Cyber Risk Assessment and Scoring Model for Small Unmanned Aerial Vehicles

The commercial-off-the-shelf small Unmanned Aerial Vehicle (UAV) market is expanding rapidly in response to interest from hobbyists, commercial businesses, and military operators. The core commercial mission set directly relates to many current military requirements and strategies, with a priority on short range, low cost, real time aerial imaging, and limited modular payloads. These small vehicles present small radar cross sections, low heat signatures, and carry a variety of sensors and payloads. As with many new technologies, security seems secondary to the goal of reaching the market as soon as innovation is viable. Research indicates a growth in exploits and vulnerabilities applicable to small UAV systems, from individual UAV guidance and autopilot controls to the mobile ground station devices that may be as simple as a cellphone application controlling several aircraft. Even if developers strive to improve the security of small UAVs, consumers are left without meaningful insight into the hardware and software protections installed when buying these systems. To date, there is no marketed or accredited risk index for small UAVs. Building from similar domains of aircraft operation, information technologies, cyber-physical systems, and cyber insurance, a cyber risk assessment methodology tailored for small UAVs is proposed and presented in this research. Through case studies of popular models and tailored mission-environment scenarios, the assessment is shown to meet the three objectives of ease-of-use, breadth, and readability. By allowing a cyber risk assessment at or before acquisition, organizations and individuals will be able to accurately compare and choose the best aircraft for their mission

Architecture and Information Requirements to Assess and Predict Flight Safety Risks During Highly Autonomous Urban Flight Operations

As aviation adopts new and increasingly complex operational paradigms, vehicle types, and technologies to broaden airspace capability and efficiency, maintaining a safe system will require recognition and timely mitigation of new safety issues as they emerge and before significant consequences occur. A shift toward a more predictive risk mitigation capability becomes critical to meet this challenge. In-time safety assurance comprises monitoring, assessment, and mitigation functions that proactively reduce risk in complex operational environments where the interplay of hazards may not be known (and therefore not accounted for) during design. These functions can also help to understand and predict emergent effects caused by the increased use of automation or autonomous functions that may exhibit unexpected non-deterministic behaviors. The envisioned monitoring and assessment functions can look for precursors, anomalies, and trends (PATs) by applying model-based and data-driven methods. Outputs would then drive downstream mitigation(s) if needed to reduce risk. These mitigations may be accomplished using traditional design revision processes or via operational (and sometimes automated) mechanisms. The latter refers to the in-time aspect of the system concept. This report comprises architecture and information requirements and considerations toward enabling such a capability within the domain of low altitude highly autonomous urban flight operations. This domain may span, for example, public-use surveillance missions flown by small unmanned aircraft (e.g., infrastructure inspection, facility management, emergency response, law enforcement, and/or security) to transportation missions flown by larger aircraft that may carry passengers or deliver products. Caveat: Any stated requirements in this report should be considered initial requirements that are intended to drive research and development (R&D). These initial requirements are likely to evolve based on R&D findings, refinement of operational concepts, industry advances, and new industry or regulatory policies or standards related to safety assurance

AN ANALYSIS OF HOW THE U.S. GOVERNMENT CAN EFFECTIVELY TACKLE SUPPLY CHAIN BARRIERS TO SCALE UP THE LOW COST UNMANNED AERIAL VEHICLE (UAV) SWARMING TECHNOLOGY (LOCUST) PROGRAM

The LOCUST program is a scalable system of inexpensive swarming unmanned aerial vehicles to provide disruptive capability in contested environments against anti-area access denial defenses, enabling manned strike operations and localized landing site superiority with reduced cost, risk, and operator launch and workload. Our research and analysis will emphasize the challenges of moving from a U.S. Special Operations Command (USSOCOM) effort to a large program of record. Specific supply chain concerns that will be addressed include: 1) DOD organizational structure; 2) service-specific objectives and currently operating platforms; 3) requirements generation and related procurements to include production and quality challenges; 4) safety and quality assurance standards; 5) lead times, inventory plans, and throughput to include supplier base considerations and consolidations; and 6) latest evolving technologies and continuous improvement principles. Our team will utilize the Define, Measure, Analyze, Improve, Control (DMAIC) evaluative methodology that focuses on data-driven improvement cycles to better optimize process, design and results. Our results and recommendations highlighted multiple strategies that the Office of Naval Research (ONR) must focus on when developing the LOCUST supply chain. These conclusions and findings address both current supply chain development opportunities for the LOCUST program, as well as where the program must focus its efforts in the future.http://archive.org/details/ananalysisofhowt1094563516Civilian, Department of the NavyCivilian, Department of the ArmyCivilian, Department of the ArmyApproved for public release; distribution is unlimited

Standardization Roadmap for Unmanned Aircraft Systems, Version 2.0

This Standardization Roadmap for Unmanned Aircraft Systems, Version 2.0 (“roadmap”) is an update to version 1.0 of this document published in December 2018. It identifies existing standards and standards in development, assesses gaps, and makes recommendations for priority areas where there is a perceived need for additional standardization and/or pre-standardization R&D. The roadmap has examined 78 issue areas, identified a total of 71 open gaps and corresponding recommendations across the topical areas of airworthiness; flight operations (both general concerns and application-specific ones including critical infrastructure inspections, commercial services, and public safety operations); and personnel training, qualifications, and certification. Of that total, 47 gaps/recommendations have been identified as high priority, 21 as medium priority, and 3 as low priority. A “gap” means no published standard or specification exists that covers the particular issue in question. In 53 cases, additional R&D is needed. As with the earlier version of this document, the hope is that the roadmap will be broadly adopted by the standards community and that it will facilitate a more coherent and coordinated approach to the future development of standards for UAS. To that end, it is envisioned that the roadmap will continue to be promoted in the coming year. It is also envisioned that a mechanism may be established to assess progress on its implementation

Malicious Digital Penetration of United States Weaponized Military Unmanned Aerial Vehicle Systems: A National Security Perspective Concerning the Complexity of Military UAVs and Hacking

The United States’ (US) military unmanned aerial vehicle (UAV) has seen increased usage under the post 9/11 military engagements in the Middle East, Afghanistan, and within American borders. However, the very digital networks controlling these aircrafts are now enduring malicious intrusions (hacking) by America’s enemies. . The digital intrusions serve as a presage over the very digital networks the US relies upon to safeguard its national security and interests and domestic territory. The complexity surrounding the hacking of US military UAVs appears to be increasing, given the advancements in digital networks and the seemingly inauspicious nature of artificial intelligence and autonomous systems. Being most victimized by malicious digital intrusions, the US continues its military components towards growing dependence upon digital networks in advancing warfare and national security and interests. Thus, America’s netcentric warfare perspectives may perpetuate a chaotic environment where the use of military force is the sole means of safeguarding its digital networks

Risk driven models & security framework for drone operation in GNSS-denied environments

Flying machines in the air without human inhabitation has moved from abstracts to reality and the concept of unmanned aerial vehicles continues to evolve. Drones are popularly known to use GPS and other forms of GNSS for navigation, but this has unfortunately opened them up to spoofing and other forms of cybersecurity threats. The use of computer vision to find location through pre-stored satellite images has become a suggested solution but this gives rise to security challenges in the form of spoofing, tampering, denial of service and other forms of attacks. These security challenges are reviewed with appropriate requirements recommended. This research uses the STRIDE threat analysis model to analyse threats in drone operation in GNSS-denied environment. Other threat models were considered including DREAD and PASTA, but STRIDE is chosen because of its suitability and the complementary ability it serves to other analytical methods used in this work. Research work is taken further to divide the drone system into units based in similarities in functions and architecture. They are then subjected to Failure Mode and Effects Analysis (FMEA), and Fault Tree Analysis (FTA). The STRIDE threat model is used as base events for the FTA and an FMEA is conducted based on adaptations from IEC 62443-1-1, Network and System Security- Terminology, concepts, and models and IEC 62443-3-2, security risk assessment for system design. The FTA and FMEA are widely known for functional safety purposes but there is a divergent use for the tools where we consider cybersecurity vulnerabilities specifically, instead of faults. The IEC 62443 series has become synonymous with Industrial Automation and Control Systems. However, inspiration is drawn from that series for this work because, drones, as much as any technological gadget in play recently, falls under a growing umbrella of quickly evolving devices, known as Internet of Things (IoT). These IoT devices can be principally considered as part of Industrial Automation and Control Systems. Results from the analysis are used to recommend security standards & requirements that can be applied in drone operation in GNSS-denied environments. The framework recommended in this research is consistent with IEC 62443-3-3, System security requirements and security levels and has the following categorization from IEC 62443-1-1, identification, and authentication control, use control, system integrity, data confidentiality, restricted data flow, timely response to events and resource availability. The recommended framework is applicable and relevant to military, private and commercial drone deployment because the framework can be adapted and further tweaked to suit the context which it is intended for. Application of this framework in drone operation in GNSS denied environment will greatly improve upon the cyber resilience of the drone network system

Unmanned Vehicle Systems & Operations on Air, Sea, Land

Unmanned Vehicle Systems & Operations On Air, Sea, Land is our fourth textbook in a series covering the world of Unmanned Aircraft Systems (UAS) and Counter Unmanned Aircraft Systems (CUAS). (Nichols R. K., 2018) (Nichols R. K., et al., 2019) (Nichols R. , et al., 2020)The authors have expanded their purview beyond UAS / CUAS systems. Our title shows our concern for growth and unique cyber security unmanned vehicle technology and operations for unmanned vehicles in all theaters: Air, Sea and Land – especially maritime cybersecurity and China proliferation issues. Topics include: Information Advances, Remote ID, and Extreme Persistence ISR; Unmanned Aerial Vehicles & How They Can Augment Mesonet Weather Tower Data Collection; Tour de Drones for the Discerning Palate; Underwater Autonomous Navigation & other UUV Advances; Autonomous Maritime Asymmetric Systems; UUV Integrated Autonomous Missions & Drone Management; Principles of Naval Architecture Applied to UUV’s; Unmanned Logistics Operating Safely and Efficiently Across Multiple Domains; Chinese Advances in Stealth UAV Penetration Path Planning in Combat Environment; UAS, the Fourth Amendment and Privacy; UV & Disinformation / Misinformation Channels; Chinese UAS Proliferation along New Silk Road Sea / Land Routes; Automaton, AI, Law, Ethics, Crossing the Machine – Human Barrier and Maritime Cybersecurity.Unmanned Vehicle Systems are an integral part of the US national critical infrastructure The authors have endeavored to bring a breadth and quality of information to the reader that is unparalleled in the unclassified sphere. Unmanned Vehicle (UV) Systems & Operations On Air, Sea, Land discusses state-of-the-art technology / issues facing U.S. UV system researchers / designers / manufacturers / testers. We trust our newest look at Unmanned Vehicles in Air, Sea, and Land will enrich our students and readers understanding of the purview of this wonderful technology we call UV.https://newprairiepress.org/ebooks/1035/thumbnail.jp

Disruptive Technologies with Applications in Airline & Marine and Defense Industries

Disruptive Technologies With Applications in Airline, Marine, Defense Industries is our fifth textbook in a series covering the world of Unmanned Vehicle Systems Applications & Operations On Air, Sea, and Land. The authors have expanded their purview beyond UAS / CUAS / UUV systems that we have written extensively about in our previous four textbooks. Our new title shows our concern for the emergence of Disruptive Technologies and how they apply to the Airline, Marine and Defense industries. Emerging technologies are technologies whose development, practical applications, or both are still largely unrealized, such that they are figuratively emerging into prominence from a background of nonexistence or obscurity. A Disruptive technology is one that displaces an established technology and shakes up the industry or a ground-breaking product that creates a completely new industry.That is what our book is about. The authors think we have found technology trends that will replace the status quo or disrupt the conventional technology paradigms.The authors have collaborated to write some explosive chapters in Book 5:Advances in Automation & Human Machine Interface; Social Media as a Battleground in Information Warfare (IW); Robust cyber-security alterative / replacement for the popular Blockchain Algorithm and a clean solution for Ransomware; Advanced sensor technologies that are used by UUVs for munitions characterization, assessment, and classification and counter hostile use of UUVs against U.S. capital assets in the South China Seas. Challenged the status quo and debunked the climate change fraud with verifiable facts; Explodes our minds with nightmare technologies that if they come to fruition may do more harm than good; Propulsion and Fuels: Disruptive Technologies for Submersible Craft Including UUVs; Challenge the ammunition industry by grassroots use of recycled metals; Changing landscape of UAS regulations and drone privacy; and finally, Detailing Bioterrorism Risks, Biodefense, Biological Threat Agents, and the need for advanced sensors to detect these attacks.https://newprairiepress.org/ebooks/1038/thumbnail.jp