Abstract
The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached to a computer network. Potential attacks on sUAS include de-authentication (i.e., 'terminating' the sUAS from the network); GPS spoofing (e.g., modifying or faking GPS coordinates); unauthorized access to the computer flight systems and onboard storage; jamming the communications channel; and contaminating the sUAS geofencing mechanism (allowing the sUAS to fly in a 'no-fly-zone'). The result of these types of attacks include: theft of the sUAS; flying the sUAS into no-fly zones; purposefully crashing the sUAS to cause damage to persons or equipment (including airplanes, crowds, etc.); and theft or adulteration of sensitive data (e.g., law enforcement surveillance data). The purpose of this paper is to apply a threat modeling approach to identify cyber-based vulnerabilities; potential attack vectors; commercial-off-the-shelf and "home-built" equipment required to effectuate attacks; cyber and kinetic ramifications of attacks; and mitigating strategies for protecting sUAS from cyber-attacks.
Original language | American English |
---|---|
State | Published - Aug 13 2018 |
Keywords
- UAS
- cybersecurity
- information security
- aviation security
Disciplines
- Aviation Safety and Security
- Information Security