How vulnerable are UAVs to cyber attacks?

Last week the Federal Aviation Administration released proposed rules for the use of commercial drones weighing less than 55 pounds. The proposed rules are open for public comment.

You have to give them credit, they are reacting in near real time as the commercial drone market begins to take off. Business Insider recently published their market estimates for the defense and commercial drone market. They believe that 12 percent of the $98 billion estimated global spending (military/civilian) on aerial drones over the next decade will be for commercial purposes.

Shortly after the release, Sen. Charles Schumer cautioned that the proposed guidelines were merely a start. I certainly hope so given cyber security was not addressed at all from everything I have read. How vulnerable are drones to hacking? Yes, after all some military and most if not all current civilian drones share a common weakness (radio / wireless control) that means they can be hacked and taken over. That is not as far-fetched as you might think. Back in 2011 the Iranians claimed victory when they reportedly hacked a RQ-170 Sentinel stealth drone that was being reportedly operated by the U.S. Central Intelligence Agency (CIA). So what might protection look like is the big question. If that is hackable, what do you think about the vulnerability of commercial drones?

Here are the top three ideas for drone cyber security that have come up so far.

1. A master kill switch on every controller that is encrypted and if not present and valid would kill all power to the drone or completely encrypted control signals matching the controller to that specific drone. (Think of it as continuous SecureID for the controller.)
2. Unalterable operating software on small memory card that can be removed/replaced by the operator.
3. Cyber security questions on the operator certification exam.

Other recommendations include the traditional firewall and anti-virus protections. Like that is working so well! Another interesting point was in the form of an example. What if you are operating a drone, someone takes control of it and uses it to cause a car crash of a busy highway – liability (criminal and civil). Could you prove your drone was taken over by someone else?

The FAA has the opportunity to get ahead of this threat, something that I do not believe has ever been done up to this point. If they were to address this in a proactive manner, maybe it would set the bar for other organizations to follow.

More In Net Defense Blogs

Navy wants AI tools to boost data processing, resource distribution

In notice this week, DIU said it is looking for AI and machine learning tools that can speed up data processing at the Navy’s Marine Operations Centers.

Switzerland to expand EU defense ties with new cyber-defense role

Swiss defense planners have balanced these new engagements with Bern’s policy of armed neutrality.

Poland, Romania lead a drone bonanza in Eastern Europe

Local companies are vying for new customers besides their national armed forces.

Space Force eyes commercial tech to fill low Earth orbit sensing gaps

In a May 16 notice, the service calls for feedback from firms that can provide space domain awareness in the “increasingly congested orbital environment."

Opinion

Tariffs or not, China’s infiltration of US systems needs new attention

The challenge facing the U.S. and allied governments is how to protect systems, citizens, infrastructure and industries from data theft.