Tim Berners-Lee warns of danger of chaos in unprotected public data

Tim Berners-Lee warns of danger of chaos in unprotected public data

Inventor of world wide web says hackers could cause major disruption with open economic or traffic data

Berners-Lee said hackers could disable a city by disrupting traffic data,
Berners-Lee said hackers could disable a city by disrupting traffic data. Photograph: Andrew Matthews/PA

Hackers could use open data such as the information that powers transport apps to create chaos, Sir Tim Berners-Lee, the inventor of the world wide web, has said.

“If you disrupted traffic data for example, to tell everybody that all the roads south of the river are closed, so everybody would go north of the river, that would gridlock you [and] disable the city,” he said.

Cyber-attacks and hacking: what you need to know

Read more

Prof Sir Nigel Shadbolt, a co-founder, with Berners-Lee, of the Open Data Institute (ODI), described this as “the Italian Job scenario” and “the ultimate hack”.

The pair, who have both advised the British government, are leading campaigners for publicly accessible data. Berners-Lee points out as an example that reliable, detailed transport information “really makes London better”.

But they warned that the potential for such datasets to be tampered with if not properly protected was largely overlooked. “When people are thinking about the security of their systems, they worry about people discovering what they are doing,” Berners-Lee said. “What they don’t think about is the possibility of things being changed.”

Shadbolt called for the government to think of open data as vital public infrastructure that needs protection. “Your list of legal companies in the country, or the list of where the hospitals are, or geographic data ... it’s part of our critical infrastructure, it could be attacked,” he said.

“So then what you have to do is – when you’re thinking about hardening and you’re thinking about providing an overall cyberdefence posture – [ensure] you are as diligent in thinking about your open assets as your closed stuff.”

He added: “Public national data is part of the government’s responsibility like clean air is, like clean water is ... it’s another reason why they have to think of data as infrastructure.”

Shadbolt said the vulnerabilities in open data were sometimes overlooked. “I think that often we tend to think about the closed stuff, the stuff that’s held in our various secure establishments that you’d want to protect – but it’s the stuff that’s out there that’s powering lots of routine [applications].”

DDoS attack that disrupted internet was largest of its kind in history, experts say

Read more

Berners-Lee and Shadbolt spoke to the Guardian during a one-day summit in London on the opportunities offered by publicly accessible data.

The potential for highly damaging cyber-attacks has become increasingly prominent in recent weeks, thanks in part to the US government openly accusing Russia of backing hacking attacks intended to sway its election, and a widespread distributed denial of service attack that took down Twitter and other websites last month by harnessing internet-connected devices.

The British chancellor, Philip Hammond , announced a new £1.9bn cybersecurity strategy on Tuesday and warned that attempts by foreign governments to penetrate national infrastructure, financial and military systems were becoming ever more sophisticated. In an interview with the Guardian, MI5 chief Andrew Parker warned that Russia, in particular, was targeting the UK.

Asked about whether open data could have security vulnerabilities, Berners-Lee said criminals could manipulate open data for profit, for example by placing bets on the bank rate or consumer price index and then hacking into the sites where the data is published and switching the figures.

“If you falsify government data then there are all kinds of ways that you could get financial gain, so yes,” he said, “it’s important that even though people think about open data as not a big security problem, it is from the point of view of being accurate.”

He added: “I suppose it’s not as exciting as personal data for hackers to get into because it’s public.”

The government had a “huge amount” to do to improve public access to data, Berners-Lee said. “Avoiding problems like losing the Land Registry data, for example, is critical,” he said. In September, Theresa May’s government quietly dropped plans to privatise the Land Registry, which holds land ownership records for England and Wales.

The ODI is launching a collaboration with Sport England aiming to make data about sport more accessible.

Berners-Lee said during a presentation that a key challenge, particularly in the era of Brexit and Donald Trump, was making reliable data available to people who felt disenfranchised: “How can we help everyone in the country feel that they have access to good quality information ... whether they get it on the web or not – maybe they get it through TV and radio? How can we restore a culture and civilisation based on knowledge ... and a democratic system based on knowledge, based on facts and truth?”


SHARE THIS
Previous Post
Next Post