O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Paul Howland - DSTL - SPF EM risk framework presentation v2

Presentations from the SPF Spectrum Resilience workshop on 03 May 2018

More information about the UK Spectrum Policy Forum is available here.
http://www.techuk.org/about/uk-spectrum-policy-forum

  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

Paul Howland - DSTL - SPF EM risk framework presentation v2

  1. 1. A Framework for Understanding Spectrum Resilience – Initial Thoughts Spectrum Resilience Workshop 03 May 2018 Paul Howland OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Disclaimer: The content of this presentation are the views of the author and do not necessarily represent those of Dstl or MOD
  2. 2. Key Framework Elements • Understand – How does an enterprise use EM Spectrum – What is the enterprise exposure to EM Threats and Risks • Assessment – What are the impacts to the enterprise of threats and risks – What are the probabilities of these threats and risks being realised • Measures – What has/can be done to mitigate threats and risks • Test and Verify – Evaluate and verify efficacy of measures • Regular Validation and Verification – To ensure changing and emerging threats are recognised and managed – Ensure currency of training, process, technology etc. OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  3. 3. Understand • Understand the Enterprise Exposure to Threat/Risk – What systems are reliant on EM Spectrum • Directly - Sensors , Data Communications, Product Delivery • Indirectly – Sales, Market Mechanisms, Synchronisation • Corporate/Enterprise Communications • Noting that manufacturing and service control need to be considered as well as office Information Systems – How is this impacted by medium and long term plans – This is potentially complex and often not intuative OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  4. 4. Assessment - Consideration Space • Risks (Examples Only) – Service Delivery – Product Management – Manufacturing Output – Product Quality – Growth – Reputation – Share Value • Risk Dimensions – Impact, Probability OFFICIAL • EM “Threat” Classes (Enterprise risks arise from Threats) – Deliberate – Accidental – Environmental – Regulatory – Technical • Threat Evolution (Now, Next Future) © Crown copyright 2018 Dstl 29 May 2018 Scaling and prioritisation of potential impacts is neccesary
  5. 5. Mitigation Measures • A good starting point for considering threat mitigation measures • Most have civil analogies • Not yet thought through so to seed thinking OFFICIAL • Defence Lines of Development – Describing capability needs • TEPIDOIL – Training – Equipment and technology – Personnel – Information – Doctrine and concepts – Organization, – Infrastructure – Logistics © Crown copyright 2018 Dstl 29 May 2018
  6. 6. Test and Verify • Once mitigations are in place: – Verify Status of mitigations e.g. • Key Staff identified and posts filled • Redundant Equipment and Infrastructure in place • Response and Recovery processes in place – Test • Analogous to fire alarm testing • To suit Risk and mitigation • Paper exercises – for enterprise wide contingency planning • Extension to penetration testing – Cyber and Physical • Equipment and Infrastructure Component Testing (Lab and Field) • Audit Training Records OFFICIAL© Crown copyright 2018 Dstl 29 May 2018
  7. 7. Revalidation and regular verification • Revalidate: – Threat – Risk exposure – Mitigations – Test and verification processes • Re-verification – Ensure testing and training regimes are kept up to date – That prioritisation is reviewed – Processes keep pace with technical and infrastructure evolution – That assessments are in line with current medium and long term plans OFFICIAL© Crown copyright 2018 Dstl 29 May 2018 Threat Changes, Risk exposure changes, Staff change, Technology advances
  8. 8. Finally • Example Metrics – Blue, Green, Amber or Red for each Risk – (Vulnerability?) – Blue – System does not degrade “significantly” in the presence of Threat, – Green - some degradation but minimum impact on critical infrastructure (CI) or customer services – Amber – Significant impact on CI or Customer service (Short outage or significant degradation in service quality attributes, – Red – Prolonged, significant impact or service outage) © Crown copyright 2018 Dstl 29 May 2018
  9. 9. © Crown copyright 2018 Dstl 29 May 2018

×