public cybersecurity: is there a role for open government ... · pdf filepublic cybersecurity:...
TRANSCRIPT
BCLT Open Data Symposium April 17, 2015
Public Cybersecurity: Is there a role for open government data?Deirdre Mulligan | Elaine Sedenberg UC Berkeley School of Information
Goals of Public Cybersecurity
✤ Prompt the production of cybersecurity!✤ Focused on socio-technical system as a whole!
✤ Manage the remaining insecurity!✤ Reach political agreement !
✤ Definition of cybersecurity!✤ Framework to balance individual rights and
public welfare
4
Information as a Means
✤ Prevention Orientation (Reducing Vulnerabilities):!✤ Improving artifacts; education; community
empowerment; policy development!✤ Important to understand how things work in the
wild (machines, networks, people)!✤ Response Orientation (Managing Insecurity):!
✤ Detection; identification; containment; treatment!✤ Monitoring and analyses enable response
5
Public Health: Role of information in achieving goals
Education, prevention, surveillance, and containment fueled by Information, and ongoing research that depends on data!
Information used by diverse and distributed players, essential to sustain and coordinate action!
Lots of variations in form of information collection and sharing!
Ongoing tensions between risks of broad accessibility, and need for accurate and complete data on population!
Delicate balances throughout complicated information ecosystem!7
Public Cybersecurity: Role of information in achieving goals
✤ What role can information sharing and data availability play in advancing public cybersecurity goals?!
✤ Underscores importance of clarifying goals!
✤ Specifically interested in the unique role open data may play
8
Views on Cyber Info Sharing
✤ White House: Sharing risks and incidents in order to foster real-time response collaboration; voluntary organization and encourages partnership with Federal Gov’t. (EO 2/13/15 “Promoting Private Sector Cybersecurity Information Sharing”)
Mechanisms for sharing classified information for critical infrastructure (EO 12829) !
✤ Congress: Sharing of information by Federal Gov’t; sharing of cyber threat indicators and defense measures with Federal Gov’t; oversight; assessment of current Federal capabilities and threats (CISA 2015)!
✤ Civil Liberties Advocates: Concerns about users’ privacy and broad data sharing provisions outside of cybersecurity purposes!
✤ Private Sector: Concerns over discoverability; liability; competitiveness 9
Relevance to current data sharing in cybersecurity
✤ Security research sometimes resembles “shoe-leather” epidemiology!
✤ Ad-hoc, independent gathering of data in response to incidents!
✤ Burden on independent actors to convince public officials!
✤ Public data limited and episodic; private entities often hold the data
14
Problems in current cyber info sharing
✤ Permissions and access dictated by data owners!
✤ Inconsistent data sources; often stale; fits narrow research needs!
✤ Incompatible data formats and timescales!
✤ Unclear privacy implications15
Present Examples of Public Health Information Sharing!
PulseNet & multidrug resistant Shigella | HIV Indicators & Data Systems
16
✤ Systems address different goals: detection of known and unknown threats; tracking chronic conditions; understanding broader context!
✤ CDC and community role in coordinating information sharing and data stewardship!
✤ Not all data held by government; different levels of openness!
✤ Further responsibilities to inform public, educate, and formulate responses & interventions
Public Health Data Practices
19
Potential Benefits of Open Data for Cybersecurity
✤ Shapes communities of practice and engages “non-experts”!
✤ Government data consistent/accessible/balances risks and benefits/existing platforms!
✤ Opportunity for transparency in data surveillance systems!
✤ Level playing field for small organizations
20
Research Contributions
✤ 1) Information Sharing within the context of public cybersecurity is a means to an end, so goals need to be clearly defined!
✤ 2) Options for sharing data: different parties, different data, & degrees of openness!
✤ 3) Within public health, open data has advanced specific goals and outcomes in addition to fueling research that has indirectly benefited public health 21