New UK Spectrum Policy Forum paper identifies 10-step Cyber-Spectrum Resilience Framework for spectrum users to minimise the spectrum threat to their businesses and contribute to the overall national cyber resilience strategy.
The new paper - Cyber-Spectrum Resilience-Framework - prepared by QinetiQ on behalf of the UK Spectrum Policy Forum, provides information and guidance to spectrum users, managers and installers to help them make informed decisions and contribute to the overall cyber resilience strategy.
Radio spectrum access, which underpins the UK’s economy and provides significant social value, is part of the UK’s (soft) infrastructure. Consequently, spectrum access should be appropriately resilient from malicious or accidental disruptions and the necessary spectrum protection measures should be implemented by businesses and users to ensure that the services they provide meet their needs.
The denial of spectrum access, through jamming, spoofing or hacking, either accidentally or intentionally, can result in similar effects to cyber denial of service attacks (DDoS).
To help keep spectrum-using systems safe, the paper includes the below ten-point checklist for spectrum users, managers and installers:
- Spectrum Audits: Do you know what frequencies you are using and why?
- Impact assessment: Do you know what would the impact be on your business if you lost access to spectrum?
- Detect/Monitor/Record: Are you checking the availability and usage of your frequencies?
- Respond and Recover: Have you got a plan for getting back to business as usual after an interruption to your spectrum access?
- Reporting: How and when do you report disruption?
- Practice: Have you stress tested your system and your response and recovery plans?
- Awareness: Are your staff aware of potential threats to spectrum availability?
- Update: Do you implement regular updates?
- Qualified personnel: Do you ensure that you are using suitably qualified personnel (SQP) to configure and control your systems?
- Board responsibility: Do your Directors take responsibility for spectrum resilience?
David Meyer, Chair of the UK Spectrum Policy Forum said:
“Digital is the fastest growing part of the UK’s economy and connectivity underpins almost every sector. Businesses and services are increasingly reliant on wireless technology - from banking IT systems and transport communications, to industrial manufacturing and AI. It’s therefore vital that these services are resilient from accidental or malicious interference.
The UK Spectrum Policy Forum’s broad membership enables us to address strategic spectrum issues and provide advice to Government and Ofcom on industry and user views around key spectrum policy issues. This Cyber-Spectrum Resilience Framework provides a 10-point check list for Government, businesses and organisations to enable informed decision-making to help ensure that their services can continue to be provided un-interrupted.”
The development of this cyber-spectrum resilience framework was a key recommendation of the recent SPF Spectrum Resilience White Paper, which was developed by QinetiQ for the SPF. Based on the outcomes of UK Spectrum Policy Forum workshops the paper demonstrated the need to conduct system level testing to ensure that unexpected (ripple or cascade) effects can be understood and mitigated.
The EU Directive (2016/1148) on the security of Network and Information Systems Directive (NISD), which came into force in the UK in May 2018, aims to improve the security of network and information systems across the EU. The NISD requires that significant disruption to service provision is reported within a pre-defined period or fines may be levied. It is important to note that the NISD does not confine the causes of the disturbance to wired infrastructure.
About the UK Spectrum Policy Forum:
Launched at the request of Government, the UK Spectrum Policy Forum is the industry sounding board to address strategic spectrum issues and to provide advice to Government and Ofcom on industry and user views around key spectrum policy issues. The SPF is open to all organisations with an interest in using spectrum and has over 240 members drawn from mobile and broadcasting, space and transport, equipment manufacturers and public services. The SPF’s broad membership working together enables us to engage with challenging questions about how to get better value from spectrum use at the national and international level. A Steering Board performs the important function of ensuring the proper prioritisation and resourcing of our work.