[HOT] HOT Security Working Group
schuyler at nocat.net
Mon May 6 02:00:16 UTC 2013
TL;DR: We need some folks to work on ensuring the security of HOT activities. Maybe YOU can help!
Heather Leson and I have taken on the task of beginning to sort out security policies and procedures for Humanitarian OpenStreetMap Team operations. As our organization grows in capacity, it becomes more and more important that we do everything possible to secure the safety of our volunteers, our staff, and our technical resources.
Our first step was to organize a short conference call with George Chamales, a security expert known for his expertise in disaster response and particularly in crowdsourcing, and a long-time supporter of HOT. George recently wrote "Towards Trustworthy Social Media and Crowdsourcing", a policy brief sponsored by the Wilson Center, which I strongly recommend reading.
We took detailed notes during the call, which are shared as a Google Doc. Please feel free to comment directly on the document: http://goo.gl/4qGZu
The key takeaway from the call was that, rather than having a one-size-fits-all "security policy", our policy should to be break down every HOT activity into a workflow, against which security threats and responses can be assessed on a case-by-case and ongoing basis.
This process isn't going to happen by itself -- my sense is that we should have a "HOT Security Working Group" who ensure that every HOT activity gets the needed security review. The working group could also take responsibility for drawing up contingency plans for anticipated security threats. The group doesn't have to be more than three or four people, and it shouldn't need to meet more than a couple times a month.
If you haven't had time or availability to volunteer for HOT recently, maybe this is a way that _you_ can get involved that won't take up too much of your time, but will be absolutely essential to HOT's success. Please feel free to email me or Heather off-list if you're interested. We need your help!
Of course, don't let me keep you from engaging in discussion of security issues on this mailing list, if the inspiration strikes you :)
More information about the HOT