![Page 1: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/1.jpg)
OpenGovernment
Data
Security Risk orSecurity Risk orMean for Threat Prevention?Mean for Threat Prevention?
![Page 2: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/2.jpg)
Agenda
▪ Political Mindset
▪What is Open Govt. Data and What Not
▪ OGD Risk Assessment
▪ Future prospects of OGD Security Research
![Page 3: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/3.jpg)
http://datos.fundacionctic.org/sandbox/catalog/faceted/
Datasets by Government or Public Body
![Page 4: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/4.jpg)
Political Mindset
![Page 5: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/5.jpg)
Transparency Participation Collaboration
““My Administration is committed to creating anMy Administration is committed to creating anUnprecedented level of openness in Government.“Unprecedented level of openness in Government.“
Barack Obama, “Memorandum for the Heads of Executive Departments and Agencies - Barack Obama, “Memorandum for the Heads of Executive Departments and Agencies - Transparency and Open Government,” Jan. 2009.Transparency and Open Government,” Jan. 2009.
![Page 6: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/6.jpg)
![Page 7: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/7.jpg)
“Take the example of public sector information – possibly a €30 billion market in Europe. I have said it before, and I say it again: yes to open data!”
Neelie KroesNeelie KroesVice-President of the European CommissionVice-President of the European Commissionresponsible for the Digital Agendaresponsible for the Digital Agenda
““Lift-Off towards Open Government" conference, Brussels, 15 December 2010Lift-Off towards Open Government" conference, Brussels, 15 December 2010http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/752http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/10/752
![Page 8: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/8.jpg)
Re-Iteration
What isOpen Government Data
Why and What Not
![Page 9: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/9.jpg)
Open Government Data
Open Government Data are data sets released by the government on public interest. Usage is unconstrained with the right to re-share and re-purpose
without further notice.
![Page 10: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/10.jpg)
Open Data Principles Complete
From a Primary Resource
Timely Easily Findable and Accessible
Machine Processable Content shall be non-Discriminating
Using Open Standards Liberal Licensing
Reliable Resources
Free of Charge or Non-Discriminating fees
[1] http://sunlightfoundation.com/policy/documents/ten-open-data-principles/[2] von Lucke and C.P. Geiger, “Open Government Data - Frei verfügbare Daten des öffentlichen Sektors,” Dec. 2010.
![Page 11: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/11.jpg)
Open Data Principles ctd.
Non-personal Unclassified
● Non-negative economic, military or security related effects
![Page 12: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/12.jpg)
Examples
![Page 13: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/13.jpg)
http://data.gov.au/data/?category=Emergencies
![Page 14: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/14.jpg)
http://data.gov.uk/apps/crime-spy-uk
![Page 15: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/15.jpg)
Why?▪ More information leads to better decisions
● UK Audit Commission, “Improving information to support decision making: standards for better quality data”, London, 2007.
▪ Higher degree of effectiveness & efficiency● P. Weiss, "Borders in Cyberspace: Conflicting Public Sector Information Policies and their
Economic Impacts," ed: U.S. Department of Commerce, 2004.
▪ Strengthen trust in establishment● R. Marcella and G. Baxter, "Information need, information seeking behaviour and
participation, with special reference to needs related to citizenship: results of a national survey," Journal of Documentation, vol. 56, pp. 136-160, 2002.
▪ Leverage benefits of peer production
▪ New business models● D. Tapscott and A. D. Williams, Wikinomics: How Mass Collaboration Changes Everything,
Expanded. Portfolio Trade, 2010.
▪ “Peoples right to know”
![Page 16: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/16.jpg)
Open Govt. Data - What's Not
. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ \______/ |__/|________/ \______/ \_______/ \_______/ //Laughing at your security since 2011!
+
__ )| ________________________.------,_ _ _/o|_____/ ,____________.__;__,__,__,__,_Y...:::---===````// #anonymous|==========\ ; ; ; ; ; \__,__\__,_____ --__,-.\ OFF (( #anarchists `----------|__,__/__,__/__/ )=))~(( '-\ THE \\ #antisec \ ==== \ \\~~\\ \ PIGS \\ #lulzsec `| === | ))~~\\ ```"""=,)) #fuckfbifriday | === | |'---') #chingalamigra / ==== / `=====' ´------´
![Page 17: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/17.jpg)
A. Bruns, J. Burges, K. Crawford, and F. Shaw, “#qldfloods and @QPSMedia: Crisis Communication on Twitterin the 2011 South East Queensland Floods,” ARC Centre of Excellence for Creative Industries & Innovation (CCI),Brisbane, Jan. 2012.
Open Govt. Data - What's Not (2)Social Media Analysis – Mapping Publics Online
![Page 18: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/18.jpg)
OGD Risk Assessment
![Page 19: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/19.jpg)
![Page 20: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/20.jpg)
![Page 21: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/21.jpg)
![Page 22: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/22.jpg)
Mashup?
![Page 23: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/23.jpg)
http://afterschoolsf.org/http://afterschoolsf.org/
![Page 24: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/24.jpg)
More …
● The Nuclear Regulatory Commission publishes both the U.S. Nuclear Power Reactor Inspection Reports (Data.gov Dataset, 2010) and the U.S. Nuclear Power Reactor Plant Status Reports (Data.gov Dataset, 2010).
Can multiple nuclear power reports be correlated to find weaknesses in a nuclear power plant’s system?
V. Houghton and M. L. Garnar, “Data.gov: The Risks and Benefits of Transparency,”University of Denver, Denver, LIS 4020, May 2011.
![Page 25: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/25.jpg)
and more …
● The U.S. Geological Survey publishes the National Water Information System dataset with information on the quantity and quality of potable water at over 1.5 million sites around the U.S. (Data.gov Dataset, 2002).
Can this data be used to contaminate waterways with biotoxins rendering the water undrinkable?
![Page 26: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/26.jpg)
… even more
● Department of Agriculture publishes geospatial data on global crop conditions complete with satellite imagery and weather data on CropExplorer (Data.gov Dataset, 2010).
Can this geospatial data be used to locate crops targeted for eradication via infestation? When datasets are combined, is there the potential to use the data to commit biological warfare?
![Page 27: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/27.jpg)
Actions and Prospect forOGD Security Research
![Page 28: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/28.jpg)
Actions
▪ Remove data sets?● Problematic to assess the risks of open data,
without also assessing the opportunity
▪ Make data less granular?
● Security by obscurity seldom works● Devaluation also leaves positive potential behind● Not intended by the open data activists –
Pandora's box has been opened
![Page 29: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/29.jpg)
Future research topics
▪ Are isolated data sets safe for release?
● Data of different federal bodies on one meta-platform
● Semantically linked, layered data
● Data enriched by other public sources like Social Media Networks
▪ Selection of Open Data by govt. agencies based on utility and risk assessment
▪ Data security on the gateway between internal data systems and open data platforms
![Page 30: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/30.jpg)
+ security
+ welfare
+ overall net effect
- security
- welfare
- overall net effect
Model to assess the effective direction of open data,incorporating risk and security research methodologies
![Page 31: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/31.jpg)
+ security
+ welfare
+ net effect
- security
- welfare
- net effect
![Page 32: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/32.jpg)
+ security
+ welfare
+ net effect
- security
- welfare
- net effect
![Page 33: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/33.jpg)
+ security
+ welfare
+ net effect
- security
- welfare
- net effect
Overall positive
or negative effect ?
![Page 34: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/34.jpg)
![Page 35: Open Government Data - Security Risk or mean for Threat Prevention](https://reader033.vdocuments.site/reader033/viewer/2022052618/554abc87b4c905ec6c8b48b5/html5/thumbnails/35.jpg)
Thank you!
Dr. Johann HöchtlCenter for E-Governance
Danube University Krems, Austria
10. Security Conference KremsFOCUS Dissemination Event
3. October 2012 Krems, Danube University Krems
Call for Papers now open:http://www.donau-uni.ac.at/en/department/gpa/sicherheit/security/14962/index.php
Questions & Contact: