Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
A Framework for Understanding
Spectrum Resilience – Initial Thoughts
Spectrum Resilience
Workshop
03 May 2018
Paul Howland...
Key Framework Elements
• Understand
– How does an enterprise use EM Spectrum
– What is the enterprise exposure to EM Threa...
Understand
• Understand the Enterprise Exposure to Threat/Risk
– What systems are reliant on EM Spectrum
• Directly - Sens...
Assessment - Consideration Space
• Risks (Examples Only)
– Service Delivery
– Product Management
– Manufacturing Output
– ...
Mitigation Measures
• A good starting point for
considering threat
mitigation measures
• Most have civil
analogies
• Not y...
Test and Verify
• Once mitigations are in place:
– Verify Status of mitigations e.g.
• Key Staff identified and posts fill...
Revalidation and regular verification
• Revalidate:
– Threat
– Risk exposure
– Mitigations
– Test and verification process...
Finally
• Example Metrics – Blue, Green, Amber or Red for
each Risk – (Vulnerability?)
– Blue – System does not degrade “s...
© Crown copyright 2018 Dstl
29 May 2018
Upcoming SlideShare
Loading in …5
×

Paul Howland - DSTL - SPF EM risk framework presentation v2

307 views

Published on

Presentations from the SPF Spectrum Resilience workshop on 03 May 2018

More information about the UK Spectrum Policy Forum is available here.
http://www.techuk.org/about/uk-spectrum-policy-forum

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Paul Howland - DSTL - SPF EM risk framework presentation v2

  1. 1. A Framework for Understanding Spectrum Resilience – Initial Thoughts Spectrum Resilience Workshop 03 May 2018 Paul Howland OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Disclaimer: The content of this presentation are the views of the author and do not necessarily represent those of Dstl or MOD
  2. 2. Key Framework Elements • Understand – How does an enterprise use EM Spectrum – What is the enterprise exposure to EM Threats and Risks • Assessment – What are the impacts to the enterprise of threats and risks – What are the probabilities of these threats and risks being realised • Measures – What has/can be done to mitigate threats and risks • Test and Verify – Evaluate and verify efficacy of measures • Regular Validation and Verification – To ensure changing and emerging threats are recognised and managed – Ensure currency of training, process, technology etc. OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  3. 3. Understand • Understand the Enterprise Exposure to Threat/Risk – What systems are reliant on EM Spectrum • Directly - Sensors , Data Communications, Product Delivery • Indirectly – Sales, Market Mechanisms, Synchronisation • Corporate/Enterprise Communications • Noting that manufacturing and service control need to be considered as well as office Information Systems – How is this impacted by medium and long term plans – This is potentially complex and often not intuative OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  4. 4. Assessment - Consideration Space • Risks (Examples Only) – Service Delivery – Product Management – Manufacturing Output – Product Quality – Growth – Reputation – Share Value • Risk Dimensions – Impact, Probability OFFICIAL • EM “Threat” Classes (Enterprise risks arise from Threats) – Deliberate – Accidental – Environmental – Regulatory – Technical • Threat Evolution (Now, Next Future) © Crown copyright 2018 Dstl 29 May 2018 Scaling and prioritisation of potential impacts is neccesary
  5. 5. Mitigation Measures • A good starting point for considering threat mitigation measures • Most have civil analogies • Not yet thought through so to seed thinking OFFICIAL • Defence Lines of Development – Describing capability needs • TEPIDOIL – Training – Equipment and technology – Personnel – Information – Doctrine and concepts – Organization, – Infrastructure – Logistics © Crown copyright 2018 Dstl 29 May 2018
  6. 6. Test and Verify • Once mitigations are in place: – Verify Status of mitigations e.g. • Key Staff identified and posts filled • Redundant Equipment and Infrastructure in place • Response and Recovery processes in place – Test • Analogous to fire alarm testing • To suit Risk and mitigation • Paper exercises – for enterprise wide contingency planning • Extension to penetration testing – Cyber and Physical • Equipment and Infrastructure Component Testing (Lab and Field) • Audit Training Records OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  7. 7. Revalidation and regular verification • Revalidate: – Threat – Risk exposure – Mitigations – Test and verification processes • Re-verification – Ensure testing and training regimes are kept up to date – That prioritisation is reviewed – Processes keep pace with technical and infrastructure evolution – That assessments are in line with current medium and long term plans OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Threat Changes, Risk exposure changes, Staff change, Technology advances
  8. 8. Finally • Example Metrics – Blue, Green, Amber or Red for each Risk – (Vulnerability?) – Blue – System does not degrade “significantly” in the presence of Threat, – Green - some degradation but minimum impact on critical infrastructure (CI) or customer services – Amber – Significant impact on CI or Customer service (Short outage or significant degradation in service quality attributes, – Red – Prolonged, significant impact or service outage) © Crown copyright 2018 Dstl 29 May 2018
  9. 9. © Crown copyright 2018 Dstl 29 May 2018

×