Introduction
The increased pervasiveness of information and communications technology in our lives has led to a fundamental transformation of how people communicate, and the popularity of social media platforms has contributed to this phenomenon significantly.
Security Risks in Social Media Technologies explores how security controls (or security measures) can be used by information technology service managers and users in participatory or collaborative service provision within the public sector. A small number of topics are discussed and the issues raised and lessons learned are analyzed. The book describes the risks posed by certain Web 2.0 applications and gives clear guidance on how to mitigate them.
The term “government” is used to describe central, state, and local government. The public sector includes government as well as other bodies.
Several Web 2.0 architectural patterns have been described, for example by Governor, Hinchcliffe, and Nickull (2009). One of them is “participation–collaboration” or “harnessing collective intelligence,” which is concerned with self-organizing communities of people and social interactions. It should be noted that the participation–collaboration pattern is not restricted to social media; for example, wikis make use of this pattern. (It is worth pointing out that it is possible to restrict access to a wiki to a certain group of individuals.)
Many of the web applications that characterize Web 2.0 use this pattern, among others. The online encyclopedia Wikipedia and the video-sharing website YouTube are examples. An alternative title for this book might have been “Securing the Participation–Collaboration Pattern in Web 2.0 Public Service Applications.”
The use of social media within government is a complex topic, as the different stakeholders hold different perspectives. Participation–collaboration can be restricted to administrators, and exclude the public. To describe this type of usage, the US government uses the term “inward sharing.” Proprietary software exists for this, such as SharePoint (see Appendix 1). Another type of sharing known as “outward sharing” involves sharing between government and other bodies such as the police, health authorities, non-governmental organizations (NGOs), and wealthy or powerful individuals. A third type of sharing is “crowdsourcing,” a term derived from “outsourcing,” describing a task outsourced to the general public. (Crowdsourcing is sometimes referred to as “inbound sharing".) One kind of crowdsourcing task is online voting, but there are several others. The fourth type of sharing is “outbound sharing” and in our context this means the interaction of administrators on non-governmental publicly available social media websites.
Crowdsourcing and outbound sharing involve a direct relationship with citizens. With crowdsourcing, citizens provide assistance to government. With outbound sharing there are two types of relationship: citizens requesting assistance from government, and citizens and government reaching mutual agreement. Furthermore, there are certain properties of social networking that are related to outbound sharing in public service provision:
The group of citizens is likely to be a collective – the group is wholly focusing on a small number of issues.
The discourse is dialogical – comprised almost wholly of dialog.
There is a positive sum to the group – the whole is more than the sum of the parts.
The group is composed of people who are at the point of delivery of the public service.
There are a variety of threats. For illustrative purposes let us briefly mention one of these, referred to as “spear phishing.” This is a type of usage of email associated with fraud directed at a specific organization (Microsoft, 2010). For example, a government administrator might receive an email that purports to come from a colleague. The email might request information from this administrator. Alternatively, the email might request the recipient to click on a hyperlink, causing malicious software to be downloaded.
Cybersecurity is a complex topic. Social media, as with all computer applications, has vulnerabilities, some of which are closely related to this type of application, while others are common to a range of applications. The desire is to provide hardware and software controls, and acceptable use guidelines, so as to minimize risk. The extent to which one should use social media for public service applications depends on the risks involved, and the IT security of Web 2.0 government applications is high on the agenda. Managers of individual departments in public sector bodies have to decide whether or not there is a business case for the use of social media, and inherent in this business case must be a risk assessment.
Security Risks in Social Media Technologies describes the security measures applied to the participation–collaboration pattern in the context of Web 2.0 public service applications. For comparison, reference is also made to work undertaken outside the USA in Australia and elsewhere. Security Risks in Social Media Technologies involves a small number of topics. Within each topic are a number of issues.