IT security in GTRS: Risk inventory and scenarios


  • Amund Gudmundson Hunstad
  • Henrik Karlzén
  • Jacob Löfvenberg

Publish date: 2010-05-12

Report number: FOI-R--2980--SE

Pages: 55

Written in: Swedish


  • GTRS
  • IT security
  • risk inventory model
  • Swedish Armed Forces joint risk management model
  • risk
  • risk factors
  • actors
  • activities
  • vulnerabilities
  • threats
  • damages


This report accounts for the result of a problem-oriented study performed at the Swedish Defence Research Agency (FOI) regarding IT security in the software defined radio system GTRS. A number of risk factors, identified at a workshop with FOI-expertise, were used as a starting point to produce a risk inventory model. The risk inventory model relates different risk factors to each other. Risk factors include actors, activities, vulnerabilities and the threats based on these as well as the implied damage. The identified risk factors are accounted for by short descriptions and discussions. Each risk factor is also associated with a risk level estimate. To relate risk factors to conceivable operational situations where GTRS is used, some relevant examples of event chains of risk factors are described in the form of scenarios. In addition to the risk factors there are also a number of general problem areas, of importance for analyzing prior to future GTRS-development, which are identified and discussed. The risk inventory is the main result of this study and as such constitutes the basis for a prioritization of candidates for future, detailed examination. The result of this study is also a basis for future work regarding an IT security architecture for GTRS.