Likelihood of Unintentional Electromagnetic Emanations Compromising IT Equipment Security: Perspectives of Practitioners on Causal Factors

Abstract

The study explores the influencing factors that Radio Frequency (RF) Engineers take into consideration when assessing the likelihood of unintentional electromagnetic radiation compromising the security of Information Technology Equipment. A focus group research methodology is adopted, and the results analyzed using a cause-and-effect technique. Two focus groups of RF Engineers identified twenty-six influencing factors they considered when assessing likelihood. Through the cause-and-effect technique it was possible to categorize the factors in terms of threat, vulnerability, and impact (the three constituents of a qualitative risk calculation). This information can be used by cyber security practitioners with little or no RF experience to provide a better understanding of the significance RF Engineers place on specific factors particularly when assessing vulnerability likelihood.