• Understand challenges for providing

reliable and secure TETRA network operation

• Choose relevant requirements for your

TETRA network

• Establish questions and criteria to evaluate

vendor expertise and solutions

• Mitigate risks for availability, security

and continuity

SCOPE

• Functionality

• Performance

• Scalability - Capacity

• Availability - Reliability - Coverage

• Security

• Continuity

REQUIREMENTS

• Definition of Availability• Availability in Time & Place (coverage)

• Availability versus Reliability• Availability calculation (MTBF, MTTR)

• Increase availability by…• System redundancy

• Link redundancy

• Component redundancy

• Coverage redundancy

• Local Site Fallback

• Direct Mode

AVAILABILITY

• System redundancy• Synchronization, Activation, Recovery > Expected Outage

• Link redundancy• Physical links, Protocols > Expected Outage

AVAILABILITY

MainSwMI

StandbySwMI

BS2 BS4 BS6

BS3 BS5 BS7BS1

Ethernet

E1, DSL, Fiber, ...

Main path to BS4

Standby pathto BS4

• Coverage• Coverage planning

• Drive tests

• Special Coverage Locations

• Continuous coverage reporting

AVAILABILITY

• Security risks• Eavesdropping – Air interface, Fixed network, Control room

• Traffic analysis – Identities, Movements, …

• Denial of Service – Air interface, Fixed network

• Compromised base station – Sensitive key material

• False base station – Take control of valid users

• Unauthorized user access – Eavesdropping, Disinformation, Fraud

• System disruption – System or site unavailability

SECURITY

• TETRA security• Class 2 Air Interface Encryption – SCK

• Class 3 Air Interface Encryption – DCK, CCK

• Class 3G Air Interface Encryption – GCK

• (Mutual) Authentication

• End-to-End Encryption

SECURITY

• System security• System hardening –

Reduce “surface of vulnerability” (services, ports, …)

• Access security – Encryption and (two-factor) user authentication

• Security auditing – Logging of access and command execution

• Security patches – Resolve known vulnerabilities

SECURITY

• Network security• Physical security – Fences, Access control, Alarms

• Cyber security –

Firewall, Intrusion detection, Virus & Malware interception

• Admin access – VPN, (two factor) User authentication

• Network access – VLAN, ACL, EAP

• Link encryption – IPsec, MACsec

• Security auditing – RADIUS, Syslog

SECURITY

• Continuity risks• Failures – How to deal with hardware and software failures

• Complaints – How to pro-actively solve user complaints

• Expansion – How to ensure expansions within budget

• Support – How support can be provided securely and effectively

• Lifecycle – How to deal with hardware and software obsolescence

• Vendor – How to ensure long-term vendor relations

CONTINUITY

• Failure mitigation• Component Failures – Spares, Repairs

• System Failures – Backup, Restore, Disaster recovery

• User Complaints – Logging, Statistics, Analysis, Reporting

CONTINUITY

• Business mitigation• Expansion – Scalability, Cost (Hardware, Licenses)

• Support – Ease of configuration, Remote support,

Service Level Agreements, Cost

• Lifecycle – Software releases, (Security) patches,

End-of-Life Notices, Escrow

• Vendor – Profitability, Strategy, Commitment

CONTINUITY