/
  20. 20. More …● The Nuclear Regulatory Commission publishes both the U.S. Nuclear Power Reactor Inspection Reports (Data.gov Dataset, 2010) and the U.S. Nuclear Power Reactor Plant Status Reports (Data.gov Dataset, 2010). Can multiple nuclear power reports be correlated to find weaknesses in a nuclear power plant’s system? V. Houghton and M. L. Garnar, “Data.gov: The Risks and Benefits of Transparency,” University of Denver, Denver, LIS 4020, May 2011.
  21. 21. and more …● The U.S. Geological Survey publishes the National Water Information System dataset with information on the quantity and quality of potable water at over 1.5 million sites around the U.S. (Data.gov Dataset, 2002). Can this data be used to contaminate waterways with biotoxins rendering the water undrinkable?
  22. 22. … even more● Department of Agriculture publishes geospatial data on global crop conditions complete with satellite imagery and weather data on CropExplorer (Data.gov Dataset, 2010). Can this geospatial data be used to locate crops targeted for eradication via infestation? When datasets are combined, is there the potential to use the data to commit biological warfare?
  23. 23. Actions and Prospect for OGD Security Research
  24. 24. Actions▪ Remove data sets? ● Problematic to assess the risks of open data, without also assessing the opportunity▪ Make data less granular? ● Security by obscurity seldom works ● Devaluation also leaves positive potential behind ● Not intended by the open data activists – Pandoras box has been opened
  25. 25. Future research topics▪ Are isolated data sets safe for release? ● Data of different federal bodies on one meta-platform ● Semantically linked, layered data ● Data enriched by other public sources like Social Media Networks▪ Selection of Open Data by govt. agencies based on utility and risk assessment▪ Data security on the gateway between internal data systems and open data platforms
  26. 26. Model to assess the effective direction of open data, incorporating risk and security research methodologies + overall net effect + security- welfare + welfare - security - overall net effect
  27. 27. + net effect + security- welfare + welfare - security - net effect
  28. 28. + net effect + security- welfare + welfare - security - net effect
  29. 29. + net effect + security Overall positive- welfare + welfare or negative effect ? - security - net effect
  30. 30. Thank you! Questions & Contact: Dr. Johann Höchtl Center for E-Governance Danube University Krems, Austria johann.hoechtl@donau-uni.ac.at10. Security Conference KremsFOCUS Dissemination Event3. October 2012 Krems, Danube University KremsCall for Papers now open:http://www.donau-uni.ac.at/en/department/gpa/sicherheit/security/14962/index.php

×