Abstract
The internet of things, social media and other technological developments have a created a situation in which more and more sensitive data is being exchanged between government and semi-government organizations. However, sharing confidential data presents complex challenges that are not only confined to technological factors but are also inclusive of social aspects such as data governance. This article therefore promotes a data-centric approach to data exchange, deriving principles for the secure exchange of government data across confidential networks. Due to the potential advantages that data-driven decision-making brings to government organizations, significant pressure is often placed on government organizations to publish and exchange classified data or privacy sensitive data with cooperating government organizations or even with allied countries across classified networks. For example, it is often difficult to assess the confidentiality of raw data. Furthermore, data leaks and ransoming of data have become a common occurrence which often have wide-ranging and unforeseen consequences. More and more, government organizations are looking beyond traditional security methods towards a more data-centric approach, whereby data is positioned at the foundation of decision-making and operations regarding risk management. This approach acts as a means to gain control over the secure exchange of confidential and sensitive data so that the right people continue to have access to the right data at the right time whilst simultaneously ensuring that the wrong people do not gain access to confidential data. However, secure data exchange viewed from a data-centric perspective has been given little attention to date. This article outlines a systematic review of literature on data-centric approaches to data exchange. The findings show that along with the technical aspects of data exchange, aspects such as data governance as well as the management of data as a product are also of importance to the secure and trusted exchange of sensitive data.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Coleman, D.W., Hughes, A.A., Perry, W.D.: The role of data governance to relieve information sharing impairments in the federal government. In: 2009 WRI World Congress on Computer Science and Information Engineering, pp. 267–271 (2009)
Scully, T.: The cyber threat, trophy information and the fortress mentality. J. Bus. Contin. Emer. Plan. 5(3), 195–207 (2011)
Zeiringer, J.P., Thalmann, S.: Knowledge sharing and protection in data-centric collaborations: an exploratory study. Knowl. Manage. Res. Pract. 20, 436–448 (2022). https://doi.org/10.1080/14778238.2021.1978886
De Mello, L., Jalles, J.T.: The global crisis and intergovernmental relations: centralization versus decentralization 10 years on. Reg. Stud. 54, 942–957 (2020). https://doi.org/10.1080/00343404.2019.1645326
Brannsten, M.R., Johnsen, F.T., Bloebaum, T.H., Lund, K.: Toward federated mission networking in the tactical domain. IEEE Commun. Mag. 53, 52–58 (2015)
Wrona, K.: Towards data-centric security for NATO operations. In: Tagarev, T., Stoianov, N. (eds.) Digital Transformation, Cyber Security and Resilience (DIGILIENCE 2020). CCIS, vol. 1790, pp. 75–92. Springer, Cham (2024). https://doi.org/10.1007/978-3-031-44440-1_15
Pradhan, M., Suri, N., Fuchs, C., Bloebaum, T.H., Marks, M.: Toward an architecture and data model to enable interoperability between federated mission networks and IoT-enabled smart city environments. IEEE Commun. Mag. 56, 163–169 (2018). https://doi.org/10.1109/MCOM.2018.1800305
Sonnenwald, D.H.: Challenges in sharing information effectively: examples from command and control. Inf. Res. Int. Electron. J. 11, n4 (2006)
Ferrell, M.: A new view and guidelines for data centric security. James Madison University (2008). https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=adaad0a235e2487be65cfe2513407154361cbc17
Hennessy, S.D., Lauer, G.D., Zunic, N., Gerber, B., Nelson, A.C.: Data-centric security: integrating data privacy and data security. IBM J. Res. Dev. 53(2), 2 (2009)
Draheim, D., Krimmer, R., Tammet, T.: On state-level architecture of digital government ecosystems: from ICT-driven to data-centric. In: Hameurlain, A., Tjoa, A.M. (eds.) Transactions on Large-Scale Data- and Knowledge-Centered Systems XLVIII. LNCS, vol. 12670, pp. 165–195. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-662-63519-3_8
Di Maio, A.: Moving Toward Data-Centric Government. Gartner (2013)
Krishnamurthi, S., Fisler, K.: Data-centricity: a challenge and opportunity for computing education. Commun. ACM 63, 24–26 (2020). https://doi.org/10.1145/3408056
Aggarwal, C.C., Ashish, N., Sheth, A.: The internet of things: a survey from the data-centric perspective. In: Aggarwal, C. (ed.) Managing and Mining Sensor Data. Springer, Boston (2013). https://doi.org/10.1007/978-1-4614-6309-2_12
Sreedhar, V.C.: Data-centric security: role analysis and role typestates. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies (SACMAT 2006), p. 170. ACM Press, California (2006)
Hull, R.: Data-centricity and services interoperation. In: Basu, S., Pautasso, C., Zhang, L., Fu, X. (eds.) Service-Oriented Computing (ICSOC 2013). LNCS, vol. 8274, pp. 1–8. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-45005-1_1
Kabir, A.H.: Data centric security. Natl Secur. Inst. J. 21–33 (2015)
Thalmann, S., et al.: Data analytics for industrial process improvement a vision paper. In: 2018 IEEE 20th Conference on Business Informatics (CBI), pp. 92–96. IEEE (2018)
Ponchione, L.: Implementation of policies in data-centric security solutions: a case study (2023). https://webthesis.biblio.polito.it/26895/
Adler, S.: The strategic imperative of data governance. Int. Inst. Informatics & Systemics, Orlando (2007)
Lis, D., Gelhaar, J., Otto, B.: Data strategy and policies: the role of data governance in data ecosystems. In: Caballero, I., Piattini, M. (eds.) Data Governance, pp. 27–55. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-43773-1_2
Khatri, V., Brown, C.V.: Designing data governance. Commun. ACM 53, 148–152 (2010). https://doi.org/10.1145/1629175.1629210
DAMA International: DAMA-DMBOK: Data Management Body of Knowledge. Technics Publications (2017)
Webster, J., Watson, R.T.: Analyzing the past to prepare for the future: writing a literature review. MIS Q. 26, 13–23 (2002)
Bharosa, N., Janssen, M.: Principle-based design: a methodology and principles for capitalizing design experiences for information quality assurance. J. Homel. Secur. Emerg. Manage. 12(3), 469–496 (2015). https://doi.org/10.1515/jhsem-2014-0073
Peng, S., et al.: A peer-to-peer file storage and sharing system based on consortium blockchain. Future Gener. Comput. Syst. 141, 197–204 (2023). https://doi.org/10.1016/j.future.2022.11.010
Khan, A., Kim, T., Byun, H., Kim, Y.: SciSpace: a scientific collaboration workspace for geo-distributed HPC data centers. Future Gener. Comput. Syst. 101, 398–409 (2019). https://doi.org/10.1016/j.future.2019.06.006
Vohra, K., Dave, M.: Multi-authority attribute based data access control in fog computing. Procedia Comput. Sci. 132, 1449–1457 (2018). https://doi.org/10.1016/j.procs.2018.05.078
Mendes, P.: Combining data naming and context awareness for pervasive networks. J. Netw. Comput. Appl. 50, 114–125 (2015). https://doi.org/10.1016/j.jnca.2014.09.015
Pagano, P., Candela, L., Castelli, D.: Data interoperability. Data Sci. J. 12, GRDI19–GRDI25 (2013)
Bhartiya, S., Mehrotra, D.: Exploring interoperability approaches and challenges in healthcare data exchange. In: Zeng, D., et al. (eds.) Smart Health (ICSH 2013). LNCS, vol. 8040, pp. 52–65. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39844-5_8
Lee, Y.-C., Eastman, C.M., Lee, J.-K.: Validations for ensuring the interoperability of data exchange of a building information model. Autom. Constr. 58, 176–195 (2015)
Wilgenbusch, J.C., Pardey, P.G., Hospodarsky, N., Lynch, B.J.: Addressing new data privacy realities affecting agricultural research and development: a tiered-risk, standards-based approach. Agron. J. 114, 2653–2668 (2022). https://doi.org/10.1002/agj2.20968
Jia, K., Wang, Z., Fan, S., Zhai, S., He, G.: Data-centric approach: a novel systematic approach for cyber physical system heterogeneity in smart grid. IEEJ Trans. Electr. Electron. Eng. 14, 748–759 (2019). https://doi.org/10.1002/tee.22861
Dahdal, S., Poltronieri, F., Tortonesi, M., Stefanelli, C., Suri, N.: A data mesh approach for enabling data-centric applications at the tactical edge. In: 2023 International Conference on Military Communications and Information Systems (ICMCIS), pp. 1–9. IEEE (2023)
Scarfone, K., Souppaya, M.: Data classification practices: facilitating data-centric security management (2021)
Rosenthal, A., Mork, P., Li, M.H., Stanford, J., Koester, D., Reynolds, P.: Cloud computing: a new business paradigm for biomedical information sharing. J. Biomed. Inform. 43, 342–353 (2010). https://doi.org/10.1016/j.jbi.2009.08.014
Lindstrom, A.: On the syntax and semantics of architectural principles. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS 2006), pp. 178b–178b. IEEE (2006)
Haki, K., Legner, C.: The mechanics of enterprise architecture principles. J. Assoc. Inf. Syst. (2021)
Duncan, G., Stokes, L.: Data masking for disclosure limitation. WIREs Comput. Stats. 1, 83–92 (2009). https://doi.org/10.1002/wics.3
International, D., Earley, S.: The DAMA dictionary of data management. Technics Publications, LLC (2011)
Dehghani, Z.: Data Mesh. O’Reilly Media (2022)
Pongpech, W.A.: A distributed data mesh paradigm for an event-based smart communities monitoring product. Procedia Comput. Sci. 220, 584–591 (2023). https://doi.org/10.1016/j.procs.2023.03.074
Heggelund, D.G., Andresen, V.: Productization of data. Presented at the SPE Russian Oil and Gas Technical Conference and Exhibition October 28 (2008)
Machado, I., Costa, C., Santos, M.Y.: Data-driven information systems: the data mesh paradigm shift (2021)
Felici, M., Koulouris, T., Pearson, S.: Accountability for data governance in cloud ecosystems. In: 2013 IEEE Fifth International Conference on Cloud Computing Technology and Science (cloudcom), vol. 2, pp. 327–332 (2013). https://doi.org/10.1109/CloudCom.2013.157
Thompson, N., Ravindran, R., Nicosia, S.: Government data does not mean data governance: lessons learned from a public sector application audit. Gov. Inf. Q. 32, 316–322 (2015). https://doi.org/10.1016/j.giq.2015.05.001
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Brous, P., Hiel, M. (2024). Principles for the Secure Exchange of Sensitive Data Across Classified Networks: A Data-Centric Approach. In: Janssen, M., et al. Electronic Government. EGOV 2024. Lecture Notes in Computer Science, vol 14841. Springer, Cham. https://doi.org/10.1007/978-3-031-70274-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-70274-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-70273-0
Online ISBN: 978-3-031-70274-7
eBook Packages: Computer ScienceComputer Science (R0)
