In recent years, vast leaps forward in drone technology have helped to confirm their practical application in a variety of different environments. In times of natural disasters, such as avalanches for example, drones have help saved the lives of people buried under the snow, by scanning large mountainous areas quicker than a person on foot. What’s more, in point-to-point delivery services the speed of drones is also revolutionizing the way we transport time-sensitive goods, such as blood, to hospitals in need.
But despite their potential, there remain questions surrounding the security of commercial drones and how they would work together to deliver our goods as part of a ‘commercial drone ecosystem’. Additionally, headlines continue to highlight the security risks that accompany drone flights, including stories of mid-air collisions with commercial flights and the ease of which drones can be hacked from the ground.
With an increasing number of drones communicating both with each other and devices on the ground, it is imperative that the ‘Internet of Skies’ is safe enough for the projected wide scale network of drones it will support.
- Identifying pilots and Drones using Trusted Remote ID
One of the key elements that will help to engender trust in the drone ecosystem is making sure that a drone’s pilot and the drone’s own unique identity can always be identified using a Trusted Remote ID. In practice, this works the same way your cars license plate links your car to you.
By using our DroneConnect solution, identifying a drone and their pilot becomes incredibly secure and seamless. Here, biometric processes, including facial recognition and liveness detection, are gathered from the specific pilot, and then linked to their drone. This information is then kept on file by a public authority so that it can be checked against their servers before every flight, to make sure each drone is linked to its legitimate pilot. If a drone is found to be flying in an unsafe manner it can also be quickly linked to who is at its helm, so that authorities can take swift action.
Fully integrating drones into a trusted ecosystem also requires that any Unmanned Aerial Vehicle (UAV) can itself be identified and tracked – even without having to know who its pilot is. One way to do this is to place a tamper-proof box inside the drone. This box securely stores each drone’s unique digital ID, pilot and mission information, meaning it can be identified at any point in its journey, and can be monitored to ensure it is on the correct course. In addition, as the data from the digital ID is encrypted, it also protects the drone against various forms of data manipulation, such as a man-in-the-middle attack.
Directly linking drones to their pilots and giving them their own highly secure digital identities, should demonstrate to consumers that, with this technology, it will become much easier to identify people flying drones irresponsibly. Hopefully, this will reassure them that just because there are more drones in the sky, with the creation of an ecosystem, it does not mean that we won’t know exactly who these belong to and their flight paths.
- Seamless and Secure Connectivity
For easy worldwide deployment, drone manufacturers need their drones to connect seamlessly, securely and dependably to a variety of networks in countries across the world. Parallel to this, for consumers to put trust in the ecosystem, they will need their goods to be delivered reliably and to be sure that drones cannot be hacked, and their packages be stolen.
It is therefore key that drones cannot simply disappear off the grid. It must always be possible to pinpoint a drone’s exact location so it can be accounted for.
To ensure this is the case, technology inside the drone must secure a connection to a wireless network when the drone is flying both shorter distances (less than five miles) at lower altitudes, as well as via the Global System for Mobile Communications (GSM) for drones partaking in longer journeys.
Part of this involves making sure that any wireless networks a drone uses over short distance flights is not susceptible to being hacked, and that any data sent over the network is encrypted to reduce the security risk that it can be modified.
However, it is also essential that in both cases the drone could connect to unmanned traffic management (UTM) platforms, which would receive flight plan updates, and could command any additional data needed for before a flight. For example, before the drone could take off, its mission and flight path would have to be approved based on the fact its path did not cross a no-fly zone. Once in the air, real-time tracking would be used to monitor its route (using an IoT module inside the drone that automatically sends identity and location data) and make sure it is on the correct path. In this way, UTM platforms will allow regulations to be implemented and enable safe and secure flights.
However, at present, GSM connectivity is not 100% available at every location. It therefore remains essential that drones using GSM connectivity have a backup solution for the network they run on, such as satellite communication for beyond visual line of sight flights, or Wi-Fi for short flights.
Additionally, by the same logic, swapping from one network to another (in order to achieve the best coverage possible) must also be entirely secure and, must also be smooth process for drone operators. Therefore, to garner trust and reliability in the drone ecosystem, both for producers transporting goods, and for consumers receiving them, connectivity is key.
- Confidential data storage and exchange
The final pillar that would bolster trust in this ecosystem centers around the protection of confidential information that must be kept private. Take, for instance, public-safety-related information collected and processed during rescue operations – this clearly cannot be freely shared and could cause harm to the general public if it were to be intercepted by a third party. On a more personal level, imagine that a commercial drone carrying a package addressed to you was intercepted. The hacker would then have access to sensitive information, such as your place of residence and other credentials.
To make sure this cannot happen, it is crucial that data encryption mechanisms are mobilized properly. This involves making sure that legitimate data will only be shared with people and applications that hold the proper key to decrypt it, and that every point where a malicious actor could take advantage is well protected.
For example, despite the GSM network being securely encrypted, when data leaves this network and is sent to the cloud, there remains a potential gap that could be exploited by a cyber-attacker. It is therefore imperative that an end-to-end Transport Layer Security (TLS) protocol is applied, as this guarantees that the data is safe and secure from the drone all the way through to the UTM.
Finally, it is also essential that consumers fully understand what happens with their drone’s flight data after its flight, as all flight data will need to be safely stored and protected for any investigations, or for traceability purposes. To ensure that consumers can trust their data is being stored correctly, and at the highest possible standard, sensitive data needs to be collected on secure servers in the cloud and an advanced encryption mechanism must be mandatory in order to access it. This way, it very clear to the public that only authorized parties will be able to view and use this information, if they need to for the sake of an inquiry.
This new, connected world is bringing lots of advantages in day-to-day life, but it’s also bringing challenges in terms of data privacy and cyber-security. To build trust in this ecosystem, security-by-design must be the priority at every stage of the drone lifecycle – from making sure it is built into its hardware at the point of creation and at every point after until the final platform.
To unlock the potential of the skies, trust is essential. It is clear that we’ll need smart, digital and autonomous systems that are able to co-ordinate the complex web of users and flightpaths, while at the same time maintaining the incredible safety levels expected for our aircraft and airspaces.
Reducing the instances where drones are compromised or cannot be traced to an owner to hold them accountable is an essential step towards proving that an entire drone ecosystem can be safe. Only once governments, citizens and companies trust that drones are reliable and safe can companies begin to create a network of drones that fly beyond the visual line of sight.
The post Three developments helping to increase trust in the commercial drone ecosystem appeared first on Cybersecurity Insiders.
December 23, 2019 at 03:47PM