Presentations from the SPF Spectrum Resilience workshop on 03 May 2018
More information about the UK Spectrum Policy Forum is available here.
http://www.techuk.org/about/uk-spectrum-policy-forum
1. QINETIQ PROPRIETARY
QINETIQ PROPRIETARY
Dr Anil Shukla – QinetiQ Fellow
ashukla@qinetiq.com
Spectrum Resilience – Framework
workshop overview and need.
Spectrum Policy Forum Workshop
Tech UK – 3rd May 2018;
14:00 – 16:30
QINETIQ/18/01713
2. QINETIQ PROPRIETARY
QINETIQ PROPRIETARY
QINETIQ/18/01713
• UK economic contribution £52 billion in 2011
• UK Strategy to make it £104 billion in 2025
• 750MHz of spectrum to be released by 2020
• 800MHz & 2.6GHz raised £2.34bn in Feb 2013
• 2.3GHz & 3.4GHz raised £1.4bn March 2018
• Increasingly congested environment and in demand
• Interference causes a denial of service
2
Importance of the Spectrum Infrastructure
3. QINETIQ PROPRIETARY
QINETIQ PROPRIETARYQINETIQ/18/01713
• Who/what are the perceived threat Sources e.g. Threat Actors
–Users – incorrect use or accidental
–Hobbyist
–Criminal/terrorist
–State sponsored
–Nation state
• What can happen
–Denial of service
–Information insertion
–Information capture
3
Understanding the Spectrum Threats
4. QINETIQ PROPRIETARY
QINETIQ PROPRIETARYQINETIQ/18/017134
Example of Direct Threats to Wi-Fi
• Information-cyber attacks are attacks that aim to compromise or
damage computer networks
• There are videos on YouTube explaining how to hack Wi-Fi users with
simple-to-use but highly powerful tools easily found online
–Person-in-the-middle
–Denial-of-service
–Unauthorised devices
–Rogue APs
• More overt, less sophisticated jamming is also possible
–with converted microwave oven!
6. QINETIQ PROPRIETARY
QINETIQ PROPRIETARY
QINETIQ/18/01713
6
The Resilience / Security Onion
• Cyber (information security) is forging
ahead in training and board level
governance
• Is spectrum going to be the weakest link ?
• What is Spectrums role in resilience
agenda ?
Don’t want radios to look like this ?
By I, Ldopa, CC BY-SA 3.0,
https://commons.wikimedia.org/w/index.php?curid=2239310
7. QINETIQ PROPRIETARY
QINETIQ PROPRIETARY
QINETIQ/18/01713
Summary
• White paper based on two SPF workshops.
• Highlights that spectrum is part of the soft infrastructure and spectrum disruptions are
similar to traditional Cyber-information Denial of Service attacks
• Paper provides examples of Cyber-Spectrum disruptions
• Highlights that in an increasingly integrated and interdependent society dependent on
spectrum a cyber-spectrum disruption could cause cascade effects
• Security is an integrated approach and Spectrum must play its part otherwise it will be
the weakest link.
Recommends
1. Government departments, private sector service providers and users of spectrum
should conduct regular “spectrum stress tests” to understand their business risks and
develop appropriate mitigation techniques
2. Spectrum Policy Forum should develop a Framework guidance document on achieving
spectrum resilience
7
What does the UK need to do to pursue its spectrum resilience objectives?
8. QINETIQ PROPRIETARY
QINETIQ PROPRIETARY
QINETIQ/18/01713
• Objective to provide guidance – not the how
• Audience – non spectrum specialists, business managers, systems operators
• What should it cover?
– Governance - Who own the problem – what’s the governance required
– Assessment - How do you find out what business functions/assets use spectrum – where are the risk/threat areas
what are the attributes
– Requirement - How do you assess what level of resilience is needed (Gold, Silver, Bronze);
– Non Spectrum Controls - What non-spectrum mitigation can be used (physical, procedural and technical controls)
– Spectrum Controls - What spectrum mitigations can be used
– Paper Compliance - What could a spectrum resilience compliance regime look like
– Spectrum compliance - How do you conduct a spectrum stress test ?
8
Framework Discussion