Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Paul Howland, DSTL - Spectrum Risk


Published on

Presented by Paul Howland, DSTL, in the UK Spectrum Policy Forum UK SPF Workshop: Spectrum Infrastructure Resiliency & Interference on the 18 April 2016.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Paul Howland, DSTL - Spectrum Risk

  1. 1. © Crown copyright 2016 Dstl 20 April 2016
  2. 2. Spectrum Risk Potential mitigation techniques and Initiatives For Spectrum Policy Forum workshop on Spectrum Infrastructure Resiliency & Interference, TechUK, 18 April 2016. Paul Howland, Principal Scientist Dstl OFFICIAL© Crown copyright 2016 Dstl April 2016
  3. 3. Content • Summary of Risk – Sources, intent, potential impact • What is the risk – Assessment and audit • Detection and Attribution • Approaches to mitigation • Key points summary OFFICIAL© Crown copyright 2016 Dstl 20 April 2016
  4. 4. Increasing Spectrum Risk • Widespread and increasing reliance on spectrum in: – All Industry Sectors – All Critical Infrastructure – Entertainment and Social Media – Government Activities • Information capabilities are increasingly wireless – Agility, cost, ubiquity • RF Sensing and Wireless connection for sensors increasing – Cost, agility, modification, response OFFICIAL© Crown copyright 2016 Dstl 20 April 2016
  5. 5. Sources and Impacts • Sources – Intentional • Use of RF Emitters to achieve a desired effect • Jammers to RF DEW • Simple to build/buy – Accidental • Incorrect setup • Faults • Non approved – Spectrum Availability in Future • Congestion (Licenced and ISM) OFFICIAL© Crown copyright 2016 Dstl 20 April 2016 • Impacts – Minor Degradation – Significant Disruption – Capability Denial – Destruction • Functions impacted – Communication – Sensing – Position, Navigation, Timing
  6. 6. OFFICIAL© Crown copyright 2016 Dstl 20 April 2016 Range – Distance to Impacted Capability Power Metres 50000 KMs uW TerraW Destruction Region (Non RF Equipment) Minor Degradation (of RF Equipment) UK Restricted Illustrative – No Scale Intended The RF Effector Space
  7. 7. What is the Risk to Current Business? • Step 1 – Determine Exposure for Enterprise – What business processes use spectrum – Audit • Step 2 – For each spectrum dependent business process – Assess criticality against each class of RF Risk – Are fall back processes in place – Are fall back processes exercised – Are Staff Trained – Record Risks Continued on next Slide… OFFICIAL© Crown copyright 2016 Dstl 20 April 2016
  8. 8. Continued… • Step 3 – What is the residual Impact and appetite? – To allow informed decision to Mitigate/Accept/Transfer – To allow mitigations to be designed and prioritised where relevant – The time constant of recovery – Outage duration is important – Communicate risks, plan training and validate • Step 4 – Manage risks – Repeat Steps 1-3 at regular intervals – Reflect changing threats and stresses to spectrum in the face of evolving business processes © Crown copyright 2016 Dstl 20 April 2016
  9. 9. Future Risks • Increasing and changing uses of spectrum • Future plans need to account for a more congested spectrum and in some cases a more contested spectrum – Technology risk – Planning risk – Planning assumptions – Risk appetite • Increasing reliance on information and RF sensing – Will tend to increase the impact of spectrum risk OFFICIAL© Crown copyright 2016 Dstl 20 April 2016
  10. 10. AVAILABLE SPECTRUM For New Applications Technology and Process Efficiency Improvement Spectrum Supply and Demand A Simple Model of changes OFFICIAL© Crown copyright 2014 Dstl 20 April 2016 Wireless Comms, RF Sensor Demand Civil Comms Service and ISM + += Increasing need for Management and resilience assessment Tendency to move from licenced radio systems to use of generic services
  11. 11. Detection and Attribution © Crown copyright 2014 Dstl 20 April 2016 • Developing risk mitigations may require: – RF Stress or Threat Detection capability • Modern complex systems make detection of problems difficult “normal versus unexpected” • E.g. Heartbeat, delivery receipting, protocol ack-nack etc. – Attribution (Required to determine appropriate response) • Once a problem is identified the cause needs to be identified • Without specific monitoring it is hard to tell which OSI layer is causing a problem • E.g. Trying to solve an RF problem when it is a IP, routing, or application issue is common and nugatory • When using external service providers this may be even more difficult
  12. 12. Attribution of RF Problems OFFICIAL© Crown copyright 2014 Dstl 20 April 2016 • There may be a need to respond differently to different RF problems • Real time differentiation between RF causes is hard without specific sensing techniques eg: – Deliberate and accidental – RF DEW or a failure – RF Noise from various sources – Congestion and faults – Range and direction of source • Forensic attribution also needs similar information sets
  13. 13. Mitigation OFFICIAL© Crown copyright 2014 Dstl 20 April 2016 • Multidimensional – Understand • Recognise the potential problems • The scope and scale of impact – Process • Include in Business/Enterprise continuity planning • Put Audit and assessment process in place – Spectrum risk register? • Fallback procedures – Training • Ensure staff are appropriately trained and exercised • Cyber/RF Crossover in many cases Technology Process Training Understand Resource – Technology • Assess technology needs • May require sensing/ monitoring for attribution • Redundancy, prioritisation – Resource • Resources need to be adequate
  14. 14. Summary OFFICIAL© Crown copyright 2014 Dstl 20 April 2016 • Spectrum Risk is increasing due to increasing reliance on information and the wireless comms and RF Sensing that support it • Key risk classes are intentional and unintentional threats and stresses on spectrum dependent systems • Planning increased reliance on spectrum for future capability and to meet business needs requires appropriate risk treatment • Mitigation of this spectrum risk requires: – Understanding of the scale and impact of the problem – Audit and Assess – Detection and attribution in near real time and forensically – Appropriate awareness of spectrum dependence at all levels – Implementation of response to threat and stress processes – Resources for training, exercises and to implement technological mitigations – RF risk on graduate and postgrad syllabus for cyber and RF engineering – Spectrum aware planning for future enterprise and business capabilities
  15. 15. © Crown copyright 2016 Dstl 20 April 2016