Drones, Aircraft and Cyber Attacks—What Can Go Wrong?
There are many different types of moving vehicles that can be considered drones. A drone is any remote controlled or autonomous vehicle—be it an undersea submersible, a material movement vehicle used in a factory or warehouse, a small robotic food delivery vehicle in an urban area, or a weapon-carrying and reconnaissance vehicle used for military and defense purposes. All that said, when most people think of drones, they think of smaller aircraft that can be used for aerial photography, delivery of packages or just simply for fun.
Many companies are researching and developing strategies to use fleets of small flying drones to help resolve the “last mile” delivery issue. UPS, Amazon, the US Postal Service, hospitals and others are exploring how drones can be used to deliver packages to business complexes, retail stores and even customers and patients in their homes.
Recently, UPS announced signing a deal with the FAA to explore how it can use drone fleets to deliver a wide range of packages to homes and offices. A plethora of issues need to be resolved, including how will these delivery and shipping services handle the logistics of loading and recharging/refueling these drones, as well as ensuring that accidents to not occur and that drones are not intercepted and their contents stolen.
Another big issue is security. Imagine drones being hacked and their deliveries redirected to thieves? Or cyber terrorists taking over airborne drones and used them to physically attack people, vehicles or infrastructure? (Figure 1).
How can drone delivery system developers and operators protect their airborne fleet from cyber-attack? In addition to securing the drone delivery network management and communication networks from interception and misdirection, the actual drones themselves need to be protected.
It is not just unmanned drones that are at risk. Earlier this year, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) issued a security alert  warning small aircraft owners about vulnerabilities that can be exploited to alter airplane telemetry. The DHS CISA warning stated that “An attacker with physical access to the aircraft could attach a device to an avionic CAN (Controller Area Network) bus that could be used to inject false data, resulting in incorrect readings in avionic equipment.” Other reports have shown remote vulnerabilities in which attackers did not require physical access.
At risk to cyberattack, the aircraft’s CAN bus connects the various avionics systems—control, navigation, sensing, monitoring, communication and entertainment systems—that enable modern-day aircraft to safely operate (Figure 1). This includes the aircraft’s engine telemetry readings, compass and attitude data, airspeed and angle of approach—all of which could be hacked to provide false readings to pilots and automated computer systems that help fly the plane.
The CISA fears that, if exploited, these vulnerabilities could provide false readings to pilots and remotely operated aircraft, causing crashes or other air incidents. Attackers with CAN bus access could alter engine telemetry readings, compass and attitude data, altitude and airspeed measurements.
Today’s drones and aircraft can have dozens of connected subsystems transmitting critical telemetry and control data to each other. Currently, tier-one suppliers and OEMs in aviation have failed to broadly implement security technologies such as secure boot, secure communication and embedded firewalls on their devices, leaving them vulnerable to hacking. While OEMs have begun to address these issues, there is much more to be done.
This includes ground-based flight and drone piloting systems as well as the navigation and steering systems aboard the drones and aircraft. It is also critical to protect the various components that go into drone management and hardware systems. This means ensuring that assemblies, sub-assemblies and other components that arrive at the drone and aircraft factories have been protected against cyber-attack during their manufacturing processes, delivery and final assembly. If a minor component infected with malware is integrated in a final product on the assembly line, the results can later be catastrophic.
Figure 2 shows six cyber security technologies that can help ensure that aircraft and drone systems can safely and securely operate and deliver their payloads and shipments to the correct locations and destinations. Each are explained in more detail here:
- Secure Boot – Ensures the integrity of firmware running on the device from the initial “power on” to application execution.
- Secure Remote Updates – Validates firmware is authentication and unmodified before permitting installation of firmware updates. Ensures components have not been modified and are authentication modules from the OEM.
- Secure Communication – Protects control messages, configuration updates and status updates sent to or from drones, preventing hackers from even communicating with drones.
- Embedded Firewall – Enforces configured filtering rules, preventing communication with unauthorized devices and blocking malicious messages.
- Secure Element Integration – Enabling use of Secure Elements, including Trusted Platform Module (TPM) compliant secure elements for secure key storage.
- Device Identity Certificates – Injection of certificates into devices during manufacturing, allowing devices to be authenticated when installed on a network and before communicating with other devices in the system.
Security must be approached holistically. Relying on secured networks and perimeter security is insufficient for drones operating remotely. It is critical to enable drones with an identity that can be verified and to build security features into the drone to provide protection from cyberattacks.
For detailed article references and additional resources go to:
Reference  as marked in the article can be found there.
Sectigo | www.sectigo.com
PUBLISHED IN CIRCUIT CELLAR MAGAZINE • DECEMBER 2019 #353 – Get a PDF of the issue