Mark Wolinski
is the Government Relations Administrator, Public Affairs & Communication
Department, in the Roseville, California, City Manager’s Office. He spoke today to Etopia News about SB
272, a bill now pending that would mandate the collection and online
publication of what some consider sensitive information about the operations of
local “enterprise systems.”
He emphasized
his appreciation of the 10+ amendments already taken for the bill by its
author, California State Senator Robert Hertzberg, and said, on behalf of the city,
that he was “very supportive of open data, very supportive of transparency,”
but that, nevertheless, he had some concerns about what compliance with the
provisions of SB 272 bill would mean for the cyber-security of the city’s
municipal water and power systems.
Mr. Wolinski
is worried that making it necessary for those interested in the intricacies of
a locality’s “enterprise systems” to file Freedom of Information Act (FOIA)
requests in order to get the information required under SB 272 to be
prominently displayed on its web site will avoid the risk of making this
information publicly available unaccountably to anyone with an Internet
connection, by at least creating a “fingerprint” by way of the FOIA request.
The specific
data in question are the names of the companies that develop and maintain “enterprise
systems” and the programs being used to operate the systems, including current
version numbers. Notwithstanding the
argument that “if you’re worried about giving out that information, then you’ve
got bigger problems to worry about,” making this identifying information
publicly available to anonymous potential malicious hackers may still not be
the best approach to maintaining system integrity and security.
For more
about opposition to including this sensitive information in the SB 272-mandated
public catalog from a spokesperson for the California Municipal Utilities Association,
look here.
No comments:
Post a Comment