Panel shares insights and recommendations on cyber security for drone operations

May 4, 2021 | Amy French

A six-member panel of security-minded industry leaders spent a Tuesday afternoon session explaining and exploring what many consider to be an increasingly important, under-examined question: What precautions should companies that use unmanned aircraft be taking to ward off cyber attacks?

The group, along with other security experts not present, took up the question to help the Joint Authorities for Rulemaking on Unmanned Systems  develop what is being called a “Cyber SORA” (Specific Operations Risk Assessment) protocol. JARUS is expected to release a document for external comment in the coming week.

“It’s about trying to create some reasonable, proportionate requirements or guidance for operators … so that they can mitigate cyber hazards effectively,” said moderator Andy Thurling, chief technology officer for NUAIR.

Thurling opened the presentation by emphasizing the need for a “risk-based approach” that takes into account the different levels of risk to which businesses that operate drones are exposed. Businesses whose operations involve greater risk should be asked to take greater precautions than businesses at less risk.

“You don’t want to make it too hard because then people will either leave the industry, which is bad for business, because the requirements are too hard to meet, or they’ll basically blow them off. Then they’ll be in the industry operating, anyway, in an unsecure manner and creating that weak link in the UTM ecosystem. And that would be bad for safety.”

The panel then moved into a breakdown of where drone operators can focus their attention to ensure more secure operations.

• Panelist Heather Harris-Aguirre discussed the need to set up appropriate accountability frameworks to ensure precautions are taken systematically. Harris-Aguirre is a senior safety consultant and expert in airspace integration and safety management systems with the MITRE Corporation.

• Panelist Andrew Carter, co-founder and CTO of ResilienX, spoke about the importance of ensuring the data used to fly drones is of a high quality and from reliable sources.

• Panelist Mike Gadd, head of airworthiness for Blue Bear Systems Research, spoke about vulnerabilities that can arise with firmware and software, particularly without proper maintenance and updates.

• Panelist John Bush, product security engineer for Boeing Commercial Airplanes, urged careful vetting of all aspects of the supply chain. 

The final panelist to speak was Ted Rush, an enterprise cyber architecture manager with the U.S. Federal Aviation Administration, helped to tie everything together with the perspective of a regulator who is simultaneously enthusiastic about drone technologies and wary of them.

“There are areas we have to stay focused on because we know this area is going to grow incredibly large – because how could it not? The benefits are too considerable. But with those benefits come risks.”