SlideShare a Scribd company logo

Paul Howland - DSTL - SPF EM risk framework presentation v2

techUK
techUK

Presentations from the SPF Spectrum Resilience workshop on 03 May 2018 More information about the UK Spectrum Policy Forum is available here. http://www.techuk.org/about/uk-spectrum-policy-forum

Technology
1 of 9
A Framework for Understanding Spectrum Resilience – Initial Thoughts Spectrum Resilience Workshop 03 May 2018 Paul Howland OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Disclaimer: The content of this presentation are the views of the author and do not necessarily represent those of Dstl or MOD
Key Framework Elements • Understand – How does an enterprise use EM Spectrum – What is the enterprise exposure to EM Threats and Risks • Assessment – What are the impacts to the enterprise of threats and risks – What are the probabilities of these threats and risks being realised • Measures – What has/can be done to mitigate threats and risks • Test and Verify – Evaluate and verify efficacy of measures • Regular Validation and Verification – To ensure changing and emerging threats are recognised and managed – Ensure currency of training, process, technology etc. OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
Understand • Understand the Enterprise Exposure to Threat/Risk – What systems are reliant on EM Spectrum • Directly - Sensors , Data Communications, Product Delivery • Indirectly – Sales, Market Mechanisms, Synchronisation • Corporate/Enterprise Communications • Noting that manufacturing and service control need to be considered as well as office Information Systems – How is this impacted by medium and long term plans – This is potentially complex and often not intuative OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
Assessment - Consideration Space • Risks (Examples Only) – Service Delivery – Product Management – Manufacturing Output – Product Quality – Growth – Reputation – Share Value • Risk Dimensions – Impact, Probability OFFICIAL • EM “Threat” Classes (Enterprise risks arise from Threats) – Deliberate – Accidental – Environmental – Regulatory – Technical • Threat Evolution (Now, Next Future) © Crown copyright 2018 Dstl 29 May 2018 Scaling and prioritisation of potential impacts is neccesary
Mitigation Measures • A good starting point for considering threat mitigation measures • Most have civil analogies • Not yet thought through so to seed thinking OFFICIAL • Defence Lines of Development – Describing capability needs • TEPIDOIL – Training – Equipment and technology – Personnel – Information – Doctrine and concepts – Organization, – Infrastructure – Logistics © Crown copyright 2018 Dstl 29 May 2018
Test and Verify • Once mitigations are in place: – Verify Status of mitigations e.g. • Key Staff identified and posts filled • Redundant Equipment and Infrastructure in place • Response and Recovery processes in place – Test • Analogous to fire alarm testing • To suit Risk and mitigation • Paper exercises – for enterprise wide contingency planning • Extension to penetration testing – Cyber and Physical • Equipment and Infrastructure Component Testing (Lab and Field) • Audit Training Records OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
Revalidation and regular verification • Revalidate: – Threat – Risk exposure – Mitigations – Test and verification processes • Re-verification – Ensure testing and training regimes are kept up to date – That prioritisation is reviewed – Processes keep pace with technical and infrastructure evolution – That assessments are in line with current medium and long term plans OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Threat Changes, Risk exposure changes, Staff change, Technology advances
Finally • Example Metrics – Blue, Green, Amber or Red for each Risk – (Vulnerability?) – Blue – System does not degrade “significantly” in the presence of Threat, – Green - some degradation but minimum impact on critical infrastructure (CI) or customer services – Amber – Significant impact on CI or Customer service (Short outage or significant degradation in service quality attributes, – Red – Prolonged, significant impact or service outage) © Crown copyright 2018 Dstl 29 May 2018
© Crown copyright 2018 Dstl 29 May 2018

Recommended

Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]
Martin Lawrence
 
The Security Value Chain
The Security Value ChainThe Security Value Chain
The Security Value Chain
Brandon Dunlap
 
Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010
Nuno Tasso de Figueiredo
 
Supply_sample
Supply_sampleSupply_sample
Supply_sample
ahmad bassiouny
 
Class 16 organizational structure 2
Class 16 organizational structure 2Class 16 organizational structure 2
Class 16 organizational structure 2
manikanta malla
 
Mis 1
Mis 1Mis 1
Mis 1
Md. Mashiur Rahman
 
RPG Analytics Overview 2015
RPG Analytics Overview 2015RPG Analytics Overview 2015
RPG Analytics Overview 2015
ReefPoint Group
 
Mis 3
Mis 3Mis 3
Mis 3
Md. Mashiur Rahman
 

Recommended

Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]Exeter university ig manager presentation [1]
Exeter university ig manager presentation [1]
Martin Lawrence
 
The Security Value Chain
The Security Value ChainThe Security Value Chain
The Security Value Chain
Brandon Dunlap
 
Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010Nfpa apsei evolution-ofsecurity_wl_14092010
Nfpa apsei evolution-ofsecurity_wl_14092010
Nuno Tasso de Figueiredo
 
Supply_sample
Supply_sampleSupply_sample
Supply_sample
ahmad bassiouny
 
Class 16 organizational structure 2
Class 16 organizational structure 2Class 16 organizational structure 2
Class 16 organizational structure 2
manikanta malla
 
Mis 1
Mis 1Mis 1
Mis 1
Md. Mashiur Rahman
 
RPG Analytics Overview 2015
RPG Analytics Overview 2015RPG Analytics Overview 2015
RPG Analytics Overview 2015
ReefPoint Group
 
Mis 3
Mis 3Mis 3
Mis 3
Md. Mashiur Rahman
 
Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - Webinar
Ali Zeeshan
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss Prevention
Michael Marshall, PE
 
BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business Continuity
Yusuf Hadiwinata Sutandar
 
NEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdfNEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdf
Mohamed Ghonema
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
KiranKumar24546
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
AstalapulosListestos
 
Safety management
Safety managementSafety management
Safety managementSrini Vasan
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004
Donald E. Hester
 
Key concepts of Technology Management
Key concepts of Technology ManagementKey concepts of Technology Management
Key concepts of Technology Management
Ace Institute of Management (Nepal), Institute of Management Studies (Nepal)
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
Resilient Systems
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Yoyo Sudaryo
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department
Sandeep S Jaryal
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Adetula Bunmi
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
360 BSI
 
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR TechnologyAfter the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
H3 HR Advisors, Inc.
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance Office
Cloud Watchmen Inc.
 
Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options
techUK
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
techUK
 

More Related Content

Similar to Paul Howland - DSTL - SPF EM risk framework presentation v2

Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - Webinar
Ali Zeeshan
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss Prevention
Michael Marshall, PE
 
BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business Continuity
Yusuf Hadiwinata Sutandar
 
NEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdfNEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdf
Mohamed Ghonema
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
KiranKumar24546
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
AstalapulosListestos
 
Safety management
Safety managementSafety management
Safety managementSrini Vasan
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004
Donald E. Hester
 
Key concepts of Technology Management
Key concepts of Technology ManagementKey concepts of Technology Management
Key concepts of Technology Management
Ace Institute of Management (Nepal), Institute of Management Studies (Nepal)
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
Resilient Systems
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Yoyo Sudaryo
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department
Sandeep S Jaryal
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Adetula Bunmi
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
360 BSI
 
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR TechnologyAfter the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
H3 HR Advisors, Inc.
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance Office
Cloud Watchmen Inc.
 

Similar to Paul Howland - DSTL - SPF EM risk framework presentation v2 (20)

Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - Webinar
 
Operational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss PreventionOperational Excellence in Oil and Gas Loss Prevention
Operational Excellence in Oil and Gas Loss Prevention
 
BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business Continuity
 
NEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdfNEBOSH HSE PSM Element 1 v1.pdf
NEBOSH HSE PSM Element 1 v1.pdf
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
CompTIA Security+.pptx
CompTIA Security+.pptxCompTIA Security+.pptx
CompTIA Security+.pptx
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
 
Safety management
Safety managementSafety management
Safety management
 
IT Business Continuity Planning 2004
IT Business Continuity Planning 2004IT Business Continuity Planning 2004
IT Business Continuity Planning 2004
 
Key concepts of Technology Management
Key concepts of Technology ManagementKey concepts of Technology Management
Key concepts of Technology Management
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department 3 focus areas for any organisation's IT & Security department
3 focus areas for any organisation's IT & Security department
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
Business Continuity, Disaster Recovery Planning & Leadership, 16 - 19 Februar...
 
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR TechnologyAfter the Contracts Are Signed: Busing the Most Common Myths in HR Technology
After the Contracts Are Signed: Busing the Most Common Myths in HR Technology
 
Setting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance OfficeSetting up an Effective Security and Compliance Office
Setting up an Effective Security and Compliance Office
 

More from techUK

Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options
techUK
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
techUK
 
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access EvolutionPeter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
techUK
 
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPFStephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
techUK
 
Nigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum AccessNigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum Access
techUK
 
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access MethodsTony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
techUK
 
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and SharingCliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
techUK
 
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
techUK
 
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
techUK
 
Enabling Dynamic Spectrum Management
Enabling Dynamic Spectrum ManagementEnabling Dynamic Spectrum Management
Enabling Dynamic Spectrum Management
techUK
 
Spectrum Requirements for Utilities
Spectrum Requirements for UtilitiesSpectrum Requirements for Utilities
Spectrum Requirements for Utilities
techUK
 
406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials 406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials
techUK
 
CMU Update Review
CMU Update Review CMU Update Review
CMU Update Review
techUK
 
Sharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MODSharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MOD
techUK
 
India Secondment
India SecondmentIndia Secondment
India Secondment
techUK
 
DIT Space FDI
DIT Space FDIDIT Space FDI
DIT Space FDI
techUK
 
Space Trade Negotiations Priorities
Space Trade Negotiations PrioritiesSpace Trade Negotiations Priorities
Space Trade Negotiations Priorities
techUK
 
Feedback from USA Workshop
Feedback from USA WorkshopFeedback from USA Workshop
Feedback from USA Workshop
techUK
 
Amberhawk - Law Enforcement Parts of the Data Protection Bill
Amberhawk - Law Enforcement Parts of the Data Protection BillAmberhawk - Law Enforcement Parts of the Data Protection Bill
Amberhawk - Law Enforcement Parts of the Data Protection Bill
techUK
 
Thales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's PerspectiveThales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's Perspective
techUK
 

More from techUK (20)

Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
 
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access EvolutionPeter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
 
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPFStephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
 
Nigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum AccessNigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum Access
 
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access MethodsTony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
 
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and SharingCliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
 
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
 
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
 
Enabling Dynamic Spectrum Management
Enabling Dynamic Spectrum ManagementEnabling Dynamic Spectrum Management
Enabling Dynamic Spectrum Management
 
Spectrum Requirements for Utilities
Spectrum Requirements for UtilitiesSpectrum Requirements for Utilities
Spectrum Requirements for Utilities
 
406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials 406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials
 
CMU Update Review
CMU Update Review CMU Update Review
CMU Update Review
 
Sharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MODSharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MOD
 
India Secondment
India SecondmentIndia Secondment
India Secondment
 
DIT Space FDI
DIT Space FDIDIT Space FDI
DIT Space FDI
 
Space Trade Negotiations Priorities
Space Trade Negotiations PrioritiesSpace Trade Negotiations Priorities
Space Trade Negotiations Priorities
 
Feedback from USA Workshop
Feedback from USA WorkshopFeedback from USA Workshop
Feedback from USA Workshop
 
Amberhawk - Law Enforcement Parts of the Data Protection Bill
Amberhawk - Law Enforcement Parts of the Data Protection BillAmberhawk - Law Enforcement Parts of the Data Protection Bill
Amberhawk - Law Enforcement Parts of the Data Protection Bill
 
Thales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's PerspectiveThales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's Perspective
 

Recently uploaded

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 

Recently uploaded (20)

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 

Paul Howland - DSTL - SPF EM risk framework presentation v2

  • 1. A Framework for Understanding Spectrum Resilience – Initial Thoughts Spectrum Resilience Workshop 03 May 2018 Paul Howland OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Disclaimer: The content of this presentation are the views of the author and do not necessarily represent those of Dstl or MOD
  • 2. Key Framework Elements • Understand – How does an enterprise use EM Spectrum – What is the enterprise exposure to EM Threats and Risks • Assessment – What are the impacts to the enterprise of threats and risks – What are the probabilities of these threats and risks being realised • Measures – What has/can be done to mitigate threats and risks • Test and Verify – Evaluate and verify efficacy of measures • Regular Validation and Verification – To ensure changing and emerging threats are recognised and managed – Ensure currency of training, process, technology etc. OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  • 3. Understand • Understand the Enterprise Exposure to Threat/Risk – What systems are reliant on EM Spectrum • Directly - Sensors , Data Communications, Product Delivery • Indirectly – Sales, Market Mechanisms, Synchronisation • Corporate/Enterprise Communications • Noting that manufacturing and service control need to be considered as well as office Information Systems – How is this impacted by medium and long term plans – This is potentially complex and often not intuative OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  • 4. Assessment - Consideration Space • Risks (Examples Only) – Service Delivery – Product Management – Manufacturing Output – Product Quality – Growth – Reputation – Share Value • Risk Dimensions – Impact, Probability OFFICIAL • EM “Threat” Classes (Enterprise risks arise from Threats) – Deliberate – Accidental – Environmental – Regulatory – Technical • Threat Evolution (Now, Next Future) © Crown copyright 2018 Dstl 29 May 2018 Scaling and prioritisation of potential impacts is neccesary
  • 5. Mitigation Measures • A good starting point for considering threat mitigation measures • Most have civil analogies • Not yet thought through so to seed thinking OFFICIAL • Defence Lines of Development – Describing capability needs • TEPIDOIL – Training – Equipment and technology – Personnel – Information – Doctrine and concepts – Organization, – Infrastructure – Logistics © Crown copyright 2018 Dstl 29 May 2018
  • 6. Test and Verify • Once mitigations are in place: – Verify Status of mitigations e.g. • Key Staff identified and posts filled • Redundant Equipment and Infrastructure in place • Response and Recovery processes in place – Test • Analogous to fire alarm testing • To suit Risk and mitigation • Paper exercises – for enterprise wide contingency planning • Extension to penetration testing – Cyber and Physical • Equipment and Infrastructure Component Testing (Lab and Field) • Audit Training Records OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  • 7. Revalidation and regular verification • Revalidate: – Threat – Risk exposure – Mitigations – Test and verification processes • Re-verification – Ensure testing and training regimes are kept up to date – That prioritisation is reviewed – Processes keep pace with technical and infrastructure evolution – That assessments are in line with current medium and long term plans OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Threat Changes, Risk exposure changes, Staff change, Technology advances
  • 8. Finally • Example Metrics – Blue, Green, Amber or Red for each Risk – (Vulnerability?) – Blue – System does not degrade “significantly” in the presence of Threat, – Green - some degradation but minimum impact on critical infrastructure (CI) or customer services – Amber – Significant impact on CI or Customer service (Short outage or significant degradation in service quality attributes, – Red – Prolonged, significant impact or service outage) © Crown copyright 2018 Dstl 29 May 2018
  • 9. © Crown copyright 2018 Dstl 29 May 2018

Editor's Notes

  1. This slide may be shown at the end of the presentation.