SlideShare a Scribd company logo

Paul Howland - DSTL - SPF EM risk framework presentation v2

techUK
techUK

Presentations from the SPF Spectrum Resilience workshop on 03 May 2018 More information about the UK Spectrum Policy Forum is available here. http://www.techuk.org/about/uk-spectrum-policy-forum

Technology
1 of 9
A Framework for Understanding Spectrum Resilience – Initial Thoughts Spectrum Resilience Workshop 03 May 2018 Paul Howland OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Disclaimer: The content of this presentation are the views of the author and do not necessarily represent those of Dstl or MOD
Key Framework Elements • Understand – How does an enterprise use EM Spectrum – What is the enterprise exposure to EM Threats and Risks • Assessment – What are the impacts to the enterprise of threats and risks – What are the probabilities of these threats and risks being realised • Measures – What has/can be done to mitigate threats and risks • Test and Verify – Evaluate and verify efficacy of measures • Regular Validation and Verification – To ensure changing and emerging threats are recognised and managed – Ensure currency of training, process, technology etc. OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
Understand • Understand the Enterprise Exposure to Threat/Risk – What systems are reliant on EM Spectrum • Directly - Sensors , Data Communications, Product Delivery • Indirectly – Sales, Market Mechanisms, Synchronisation • Corporate/Enterprise Communications • Noting that manufacturing and service control need to be considered as well as office Information Systems – How is this impacted by medium and long term plans – This is potentially complex and often not intuative OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
Assessment - Consideration Space • Risks (Examples Only) – Service Delivery – Product Management – Manufacturing Output – Product Quality – Growth – Reputation – Share Value • Risk Dimensions – Impact, Probability OFFICIAL • EM “Threat” Classes (Enterprise risks arise from Threats) – Deliberate – Accidental – Environmental – Regulatory – Technical • Threat Evolution (Now, Next Future) © Crown copyright 2018 Dstl 29 May 2018 Scaling and prioritisation of potential impacts is neccesary
Mitigation Measures • A good starting point for considering threat mitigation measures • Most have civil analogies • Not yet thought through so to seed thinking OFFICIAL • Defence Lines of Development – Describing capability needs • TEPIDOIL – Training – Equipment and technology – Personnel – Information – Doctrine and concepts – Organization, – Infrastructure – Logistics © Crown copyright 2018 Dstl 29 May 2018
Test and Verify • Once mitigations are in place: – Verify Status of mitigations e.g. • Key Staff identified and posts filled • Redundant Equipment and Infrastructure in place • Response and Recovery processes in place – Test • Analogous to fire alarm testing • To suit Risk and mitigation • Paper exercises – for enterprise wide contingency planning • Extension to penetration testing – Cyber and Physical • Equipment and Infrastructure Component Testing (Lab and Field) • Audit Training Records OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
Revalidation and regular verification • Revalidate: – Threat – Risk exposure – Mitigations – Test and verification processes • Re-verification – Ensure testing and training regimes are kept up to date – That prioritisation is reviewed – Processes keep pace with technical and infrastructure evolution – That assessments are in line with current medium and long term plans OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Threat Changes, Risk exposure changes, Staff change, Technology advances
Finally • Example Metrics – Blue, Green, Amber or Red for each Risk – (Vulnerability?) – Blue – System does not degrade “significantly” in the presence of Threat, – Green - some degradation but minimum impact on critical infrastructure (CI) or customer services – Amber – Significant impact on CI or Customer service (Short outage or significant degradation in service quality attributes, – Red – Prolonged, significant impact or service outage) © Crown copyright 2018 Dstl 29 May 2018
© Crown copyright 2018 Dstl 29 May 2018

Recommended

Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]Martin Lawrence
 
The Security Value Chain
The Security Value ChainThe Security Value Chain
The Security Value ChainBrandon Dunlap
 
Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nuno Tasso de Figueiredo
 
Supply_sample
Supply_sampleSupply_sample
Supply_sampleahmad bassiouny
 
Class 16 organizational structure 2
Class 16 organizational structure 2Class 16 organizational structure 2
Class 16 organizational structure 2manikanta malla
 
Mis 1
Mis 1Mis 1
Mis 1Md. Mashiur Rahman
 
RPG Analytics Overview 2015
RPG Analytics Overview 2015RPG Analytics Overview 2015
RPG Analytics Overview 2015ReefPoint Group
 
Mis 3
Mis 3Mis 3
Mis 3Md. Mashiur Rahman
 

Recommended

Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]Martin Lawrence
 
The Security Value Chain
The Security Value ChainThe Security Value Chain
The Security Value ChainBrandon Dunlap
 
Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nuno Tasso de Figueiredo
 
Supply_sample
Supply_sampleSupply_sample
Supply_sampleahmad bassiouny
 
Class 16 organizational structure 2
Class 16 organizational structure 2Class 16 organizational structure 2
Class 16 organizational structure 2manikanta malla
 
Mis 1
Mis 1Mis 1
Mis 1Md. Mashiur Rahman
 
RPG Analytics Overview 2015
RPG Analytics Overview 2015RPG Analytics Overview 2015
RPG Analytics Overview 2015ReefPoint Group
 
Mis 3
Mis 3Mis 3
Mis 3Md. Mashiur Rahman
 
Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarAli Zeeshan
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionMichael Marshall, PE
 
BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityYusuf Hadiwinata Sutandar
 
NEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdfNEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdfMohamed Ghonema
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptxKiranKumar24546
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guideAstalapulosListestos
 
Safety management
Safety managementSafety management
Safety managementSrini Vasan
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004Donald E. Hester
 
Key concepts of Technology Management
Key concepts of Technology ManagementKey concepts of Technology Management
Key concepts of Technology ManagementAce Institute of Management (Nepal), Institute of Management Studies (Nepal)
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response FunctionResilient Systems
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfYoyo Sudaryo
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response PlanResilient Systems
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department Sandeep S Jaryal
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...360 BSI
 
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR TechnologyAfter the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR TechnologyH3 HR Advisors, Inc.
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeCloud Watchmen Inc.
 
Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options techUK
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...techUK
 

More Related Content

Similar to Paul Howland - DSTL - SPF EM risk framework presentation v2

Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarAli Zeeshan
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionMichael Marshall, PE
 
NEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdfNEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdfMohamed Ghonema
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guideAstalapulosListestos
 
Safety management
Safety managementSafety management
Safety managementSrini Vasan
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004Donald E. Hester
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response FunctionResilient Systems
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfYoyo Sudaryo
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response PlanResilient Systems
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department Sandeep S Jaryal
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...360 BSI
 
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR TechnologyAfter the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR TechnologyH3 HR Advisors, Inc.
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeCloud Watchmen Inc.
 

Similar to Paul Howland - DSTL - SPF EM risk framework presentation v2 (20)

Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - Webinar
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss Prevention
 
BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business Continuity
 
NEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdfNEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdf
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
 
Safety management
Safety managementSafety management
Safety management
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004
 
Key concepts of Technology Management
Key concepts of Technology ManagementKey concepts of Technology Management
Key concepts of Technology Management
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
 
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR TechnologyAfter the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance Office
 

More from techUK

Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options techUK
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...techUK
 
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access EvolutionPeter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access EvolutiontechUK
 
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPFStephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPFtechUK
 
Nigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum AccessNigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum AccesstechUK
 
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access MethodsTony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access MethodstechUK
 
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and SharingCliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and SharingtechUK
 
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...techUK
 
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018techUK
 
Enabling Dynamic Spectrum Management
Enabling Dynamic Spectrum ManagementEnabling Dynamic Spectrum Management
Enabling Dynamic Spectrum ManagementtechUK
 
Spectrum Requirements for Utilities
Spectrum Requirements for UtilitiesSpectrum Requirements for Utilities
Spectrum Requirements for UtilitiestechUK
 
406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials 406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials techUK
 
CMU Update Review
CMU Update Review CMU Update Review
CMU Update Review techUK
 
Sharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MODSharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MODtechUK
 
India Secondment
India SecondmentIndia Secondment
India SecondmenttechUK
 
DIT Space FDI
DIT Space FDIDIT Space FDI
DIT Space FDItechUK
 
Space Trade Negotiations Priorities
Space Trade Negotiations PrioritiesSpace Trade Negotiations Priorities
Space Trade Negotiations PrioritiestechUK
 
Feedback from USA Workshop
Feedback from USA WorkshopFeedback from USA Workshop
Feedback from USA WorkshoptechUK
 
Amberhawk - Law Enforcement Parts of the Data Protection Bill
Amberhawk - Law Enforcement Parts of the Data Protection BillAmberhawk - Law Enforcement Parts of the Data Protection Bill
Amberhawk - Law Enforcement Parts of the Data Protection BilltechUK
 
Thales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's PerspectiveThales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's PerspectivetechUK
 

More from techUK (20)

Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
 
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access EvolutionPeter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
 
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPFStephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
 
Nigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum AccessNigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum Access
 
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access MethodsTony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
 
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and SharingCliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
 
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
 
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
 
Enabling Dynamic Spectrum Management
Enabling Dynamic Spectrum ManagementEnabling Dynamic Spectrum Management
Enabling Dynamic Spectrum Management
 
Spectrum Requirements for Utilities
Spectrum Requirements for UtilitiesSpectrum Requirements for Utilities
Spectrum Requirements for Utilities
 
406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials 406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials
 
CMU Update Review
CMU Update Review CMU Update Review
CMU Update Review
 
Sharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MODSharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MOD
 
India Secondment
India SecondmentIndia Secondment
India Secondment
 
DIT Space FDI
DIT Space FDIDIT Space FDI
DIT Space FDI
 
Space Trade Negotiations Priorities
Space Trade Negotiations PrioritiesSpace Trade Negotiations Priorities
Space Trade Negotiations Priorities
 
Feedback from USA Workshop
Feedback from USA WorkshopFeedback from USA Workshop
Feedback from USA Workshop
 
Amberhawk - Law Enforcement Parts of the Data Protection Bill
Amberhawk - Law Enforcement Parts of the Data Protection BillAmberhawk - Law Enforcement Parts of the Data Protection Bill
Amberhawk - Law Enforcement Parts of the Data Protection Bill
 
Thales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's PerspectiveThales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's Perspective
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Paul Howland - DSTL - SPF EM risk framework presentation v2

  • 1. A Framework for Understanding Spectrum Resilience – Initial Thoughts Spectrum Resilience Workshop 03 May 2018 Paul Howland OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Disclaimer: The content of this presentation are the views of the author and do not necessarily represent those of Dstl or MOD
  • 2. Key Framework Elements • Understand – How does an enterprise use EM Spectrum – What is the enterprise exposure to EM Threats and Risks • Assessment – What are the impacts to the enterprise of threats and risks – What are the probabilities of these threats and risks being realised • Measures – What has/can be done to mitigate threats and risks • Test and Verify – Evaluate and verify efficacy of measures • Regular Validation and Verification – To ensure changing and emerging threats are recognised and managed – Ensure currency of training, process, technology etc. OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  • 3. Understand • Understand the Enterprise Exposure to Threat/Risk – What systems are reliant on EM Spectrum • Directly - Sensors , Data Communications, Product Delivery • Indirectly – Sales, Market Mechanisms, Synchronisation • Corporate/Enterprise Communications • Noting that manufacturing and service control need to be considered as well as office Information Systems – How is this impacted by medium and long term plans – This is potentially complex and often not intuative OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  • 4. Assessment - Consideration Space • Risks (Examples Only) – Service Delivery – Product Management – Manufacturing Output – Product Quality – Growth – Reputation – Share Value • Risk Dimensions – Impact, Probability OFFICIAL • EM “Threat” Classes (Enterprise risks arise from Threats) – Deliberate – Accidental – Environmental – Regulatory – Technical • Threat Evolution (Now, Next Future) © Crown copyright 2018 Dstl 29 May 2018 Scaling and prioritisation of potential impacts is neccesary
  • 5. Mitigation Measures • A good starting point for considering threat mitigation measures • Most have civil analogies • Not yet thought through so to seed thinking OFFICIAL • Defence Lines of Development – Describing capability needs • TEPIDOIL – Training – Equipment and technology – Personnel – Information – Doctrine and concepts – Organization, – Infrastructure – Logistics © Crown copyright 2018 Dstl 29 May 2018
  • 6. Test and Verify • Once mitigations are in place: – Verify Status of mitigations e.g. • Key Staff identified and posts filled • Redundant Equipment and Infrastructure in place • Response and Recovery processes in place – Test • Analogous to fire alarm testing • To suit Risk and mitigation • Paper exercises – for enterprise wide contingency planning • Extension to penetration testing – Cyber and Physical • Equipment and Infrastructure Component Testing (Lab and Field) • Audit Training Records OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  • 7. Revalidation and regular verification • Revalidate: – Threat – Risk exposure – Mitigations – Test and verification processes • Re-verification – Ensure testing and training regimes are kept up to date – That prioritisation is reviewed – Processes keep pace with technical and infrastructure evolution – That assessments are in line with current medium and long term plans OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Threat Changes, Risk exposure changes, Staff change, Technology advances
  • 8. Finally • Example Metrics – Blue, Green, Amber or Red for each Risk – (Vulnerability?) – Blue – System does not degrade “significantly” in the presence of Threat, – Green - some degradation but minimum impact on critical infrastructure (CI) or customer services – Amber – Significant impact on CI or Customer service (Short outage or significant degradation in service quality attributes, – Red – Prolonged, significant impact or service outage) © Crown copyright 2018 Dstl 29 May 2018
  • 9. © Crown copyright 2018 Dstl 29 May 2018

Editor's Notes

  1. This slide may be shown at the end of the presentation.