Effective drone cybersecurity requires system-engineering approach, not just IT, panelists say

Byrum echoed this sentiment.

“I think that the idea of failing safely is a good thing,” he said. “Because, when you think about who is vulnerable, it’s everybody … If you have an IP stack, you’re vulnerable—let’s just be honest. It’s just a matter of time.”

Mission Secure CEO and co-founder David Drescher said his company put three GPS units from different manufacturers on a vehicle to aid in the detection of a cyber attack and to ensure that the vehicle could be returned to a safe location when such a hack occurs. An algorithm was used to compare the readings of the multiple GPS units constantly, he said.

“If it detected an anomaly, it would vote out the one that was bad and switch to the alternative [GPS readings]” that would be used to navigate the device back to safety, Drescher said.

“That’s part of the design you need to think about—not just having three GPSes, but having three GPSes from three different manufacturers, so the attacker would have to get into the supply chain of three different manufacturers to attack that GPS.”

Of course, such an approach can be more costly, which may not be an option for users with lower budgets. But the fundamental approach of considering the entire system—not just the cybersecurity aspect—is critical, Byrum said.

“I think the industry unfortunately is sort of following what the Internet is doing, and that is that it’s treating [cybersecurity] as an IT problem,” he said. “But it’s a systems-engineering problem, because it’s greater than just an IT cyber guy—all he thinks about is IT cyber, not the whole system … There are all sorts of things that are going on that the cyber guys don’t have a clue about.”