Riebe, Thea ; Biselli, Tom ; Kaufhold, Marc-André ; Reuter, Christian (2023)
Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey.
In: Proceedings on Privacy Enhancing Technologies, 2023, 2023 (1)
doi: 10.26083/tuprints-00023377
Artikel, Zweitveröffentlichung, Verlagsversion
Kurzbeschreibung (Abstract)
The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather.
| Typ des Eintrags: | Artikel |
|---|---|
| Erschienen: | 2023 |
| Autor(en): | Riebe, Thea ; Biselli, Tom ; Kaufhold, Marc-André ; Reuter, Christian |
| Art des Eintrags: | Zweitveröffentlichung |
| Titel: | Privacy Concerns and Acceptance Factors of OSINT for Cybersecurity: A Representative Survey |
| Sprache: | Englisch |
| Publikationsjahr: | 2023 |
| Ort: | Darmstadt |
| Publikationsdatum der Erstveröffentlichung: | 2023 |
| Verlag: | PET Symposium |
| Titel der Zeitschrift, Zeitung oder Schriftenreihe: | Proceedings on Privacy Enhancing Technologies |
| Jahrgang/Volume einer Zeitschrift: | 2023 |
| (Heft-)Nummer: | 1 |
| DOI: | 10.26083/tuprints-00023377 |
| URL / URN: | https://tuprints.ulb.tu-darmstadt.de/23377 |
| Zugehörige Links: | |
| Herkunft: | Zweitveröffentlichungsservice |
| Kurzbeschreibung (Abstract): | The use of Open Source Intelligence (OSINT) to monitor and detect cybersecurity threats is gaining popularity among Cybersecurity Emergency or Incident Response Teams (CERTs/CSIRTs). They increasingly use semi-automated OSINT approaches when monitoring cyber threats for public infrastructure services and incident response. Most of the systems use publicly available data, often focusing on social media due to timely data for situational assessment. As indirect and affected stakeholders, the acceptance of OSINT systems by users, as well as the conditions which influence the acceptance, are relevant for the development of OSINT systems for cybersecurity. Therefore, as part of the ethical and social technology assessment, we conducted a survey (N=1,093), in which we asked participants about their acceptance of OSINT systems, their perceived need for open source surveillance, as well as their privacy behavior and concerns. Further, we tested if the awareness of OSINT is an interactive factor that affects other factors. Our results indicate that cyber threat perception and the perceived need for OSINT are positively related to acceptance, while privacy concerns are negatively related. The awareness of OSINT, however, has only shown effects on people with higher privacy concerns. Here, particularly high OSINT awareness and limited privacy concerns were associated with higher OSINT acceptance. Lastly, we provide implications for further research and the use of OSINT systems for cybersecurity by authorities. As OSINT is a framework rather than a single technology, approaches can be selected and combined to adhere to data minimization and anonymization as well as to leverage improvements in privacy-preserving computation and machine learning innovations. Regarding the use of OSINT, the results suggest to favor approaches that provide transparency to users regarding the use of the systems and the data they gather. |
| Freie Schlagworte: | cybersecurity, OSINT, online social networks, privacy, surveillance |
| Status: | Verlagsversion |
| URN: | urn:nbn:de:tuda-tuprints-233779 |
| Zusätzliche Informationen: | Zugl. Konferenzveröffentlichung: The 23rd Privacy Enhancing Technologies Symposium. July 10–15, 2023. Lausanne, Switzerland and Online |
| Sachgruppe der Dewey Dezimalklassifikatin (DDC): | 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik 300 Sozialwissenschaften > 320 Politik 300 Sozialwissenschaften > 380 Handel, Kommunikation, Verkehr |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Wissenschaft und Technik für Frieden und Sicherheit (PEASEC) |
| Hinterlegungsdatum: | 15 Mär 2023 13:23 |
| Letzte Änderung: | 20 Mär 2023 11:07 |
| PPN: | |
| Zugehörige Links: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum