The TTPs of Privacy and Security of the IoT

This article looks at the tactics, techniques, and practices (TTPs) that enable the management of security and privacy risks for IoT. Security professionals are likely familiar with this term of art in the context of cyber threat intelligence and incident response, only here has it been adapted it to help practitioners frame cyber security and privacy risk response for the IoT.

(E. Kenneally, “The TTPs of Privacy and Security of the IoT,” in IEEE Internet of Things Magazine, vol. 1, no. 2, pp. 8-11, December 2018. doi: 10.1109/MIOT.2018.8717595, available at

Smart CIty: Coral Gables Leader Raimundo Rodulfo

Welcome to Aspen’s Podcast – Episode 6 – Smart Cities and Communities – today’s guest is a distinguished Smart City / Community leader: Mr Raimundo Rudolfo, Director of Information Technology, Chief Information and Innovation Officer at the City of Coral Gables Florida. He’s successfully implemented many the Smart City initiatives and break new ground continuously.

He’s been able to apply new technology, gain support from stakeholders by using lean and efficient methods that free up capital and resources to apply to new initiatives.

His globally recognized benefits to the Citizens, businesses and stakeholders in his communities are generously shared through his presentations to Mayors, Community managers, Universities and Businesses.

He’s actively participating in leadership organizations, including the National Institute for Standards and Technology, Global City Teams Challenge organization. He’s a contributor to the GCTC Data supercluster as well.

I’m excited to share the discussion Raimundo and I had about Coral Gables and his series of successes. Welcome to Aspen’s Podcast Raimundo.

Intelligent Privacy for Smart Cities

Join us at the upcoming Portland Tech Jam ’19 where we’ll present our forthcoming paper that addresses Smart Cities privacy and innovation challenges with pragmatic policy-informed technology solutions:  Look for the full article in the ACM Conference Proceedings (Isaac Potoczy-Jones, Erin Kenneally, John Ruffing, “Encrypted Dataset Collaboration- Intelligent Privacy for Smart Cities, SCC’19, September 2019, Portland, Oregon USA).  In summary:

The past year has seen increasing scrutiny of Smart Cities efforts with regard to privacy. Privacy advocates have criticized Smart City data collection on the whole and critiqued specific city efforts that they feel have crossed a line.

Cities are struggling with a number of privacy issues, including how to address third parties’ collection of Smart City data, how cities consume personally identifying information from third-parties, and how public records laws intersect with privacy concerns.

The majority of data that cities collect are subject to disclosure under public record laws, with an attendant obligation to anonymize sensitive private information. However, as the amount and availability of data increases, the ability to cross-reference, correlate, and de-anonymize or re-sensitize datasets also increases. This leads to re-identification attacks that infringe the privacy of individuals in those datasets, and fosters mistrust in city governments and technology vendors. A fundamental challenge is that open data and privacy interact in complex and unpredictable ways. Some cities may choose to allow third parties to collect and manage that data in an effort to encourage innovation in the delivery of city services, while simultaneously wrestling with the legal and policy implications, such as privacy and public records law compliance. Unfortunately, this also may have undesirable privacy outcomes depending on a third-party’s use of that data and the city’s role in encouraging its collection.

In this paper, we will discuss concrete approaches to smart cities data privacy governance including collection and management, and specifically, an innovative pilot project supported by the U.S. Department of Homeland Security, Science & Technology Directorate aimed at demonstrating how privacy technology can help harmonize data sensitivity risks with intended benefits.

Data Exchanges

Should Data Exchanges be based on free or open data? As many of you may know, Open is different from Free. Open software, for example, refers to reading software source code. Free software allows you to use the software for free.  Data can be Open or Free, or both.

We discuss the cost of providing Free data in a world where more and more data is being produced. New business models are evolving for Open Data that encourage use, innovation, and business model development and preserve the rights of innovators and data users as well as those who provide the data.

Smart Data Exchange Will Enhance Smart Cities – DZone IoT

When it comes to smart city innovation, it’s arguable that most use cases are not that exciting to the average resident. A connected garbage bin, traffic light or parking meter is not going to cause applause and adoration for city officials at least in the first instance.

Project Open Data: Example Guidance / Licenses

Open Licenses – Project Open Data

Open Data Policy – Managing Information as an Asset

The Federal Open Data Policy states: “Agencies must apply open licenses, in consultation with the best practices found in Project Open Data, to information as it is collected or created so that if data are made public there are no restrictions on copying, publishing, distributing, transmitting, adapting, or otherwise using the information for non-commercial or for commercial purposes.””