Mark Wolinski is the Government Relations Administrator, Public Affairs & Communication Department, in the Roseville, California, City Manager’s Office. He spoke today to Etopia News about SB 272, a bill now pending that would mandate the collection and online publication of what some consider sensitive information about the operations of local “enterprise systems.”
He emphasized his appreciation of the 10+ amendments already taken for the bill by its author, California State Senator Robert Hertzberg, and said, on behalf of the city, that he was “very supportive of open data, very supportive of transparency,” but that, nevertheless, he had some concerns about what compliance with the provisions of SB 272 bill would mean for the cyber-security of the city’s municipal water and power systems.
Mr. Wolinski is worried that making it necessary for those interested in the intricacies of a locality’s “enterprise systems” to file Freedom of Information Act (FOIA) requests in order to get the information required under SB 272 to be prominently displayed on its web site will avoid the risk of making this information publicly available unaccountably to anyone with an Internet connection, by at least creating a “fingerprint” by way of the FOIA request.
The specific data in question are the names of the companies that develop and maintain “enterprise systems” and the programs being used to operate the systems, including current version numbers. Notwithstanding the argument that “if you’re worried about giving out that information, then you’ve got bigger problems to worry about,” making this identifying information publicly available to anonymous potential malicious hackers may still not be the best approach to maintaining system integrity and security.
For more about opposition to including this sensitive information in the SB 272-mandated public catalog from a spokesperson for the California Municipal Utilities Association, look here.