In this report, the authors explore approaches for understanding, inventorying, and modeling cybersecurity implications of the rapid growth in drone usage, focusing specifically on current vulnerabilities and future trends. The authors propose conceptual approaches meant to enable the enumeration and categorization of drone-related cyber threats and explore some of the potential benefits and challenges of modeling the commercial drone threat.
How to Analyze the Cyber Threat from Drones
Background, Analysis Frameworks, and Analysis Tools
Download
Download eBook for Free
Format | File Size | Notes |
---|---|---|
PDF file | 4.6 MB | Use Adobe Acrobat Reader version 10 or higher for the best experience. |
Purchase
Purchase Print Copy
Format | List Price | Price | |
---|---|---|---|
Add to Cart | Paperback96 pages | $26.00 | $20.80 20% Web Discount |
Research Questions
- What are the cybersecurity implications of the rapid growth in UAS, in terms of both UAS as cyber weapons and UAS as cyber targets?
- What are some conceptual approaches that can enable the enumeration and categorization of drone-related cyber threats?
- What are the industry trends related to cybersecurity and UAS and the implications thereof?
- What threats exist related to cybersecurity and UAS, from the perspective of the Department of Homeland Security?
This work explores approaches for understanding, inventorying, and modeling cybersecurity implications of the rapid growth in unmanned aerial systems (UAS), focusing specifically on current vulnerabilities and future trends. The authors propose conceptual approaches meant to enable the enumeration and categorization of UAS-related cyber threats and explore some of the potential benefits and challenges of modeling the commercial UAS threat. These approaches are applied to real-world threat scenarios to test their validity and illustrate the types of attacks that are currently feasible. Industry trends and the implications of these trends for cybersecurity are presented. Finally, the authors consider the UAS-related cybersecurity threat from the perspective of the Department of Homeland Security (DHS). Specifically, the authors describe the vulnerability of particular DHS components to the threats described in this report and suggest possible means of threat mitigation.
Key Findings
The cybersecurity threat landscape introduced by a wider range of UAS use is not well understood
- A combination of "blue" and "red" team approaches to enumerating, understanding, and categorizing cyber threats related to UAS as targets and UAS as weapons can help stakeholders better understand the space.
- Emerging trends such as autonomous flight, UAS traffic management, swarming, AI, and blockchain will continue to add complexity to this space.
Compromised drones can have real impacts on security for the Department of Homeland Security
- If faced with compromised drones, Customs and Border Protection might lose intelligence, surveillance, and reconnaissance (ISR) capabilities, creating visual blind spots in detection of smuggling or other nefarious activities at borders and ports.
- Compromised Federal Emergency Management Agency (FEMA) drones might reduce the agency's capability to identify, reach, or supply individuals in peril or medical distress in disaster zones.
- Compromised Cybersecurity and Infrastructure Security Agency (CISA) drones would degrade the ability of CISA to conduct critical infrastructure inspections in some cases, and could be used in a cyberphysical attack to damage the critical infrastructure it was meant to survey.
- Compromised Immigrations and Customs Enforcement drones will reduce overall capability, require fallback to less-familiar concepts of operation, and increase risk for the agents in the field.
Recommendations
- DHS must continue to work with senior policymakers, cybersecurity experts, and other government and law enforcement agencies to move towards a coherent UAS cyber strategy.
- DHS should also prioritize the most critical vulnerabilities and find ways to close attack vectors and protect attack surfaces.
- DHS will need to monitor UAS adoption and anticipate the implications of widespread UAS diffusion.
Table of Contents
Chapter One
Introduction
Chapter Two
Understanding the UAS Threat Space
Chapter Three
The UAS and Cybersecurity Threat Space Today
Chapter Four
Industry Trends and the Future of UAS Cybersecurity
Chapter Five
UAS, Cybersecurity, and the Department of Homeland Security
Chapter Six
Conclusion and Recommendations
Appendix A
Attack Categorization
Research conducted by
This research was conducted using internal funding generated from operations of the Homeland Security Research Division (HSRD) and within the HSRD Acquisition and Development Program.
This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.