The Unmanned Aerial Systems (UAS) industry has become a massive technological playground worldwide. Their extensive applications make UAS very popular for the public and the private sector. Armed forces, agricultural industry, law enforcement, meteorological agencies, medical services, environmental companies, and oil refineries are but a few out of the excessive list of UAS users. UAS manufacturers spend a significant amount of money to research and develop high-tech and smart systems from aircraft-size military UAS to hand-size mini drones.
The use in almost every aspect of human activity adds value to the need of UAS evolution, but it also increases security risks. Imagine what can happen when smart and cheap drones that anyone can easily purchase from a local hobby store become weapons at the hands of adversaries and cyber criminals.
From that perspective, are drones a major threat when it comes to cybersecurity? And if so, what measures should be taken to counter them?
If I discussed drones with my friends a few decades ago, they would probably say that I was watching too many sci-fi movies. Today, drones are part of our lives. U.S. Federal Aviation Association (FAA) based on survey trends, overall market growth, and operational information forecasts an outbreak of drone registrations in the forthcoming years.
When we talk about drones, we need to consider two factors:
- Not only do they consist of the airborne platform, but they also include the control station that's necessary for safe and efficient operation communication links.
- They have become numerous, cheaper, and more complex.
Taking the above into consideration, it is obvious that drones are a serious risk for flight safety and security. We have discussed in a previous blog the threat that drones pose to flight safety. To minimize the risk, software applications have been developed to manage and organize drone flight traffic. Besides a major flight safety concern, drones can become a serious cybersecurity threat.
The Cybersecurity Threat of Drones
Apart from airworthiness and flight safety issues, drones affect the cyber domain and the security of data. Forbes points out that the malicious use of these platforms in the cyber domain is an inevitable fact, and it can no longer be pushed aside. Last Christmas, we witnessed U.S. government posing export restrictions to one of the largest drone manufacturers in order to protect national security and foreign policy interests.
Since drones are remotely controlled, they can be hijacked by bad actors. The Department of Homeland Security (DHS) stated, “Given their rapid technology advancement and proliferation, the public safety and homeland security communities must address the fact that drones can be used nefariously or maliciously to hurt people, disrupt activities, and damage infrastructure.” Major cyber domain threats caused by drone activity are:
- GPS spoofing. A way to take control of a drone. Attackers feed drones with false GPS coordinates and take full control of the platform. Security researchers have demonstrated how a hijacked drone can be used to hijack other drones, ending in a drone swarm under the control of cyber criminals. It is easy to realize that in such a case, the threat potential increases drastically and can be compared to the way botnets perform DDoS attacks, taking over a significant amount of systems and Internet of Things (IoT) devices.
- Downlink intercept. Allows a criminal accessing all transmitted data between the drone and the controller. Since the majority of commercial drones systems interact with their base using unencrypted communication channels, they can become vulnerable to exploitation by a cyber criminal who can intercept and have access to sensitive data drone exchanges with the base such as pictures, videos, and flight paths.
- Data exploitation. Critical infrastructure is protected in the terms of digital and physical security. The use of drones can overcome physical security limitations and cybersecurity protections, for a mini computer mounted on a small drone can approach undetected sensitive areas and carry out nefarious operations, mimic a Wi-Fi network to steal data, hijack Bluetooth peripherals, perform keylogging operations to steal sensitive passwords, as well as compromise access points, unsecured networks, and devices,
How to Mitigate the Threat
To mitigate the cybersecurity risks posed by the drones, we need to consider the following:
- How to secure the platform and the data exchanged
- How to counter drone platforms
When it comes to drone cybersecurity, it is wise to be proactive. That’s why you have to consider securing your platform as you would do with any network device. Kaspersky proposes some useful tips:
- Update the drone's firmware and apply a manufacturer’s patches.
- Use strong passwords for the base station application.
- Use updated anti-virus software for your drone controller device.
- Subscribe to a VPN service to encrypt your connection.
- Limit the number of devices that can connect to the base station.
- Use the "Return to Home" (RTH) mode to ensure drone recovery from a hijack situation.
Drones fall under the remit of the Federal Aviation Administration (FAA) as UAS. That means that you cannot take them down or jam their communication. This kind of countermeasures apply only to the military sector where different operational procedures are enforced when an unknown drone enters the perimeter of a military base.
Countermeasures should focus primarily on space protection. It is vital to be able to efficiently detect drones. High frequency radars, thermal cameras, RF scanners, acoustic sensors, and sophisticated machine learning and AI algorithms are used for this purpose. However, drones’ small size and low speed makes their detection difficult within a highly cluttered environment.
Other techniques involve geofencing software, which creates a virtual border around an area, prohibiting unauthorized drone flight. Finally, the military sector makes use of counter drone systems called “effectors.”
Drones will continue to evolve; in the near future, they will dominate various commercial and public sector areas such as deliveries, crops and livestock monitoring, border control, defense, surveillance, mapping, and security services. As so, it’s vital to secure them properly to reap the benefits of their use and to prevent becoming adversarial weapons in the hands of opportunistic state cyber threat actors.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.