Drone Cybersecurity: In the last decade we have seen unprecedented growth of the global market of unmanned aerial vehicles (UAVs), and this growth is projected to be over $43 billion by 2024. Unlike the days when drones were only used for military purposes, they now come in all sizes, with great versatility and different degrees of sophistication. They can be purchased for less than $1,000 and flown by virtually anyone.
With this proliferation of drones, we should not be surprised that there will be people who see this smorgasbord of drones or see opportunities for all kinds of malice, whether spying to feed unhealthy curiosity, financial gain, etc.
Cybersecurity is generally regarded as one of the most important concerns in the technological world, but the security of drones and the apps used to control them has often been overlooked. The safety and security ramifications of drone use means that it is always extremely important to control them. Therefore, drones must be operated within the parameters that govern their use.
Privacy-related incidents may be common because many countries don’t have any drone laws in place, or because drone users simply are unaware of them. Yet there are some countries that did release regulations, such as the UK, as a response to the famous Gatwick Airport incident, when drone sightings stopped 1,000 flights from December 19-21, 2018 and affected the travel plans of around 140,000 people. Our own country has also released regulations for drone users, that all drone pilots need to study.
Drones can become a threat to our privacy since they can be used wrongly as spying devices. Unfortunately, numerous cases have been reported so far. Couples have been known to fly drones to watch their neighbors and, at least in the case of some, have ended up being arrested. This has led burglars using drones to scout houses with the intent of robbing them.
The threat of spying can come from signals beamed into a control stream or even in embedded software and appearing as a Trojan Horse.
This challenge is being addressed from both traditional and innovative directions as the use of unmanned aerial vehicles (UAVs) continues to expand into new areas.
Some drones can now see through walls by using Wi-Fi and 3D imaging, and can easily create 3D plans of buildings that criminals can access. They can also hack servers, spy on networks, extract data, and block communications. Drones can be hacked, or others’ drones can be used to hack electronic devices and gather data without their consent.
Some of the methods of hijacking drones include cyberattacks as well as hardware additions to the machines.
Three other areas where drone cybersecurity is of great concern:
- Confidentiality attacks include downloading sensor and image recordings from the drone and using them to spy on another company’s operations.
- System integrity attacks involve manipulating the drone’s controls to cause problems with its operation.
- Using drones to slow (or deny) operational processes are another serious problem.
- The opportunities for malice are endless!
Some of the most attractive targets for drones used by spies, are corporate networks. It is crucial that companies have solid security measures in place or to proactively guard against unwanted access and thus protect themselves from cyber warfare attacks.
The Federal Department of Justice recently announced a new policy on drone use because of their concerns about privacy and security and safe operation of drone aircraft. The policy outlines the treatment of information collected from sensors and cameras. In fact, as recently as October 2019, the federal Department of the Interior grounded its drone fleet and all of the drones that were manufactured in China or that contained Chinese parts. The larger problem at issue was that the Chinese government or Chinese companies could be monitoring or co-opting information from these UAVs.
Some of the most popular tools that are available to protect drone security include geofencing, radar detection, and other scanning methods which are common in dealing with issues of drones and cybersecurity.
To protect the cybersecurity of drones, there are many technological methods in place. Not all of these methods are used by every drone, but it is important to take this problem seriously. Not all of these methods, however, are used by every drone. It is important to realize the urgency of this problem.
Radar has not only been the standard mechanism for aerial vehicle detection, but drones can also be detected using radar detection systems. Drone radar uses a combination of noise detection, thermal detection, radio signal detection, and signal identification. However, sometimes drones mistake birds for drones. Furthermore, some drone radars use microphones to recognize noise patterns, but this has been ineffective in noisy urban areas.
Radio-frequency scanners examine the electromagnetic spectrum and find the specific transmissions from drones. However, RF scanners will work when radio signals are present, but sometimes drones operate without any RF signals and only rely on GPS, in case this method is inefficient.
Acoustic sensors are sensors that are able to detect drones that sometimes can’t be seen by radars. They recognize the unique sounds generated by different types of drones and run them against a sound signature database. If there’s a match, then the system triggers an alert.
Thermal cameras attached to drones can detect unwanted UAVs.
Smart Eye Technology® is a software company, founded in 2018, that is revolutionizing the way documents are viewed and shared. It is a continuous authentication security platform that eliminates unwanted viewers from looking at others’ screens. This is why this technology is advertised as “For your eyes only.” This newer technology explores many of the issues surrounding drone cybersecurity.
Geofencing is the practice of restricting a drone to operating in a certain area, which can be accomplished by using GPS data. This security measure can be managed by technology onboard or through the app used to control the drone. This method keeps the drone from venturing into restricted areas, thus protecting itself from unauthorized use. It also protects the company operating it from breaking any laws governing its operation.
Geofences are virtual boundaries set up within physical locations where drones can be detected when they reach areas that are out-of-bounds.
Geofencing can use GPS, Wi-Fi, Bluetooth, cellular data or RFID. In order to use geofencing, a developer or administrator must create a virtual border around a specific location in the GPS or RFID software. Technically, the geofence should generate a response the moment an unauthorized drone enters the defined area. However, as with other technology, this technology may not always be as efficient as we would hope.
Two-factor identification is becoming popular and is in use on major websites and phone platforms. Two-factor identification means that a code is sent to the user’s mobile phone or computer when the drone is used. Without entering the correct code, the drone cannot be used.
Unidirectional and protected data transfer is another security method that is increasingly in use. Unidirectional data transfer means that data can only be downloaded from the drone and that it cannot be diverted to another company.
Operational technology security needs to be monitored as carefully as information technology security. Many IT departments are not involved in OT security, but they should step up and take control so that the company’s cybersecurity is managed from a central location.
Breaches come in all shapes and sizes and the danger is that in the near future we could hear that drones are the weak point in a company’s security. Therefore it is essential that drone operators be kept up-to-date to make sure that they are operating safely. Fortunately, the newest drones are constructed with cybersecurity in mind.
Drones are certainly impacting our daily lives and will, without doubt, make up an important part of the networks used in our future smart cities. But sadly, they can be easily misused for malicious purposes. Therefore, substantial resources need to be allocated to cybersecurity in order to act proactively.