The potential benefits of drones to radically accelerate and change the landscape across multiple industries alongside aspects of our society have been widely discussed. From contactless deliveries in the era of Covid-19, life-saving drones which find missing people and deliver essential supplies, to ordinance survey drones (a uniquely held position of aircraft previously) which help with flood planning or protecting our oceans by detecting areas hardest hit by plastic waste. Drones in their essential form have been used in many positive aspects, some of which are obvious, some less so (anti-poaching drones in wildlife preservation to name just one). On the other hand, the challenges regarding drone security issues are somewhat less discussed. In addition, as with many other new technologies and emerging industries, new regulations are being introduced to the market as well for safer usages.
As it stands, there are the 3 main challenges that the drone industry and/or drone market is facing today.
- Security : Hijacking
- Safety : Identification
- Regulation : Compliance issues
Security : Hijacking
Security is always an issue for any high-tech products and drone is no exception. Drone communications with remote controllers are often encrypted. However, the encrypted codes are often the same (i.e. static), which makes it a good and easy target for hijacking.
There are a few technical challenges when it comes to the security side of drones.
For drones, having a lightweight solution both on a physical and digital level is essential. This relates directly to the power consumption and its battery life. In military drones, extra hardware (CMVP) are installed to the drones to validate the security level in communications. You can imagine why this is necessary for the military. Commercial drones on the other hand are usually relatively light and small, meaning extra hardware installation is a big burden. Therefore, small commercial drones often rely on the existing encrypted communication methods which are relatively easy to hijack.
Safety : Identification
When drones are mis-used, safety is always the biggest concern. Drones are small, fast, and relatively difficult to detect in comparison to a flying jet. All it takes is just one person using a drone with bad intentions to significantly harm public safety, especially near critical infrastructure such as airports and nuclear plants, etc. This is precisely the reason why there is a need for an identification system for drones and their operators.
Regulation : Compliance issues
Aviation authorities such as the Federal Aviation Administration (FAA) in the U.S have started to introduce a number of new regulations as more people own drones, and also to give guidelines on how to operate drones in a safe and useful manner.
One of the key regulations to take effect very soon is Remote ID. This is a new regulation introduced by the FAA and it is the “ability of a drone in flight to provide identification and location information that can be received by other parties”, such as law enforcement. To comply with this upcoming regulation, drone manufacturers are having to implement a solution to embed identification capabilities on the drone in accordance with the standards given by the FAA. The drone pilots/operators must also register themselves with the FAA before they can legally fly the drones.
SSenStone has developed a handy solution to tackle all of the 3 challenges listed above; SSenStone Drone. This is a software and hardware-based solution that can perform the following:
- Pilot ID : Identify, verify and authenticate the pilot flying the drone(s);
- Command : Secure commands between drones and the remote controller, and;
- IFF : Identify and evaluate friendliness of the drone in the airspace.
SSenStone Pilot ID allows the pilot to securely access their drone remote system just like SSenStone’s other existing access management solutions, which ensures the highest level of security together with convenience. The pilot uses SSenStone’s mobile app to authenticate themselves, and generate a One-Time-Authentication-Code (OTAC) which can be used to securely access the drone control system.
Once the pilot securely accesses the control system via Pilot ID, the pilot can have full confidence in the security level of the command communication to the drone. Thanks to SSenStone command, every single command generated from the remote controller will be in a ‘one-time, dynamic’ form. This means that every single command is unique, and even if a hacker obtains the command information, the command will be different next time around, meaning it prevents any risk of drone hijacking.
Any critical infrastructures and law enforcement can also benefit from the solution. SSenStone combines the unique information from the Pilot ID and SSenStone Command as a chained protocol to generate SSenStone IFF (Identification of Friendly or Foe), a unique set of codes that contain the identification and verification codes of the flying drone. This evaluates whether or not a flying drone is a legitimate and registered drone and pilot, together with the permission rights within the airspace, in order to evaluate and share the ‘friendliness’ of the drone. The uniqueness here is that this is a chained protocol. This means that if EITHER the Pilot ID or Command is compromised in any way by the hacker, the system immediately re-evaluates the friendliness of the drone, which will then register as an unfriendly/invalid drone, whereby the law enforcement can take action to take it down.
The drone industry is growing fast, and the challenges around the industry will only grow faster. It is important that the industry is well aware of the challenges and to prepare beforehand to minimize any potential damages. As with many new advanced technologies, the objective is often to utilize them as a cause for good, however, the ability for people to exploit these new technologies remains apparent. As they learn to exploit, we must also adapt.