OpenSecurity: Open Source Security Solutions Protecting Employees and Data in Public Institutions

Every organization must protect their cyber-infrastructure from threats – external or internal. In particular, public agencies that administer private citizen data (e.g. criminal and medical records or residency registers), or who manage national security information have a duty to protect this sensitive information. Whether arising from mistakes, external attacks, social engineering, or malicious intent, human beings will always be a weak link in the IT security chain. There is often an insufficient level of awareness of security risks, which leads to users being targeted by a variety of external threats. A second prevalent problem is that of lost devices (smartphones, tablet-PCs, USB-sticks, laptops etc.).

OpenSecurity should prevent the loss and (un)intentional misuse of sensitive, citizen-related data held by public bodies. The aim of our research is to achieve a higher level of data security and availability, while reducing effort in deployment management and maintenance. To this end, the feasibility and possible implementation of a centralized security layer will be examined based on the principles of security by isolation, virus detection, and encryption. This layer will control, verify, and encrypt any and all communication that takes place on client devices. OpenSecurity will be provided under a license that allows both public verification and customization within heterogeneous ICT-system landscapes.

OpenSecurity is a two-year project, running until October 2014, funded by the Austrian FFG KIRAS security program. The primary stakeholders in the project are the Austrian Ministry of Defence (BMLVS) and the IKT Linz. These stakeholders have provided use cases and requirements for the project and will test and validate the project results. The AIT Austrian Institute of Technology GmbH is the primary research partner, supporting the industrial partners X-NET Services GmbH and IKARUS Security Software GmbH. Under the technical coordination of X-NET, this team is carrying out the technical implementation of the OpenSecurity solutions. The Linz Institute for Qualitative Analysis (LIquA) rounds off the consortium by providing an analysis of the impact of OpenSecurity in the context of employee data protection and privacy.