The transition to data-driven risk based regulation on the continuity of public telecommunication networks and services
Identifying the technical and organizational requirements for data-driven risk based regulation
More Info
expand_more
Abstract
The continuous innovation within the telecommunications industry is compounded by changing risks for the consumer. This is the case within the Netherlands, where the use of the internet has a pervasive influence on society, necessitating robust telecommunication networks and services. The telecommunications industry is regulated by the Radiocommunication Agency Netherlands, which currently use a method of risk-based regulation to monitor relevant organizations. This is characterised by allocating resources based on the estimated level of risk that is posed by a monitored organization. While these risk analyses have developed over the years, there is no standardised system heightening the possibility for cross-departmental inconsistencies.
An overview of academic literature reveals a lack of research on the creation and implementation of data-driven model for risk-based regulation. Existing studies lean towards the merits of risk-based regulation, in addition to the risks associated with data-driven risk-based regulations. When this literature gap is compounded with the rising pressure for the regulator to perform quality supervision and ensure the uninterrupted continuity of the telecommunication networks and services in the Netherlands, it provides a suitable opportunity to explore the applicability of a data-driven solution.
The use of data-driven risk detection models have the potential to identify companies that pose higher social risks to create a more efficient process for the allocation of resources. It can illuminate the relevant risk criteria and characterise the risks that certain organizations may pose. This information supports the decision-making process of regulation, which could lead to a more cost-effective process of supervision. Furthermore, given the inconsistencies that exist between the various supervisory divisions of the Radiocommunication Agency Netherlands, a data-driven model could increase internal cohesiveness. As a result, there is significant interest in the possibility of developing a risk detection model that can be adapted to the current organizational structure and makes use of the readily available data within the organization.
The research objective of this study is to create and implement an exploratory data-driven model for risk-based regulation, specifically on the subject the continuity of the telecommunication networks and services within the Supervisory Field of Information Security of the Radiocommunication Agency Netherlands. Thus, the primary research question that will be explored is:
How could a data-driven risk analysis for risk-based regulation support the process of risk-based regulation executed by experts?
There are four primary challenges to the creation and implementation of data-driven models: the ability to turn data into useful information, the ability to assess the quality of the data, the availability of the data within the organization and the ability to create a process with a high cost-effectiveness ratio. Additionally, there are specific issues associated with the use of data-driven models in regulatory bodies. Firstly, the use of algorithms and data metrics can be distorted when applied incorrectly. In addition, this who create data-driven models or use the outcomes of the model are prone to interpret the data so that it will fit the pre-existing narratives The second issue is implementing the data-driven model so that it generates acceptance and can be integrated into a well-functioning working culture within the organization.
The research utilizes data that is sourced from two different departments of the Radiocommunication Agency Netherlands; survey responses from supervised organization and self-reported data regarding network incidents. The final data source consists of social media mentions naming network failures of monitored organizations.
The development of an Exploratory Model based on the available data within the organization highlighted several modelling challenges. The process of developing the Exploratory Model is preceded by an Exploratory Data Analysis which determines the quality and significance of the available data. This allows for a summary of the main characteristics of the data and supports the development of the Exploratory Model. The Exploratory Model involves clustering the data, and developing correlations between the various datasets. The execution of a K-means algorithm segments the organizations into groups that provide similar responses to the surveys. The correlations can be used for facilitating the initiation of risk profiles. The data from network incidents and failures are highly important when creating a model for data-driven risk-based regulation as they are key in defining the different risks posed by supervised organizations. The results are validated through interviews with experts of the relevant divisions in the Radiocommunication Agency Netherlands.
Two primary challenges that exist for the implementation of the model are identified; ensuring all necessary data is available for the creation of the model, and defining the owner of the model. The existence of an institutional boundary between the Supervision Division Information Security and the Spectrum Division Continuity, which hinders data sharing regarding the reports of failures that caused discontinuities of the telecommunication services and networks. This poses challenges for the implementation of a data-driven model, as it is crucial for the relevant teams to have access to all necessary data within the organization. There are two possible solutions to overcome this challenge; either dismantling the institutional boundary, or relocating the data management of reports of failures that caused discontinuities of the telecommunication services and networks from the Spectrum Division Continuity to the Supervision Division on Information Security. The second challenge is defining the most suitable owner of the model. As the model is intended to support regulation for the Supervision Division on Information Security, it is necessary for the owner to have expertise in this area. Moreover, as this will be a data-based model, knowledge on quantitative analyses is preferable. Currently, the Monitoring & Analysis Centre of Radiocommunication Agency is most suitable, due to their expertise in analysing data and working on data-driven models. Moreover, they already have access to all necessary data, which means no organizational restructuring is needed. However, there will be challenges stemming from their lack of knowledge regarding the process of supervision on the continuity of the telecommunication networks and services.
Two directions for future research are identified based on the outcomes of this research. The first step would be to further develop the Exploratory Model, which requires a higher volume of information about failures that caused discontinuities. In addition, the data currently within the databases must be frequently updated. Whilst this is certainly viable, it would be a time intensive and a bureaucratic process. In the meantime, it is possible to execute the clustering algorithm on the whole dataset of both of the surveys with the responses from around 1000 organizations and to compound this with qualitative data from experts and inspectors within the Supervision Division Information Security, to aid in the determination of the risk profiles.