Spatineo API Security

Analyze Open Geodata Usage Related to Critical Infrastructure

How much are Open Data APIs used for retrieving information related to critical infrastructure objects? Which datasets, user groups, origin countries?

What kind of trends and anomalies can be found in non-domestic Open Data usage coinciding with particular geopolitical or national events?

In many cases Open Data providers don’t have enough knowledge on how much their datasets are actually used and by who. To keep the Open Data policies working as intended, the right methods and tools are needed to effectively analyse the use of Open Data via public APIs. Organisations responsible for the data and APIs must be able to detect unintended and unwanted API use. With this information the data providers are able to make timely adjustments to the provided data and access as necessary, and to keep the Open Data flows sustainable.

Information describing the critical infrastructure objects, such as bridges, harbours, utility networks, or water towers, are usually not provided as Open Data, but many datasets providing highly useful information on the surroundings of these objects are. Spatineo has developed a method for automatically detecting and analysing likely reconnaissance of the surroundings of known critical infrastructure objects based on geospatial analysis of the API metadata and the API web server access logs.

The analysis method has been proven to work in real customer cases, and to provide answers to research questions considering likely Open Data API reconnaissance on a national level. It has been applied in projects with more than two years of web server access logs from hundreds of individual APIs consisting of tens of billions of log entries.

Research paper: Detecting and Analysing Open Geodata Reconnaissance Targeting Critical Infrastructure

Ilkka Rinne, Sanna Hautala, Suvi-Tuulia Haakana, Miska Kauppinen, Sampo Savolainen, Riitta Vaniala (Spatineo Oy)

Originally presented at the NATO Science and Technology Organization Symposium (ICMCIS) organized by the Information Systems Technology (IST) Panel, IST-205-RSY – the ICMCIS, held in Koblenz, Germany, 23-24 April 2024.