AUVSI Unveils UAS Cybersecurity Guide
September 27, 2024 | AUVSI Advocacy
This week, AUVSI published guidance for UAS stakeholders seeking to better enhance cybersecurity and mitigate supply chain risks. We caught up with Casie Ocaña, Director, Trusted Programs at AUVSI to learn more.
Q: What are some of the top pain points you’re hearing from the UAS community about cyber- and supply chain-security?
A: The bottleneck caused by addressing supply chain risks is a big one we’re hearing about from drone manufacturers, procurement officers, service providers, and end-users. The UAS industry is concerned about the challenges of managing these risks, especially when it comes to NDAA compliance.
-
Drone manufacturers are finding it increasingly difficult to source components that meet strict NDAA requirements. Some manufacturers have responded by redesigning their drones because key components like motors or sensors were either limited in supply or flagged as potential security risks. This can delay production while they search for alternatives, adding complexity and cost to the process.
-
End-users in key industries like infrastructure inspection and public safety are also facing limitations. These operators want to ensure the drones they deploy are trustworthy and secure but they’re finding that there’s a shrinking pool of vetted or approved vendors and components. This puts additional strain on procurement processes, as companies often have to wait longer or pay more for compliant systems, impacting timelines for deployment or delivery to customers.
Q: Drones have evolved into integral tools, but it seems like security didn’t always keep up with their technological evolution. Why?
A: I think about the industry’s progression in this area in phases:
-
A few years ago, drone technology reached a tipping point where UAS were widely available to consumers and companies were laser-focused on growth and launching new capabilities—making drones fly further, improving performance, and reaching customers in new industries. This growth unlocked new, high-value applications, which further pushed the industry forward at a rapid pace.
-
However, cyber and supply chain risks weren’t yet fully understood. And as drones became more connected to other devices and collected more complex and sensitive data, new threats emerged that the drone industry hadn’t yet considered.
-
In more recent years, UAS stakeholders started to recognize and respond to the severity of security risks. The U.S. government has issued increasing specificity and level of alarm about the evolving threat landscape, as our Guide lays out.
-
Today, both scalability and security are increasingly hand in hand. Drone use is growing in critical sectors, like public safety and transportation, bringing both opportunities for industry and compounded risks from continued reliance on unsecure drones. In response, there is a major effort across government and industry to close security gaps.
My takeaway is that we won’t be able to secure the UAS industry in a piecemeal manner. We need to truly address the root of these issues by establishing meaningful cybersecurity and supply chain standards across the board.
Q: What is AUVSI doing to address the needs of both drone manufacturers and end-users?
A: AUVSI recognized the growing need to address the pain points around cybersecurity and supply chain risks, particularly for companies trying to navigate the strict compliance requirements like those of the NDAA.
-
That’s why we developed the GreenUAS program, which was specifically designed to fill the gap for companies that couldn’t get onto the Blue UAS list but still needed to demonstrate compliance and cybersecurity assurances to their customers.For manufacturers, GreenUAS simplifies the compliance process by offering a more accessible route to certification. Instead of navigating multiple procurement and cybersecurity standards from different customers, manufacturers can achieve GreenUAS certification, giving them a trusted stamp of approval recognized across the industry. This helps reduce the compliance burden and provides a clear framework for meeting customer requirements. GreenUAS essentially helps standardize what’s expected from manufacturers, making it easier to produce compliant drones without dealing with constantly shifting requirements.
-
AUVSI is expanding its partnerships to strengthen the support available for the UAS industry. A key example of this is our expanded partnership with the Tulsa Innovation Labs and associated universities including University of Tulsa and Oklahoma State University. By expanding our partners with expertise in cybersecurity, we’re driving forward innovation and additional resources to our members to tackle critical vulnerabilities in drone technologies.
-
AUVSI is also working on expanding component manufacturing partnerships by focusing on securing grants and funding to better understand and address gaps in the UAS supply chain. This initiative aims to identify weak points in sourcing critical parts like motors, sensors, and communication modules and provide the necessary resources to strengthen domestic production. These efforts will help create a more secure and resilient supply chain that meets the needs of NDAA compliance and reduces reliance on foreign components.
Q: What’s an application of uncrewed systems outside of UAS that you’re excited about?
A: I’m excited by the potential of underwater drones for marine conservation and environmental protection. I’m amazed by how they’re used to monitor coral reefs, track endangered species, and map the ocean floor—which used to be too expensive or risky for human divers. They’re making a real difference in studying the impacts of climate change and helping scientists gather vital data to protect our marine ecosystems.
Related News
