BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//talks.staging.osgeo.org//foss4g-europe-2024-academic-tra
 ck//speaker//PDC8MY
BEGIN:VTIMEZONE
TZID:EET
BEGIN:STANDARD
DTSTART:20000101T000000
RRULE:FREQ=YEARLY;BYMONTH=1;UNTIL=20001231T220000Z
TZNAME:EET
TZOFFSETFROM:+0200
TZOFFSETTO:+0200
END:STANDARD
BEGIN:STANDARD
DTSTART:20021027T050000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:EET
TZOFFSETFROM:+0300
TZOFFSETTO:+0200
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20020331T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:EEST
TZOFFSETFROM:+0200
TZOFFSETTO:+0300
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-foss4g-europe-2024-academic-track-YTRMXB@talks.staging.osgeo.or
 g
DTSTART;TZID=EET:20240703T103000
DTEND;TZID=EET:20240703T110000
DESCRIPTION:Finland has been a strong proponent for open data for a long ti
 me. Since 2010\, a significant amount of public sector data has been publi
 shed openly\, and much of this data is geospatial by nature. Accurate geos
 patial data with nation-wide coverage is highly valuable for many applicat
 ions\, including matters related to national security and military applica
 tions. When such information is provided as open data\, it can also be use
 d by other countries\, including hostile nations. Furthermore\, geospatial
  data can also be used by criminals and other malicious actors\, and there
 fore there have always been possible threats related to open geospatial da
 ta.\nTraditionally\, threats related to open geospatial data have been div
 ided into two categories: threats to privacy and threats to national secur
 ity. Threats to privacy have typically been handled carefully\, as there a
 re numerous datasets that pose obvious threats to privacy\, such as accura
 te census data. Therefore\, the public sector has developed mature best pr
 actices on how to handle privacy concerns\, and there are also internation
 al guidelines to assess risks related to open data (Open Data Institute\, 
 2022). For example\, census or population registry data should never be pu
 blished at an individual level\, but the data should be aggregated to mini
 mize the privacy risks. \nAfter the Balkan wars of the 90s\, the majority 
 of Europe has been in a state of deep peace. Therefore\, the potential nat
 ional security threats related to open geospatial data have been given rel
 atively little attention. Potential threats from other nation states have 
 been sidelined by other concerns\, and often dismissed as irrelevant due t
 o increased European integration. This is true even in Finland\, which nev
 er downsized her army or dismantled the national preparedness organization
 s. The Russian invasion of Ukraine caused a rapid and radical change in th
 e global geopolitical environment. In Finland this caused a radical shift 
 in discussion about national security. \nHere\, we report the results of a
  work\, where the security concerns related to open geospatial data in Fin
 land were studied. The main research questions for this work are: \nWhat k
 inds of threats related to open geospatial data exist? \nHow can the threa
 t-related open geospatial data be mitigated and managed? \nBefore our proj
 ect\, open discussions regarding the need for threat assessment in the new
  geopolitical environment had already started within the Finnish geospatia
 l ecosystem. This gave a useful basis for scoping our research\, as well a
 s provided an environment where the findings could be discussed.\nIn the s
 tudy\, we focused specifically on matters related to national security. Sp
 ecifically\, our focus was on national geospatial datasets maintained by t
 he National Land Survey of Finland (NLS)\, including e.g. the Finnish topo
 graphic database. Even though our focus was on the data produced by NLS\, 
 our findings are applicable more generally\, as our approach considered po
 tential threats enabled by open geospatial data in general.\nAs a main res
 earch method for the study\, we used semi-structured interviews. We interv
 iewed approximately 20 individuals from 13 Finnish organizations.The major
 ity of the interviewees were from public sector organizations. During the 
 last few interviews\, there were not many new insights to be gained. Thus\
 , we concluded that we had reached the saturation point in terms of new in
 formation and no further interviews were needed.\nBased on the interviews\
 , we created a number of threat scenarios. The threat scenarios were used 
 as examples on what sorts of threats might be related to open geospatial d
 ata. The scenarios were then discussed and further refined with a number o
 f experts on national security and the Finnish geospatial ecosystem. \nIn 
 our results\, we assigned the threats into categories\, and gave recommend
 ations for mitigation strategies related to open geospatial data. The resu
 lts of the work are closely related to earlier threat assessment work done
  on a national level. Our results include several insights about how open 
 geospatial data could be used to threaten critical infrastructure\, import
 ant infrastructure\, soft targets\, as well as the privacy of individuals.
  Similarly\, our results list potential sources of threats including other
  nation states\, terrorist organizations and lone wolf terrorists\, crimin
 als\, and foreign companies. Both the targets and the threats are well-kno
 wn already in national security work and are not unique to the geospatial 
 ecosystem. \nIn most of the threat scenarios discussed\, open geospatial d
 ata could help malicious actors to plan and execute activities that can ca
 use harm. Based on our analysis\, the threat related to a specific dataset
  most often did not directly target the publisher of the dataset\, nor aff
 ected the dataset itself. For example\, detailed building data can be used
  to plan burglaries\, and accurate road network and topographical data can
  be used to plan an armed invasion. Thus the targets of the malicious acti
 vity are elsewhere\, and the data is used as means to gain more informatio
 n about these targets.\nTo balance the potential unwanted use scenarios\, 
 the benefits of open geospatial data were also discussed throughout our in
 terviews. When considering the threats and mitigation strategies\, it is c
 rucial to remember the benefits of open data. Just because it is possible 
 to misuse a dataset is not alone a reason to try and limit the use of the 
 data. Only if the threats are significant enough compared to the benefits 
 gained from open data\, should limitations to the data be considered.\nOur
  study brings an important new aspect to the narratives around open geospa
 tial data\, as there is not much open discussion or research related to th
 e potential threats caused by spatial data\, or the relationship between o
 pen data and potential threats. Furthermore\, our study reveals that there
  is an urgent need for further developing the guidelines (such as the one 
 by Open Data Institute (2022)) and risk assessment frameworks that would b
 etter consider the threats and risks related to opening and sharing geospa
 tial data from the perspective of national security.\nReferences\nOpen Dat
 a Institute. (2022). Assessing risk when sharing data: A guide (p. 21). Op
 en Data Institute. https://www.theodi.org/article/assessing-risk-when-shar
 ing-data-a-guide/
DTSTAMP:20260415T195519Z
LOCATION:Omicum
SUMMARY:Threats related to open geospatial data in the current geopolitical
  environment - Jussi Nikander\, Henrikki Tenkanen
URL:https://talks.staging.osgeo.org/foss4g-europe-2024-academic-track/talk/
 YTRMXB/
END:VEVENT
END:VCALENDAR