15 March 2020

How to Analyze the Cyber Threat from Drones

by Katharina Ley Best, Jon Schmid

What are the cybersecurity implications of the rapid growth in UAS, in terms of both UAS as cyber weapons and UAS as cyber targets?

What are some conceptual approaches that can enable the enumeration and categorization of drone-related cyber threats?

What are the industry trends related to cybersecurity and UAS and the implications thereof?

What threats exist related to cybersecurity and UAS, from the perspective of the Department of Homeland Security?


This work explores approaches for understanding, inventorying, and modeling cybersecurity implications of the rapid growth in unmanned aerial systems (UAS), focusing specifically on current vulnerabilities and future trends. The authors propose conceptual approaches meant to enable the enumeration and categorization of UAS-related cyber threats and explore some of the potential benefits and challenges of modeling the commercial UAS threat. These approaches are applied to real-world threat scenarios to test their validity and illustrate the types of attacks that are currently feasible. Industry trends and the implications of these trends for cybersecurity are presented. Finally, the authors consider the UAS-related cybersecurity threat from the perspective of the Department of Homeland Security (DHS). Specifically, the authors describe the vulnerability of particular DHS components to the threats described in this report and suggest possible means of threat mitigation.


Key Findings

The cybersecurity threat landscape introduced by a wider range of UAS use is not well understood

A combination of "blue" and "red" team approaches to enumerating, understanding, and categorizing cyber threats related to UAS as targets and UAS as weapons can help stakeholders better understand the space.

Emerging trends such as autonomous flight, UAS traffic management, swarming, AI, and blockchain will continue to add complexity to this space.

Compromised drones can have real impacts on security for the Department of Homeland Security

If faced with compromised drones, Customs and Border Protection might lose intelligence, surveillance, and reconnaissance (ISR) capabilities, creating visual blind spots in detection of smuggling or other nefarious activities at borders and ports.

Compromised Federal Emergency Management Agency (FEMA) drones might reduce the agency's capability to identify, reach, or supply individuals in peril or medical distress in disaster zones.

Compromised Cybersecurity and Infrastructure Security Agency (CISA) drones would degrade the ability of CISA to conduct critical infrastructure inspections in some cases, and could be used in a cyberphysical attack to damage the critical infrastructure it was meant to survey.

Compromised Immigrations and Customs Enforcement drones will reduce overall capability, require fallback to less-familiar concepts of operation, and increase risk for the agents in the field.

Recommendations

DHS must continue to work with senior policymakers, cybersecurity experts, and other government and law enforcement agencies to move towards a coherent UAS cyber strategy.

DHS should also prioritize the most critical vulnerabilities and find ways to close attack vectors and protect attack surfaces.

DHS will need to monitor UAS adoption and anticipate the implications of widespread UAS diffusion.

No comments: