"Open data threatens Norway's security"

“It’s a paradox. As a researcher, it’s important for me to have access to as much public data as possible. But those with destructive intentions towards Norway have the same need,” says Professor Morten Goodwin at the University of Agder.

In Norway, vast amounts of data are publicly available. This includes everything from personal information to details about roads and traffic to public contracts.

In a new episode of his Artificial Intelligence podcast (in Norwegian), Goodwin talks about how this information can become a threat when combined with artificial intelligence.

Many types of data

There are many types of public data in Norway. Here are some examples:

Geographic data 
Norway shares geographic data through platforms such as Kartverket (the Norwegian Mapping Authority). This includes information about infrastructure such as bridges, tunnels and power grids.

"As public information, it may seem harmless, but when this data is widely accessible, it can be exploited in the planning of both physical and cyberattacks against critical infrastructure," Goodwin says.

Employee directories 
Public institutions in Norway often publish directories that include names, positions and contact information.

"Such information can be used to create targeted phishing campaigns or other forms of fraud. Attackers can impersonate a colleague or someone in management to gain access to protected areas or information," says Goodwin.

Public procurement 
Doffin is Norway's national database for the announcement of public procurements. Here, you can find information about public contracts, bids and procurement data, including details on which companies have been awarded contracts and what has been purchased.

"By knowing the details of public contracts, criminals can create fake invoices or other fraud schemes aimed at both the government and contracting parties," says Goodwin.

Traffic and travel data 
Data on public transport habits, traffic flows, and movement patterns in cities can be useful for urban planning and public safety. But in the wrong hands, such data can be used to identify vulnerabilities such as the time and location of effective attacks or sabotage.
    
"Data on movement patterns can be used to predict when and where people or goods will be at a given time. This can make it easier to coordinate physical or cyberattacks. Attackers with knowledge of how traffic flows can also choose the best time to launch a cyberattack to create maximum disruption," Goodwin says.

Communication in the public sector 
Much of the communication in the public sector, including case processing and decision-making, is documented and published. Even seemingly innocuous communication between civil servants can provide insight into internal processes, security measures, or ongoing discussions about sensitive policies.

"Not only can such information be used for political manipulation or to cast doubt on political leaders and their policies. Artificial intelligence can also analyse the leaked content to identify patterns, keywords, and sensitive information that can be exploited in future attacks," says Goodwin.

Eight threat scenarios 

In the podcast, Goodwin discusses eight different ways the combination of artificial intelligence and open data can pose a threat to Norwegian society:

1. Cyber threats: More accessible data increases the risk that someone exploits vulnerabilities to gain access to sensitive information.
2. Espionage: Increased data availability can potentially make espionage easier.
3. Disinformation and propaganda: Artificial intelligence can be used to target and tailor disinformation to influence public opinion.
4. Economic espionage: Foreign actors can steal trade secrets and intellectual property using the combination of open data and artificial intelligence.
5. Invasion of privacy: Artificial intelligence can process large amounts of personal data and create detailed profiles of individuals that can easily be abused.
6. Critical infrastructure vulnerabilities: By using advanced algorithms, artificial intelligence can quickly identify weaknesses in everything from software and networks to physical security systems.
7. Military security: Available data can reveal information about military operations and capabilities, compromising national defence.
8. Influence operations: Data analysis done by artificial intelligence can improve operations where foreign agents try to manipulate political processes and elections.