ITS Flashcards
define safety
a state of being safe from injury or harm
The state of being away from hazards caused by natural forces or human errors randomly.
The source of hazard is formed by natural forces and/or human errors. In other words, the term safety is used to refer to the condition of being protected from the aspects that are likely to cause harm.
In addition, the term safety can be used to refer to the state at which one has the control of the risk-causing aspects hence protecting himself or herself against the risk that is fully unintended.
define security
being free from danger or threat
difference between safety and security
safety usually how someone feels about a system and it’s ability of keep them from harm
security is more about how an organisation mitigates threats from usually human sources that might want to harm an individual/organisation
What is GNSS?
Global Navigation Satellite Systems
Main GNSS systems
GPS, Galileo, GLONASS, BEIDOU
What are GNSS challenges?
Complexity
User base
Institutional control
Performance variance
GNSS challenges - Complexity - define
control segment, satellites, modelling, signal generation
– signal path effects, receiver hardware/electronics/algorithms
- anomalies or failures can occur at any stage
GNSS challenges - user base - define
User base - multiple users globally,
GNSS challenges - institutional control - define
Institutional control - need to keep some aspects limited due to security concerns.
e.g. Military Use GPS “Selective Avaialabilty” option can be used to degrade use to non-military applications
GNSS challenges - Performance variance - define
Performance variance - position of users and satellites in space and time
Atmospheric Conditions
Multipath errors (bouncing off buildings)
RNP - required navigation performance
GNSS vulnerabilities (16)
Signal failure
solar flare
tropospheric interaction
multipaths
jamming
Disturbance- wanted signals affected by unwanted signals
Spoofing
Meaconing
receiver leap seconds
week number rollover
withdrawal of service
System of systems (integration)
deliberate reduction of signal
Cyber attack
near channel interference
Space debris
EMP
Anti-satellite missiles
GNSS mitigations
Resilience - alternative approaches to roll over to should performance be degraded
Standards - internationally agreed methods of developing solutions and how data can be shared for systems interoperability and confidence in users base
Testing - agreed assurance that systems work to defined criteria
Types of PNT?
GNSS
Eloran (Radio Navigation Systems)
Inertial Navigation Systems INS
Atomic Clocks
Network Based Positioning (Enhanced 911 service)
CNI uses of GNSS
Chemical
Civil nuclear- both timing and position for safety systems, monitoring and control
Communications - current low but increasing for timing due to more systems out there
Defence - wide range of applications from targeting weapons, logistics, mission planning, to pretty much any other requirement seen by other CNI sectors
Emergency services - both timing and position - navigation, routing, incident identification, location of lost people
Energy- both timing and position for safety systems, identifying new pipe routes etc, monitoring and control
Finance - timing for trading
Food - position -track vehicles, pests, automated machines, yield mapping
Government - not a direct user, but needs to rely on GNSS to make the critical services it delivers work.
Health- both timing and position some isotopes for use are time critical from reactor to use therefore depends on transport systems so show how different CNI overlaps
Space- both timing and position
Transport - position
Water- both timing and position for safety systems, locating leaks, identifying new pipe routes etc, monitoring and control
What is security policy?
- high-level statement of beliefs, goals, & objectives &, general means for attainment for protection
- set at a high level, what is desired to be achieved, and does not specify “how” to accomplish the objectives
Why is security policy needed?
- to ensure money is spent in an appropriate manner to deliver expected outcomes
- infrastructure increasingly connected & accessible, hence more prone to manipulation & destruction
- crucial decisions and defensive action must be prompt and precise
- a security policy establishes what must be done to protect infrastructure
Secure by design principles (10)
minimise attack surface
establish secure defaults
Principle of least privilege - only allow minimum access necessary
Principle of defence in depth - multiple controls that approach risk are preferable
Fail securely
Don’t trust services
Separation of duties
Avoid security by obscurity
keep security simple (Economize Mechanism & Make security useable)
Fix security issues correctly
Audit Sensitive Events
Never invent security technology
Promote Privacy
Secure the weakest link
Blackett Review
Improving Awareness
Addressing Vulnerabilities and Threats
Improving Resilience
Preparing For The Future
Mitigating Dependence on GNSS
Blackett review recommendations - Improving awareness
- Improving awareness
Recommendation 1
Operators of CNI should review their reliance on GNSS, whether direct or through other GNSS-dependent systems, and report it to the lead government department for their sector. The Cabinet Office should assess overall dependence of CNI on GNSS.
Recommendation 2
Loss or compromise of GNSS-derived PNT should be added to the National Risk Assessment in its own right, rather than as a dimension of space weather alone.
Blackett review recommendations - Addressing vulnerabilities and threats
- Addressing vulnerabilities and threats
Recommendation 3
The Department for Digital, Culture, Media and Sport (DCMS), with Ofcom, should continue to address the risk of interference to GNSS-dependent users,including CNI, in allocation of radio spectrum to new services and applications .
Recommendation 4
DCMS should review, with Ofcom, the legality of sale, ownership and use of devices and software intended to cause deliberate interference to GNSS receivers or signals – to determine whether the Wireless Telegraphy Act 2006 requires revision.-
Recommendation 5
CNI operators should assess – with guidance from the National CyberSecurity Centre (NCSC) and the Centre for the Protection of National Infrastructure(CPNI) – whether they need to monitor interference of GNSS at key sites such as ports.Where operators do monitor, data should be shared with the relevant lead government department.
Blackett review recommendations - Improving resilience-
- Improving resilience-
Recommendation 7
The existing cross-government working group on PNT should be put on a formal footing to monitor and identify ways to improve national resilience. It should report to the Cabinet Office, which can coordinate necessary actions among departments.
Recommendation 8a
Procurers of GNSS equipment and services for CNI applications – with guidance from the relevant lead government department and organisations such as NCSC and CPNI – should specify consistent requirements encompassing GNSS and PNT system issues of accuracy, integrity, availability and continuity, as well as requirements specific to the immediate equipment, system and application.
Recommendation 8b
Government should ensure that, for GNSS and PNT equipment, a coordinated approach is taken to performance standards, terminology, validation criteria,independent testing and evaluation procedures, and the accreditation of test facilities. It should work with industry, trade associations, accreditation bodies and organisations that develop and set standards.
Recommendation 8c
Government should adopt a facilitating role to ensure that legislation and regulations relevant to PNT and GNSS are appropriate and proportionate, and that due consideration is given to the needs of different sectors.
Recommendation 9
The Department for Business, Energy and Industrial Strategy, in partnership with Innovate UK & the cross-government working group on PNT, should map PNT testing facilities & explore how industry and critical services can better access them.
Blackett review recommendations - Preparing for the future
- Preparing for the future
Recommendation 10
Growing demand for time and geo-location create opportunities for the UK to leverage its academic and industrial expertise in these areas. UK Research and Innovation should invite the research community and industry to develop proposals to achieve greater coordination among existing centres of excellence.
Blackett review recommendations - Mitigating dependence on GNSS
- Mitigating dependence on GNSS
Recommendation 6
CNI operators should make provision – with guidance from NCSC and CPNI – for the loss of GNSS by employing GNSS-independent back-up systems.
Principles of Security policy (6)
reflect widest security objectives
Enable the business of related entities (e.g. Government)
Risk management is key with appropriate owner
Account for statutory obligations and protections
Enable right attitudes and behaviours
Polices and processes for reporting issues/incidents
SecPol document components (9)
Development trade off (detailed vs brief)
Dependant on - size, services, tech, money (and other resources) available
Purpose
Scope
Background
Policy statement (overarching principles)
Enforcement
Responsibility
Related documents
Elements of good policy (12)
Clear, concise and realistic defined scope and applicability
Consistent with other policy/guidance
Open to risk based change
Identifies areas of responsibility for users, admin and management
Sufficient guidance to develop procedures
Balances protection with productivity
How incidents are handled
Has an SRO - e.g. Gov official
Flexible and adaptable to tech and procedural change
Involves relevant stakeholders
Doesn’t impede business on mission/goals
Provides organisation with assurance and acceptable protection from external and internal threats.
Sec by Des - attack surface
reduce nodes available to an attacker to enter a building/system
Sec by Des - Secure defaults
Default is a secure experience with the user reducing their security if allowed e.g. password aging and complexity as default
Sec by Des - Least privilege
where need to know exists - eg a CEO probably does not need to access all the HR files
Sec by Des - defence in depth
add layers of validation and control e.g. 2 factor authentication
Sec by Des - Fail securely
ensure that systems are not set to allow failure into admin roles etc
Sec by Des - don’t trust services
Check what data is being requested and used by external parties e.g. reward schemes
Sec by Des - Separation of duties
Fraud control approaches such as requestors cannot sign for assets, approvers cannot be requesters etc.
Sec by Des - avoid sec by obscurity
nearly always fails, using other principles to ensure the security is generated, not through obscuring code (and generally fails poorly)
Sec by Des - keep sec simple
Attack surface and simplicity go hand in hand
Elements of a sustainable city
Mixed-use and polycentric cities
Transit-oriented development
Active transport modes
Healthy urban environment
Smart and innovative cities
Digital infrastructure
Productive cities
What is FRAM?
Functional resonance analysis method
Elements of FRAM?
- Equivalence of success and failures
- Approximate adjustments
- Emergent outcomes
- Functional resonance
6 components of FRAM
Components:
Time
Control
Input
Output
Precondition
Resources
STAMP elements
Elements:
controller
process model
control actions
feedback
controlled process
Define risk management
coordinated activities to direct and control an organization with regard to risk
Define risk
The effect of uncertainty on objectives (ISO)
Define threat (security)
a person or thing likely to cause damage, danger or increase a risk of something unwanted occurring
Risk calculation(s)
Risk = threat * probability * consequence
What is a hazard?
A process, phenomenon or human activity that may cause loss of life, injury or other health impacts, property damage, social and economic disruption or environmental degradation.
Hazard types
Natural hazards: natural processes and phenomena
Anthropogenic hazards: human activities and choices (‘man-made’)
Socionatural hazards: combination of natural and anthropogenic factors
Define vulnerability
The conditions determined by physical, social, economic and environmental factors or processes which increase the susceptibility of an individual, a community, assets or systems to the impacts of hazard
or
A weakness of an asset or group of assets that can be exploited by one or more threats where an asset is anything that has value to the organization, its business operations and their continuity, including information resources that support the organization’s mission.
Define threat
A potential cause of an incident, that may result in harm of systems and organization.
Define risk
The potential loss of life, injury, or destroyed or damaged assets which could occur to a system, society or a community in a specific period of time, determined probabilistically as a function of hazard, exposure, vulnerability and capacity. (It is important to consider the social and economic contexts in which disaster risks occur and that people do not necessarily share the same perceptions of risk and their underlying risk factors.)
FTA?
Fault tree analysis
use AND/OR gates to show how indivudal or multiple factors can contribute to a top level risk - eg, fire protection failure
13 CNI sectors
chemicals
civil nuclear
communication
defence
emergency services
energy
finance
food
government
health
space
transport
water
National risk register
takes high level risks, puts them into a risk matrix and assigns departmental owners for mitigation
Blackett reviews, eg GNSS and space weather useful to highlight potential threats from each risk and potential mitigation measures.
Define risk
possibility of something happening
Risk = hazard x exposure x vulnerability
effect of uncertainty on objectives
Risk = probability x consequences
Risk management tools
register - table - risk, owner, overall rating, current rating, target rating, trend
matrix - grid of likelihood against impact
Inherent risk?
risk before treatment
residual risk
risk with currently implemented treatments
target risk (risk apetite)
level of risk with planned treatment
Risk options from ISO 31000
Avoid - don’t do the activity
Eliminate - remove the risk source
Likelihood - change
Consequence - change
Share/Transfer - insurance/partnerships
Retain - informed decision
Take/Increase - pursue opportunity
What is transport?
complex interdependent interactions of:
people
demand (people and goods)
infrastructure
travel modes
technology
operations
concept of operations
business modes, governance & society
Con
Ops all linked to operations with governance and society being key stakeholders in its operation
What makes the transport system cyber? (*)
Planning: modelling for traffic flows
Data gathering and management
Delivery: assessment of work
Operations: payments
traffic review
autonomy for vehicles
traffic management
engine management systems
What makes transport physical?
human pilots
pedestrians
roads, ports and other infrastructure to carry/manage vehicles
repair and maintenance requirements
What is cyber physical about transport?
Autonomous vehicles| sensors feeding back data
What is cyber physical?
A system where an action by software can impact on the physical world or where an impact on the physical world can have an impact on the cyber world.
or where a threat exists in the cyber domain and the impact exists in the physical domain, or vice versa.
e.g. a blocked sensor (e.g. a parked car in front of it) could keep a data collection feed open until a database fills and the software crashes or an error in the system logic means a command to a gate to close gets sent when it should not
Limitations Of Conventional Risk Management Approaches
- Sample size is too small for a very high dimensional risk space
- Users may misunderstand that a risk register is a complete representation of risk
- Difficult to apply risks with very high uncertainty regarding probability and impact
- The possibility of unknown risks not addressed
- Reactive rather than proactive: The focus is in mitigating risks after they have occurred, rather than preventing them from happening in the first place
Resilience Dimensions
Robustness - Ability to withstand stress without suffering degradation or loss of function
Redundancy - Extent to which system functions can be provided by different components
Resourcefulness - Capacity to Identify problems, establish priorities and mobilize resources when facing disruption
Rapidity - Capacity to return to the normal operational state in a timely manner
Measures for improving infrastructure resilience
- Strengthen Robustness
- Add redundancy
- Preparedness for incident response
- Improve recovery capability
Development of stress testing scenarios
Prior Knowledge - Historical Events, previous risk assessments, SME
Base Set Of Scenarios - Main classes of potential threats and failure modes
Combinatorial Complexity - Combinations of different hazardous (pre-)conditions
Parameter Selection - Identify which parameters need to be varied
Parameter sampling - Create scenarios by sampling different combinations of parameter values
Types of interdependency
Physical - Dependency on the material output(s) of another system e.g. Rail Network depends on electricity supply
Cyber - Dependency on information transmitted through another system e.g. Elec. network depends on SCADA system
Geographic - A local environmental event can affect several systems e.g. Power and communication lines running in parallel
Logic - Mechanisms that are not physial, cyber or geographic e.g. Financial dependencies
Betweenness Centrality
Quantifies the importance of a node based on how frequently it acts as a bridge along the shortest path between two nodes
Sustainability Index
A composite measure that aggregates different aspects of sustainability performance
Characteristics: completeness, traceability, accuracy
KPA
Key Performance Area
A specific aspect of sustainability performance
A hierarchy of top-level KPA’s and sub-KPA’s
Key Performance Indicator
An individually measurable variable
Characteristics: precision, relevance, observability, controllability
Key Performance Target
A desirable measure for a KPA measured by a KPI
Indicators for city services
Economy
Education
Energy
Environment
Finance
Fire & Emergency Response
Governance
Health
Recreation
Safety
Shelter
Solid Waste
Telecommunication and innovation
Transportation
Urban Planning
Wastewater
Water & Sanitation
Security
Main Limitations of performance measures
- Arbitrary assignment of importance weights for KPA’s and KPI’s
- No consideration of interdependencies between different KPI’s
- Use of KPI’s that are difficult to predict with parametric models
Performance measures for parametric planning
Sustainability Index
Economic Performance
* Housing Provided
* Employment Created
* Average duration of daily commutes
Environmental Performance
* Area Classified as green space
* Total C02 emissions
* Average Air Quality Index
Social Performance
* Affordability of Housing
* Access to social services
* Road accidents reported
