Ana Rodríguez-Hoyos, José Estrada-Jiménez, David Rebollo-Monedero, Jordi Forné, Rubén Trapero Burgos, Antonio Álvarez Romero, et al. (2019). Anonymizing Cybersecurity Data in Critical Infrastructures: The CIPSEC Approach. In Z. Franco, J. J. González, & J. H. Canós (Eds.), Proceedings of the 16th International Conference on Information Systems for Crisis Response And Management. Valencia, Spain: Iscram.
Abstract: Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern
computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold.
To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs
might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling
strategic data, are involved.
We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement
anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the
context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus
offering better protection to a group of CIs. Since this framework collects and processes security-related data from
multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.
|
Monika Büscher, Lisa Wood, & Sung-Yueh Perng. (2013). Privacy, security, liberty: Informing the design of EMIS. In J. Geldermann and T. Müller S. Fortier F. F. T. Comes (Ed.), ISCRAM 2013 Conference Proceedings – 10th International Conference on Information Systems for Crisis Response and Management (pp. 401–410). KIT; Baden-Baden: Karlsruher Institut fur Technologie.
Abstract: This paper explores issues of security, privacy and liberty arising in relation to ICT supported emergency management. The aim is to inform the design of emergency management information systems (EMIS) and architectures that support emergent interoperability and assembly of emergency management systems of systems. We show how transformations of social and material practices of privacy boundary management create challenges, opportunities and dangers in this context. While opportunities include development of more efficient and agile emergency management models, building on smart city concepts, dangers include surveillance, social sorting and an erosion of civil liberties. Against this backdrop, we briefly explore human practice focused 'privacy by design' as a candidate design avenue.
|
Monika Büscher, Catherine Easton, Maike Kuhnert, Christian Wietfeld, Matts Ahlsén, Jens Pottebaum, et al. (2014). Cloud ethics for disaster response. In and P.C. Shih. L. Plotnick M. S. P. S.R. Hiltz (Ed.), ISCRAM 2014 Conference Proceedings – 11th International Conference on Information Systems for Crisis Response and Management (pp. 284–288). University Park, PA: The Pennsylvania State University.
Abstract: In emergencies, exceptions to data protection raise concerns that data may become available to unexpected actors during and after a crisis, resulting in privacy intrusion and social sorting. Apart from ethical issues, there are legal issues, for example around data minimization and issues around social and cultural practices of sharing information. This paper explores key ethical, legal and social issues (ELSI) in utilizing cloud computing for disaster response and management and some examples of innovative design.
|
Catherine Easton. (2016). Information Systems for Crisis Response and Management: The EU Data Protection Regulation, Privacy by Design and Certification. In A. Tapia, P. Antunes, V.A. Bañuls, K. Moore, & J. Porto (Eds.), ISCRAM 2016 Conference Proceedings ? 13th International Conference on Information Systems for Crisis Response and Management. Rio de Janeiro, Brasil: Federal University of Rio de Janeiro.
Abstract: With technological development in crisis management reaching a point at which there is wide-scale aggregation of data, including social media, there is a need to focus strongly upon the position of end users in order to uphold data protection principles. Recent wide-ranging European Union legal reforms, finalized in 2016, have enshrined the concept of data protection by design and paved the way for certification schemes to validate compliance. There is a need for those involved with the practical development of information systems for crisis management to understand these new developments and determine their practical implications. This paper presents a critical analysis of the reforms, focusing on the interplay between the law and technological design and predicting their impact on crisis management system development.
|
Catherine Easton, & Monika Büscher. (2015). The role of the privacy impact assessment in IT Innovation in Crises: An Example. In L. Palen, M. Buscher, T. Comes, & A. Hughes (Eds.), ISCRAM 2015 Conference Proceedings ? 12th International Conference on Information Systems for Crisis Response and Management. Kristiansand, Norway: University of Agder (UiA).
Abstract: Privacy Impact Assessments (PIA) are increasingly used and, in certain jurisdictions, legally mandated in projects to foresee risks to privacy and to plan strategies to avoid these. Once adopted and implemented, the EU?s Data Protection Regulation will, in certain circumstances require the need for a PIA. This short paper focuses upon the PIA process in an EU-funded project to develop cloud-based disaster response technology. It introduces the project and then gives a background to the PIA process. Insights and observations are then made on how the PIA operates, with the aim of drawing conclusions that can both improve the current project and be transferable to others.
|
Kevin Fall, Gianluca Iannaccone, Jayanthkumar Kannan, Fernando Silveira, & Nina Taft. (2010). A disruption-tolerant architecture for secure and efficient disaster response communications. In C. Zobel B. T. S. French (Ed.), ISCRAM 2010 – 7th International Conference on Information Systems for Crisis Response and Management: Defining Crisis Management 3.0, Proceedings. Seattle, WA: Information Systems for Crisis Response and Management, ISCRAM.
Abstract: We consider the problem of providing situational awareness when citizens in a disaster are willing to contribute their own devices, such as laptops and smart phones, to gather data (text, images, audio or video) and to help forward data gathered by others. A situational awareness service processes all received data and creates annotated maps to visualize a disaster site (e.g., the status of the disaster, such as fires or floods, the location of people, food, or water). We discuss the challenges imposed on such an application when 1) the communications infrastructure in the disaster area can only provide intermittent connectivity, 2) anxious victims generate large amounts of redundant content congesting the network, and 3) the sharing of personal devices creates security and privacy threats. We present an architecture that addresses the requirements to support such a service.
|
Hannes Restel, Eridy Lukau, Sebastian Sterl, & Lars Gerhold. (2022). Detecting Covid-19 Relevant Situations using Privacy-by-Design based Mobile Experience Sampling. In Rob Grace, & Hossein Baharmand (Eds.), ISCRAM 2022 Conference Proceedings – 19th International Conference on Information Systems for Crisis Response and Management (pp. 506–527). Tarbes, France.
Abstract: To observe psychosocial effects of the Covid-19 pandemic on the population, multiple retrospective studies have been performed in Germany. However, this approach may lead to response bias regarding affective and cognitive processes as it fails to capture situations as they occur (‘in situ’). Identifying those situations in daily life where individuals are emotionally and cognitively affected by Covid-19 can provide valuable insights for mobile experience sampling method studies (MESM) that evaluate participants’ affective and cognitive processes. This study presents an MESM solution (a self-developed smartphone app and server backend) to detect Covid-19 induced ‘in-situ frames’ which was successfully used in a long-term psychosocial study in Berlin (Germany) from November 2021 to January 2022. As highly sensitive personal data (e.g., emotional state, vaccination status and infection state, socio-demographics) have been collected, the solution places a strong emphasis on privacy, pseudo-anonymization, data-minimization, and security. To support long-time motivation for the participants, good usability and user experience containing gamification elements were also realized. The results indicate that Covid-19-related situations expressed by means of a high emotional risk perception could be identified even though participants located themselves in “rather Covid-19 free” private spaces.
|
Inga Kroener, Hayley Watson, & Julia Muraszkiewicz. (2017). Agility in crisis management information systems requires an iterative and flexible approach to assessing ethical, legal and social issues. In eds Aurélie Montarnal Matthieu Lauras Chihab Hanachi F. B. Tina Comes (Ed.), Proceedings of the 14th International Conference on Information Systems for Crisis Response And Management (pp. 247–255). Albi, France: Iscram.
Abstract: This paper focuses on the assessment of ethical, legal and social issues (ELSI) in relation to agile information systems in the domain of crisis management. The authors analyse the differing needs of a move from a traditional approach to the development of information systems to an agile approach, which offers flexibility, adaptability and responds to the needs of users as the system develops. In turn, the authors argue that this development requires greater flexibility and an iterative approach to assessing ELSI. The authors provide an example from the Horizon 2020 EU-funded project iTRACK (Integrated system for real-time TRACKing and collective intelligence in civilian humanitarian missions) to exemplify this move to an iterative approach in practice, drawing on the process of undertaking an ethical and privacy impact assessment for the purpose of this project.
|
Janine S. Hiller, & Roberta S. Russell. (2015). Modalities for Cyber Security and Privacy Resilience: The NIST Approach. In L. Palen, M. Buscher, T. Comes, & A. Hughes (Eds.), ISCRAM 2015 Conference Proceedings ? 12th International Conference on Information Systems for Crisis Response and Management. Kristiansand, Norway: University of Agder (UiA).
Abstract: Cybersecurity was a major topic of discussion at the 2015 World Economic Forum in Davos – the Sony attack; huge data breaches at Target and Adobe; a 91% increase in targeted cyber-attacks; annual losses of over $400 billion; the exposure of 904 million personal data records; cyber-attacks on a Finnish bank, a South Korean credit bureau, a German factory?s industrial controls, and the Ukrainian government; as well as increased general anxiety over critical infrastructure exposure (Tobias 2014; WEC 2015). These incidents highlight the risks inherent in a world increasingly complex, interconnected, and cyber-based. Much like thinking in other fields of disaster and crisis management, creating an impenetrable boundary or eliminating cyber risk entirely has given way to building cyber resilience. Cyber resilience is a social, economic and national security issue. This paper examines one approach, the NIST Cybersecurity Framework, in terms of building resilience in both cybersecurity and privacy.
|
Larissa Aldehoff. (2019). Renouncing Privacy in Crisis Management? People's View on Social Media Monitoring and Surveillance. In Z. Franco, J. J. González, & J. H. Canós (Eds.), Proceedings of the 16th International Conference on Information Systems for Crisis Response And Management. Valencia, Spain: Iscram.
Abstract: Social media is used during crises and disasters by state authorities and citizens to communicate and provide, gain
and analyze information. Monitoring of platforms in such cases is both a well-established practice and a research
area. The question, whether people are willing to renounce privacy in social media during critical incidents, or
even allow surveillance in order to contribute to public security, remains unanswered. Our survey of 1,024 German
inhabitants is the first empirical study on people�s views on social media monitoring and surveillance in crisis
management. We find the willingness to share data during an imminent threat depends mostly on the type of data:
a majority (63% and 67%, respectively) would give access to addresses and telephone numbers, whereas the
willingness to share content of chats or telephone calls is significantly lower (27%). Our analysis reveals diverging
opinions among participants and some effects of sociodemographic variables on the acceptance of invasions into
privacy.
|
Vitaveska Lanfranchi. (2017). Machine Learning and Social Media in Crisis Management: Agility vs Ethics. In eds Aurélie Montarnal Matthieu Lauras Chihab Hanachi F. B. Tina Comes (Ed.), Proceedings of the 14th International Conference on Information Systems for Crisis Response And Management (pp. 256–265). Albi, France: Iscram.
Abstract: One of the most used sources of information for fast and flexible crisis information is social media or crowdsourced data, as the information is rapidly disseminated, can reach a large amount of target audience and covers a wide variety of topics. However, the agility that these new methodologies enable comes at a price: ethics and privacy. This paper presents an analysis of the ethical risks and implications of using automated system that learn from social media data to provide intelligence in crisis management. The paper presents a short overview on the use of social media data in crisis management to then highlight ethical implication of machine learning and social media data using an example scenario. In conclusion general mitigation strategies and specific implementation guidelines for the scenario under analysis are presented.
|
Vladimir Oleshchuk. (2016). A Novel Framework for Security Enforcement in Networks for Disaster and Crisis Management. In A. Tapia, P. Antunes, V.A. Bañuls, K. Moore, & J. Porto (Eds.), ISCRAM 2016 Conference Proceedings ? 13th International Conference on Information Systems for Crisis Response and Management. Rio de Janeiro, Brasil: Federal University of Rio de Janeiro.
Abstract: The paper proposes a framework that provides security in networks deployed in disaster areas. Traditional networks are not well suitable to use in such setting due to many unusual constraints such as long delays, high packet drop rates, unavailability of central trusted entity etc. Under such constraints existing security protocols do not work. Proposed here approach provides solutions for some of these problems often listed as challenges in the literature. We consider delay-tolerant wireless networks as a most suitable for such setting, and propose a trust based approach that provides flexible and efficient solutions that can be used in disaster arears.
|
Hayley Watson, & Rachel L. Finn. (2013). Privacy and ethical implications of the use of social media during a volcanic eruption: Some initial thoughts. In J. Geldermann and T. Müller S. Fortier F. F. T. Comes (Ed.), ISCRAM 2013 Conference Proceedings – 10th International Conference on Information Systems for Crisis Response and Management (pp. 416–420). KIT; Baden-Baden: Karlsruher Institut fur Technologie.
Abstract: In a relatively new area of research for crisis management, this working paper presents a preliminary discussion of some of the privacy and ethical implications surrounding the use of social media in the event of a crisis. The paper uses the chaos caused by the eruptions of the Eyjafjallajokull volcano in 2010 to contextualise the analysis. It begins by presenting two case studies of the use of social media by members of the public and the aviation industry during the crisis caused by the ash plume. The paper then proceeds to briefly highlight some select ethical and privacy implications stemming from the use of social media such as privacy infringements and inequality. The paper concludes by briefly summarising the findings of the paper and considering next steps for future research in this area.
|