A recent hacker demo at Black Hat 2018 showed that satellite communication systems used by ships, airplanes, and military units all over the world are susceptible to cyber-attack. Luckily, it’s not as bad as it sounds. For example, in the case of airplanes, an attacker could disable an airliner’s in-flight Wi-Fi, tweak its settings, and disable in-flight satellite communications. However, these vulnerabilities do not impact aircraft avionics systems that control the airplane. Furthermore, trained pilots can quickly intervene if a hack was attempted.
This scenario – as well as recent events like the use of drones in an apparent attempted assassination of the president of Venezuela – got The New Airspace editorial board thinking about cybersecurity for unmanned aerial vehicles (UAVs). We contacted Bob Busey, director of Unmanned Vehicle Control Systems for Raytheon, to ask him about it.
Busey shared that cyber threats are everywhere, in both manned and unmanned vehicles.
“As we continue to see more and more unmanned vehicles out there, in both commercial and military sectors, the cyberthreat will not only continue, but it will grow,” he said, “In the case of a UAV, you don’t have a human in the loop to be able to take control in a cyber-attack. But, in a manned vehicle, like an airplane, if something crazy starts to happen, you at least have a pilot who can take control and fly that vehicle.”
Busey pointed out that the growth of small- and medium-sized UAVs in the airspace, particularly those on the market for less than $400, such as quadcopters, is adding to the complexity of the issue.
“Smaller drones have ranges of several hundred feet, and the concern with those types of vehicles is they are very open and susceptible to potentially being taken over for nefarious reasons,” he said. “In general, we are seeing more and more internet-related connectivity and more radio-wave type technology in use with smaller drones, and that lends itself more and more to cyber vulnerabilities.”
Busey’s role at Raytheon focuses on UAV ground control systems, and he discussed how the company has made a huge investment in cybersecurity over the past 10 to 12 years.
“We have been involved in unmanned ground vehicles, air vehicle command and control, mission management, and similar types of activities for 20 to 25 years,” he said. “We are on the cutting edge with Global Hawk command and control and have been taking new technologies we’ve been investing in and bringing those tools to bear to create and implement the latest and greatest in cyber resiliency into both military and commercial systems.
“Whether it is Global Hawk or Fire Scout ground control stations and other products we contribute to, they will be the most modern available in terms of cyber resiliency and cyber hardening,” Busey said.
He explained Raytheon’s “modernization through sustainment” approach, which involves bringing leading edge cybersecurity to new systems and upgrading older systems.
As UAVs and cyber threats increase, funding for cybersecurity likewise has increased, according to Busey. The Department of Defense has mandated cybersecurity protection through Defense Federal Acquisition Regulation Supplement, or DFARS.
“Ten years ago, when people heard the word ‘cyber,’ they would nod their heads and say, ‘Yes, that is a concern,’” Busey said, “but it was lightly funded. Ten years later, cyber is being taken very seriously, and it is right at the top of the list of considerations when people look at the general capabilities of an air vehicle or a sensor. Today, people ask, ‘How are we going to deal with cyber vulnerabilities?’
“It has been a slow progression, but we are seeing more and more funding. Like cyber, however, funding requirements are constantly evolving,” he said. “Every system is being looked at individually for any potential vulnerabilities and usually is funded to mitigate those vulnerabilities.”