At the Energy Drone and Robotics Summit in Houston this week, a panel of experts discussed one of the most hotly debated issues facing the drone industry today: ensuring the cybersecurity of drone data, without sacrificing performance or cost effectiveness.
Continue reading below, or listen:
The panel approached cybersecurity from three unique perspectives. Andrew “AJ” Smith has been in law enforcement since 2016, helping to build out the drone unit in the Waco Police Department; he is now working at the Waco Sheriffs Office’s Aviation Unit.
Drew Smith began working with drones as an Army Reconnaissance Scout, and is now the CEO of Lone Star Drone, overseeing daily operations both nationally and internationally. Lone Star serves a wide range of clients in the government and industrial sectors, using a variety of hardware.
Kelly Brodbeck leads Teledyne FLIR’s new commercial drone program as the Product Manager of SIRAS, a drone for infrastructure inspection and public safety applications specifically designed to meet cybersecurity needs.
Top Cybersecurity Concerns
What are the top cybersecurity concerns voiced by customers and stakeholders? Public safety has been on the front lines of the issue. New federal and state regulations have limited the use of foreign manufactured technology for public safety, emphasizing the need for secure platforms. These new regulations may require that public agencies change their hardware: but they don’t change the essential need for data security, says AJ Smith.
“For public safety and law enforcement, it’s very important to have a clear chain of custody for the data: from data collection to transmission to storage,” AJ explains. “You want that data to be usable as evidence. You have to be able to show that it was handled correctly through every step of the process, from the time you fly the drone to the time the data is used in court.”
Data Security, Every Step of the Way
Drew Smith says that enterprise and energy customers are also concerned about securing the data at every stage of the process – which can be difficult if the data goes automatically to a cloud. Drew’s team has detailed operational procedures for ensuring data security, beginning with ensuring that the data lives locally, on an SD card on the drone. “When the data is on the card, you don’t have any question about cybersecurity risk. You know exactly where the data is.”
That’s a position that the Cybersecurity and Infrastructure Security Agency endorses. The agency recommends that stakeholders “protect their data and privacy before, during, and after flying their drone.” The biggest vulnerability for drone data, say agency recommendations, is connection to the internet.
As connected devices, drones are often connected to the internet and other devices via Bluetooth. As a result, they take on many of the vulnerabilities of these connections and are susceptible to cyberattacks and privacy violations.
Cybersecure – or Affordable?
Many companies see the need to shift to a trusted drone platform, but that often means giving up performance features and affordability. At Teledyne FLIR, Kelly Brodbeck says, they’ve worked to provide a cybersecure drone platform, without sacrificing competitive price and availability. “Customers trust the Teledyne FLIR name, which has a long history in the defense industry,” says Brodbeck. “We’ve addressed their primary cybersecurity needs by making sure that SIRAS doesn’t connect to the internet – it’s a physical data transfer.” No connection limits the risk: and eliminates any question about what might or might not happen to the data during transfer.
Blue, Green, NDAA: What they Mean for Customers
In the confusion over what cybersecurity means, several sets of standards have emerged. These standards have different origins and different purposes. The “Blue sUAS” list is maintained by the Department of Innovation Unit (DIU) at the US Department of Defense. Originally listing only 5 aircraft designed for short range reconnaissance, the list has been adopted by other agencies, causing a problem for cyber secure, U.S. manufactured platforms not on the limited list. The Green sUAS program was developed by drone industry advocacy group AUVSI, in an effort to help bridge the gap and provide a broader process of review for more companies: but this program is also in development. NDAA-compliance refers to a list of standards developed during the Trump administration that laid out manufacturing guidelines designed to eliminate parts manufactured in China and countries of concern.
Teledyne FLIR has taken a reasonable approach: combining unquestionable data control with manufacturing that keeps the cost down and ensures availability. Parts are manufactured in Taiwan, which is not a country of concern: “the brains and systems are developed in the U.S.,” says Brodbeck. Teledyne FLIR is a Fortune 1000 company: their robust supply chain and partnership with their manufacturer in Taiwan ensures that they can manufacture and deliver drones at scale, at a competitive price.
Physical Data Transfer: a Sacrifice or a Standard?
While some commercial drone systems automatically transfer data to their cloud, Drew says that in his experience keeping the data on an SD card is still the industry standard. “It’s the way most clients want the data handled, and it’s reliable,” he comments. “You can’t always rely on an internet connection. Drone missions can happen anywhere: and as long as we have a supply of SD cards, we aren’t going to run out of storage or risk losing any data for our clients.”
The Takeaways
Cybersecurity for drones is a complex issue that requires thought throughout the process: from hardware choice to operational procedures, data transfer protocols, processing methods, and secure data storage. Companies of all sizes are subject to data theft and cyber threats: energy companies and other enterprise clients have to consider what data needs to be protected and establish appropriate processes. “There is no silver bullet,” says Drew. “Cybersecurity means making sure that you have control of your data through every step of the process. There is hardware available like SIRAS that can meet both cybersecurity and performance needs.”
Miriam McNabb is the Editor-in-Chief of DRONELIFE and CEO of JobForDrones, a professional drone services marketplace, and a fascinated observer of the emerging drone industry and the regulatory environment for drones. Miriam has penned over 3,000 articles focused on the commercial drone space and is an international speaker and recognized figure in the industry. Miriam has a degree from the University of Chicago and over 20 years of experience in high tech sales and marketing for new technologies.
For drone industry consulting or writing, Email Miriam.
TWITTER:@spaldingbarker
Subscribe to DroneLife here.
[…] Cybersecurity With out Sacrifice: From the Ground of the Power Drone and Robotics Summit […]