Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Jim Norton, Royal Academy of Engineering Digital Systems Engineering Community of Practice - cyber


Published on

Presented by Jim Norton, Royal Academy of Engineering Digital Systems Engineering Community of Practice
in the UK Spectrum Policy Forum UK SPF Workshop: Spectrum Infrastructure Resiliency & Interference on the 18 April 2016.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Jim Norton, Royal Academy of Engineering Digital Systems Engineering Community of Practice - cyber

  1. 1. Cybersecurity and Spectrum UK SPF Workshop on Spectrum Infrastructure Resilience & Interference 18th April 2016 Prof. Jim Norton Chair – Royal Academy of Engineering Digital Systems Engineering Community of Practice Former Chief Executive – UK Radiocommunications Agency
  2. 2. 2Spectrum Workshop 18/04/2016 Issues to be covered • A long but not glorious history from the funny to the lethal. • We have been here before…. • A challenge of culture, not just technology? • The curse of “accidental systems” • Final thoughts
  3. 3. 1977 Hijack of the Rowridge main broadcast transmitter • People did notice in 1977, however, when a message purporting to come from Vrillon of ‘Ashtar Galactic Command’ interrupted Southern Television's 5.45 pm news programme. "We come to warn you of the destiny of your race and your worlds so that you may communicate to your fellow beings the course you must take to avoid the disasters that threaten your worlds and the beings on the worlds around you. This is in order that you may share in the 'great awakening' as the planet passes into the new Age of Aquarius," they declared. • The event attracted a lot of media coverage at the time, as well as considerable speculation over who the perpetrator might have been. The new-age nuts and the UFOlogists all claimed connection with the hijackers. The general view was this merry jape was perpetrated by students but this is not the case. The finger of suspicion points at a character connected with the broadcast industry and known as the ‘Cosmic Cowboy’ (aided and abetted by his hippy friends). In case this attribution is incorrect, however, I will not actually print his name here. 3 Spectrum Workshop 18/04/2016 Source: Andrew Emmerson Pirate Television in History 1998
  4. 4. 2002 Chinese satellite hijack 4 Spectrum Workshop 18/04/2016 Source: Computer Weekly 9th July 2002
  5. 5. A long history of dangerous problems at airports… 5 Spectrum Workshop 18/04/2016 Source: BBC News Website 02/05/2007
  6. 6. 6Spectrum Workshop 18/04/2016 …to the really lethal combination of spectrum and software? • Much of the underpinning system design and software in vintage command and control systems (such as Supervisory Control and Data Acquisition - SCADA) is poor. Source: US Homeland Security on a bad day…
  7. 7. Aurora Generator Test – Idaho Labs 7Spectrum Workshop 18/04/2016
  8. 8. 8 Spectrum Workshop 18/04/2016 We have been here before… A series of reports published in the summer of 2009 stressed the need for major investment in infrastructure renewal and hardening against a wide range of threats…
  9. 9. 9Spectrum Workshop 18/04/2016 Quotes from the reports… Recommendation 52: Government should review its powers to mandate realistic minimum levels of resilience in relation to all critical infrastructures and in relation to all areas of interdependence between different infrastructure sectors. Where wider interpretation or amendment of existing legislation is not sufficient and new primary legislation is required, this should be included in the planned further Bill on Civil Contingencies. Recommendation 53: Government should bring together regulators of the different infrastructure industries and require them to enforce higher resilience standards in their own sectors, as well as to investigate and strengthen resilience in areas of interdependencies between sectors and in sector supply chains. Recommendation 54: Government should go further and signal to sector regulators that it would welcome investment by utility providers in relevant areas outside their own core business areas where such investment would reduce interdependence on other elements of the infrastructure. Investment by the power generators, national grid and energy distribution companies in mobile communications that are more resilient against power failure, for example, would be welcome. Recommendation 57: Government should task the Centre for the Protection of National Infrastructure (CPNI) with the development of security recommendations aimed at mitigating command and control risks associated with Smart Grids…
  10. 10. What makes the greatest impact on security? Source: IoD Business Opinion Survey, carried out by GfK-NoP on a balanced sample of 500 members in February-March 2008. High
  11. 11. Perceived value of different elements of security Source: IoD Business Opinion Survey, carried out by GfK-NoP on a balanced sample of 500 members in February-March 2008. Low High
  12. 12. 12Spectrum Workshop 18/04/2016 Examples of “accidental systems” Source: Royal Academy of Engineering A multitude of ostensibly independent systems have varying degrees of GNSS dependencies for position, navigation or timing. These include: •Stock exchange trading •Radar systems •Navigation systems •Telecommunications systems •Emergency services navigation and communications •Railway applications,…
  13. 13. Strengthening the foundations – RAEng Connecting Data report recommendations 13 Spectrum Workshop 18/04/2016 • A growing level of interconnecting and interdependence of supporting systems with vulnerabilities • Best engineering practices are vital Recommendation 1: Infrastructure regulators, professional bodies and standards bodies need to create an enabling structure that promotes innovation and ensures safety and resilience. Subsequent to the report publication, an Academy workshop on “Strengthening Digital Systems and Enhancing Resilience” was held on 21st March 2016.
  14. 14. 14Spectrum Workshop 18/04/2016 Final thoughts “We live today in a complex, densely networked and heavily technology-reliant society. Extensive privatisation and the pursuit of competitive advantage in globalised markets, have also led us to pare down the systems we rely upon until little or no margin for error remains. We have switched to lean production, stretched supply chains, decreased stock inventories and reduced redundancy in our systems. We have outsourced, offshored and embraced a just-in-time culture with little heed for just-in-case. This magnifies not only efficiency but also vulnerability. Everything depends on infrastructure functioning smoothly and the infrastructure of modern life can be brittle: interdependent systems can make for cascades of concatenated failure when one link in the chain is broken”. Let’s use the opportunity of infrastructure renewal to drive a renaissance in ‘Security by Design’, bringing back into widespread use the good practice that we have long known and understood….
  15. 15. 15 Spectrum Workshop 18/04/2016 But remember, managing risk is a continual battle. Don’t ever sit back and believe that you have won! Oh dear…! Presentation can be Downloaded from: