Mr. AAPO CEDERBERG, Managing Director, Cyberwatch Finland, Chairman of Cyber Security Committee of World UAV Federation (WUAVF)

Drones will be having a crucial role in developing services and infrastructures in the near future. Military has used drones for a long time and in wide range of missions such as intelligence, surveillance, target acquisition, and recognition missions, in strikes against surface targets etc. Drones can provide their services at any time, be reliable, automated and autonomous. Based on these presumptions, civilian and military leaders expect drones to improve national security through surveillance or combat missions. To fulfill their missions well, drones need to be developed according the requirements of those missions. New technological solutions and innovation is urgently needed and cyber security must be included in the future solutions.

In addition to the military use, UAVs will be increasingly used for various civilian purposes, such as government missions (law enforcement, border security, coastguard), firefighting, surveillance of oil and gas industry infrastructure and electricity grid network, traffic control, disaster management, agriculture, forestry and fisheries, earth observation and remote sensing and communications and broadcasting. It seems to me that there is no limit how drones can be helpful especially as part of the logistical chains and services in the future.

Critical infrastructure (CI) includes large variety elements from nuclear reactors, chemical facilities, water systems, logistics and airports to healthcare and communications, and drones will be playing a growing role in critical infrastructure environment. They have numerous tasks in critical infrastructure maintenance and protection. At the same time CI must be able to deal with the new and emerging threat of drones. The most headline-grabbing risks tend to be physical and electronic attacks. For example, drones could carry explosives into a nuclear power plant or get close enough to execute cyber-attacks, causing disruptions or even mechanical failures or even steal sensitive data.

Drones are highly dependent on wireless systems and therefore can face considerable cybersecurity risk. UAVs security has largely focused on exploitable vulnerabilities in either the communication channels or the hardware and software stack on the drone. Such attacks have focused on exploiting unencrypted communication over wireless media to implement eavesdropping, cross-layer attacks, signal jamming, denial of service and dropping Wi-Fi communication with ground control to name a few.

Drone can also be used as a cyberattack platform. They can track signals-based radio frequencies and Bluetooth specifications. Combined with a GPS card that correlates signals to the location where they’re detected, the capabilities let Snoopy spy not only on phones, tablets, and computers, but also, potentially, on pacemakers, fitness bracelets, smartcards, and other electronics. The geographically aware Snoopy can also be mounted on a low-cost aerial drone in order to locate and maintain radio contact even when subjects are on a high-rise building or some other out-of-the way locations.

Security and cyber resilience must be a priority area of developing and mitigating the risk drones. We must be able to avoid malicious or accidental takeovers of datalinks leading to accidents or deliberate use of the aircraft to damage civilian infrastructures. Security requirements of UAVs ground control station, data link infrastructure and data must be fundamental in designing the hole ecosystem. Security by design principle should be a must for the new solutions. The international community should be able to provide recommendations and basis requirements for cyber security of the hole drone ecosystem. Cyber security should be a priority area of the security arrangements of the UAVs.

We look forward to seeing You in Helsinki!

https://www.cyberwatchfinland.fi/news/drone19/