Effective drone cybersecurity requires system-engineering approach, not just IT, panelists say

It is virtually impossible to completely secure the software used to operated aerial drones or other unmanned vehicles, so it is important that these systems be designed to operate safely even when the software is compromised, panelists said during a session at the recent Unmanned Systems 2015 event in Atlanta.

Because most public attention understandably is paid to the threat of a hacker intercepting or interfering with the remote-control signal that is used to operate an unmanned vehicle, considerable encryption and authentication work has been done to try to secure the communications link when a vehicle is being operated, according to Andrew Lacher, the MITRE Corporation’s senior principal and integration lead for unmanned aircraft systems (UAS).

But drones actually may be more vulnerable to hackers when they are not in operation, because many of them get connected to the Internet, Lacher said.

“Many of the unmanned aircraft and automated driving capabilities actually are connected, even when they’re not operating,” Lacher said. “And often, they’re connected to different networks [than they are during operation]. For example, a lot of the consumer-grade unmanned aircraft connect to the Internet when they’re not flying—that’s how data is uploaded to the Internet and how software is updated on the vehicle. These vulnerabilities, when the vehicle is not in operation, are important to consider.

“For example, software updates are received over the public Internet. That’s a great opportunity for malicious code to be introduced.”

And those are the kind of opportunities that being exploited by cyber attackers that have significantly better tools at their disposal than they did just a few years ago, according to Thomas Richardson, a systems and information engineering researcher for the University of Virginia.

Whereas it used to be that only very skilled hackers could mount dangerous cyber attacks, very sophisticated threats now can launched by less-skilled hackers willing to pay for tools that are readily available and not very expensive, Richardson said.

“The tools are very, very sophisticated; the attacks are very, very sophisticated; and it doesn’t take much knowledge to launch these attacks,” Richardson said.

Frank Byrum, chief scientist for Spectrum Comm, agreed, providing an example of an attack that would be difficult for any system to combat.

 “One of the most interesting ones I’ve heard about recently had a small piece of code sitting on a system, it opened up a connection to the Internet, and it downloaded regular web pages and encoded them—on the fly—in the binary to execute an attack,” Byrum said. “That’s scary. That’s completely impossible to scan for right now in infrastructure.”

Given this likelihood that software can be compromised in almost any system, those in the unmanned-systems ecosystem should concentrate on how systems should operate if a hacker tries to issue orders to drones that would create harm, Lacher said.

“I think the key is that we need to have cyber systems that are generally robust to failure and that there needs to be built-in safety layers within our systems,” Lacher said. “So, if a system is behaving erratically, we have a way of isolating its behavior, bounding its behavior and limiting its authority to control the vehicle—and that happens whether the system is under attack or because the data being fed to it is degraded for whatever reason, including the notion that a sensor might be failing.

“I think we need to be thinking about it as a system, not just how we defend it against cyber attack … [If we think only in terms of cybersecurity], then we’re defending and we’re not thinking about how to protect the operational behavior of the system.”