Data is critical national infrastructure – let’s make it open and secure
The ODI calls on government to ensure that as it develops its digital strategy and the National Cybersecurity Strategy, it does not overlook the need for strong, effective and secure data infrastructure
Last week the UK government announced more details of its cybersecurity strategy, setting out some more information about how it will defend itself and the country against cyber attack, deter attackers, and develop new capabilities and skills.
It was a timely announcement. There have been a series of attacks on a security researcher; a company that provides services that help sites like Twitter, Spotify and Github to work; and then the country of Liberia by a network of Internet of Things devices that have been hacked by someone using the Mirai software. Coincidentally, our co-founder Sir Tim Berners-Lee, the inventor of the World Wide Web, was in London for the 2016 ODI Summit.
Some journalists asked him about these threats or attacks might mean for the nation’s data infrastructure. We thought we’d write about it too.
Data infrastructure improves people’s lives
Data such as statistics, maps and real-time sensor readings help us to make decisions, build services and gain insight.
It makes it possible for products and services to be developed that help businesses and government operate more effectively, and materially improve the quality of people's lives.
There are many types of data. Big data. Little data. Personal data. Commercial data. Government data. The most important thing when we think about how data can be used is how it’s licensed and who can access it.
There is closed data – like a company’s sales reports – that is only available within an organisation. There is shared data – like medical records – that is passed between a few people: yourself, your doctor, your hospital. And then there is open data.
Open data is the most widely impactful kind of data. It is available for everyone to access, use and share. Lots of people can do things with it.
A good example of this is transport data. Many transport companies and cities have made their data available as open data. This includes things like timetables and real-time data on buses that enable companies to build services that help people plan their journeys better. When we use these services, it also means that journeys can be better distributed across the transport network, reducing the economic and environmental costs of congestion and delays.
In a similar way, Sport England is collaborating with the ODI to make data about opportunities to get involved in sport available as open data. This includes things like exercise classes and tennis court availability. Much of this data is available but hard to use because it's buried in PDF documents and paper records. Open data should be machine-readable, and therefore easy to use to create new services. The work the sports community is doing will help make booking a sports activity online as easy as checking when the next bus is due.
But some of the other improvements brought about by open data are invisible to most of us. For example, it’s used in farming to help work out which crops to plant and when to harvest them. It's then used to transport food to shops and to help us buy in store - or from an online delivery firm that uses data to find out how to get to our address.
To put it another way, open data infrastructure helps put food on our plates. If it breaks there would be less food and what there is would be more expensive. Evidently, that wouldn’t be good.
A robust and open data infrastructure is crucial
These services that enrich our lives in different ways are created because the data fuelling them is made as widely available as possible. They come about more often if we make the data open data. Some recent independent economic research that we commissioned said that data can add 0.5% more to our GDP if we don’t just make it available for a fee but instead we make it open for anyone to use. That is why our data infrastructure needs to be as open as possible.
But as with all infrastructure, data infrastructure needs strategic planning. When we talk about data infrastructure we often use the analogy of road infrastructure. Roads help us get to a location. Data helps us make a decision. In the same way that road networks need careful planning and engineering, with safety mechanisms built-in, so too does data.
Not all data should be available as open data. Private health records should be kept private. Part of any strategy to protect against attacks must include protecting this privacy. Our own openness principles for personal data suggest techniques such as being open about how data is shared and secured, performing independent external testing to make sure data can’t be used to find out new things about people, and providing feedback mechanisms to act on reports of security issues.
A report from the Centre for the Protection of National Infrastructure (CPNI) last year discussed the risk that opening data could pose to both personal data and other types of infrastructure, such as power stations or military bases. It is critical to consider these risks when deciding whether and how to open data.
Open data, however, is just one part of the puzzle. Wherever data fits onto the spectrum of closed, shared and open data, it will be exposed to considerable risk, and it is therefore important that we build a reliable and secure data infrastructure for all of our data.
If hackers could penetrate the systems of data publishers to manipulate, change or make inaccessible open data for vexatious purposes, this could cause disruption to all of the services that are powered by open data. Our bridges. Our transport services. Our transport planning and sports booking. Our food supply.
Open data has some extra protection because it is used by a lot of people. There are many eyes looking at the data and they come with different perspectives. Just as they can spot mistakes and improve data quality they can also help spot malicious changes. Government needs to be acting too. It needs to make sure that data publishers, aggregators and maintainers receive the support they need to publish quality open data and ensure that malicious actors can’t attack them.
Data is critical national infrastructure, it should be open and secure
Data infrastructure is part of the government’s responsibility in the same way as clean air and open roads. They are all vital infrastructure that underpins our society. They should be both protected and made widely available in exactly the same way. The danger is that open data is misunderstood and overlooked simply because it’s already open.
The ODI is asking the government to make sure that as it develops its digital strategy and the National Cybersecurity Strategy, it does not overlook the need for strong, effective and secure data infrastructure.