The break-neck adoption of Internet of Things (IoT) architecture across every commercial sector is blossoming – and that certainly applies to drones. A recent study predicted more than half of all newly developed business processes will include IoT by 2020.
Emerging security threats go hand in hand with emerging technology. Drone expert Amit Ganjoo believes the drone must mount an effective offense to defend against inevitable security attacks between IoT devices and UAVs.
“We as an industry need to consider all key technical areas and explore ways of integrating “security by design” principles into commercial drone ecosystem development,” Ganjoo wrote in a recent LinkedIn article.
Ganjoo, an experimental aircraft builder and CEO and Founder of ANRA Technologies, says threats to drone ecosystems can be mitigated by focusing on denial of service (DoS) protection and identity management.
As cheaper, less reliable drones and devices enter the ecosystem, Ganjoo believes such components will prove to be the weak links that hold the door open for devious swarms of DoS sorties.
“As more devices are connected to the wireless broadband networks, the networks will be exposed to DoS targeting the limited resources of specific services, much like botnet-driven distributed denial of service attacks in the Internet,” Ganjoo writes.
“Drones operations need to account for this possibility and plan for the mitigation of such attacks by having redundant interfaces as well as extensive fail-safes integrated in the solution.”
When it comes to tight drone security, the virtual transaction “knock, knock; who’s there?” may be one of the most important interactions between drones and devices. Ganjoo points out the industry must establish and maintain stringent standards when it comes to identification protocols within the tech ecosystem.
“Identifications needs exist at every layer of the stack, in every segment of the architecture,” he said. “For example, drones might need to be identified as hardware trust anchors but then you have IP endpoints, cloud service instances, network services, virtualized network function instances, subscribers, and administrators and many more.”
Ganjoo adds that identities must “be defined, provisioned, maintained, validated, revoked, etc., so we require a robust identity management solution that captures the entire life cycle of this management task.”
Overall, Ganjoo concludes, the future of drone/IoT security could be a mixed bag unless the industries cooperate with regulators and academia to create standardized solutions.
“Some segments will get higher level of scrutiny and hence security such as commercial radio access technologies such as cellular due to the standardization bodies like 3GPP. However, each segment of the overall solution has its own unique challenges that need to be looked at in detail.”