ITS

Question 1

define safety

Answer 1

a state of being safe from injury or harm
The state of being away from hazards caused by natural forces or human errors randomly.

The source of hazard is formed by natural forces and/or human errors. In other words, the term safety is used to refer to the condition of being protected from the aspects that are likely to cause harm.

In addition, the term safety can be used to refer to the state at which one has the control of the risk-causing aspects hence protecting himself or herself against the risk that is fully unintended.

Question 2

define security

Answer 2

being free from danger or threat

Question 3

difference between safety and security

Answer 3

safety usually how someone feels about a system and it’s ability of keep them from harm

security is more about how an organisation mitigates threats from usually human sources that might want to harm an individual/organisation

Question 4

What is GNSS?

Answer 4

Global Navigation Satellite Systems

Question 5

Main GNSS systems

Answer 5

GPS, Galileo, GLONASS, BEIDOU

Question 6

What are GNSS challenges?

Answer 6

Complexity
User base
Institutional control
Performance variance

Question 7

GNSS challenges - Complexity - define

Answer 7

control segment, satellites, modelling, signal generation
– signal path effects, receiver hardware/electronics/algorithms
- anomalies or failures can occur at any stage

Question 8

GNSS challenges - user base - define

Answer 8

User base - multiple users globally,

Question 9

GNSS challenges - institutional control - define

Answer 9

Institutional control - need to keep some aspects limited due to security concerns.
e.g. Military Use GPS “Selective Avaialabilty” option can be used to degrade use to non-military applications

Question 10

GNSS challenges - Performance variance - define

Answer 10

Performance variance - position of users and satellites in space and time
Atmospheric Conditions
Multipath errors (bouncing off buildings)
RNP - required navigation performance

Question 11

GNSS vulnerabilities (16)

Answer 11

Signal failure

solar flare

tropospheric interaction

multipaths

jamming

Disturbance- wanted signals affected by unwanted signals

Spoofing

Meaconing

receiver leap seconds

week number rollover

withdrawal of service

System of systems (integration)

deliberate reduction of signal

Cyber attack

near channel interference

Space debris

EMP

Anti-satellite missiles

Question 12

GNSS mitigations

Answer 12

Resilience - alternative approaches to roll over to should performance be degraded

Standards - internationally agreed methods of developing solutions and how data can be shared for systems interoperability and confidence in users base

Testing - agreed assurance that systems work to defined criteria

Question 13

Types of PNT?

Answer 13

GNSS

Eloran (Radio Navigation Systems)

Inertial Navigation Systems INS

Atomic Clocks

Network Based Positioning (Enhanced 911 service)

Question 14

CNI uses of GNSS

Answer 14

Chemical

Civil nuclear- both timing and position for safety systems, monitoring and control

Communications - current low but increasing for timing due to more systems out there

Defence - wide range of applications from targeting weapons, logistics, mission planning, to pretty much any other requirement seen by other CNI sectors

Emergency services - both timing and position - navigation, routing, incident identification, location of lost people

Energy- both timing and position for safety systems, identifying new pipe routes etc, monitoring and control

Finance - timing for trading

Food - position -track vehicles, pests, automated machines, yield mapping

Government - not a direct user, but needs to rely on GNSS to make the critical services it delivers work.

Health- both timing and position some isotopes for use are time critical from reactor to use therefore depends on transport systems so show how different CNI overlaps

Space- both timing and position

Transport - position

Water- both timing and position for safety systems, locating leaks, identifying new pipe routes etc, monitoring and control

Question 15

What is security policy?

Answer 15

• high-level statement of beliefs, goals, & objectives &, general means for attainment for protection
• set at a high level, what is desired to be achieved, and does not specify “how” to accomplish the objectives

Question 16

Why is security policy needed?

Answer 16

• to ensure money is spent in an appropriate manner to deliver expected outcomes
• infrastructure increasingly connected & accessible, hence more prone to manipulation & destruction
• crucial decisions and defensive action must be prompt and precise
• a security policy establishes what must be done to protect infrastructure

Question 17

Secure by design principles (10)

Answer 17

minimise attack surface

establish secure defaults

Principle of least privilege - only allow minimum access necessary

Principle of defence in depth - multiple controls that approach risk are preferable

Fail securely

Don’t trust services

Separation of duties

Avoid security by obscurity

keep security simple (Economize Mechanism & Make security useable)

Fix security issues correctly

Audit Sensitive Events

Never invent security technology

Promote Privacy

Secure the weakest link

Question 18

Blackett Review

Answer 18

Improving Awareness

Addressing Vulnerabilities and Threats

Improving Resilience

Preparing For The Future

Mitigating Dependence on GNSS

Question 19

Blackett review recommendations - Improving awareness

Answer 19

• Improving awareness

Recommendation 1
Operators of CNI should review their reliance on GNSS, whether direct or through other GNSS-dependent systems, and report it to the lead government department for their sector. The Cabinet Office should assess overall dependence of CNI on GNSS.

Recommendation 2
Loss or compromise of GNSS-derived PNT should be added to the National Risk Assessment in its own right, rather than as a dimension of space weather alone.

Question 20

Blackett review recommendations - Addressing vulnerabilities and threats

Answer 20

• Addressing vulnerabilities and threats

Recommendation 3
The Department for Digital, Culture, Media and Sport (DCMS), with Ofcom, should continue to address the risk of interference to GNSS-dependent users,including CNI, in allocation of radio spectrum to new services and applications .

Recommendation 4
DCMS should review, with Ofcom, the legality of sale, ownership and use of devices and software intended to cause deliberate interference to GNSS receivers or signals – to determine whether the Wireless Telegraphy Act 2006 requires revision.-

Recommendation 5
CNI operators should assess – with guidance from the National CyberSecurity Centre (NCSC) and the Centre for the Protection of National Infrastructure(CPNI) – whether they need to monitor interference of GNSS at key sites such as ports.Where operators do monitor, data should be shared with the relevant lead government department.

Question 21

Blackett review recommendations - Improving resilience-

Answer 21

• Improving resilience-

Recommendation 7
The existing cross-government working group on PNT should be put on a formal footing to monitor and identify ways to improve national resilience. It should report to the Cabinet Office, which can coordinate necessary actions among departments.

Recommendation 8a
Procurers of GNSS equipment and services for CNI applications – with guidance from the relevant lead government department and organisations such as NCSC and CPNI – should specify consistent requirements encompassing GNSS and PNT system issues of accuracy, integrity, availability and continuity, as well as requirements specific to the immediate equipment, system and application.

Recommendation 8b
Government should ensure that, for GNSS and PNT equipment, a coordinated approach is taken to performance standards, terminology, validation criteria,independent testing and evaluation procedures, and the accreditation of test facilities. It should work with industry, trade associations, accreditation bodies and organisations that develop and set standards.

Recommendation 8c
Government should adopt a facilitating role to ensure that legislation and regulations relevant to PNT and GNSS are appropriate and proportionate, and that due consideration is given to the needs of different sectors.

Recommendation 9
The Department for Business, Energy and Industrial Strategy, in partnership with Innovate UK & the cross-government working group on PNT, should map PNT testing facilities & explore how industry and critical services can better access them.

Question 22

Blackett review recommendations - Preparing for the future

Answer 22

• Preparing for the future

Recommendation 10
Growing demand for time and geo-location create opportunities for the UK to leverage its academic and industrial expertise in these areas. UK Research and Innovation should invite the research community and industry to develop proposals to achieve greater coordination among existing centres of excellence.

Question 23

Blackett review recommendations - Mitigating dependence on GNSS

Answer 23

• Mitigating dependence on GNSS

Recommendation 6
CNI operators should make provision – with guidance from NCSC and CPNI – for the loss of GNSS by employing GNSS-independent back-up systems.

Question 24

Principles of Security policy (6)

Answer 24

reflect widest security objectives

Enable the business of related entities (e.g. Government)

Risk management is key with appropriate owner

Account for statutory obligations and protections

Enable right attitudes and behaviours

Polices and processes for reporting issues/incidents

Question 25

SecPol document components (9)

Answer 25

Development trade off (detailed vs brief)

Dependant on - size, services, tech, money (and other resources) available

Purpose

Scope

Background

Policy statement (overarching principles)

Enforcement

Responsibility

Related documents

Question 26

Elements of good policy (12)

Answer 26

Clear, concise and realistic defined scope and applicability

Consistent with other policy/guidance

Open to risk based change

Identifies areas of responsibility for users, admin and management

Sufficient guidance to develop procedures

Balances protection with productivity

How incidents are handled

Has an SRO - e.g. Gov official

Flexible and adaptable to tech and procedural change

Involves relevant stakeholders

Doesn’t impede business on mission/goals

Provides organisation with assurance and acceptable protection from external and internal threats.

Question 27

Sec by Des - attack surface

Answer 27

reduce nodes available to an attacker to enter a building/system

Question 28

Sec by Des - Secure defaults

Answer 28

Default is a secure experience with the user reducing their security if allowed e.g. password aging and complexity as default

Question 29

Sec by Des - Least privilege

Answer 29

where need to know exists - eg a CEO probably does not need to access all the HR files

Question 30

Sec by Des - defence in depth

Answer 30

add layers of validation and control e.g. 2 factor authentication

Question 31

Sec by Des - Fail securely

Answer 31

ensure that systems are not set to allow failure into admin roles etc

Question 32

Sec by Des - don’t trust services

Answer 32

Check what data is being requested and used by external parties e.g. reward schemes

Question 33

Sec by Des - Separation of duties

Answer 33

Fraud control approaches such as requestors cannot sign for assets, approvers cannot be requesters etc.

Question 34

Sec by Des - avoid sec by obscurity

Answer 34

nearly always fails, using other principles to ensure the security is generated, not through obscuring code (and generally fails poorly)

Question 35

Sec by Des - keep sec simple

Answer 35

Attack surface and simplicity go hand in hand

Question 36

Elements of a sustainable city

Answer 36

Mixed-use and polycentric cities

Transit-oriented development

Active transport modes

Healthy urban environment

Smart and innovative cities

Digital infrastructure

Productive cities

Question 37

What is FRAM?

Answer 37

Functional resonance analysis method

Question 38

Elements of FRAM?

Answer 38

1. Equivalence of success and failures
2. Approximate adjustments
3. Emergent outcomes
4. Functional resonance

Question 39

6 components of FRAM

Answer 39

Components:
Time
Control
Input
Output
Precondition
Resources

Question 40

STAMP elements

Answer 40

Elements:
controller
process model
control actions
feedback
controlled process

Question 41

Define risk management

Answer 41

coordinated activities to direct and control an organization with regard to risk

Question 42

Define risk

Answer 42

The effect of uncertainty on objectives (ISO)

Question 43

Define threat (security)

Answer 43

a person or thing likely to cause damage, danger or increase a risk of something unwanted occurring

Question 44

Risk calculation(s)

Answer 44

Risk = threat * probability * consequence

Question 45

What is a hazard?

Answer 45

A process, phenomenon or human activity that may cause loss of life, injury or other health impacts, property damage, social and economic disruption or environmental degradation.

Question 46

Hazard types

Answer 46

Natural hazards: natural processes and phenomena

Anthropogenic hazards: human activities and choices (‘man-made’)

Socionatural hazards: combination of natural and anthropogenic factors

Question 47

Define vulnerability

Answer 47

The conditions determined by physical, social, economic and environmental factors or processes which increase the susceptibility of an individual, a community, assets or systems to the impacts of hazard

or

A weakness of an asset or group of assets that can be exploited by one or more threats where an asset is anything that has value to the organization, its business operations and their continuity, including information resources that support the organization’s mission.

Question 48

Define threat

Answer 48

A potential cause of an incident, that may result in harm of systems and organization.

Question 49

Define risk

Answer 49

The potential loss of life, injury, or destroyed or damaged assets which could occur to a system, society or a community in a specific period of time, determined probabilistically as a function of hazard, exposure, vulnerability and capacity. (It is important to consider the social and economic contexts in which disaster risks occur and that people do not necessarily share the same perceptions of risk and their underlying risk factors.)

Question 50

FTA?

Answer 50

Fault tree analysis

use AND/OR gates to show how indivudal or multiple factors can contribute to a top level risk - eg, fire protection failure

Question 51

13 CNI sectors

Answer 51

chemicals

civil nuclear

communication

defence

emergency services

energy

finance

food

government

health

space

transport

water

Question 52

National risk register

Answer 52

takes high level risks, puts them into a risk matrix and assigns departmental owners for mitigation

Blackett reviews, eg GNSS and space weather useful to highlight potential threats from each risk and potential mitigation measures.

Question 53

Define risk

Answer 53

possibility of something happening
Risk = hazard x exposure x vulnerability

effect of uncertainty on objectives
Risk = probability x consequences

Question 54

Risk management tools

Answer 54

register - table - risk, owner, overall rating, current rating, target rating, trend

matrix - grid of likelihood against impact

Question 55

Inherent risk?

Answer 55

risk before treatment

Question 56

residual risk

Answer 56

risk with currently implemented treatments

Question 57

target risk (risk apetite)

Answer 57

level of risk with planned treatment

Question 58

Risk options from ISO 31000

Answer 58

Avoid - don’t do the activity
Eliminate - remove the risk source
Likelihood - change
Consequence - change
Share/Transfer - insurance/partnerships
Retain - informed decision
Take/Increase - pursue opportunity

Question 59

What is transport?

Answer 59

complex interdependent interactions of:
people
demand (people and goods)
infrastructure
travel modes
technology
operations
concept of operations
business modes, governance & society

Con
Ops all linked to operations with governance and society being key stakeholders in its operation

Question 60

What makes the transport system cyber? (*)

Answer 60

Planning: modelling for traffic flows

Data gathering and management

Delivery: assessment of work

Operations: payments
traffic review
autonomy for vehicles
traffic management
engine management systems

Question 61

What makes transport physical?

Answer 61

human pilots

pedestrians

roads, ports and other infrastructure to carry/manage vehicles

repair and maintenance requirements

Question 62

What is cyber physical about transport?

Answer 62

Autonomous vehicles| sensors feeding back data

Question 63

What is cyber physical?

Answer 63

A system where an action by software can impact on the physical world or where an impact on the physical world can have an impact on the cyber world.

or where a threat exists in the cyber domain and the impact exists in the physical domain, or vice versa.

e.g. a blocked sensor (e.g. a parked car in front of it) could keep a data collection feed open until a database fills and the software crashes or an error in the system logic means a command to a gate to close gets sent when it should not

Question 64

Limitations Of Conventional Risk Management Approaches

Answer 64

• Sample size is too small for a very high dimensional risk space
• Users may misunderstand that a risk register is a complete representation of risk
• Difficult to apply risks with very high uncertainty regarding probability and impact
• The possibility of unknown risks not addressed
• Reactive rather than proactive: The focus is in mitigating risks after they have occurred, rather than preventing them from happening in the first place

Question 65

Resilience Dimensions

Answer 65

Robustness - Ability to withstand stress without suffering degradation or loss of function

Redundancy - Extent to which system functions can be provided by different components

Resourcefulness - Capacity to Identify problems, establish priorities and mobilize resources when facing disruption

Rapidity - Capacity to return to the normal operational state in a timely manner

Question 66

Measures for improving infrastructure resilience

Answer 66

• Strengthen Robustness
• Add redundancy
• Preparedness for incident response
• Improve recovery capability

Question 67

Development of stress testing scenarios

Answer 67

Prior Knowledge - Historical Events, previous risk assessments, SME

Base Set Of Scenarios - Main classes of potential threats and failure modes

Combinatorial Complexity - Combinations of different hazardous (pre-)conditions

Parameter Selection - Identify which parameters need to be varied

Parameter sampling - Create scenarios by sampling different combinations of parameter values

Question 68

Types of interdependency

Answer 68

Physical - Dependency on the material output(s) of another system e.g. Rail Network depends on electricity supply

Cyber - Dependency on information transmitted through another system e.g. Elec. network depends on SCADA system

Geographic - A local environmental event can affect several systems e.g. Power and communication lines running in parallel

Logic - Mechanisms that are not physial, cyber or geographic e.g. Financial dependencies

Question 69

Betweenness Centrality

Answer 69

Quantifies the importance of a node based on how frequently it acts as a bridge along the shortest path between two nodes

Question 70

Sustainability Index

Answer 70

A composite measure that aggregates different aspects of sustainability performance

Characteristics: completeness, traceability, accuracy

Question 71

KPA

Answer 71

Key Performance Area

A specific aspect of sustainability performance

A hierarchy of top-level KPA’s and sub-KPA’s

Question 72

Key Performance Indicator

Answer 72

An individually measurable variable

Characteristics: precision, relevance, observability, controllability

Question 73

Key Performance Target

Answer 73

A desirable measure for a KPA measured by a KPI

Question 74

Indicators for city services

Answer 74

Economy

Education

Energy

Environment

Finance

Fire & Emergency Response

Governance

Health

Recreation

Safety

Shelter

Solid Waste

Telecommunication and innovation

Transportation

Urban Planning

Wastewater

Water & Sanitation

Security

Question 75

Main Limitations of performance measures

Answer 75

• Arbitrary assignment of importance weights for KPA’s and KPI’s
• No consideration of interdependencies between different KPI’s
• Use of KPI’s that are difficult to predict with parametric models

Question 76

Performance measures for parametric planning

Answer 76

Sustainability Index

Economic Performance
* Housing Provided
* Employment Created
* Average duration of daily commutes

Environmental Performance
* Area Classified as green space
* Total C02 emissions
* Average Air Quality Index

Social Performance
* Affordability of Housing
* Access to social services
* Road accidents reported