Thoughts on the OGI panel on Securing Web 2.0 and Social Media
Posted by kelcym on July 25, 2009
While I couldn’t attend the first day of the Open Government and Innovations (OGI) conference, I was disappointed in Day 2. I won’t dwell on my overall feelings; I thought that Jaime Maynard did an excellent job in detailing the problems in her blog. However, I would like to talk about the panel on Securing Web2.0 and Social Media. This is an extremely important topic that has not been addressed in many forums to date. I was looking forward to learning about government initiatives and possible solutions for some pretty big challenges. Unfortunately, the panel did not seem prepared to discuss much of anything leaving it to the audience to discuss. I walked away frustrated by what seemed to be continuing government inertia and in several cases industry arrogance toward audience questions. So I think it is important to provide some thoughts on what I would have liked to see in a panel on “Securing web 2.0 and social media”. I would have liked to see the ODNI rep give a good threat briefing. Some folks are not aware of the implications of social media. Mr. Mark Morrison did mention one fact but that was late into the discussions. If a good threat briefing was needed, DIA recently gave one at the DoDIIS Worldwide conference that has been written up several times (see ciozone.com review or GCN article ). It would need to be expanded to include some stats on things like ddos,phishing attacks and other internet security problems in addition to social media. But that would have been easy to do. And this type of briefing would have set the stage for the next set of discussions hopefully led by NIST on challenges and government actions (e.g. setting standards, the subcommittee under the Federal CIO’s Council chaired by DHS), current government initiatives (e.g.case studies from govt agencies) followed by the industry response with both how industry can support/is supporting and how they are handling their own internal security issues. Then it could have been opened up to the audience to add challenges and their own initiatives, ask questions and suggest ideas. If handled well, the audience could have come away with some lessons learned and perhaps started to develop a roadmap. Ideally one of the government initiatives would have been to start the equivalent of “security.gov” (similar in nature to data.gov or recovery.gov) as a starting point where both the American public and government could go to share lessons learned, report problems, and look for solutions.
Bob Gourley said
I have been thinking about this topic for a while and wish I had good answers. Your post has made me think about it more and I still don’t have good answers. Intuitively I feel like comprehensive user training is a big piece of the solution. I also strongly support your call for a threat brief, for standards, and for continuing dialog.
I’m hoping that if I noodle on this for a while I can also suggest technology contributions to this effort, but something tells me technology solutions will always be behind the continually evolving threat and their use of these tools. Which brings us back to comprehensive training. We need to get every good brain engaged on this.
See you online,
Bob
kelcym said
I think technology has a very important role to play in securing web2.0 and social media especially both in the area of training/education and informing. I know that there are many others who can talk to the issues of protection better than I can. Some of the areas where I think that technology can help would be in storytelling and mashups to create educational products like games, comics and storylines where the public can help develop the products that educate on various aspects of securing web2.0 and social media. Perhaps this could be done as a contest at young ages (e.g. K-12) with awards. Technology could also help with sharing ideas. And a reporting system for reporting possible problems. Right now if you have a problem with a social software app, who looks at the information to see if it is just a technical problem or something more sinister. And technology can help to develop tools to process complex multi-dimensional social and infrastructure data to see if there are problems starting to arise. And finally putting social software will of course be important to get those good brains engaged.