Chapter 3: Understanding Hostile Use and Cyber-Vulnerabilities of UAS: Components, Autonomy v Automation, Sensors, SAA, SCADA and Cyber Attack Taxonomy

Cyber – Attack Taxonomy

UAS SCADA systems susceptible to a broad range of cyber and network specific attacks on the SAA modules in the aircraft and communication structures from the ground or satellite links. These represent system threats and vulnerabilities of the UAS structure, increasing the risk of hostile use or takeover. (Nichols R. , Nov 28-30, 2006)A UAS Cyber Attack Taxonomy is an organized view of potential cyber threats to UAS assets. The Taxonomy is a list of agents that increase risk of a successful attack on US UAS ADS assets. Remember the authors’ contention, the risk of success of terrorist attacks on USA Air Defense Systems (ADS) via UASs is higher because of improving commercial capabilities and accessibility.

A qualitative view of information risk (also a measure of cyber-attack lethality) in a system such as SAA or computer network is expressed as:

At time state =0, where Vulnerabilities & Impact are constants and drop out of the equation.

Threats are real, and if applied in the absence of appropriate countermeasures, will increase the likelihood of a successful cyber-attack. Vulnerabilities are weaknesses in the system that a threat may or may not exploit. Vulnerabilities essentially in the system, ab initio. Threats can be mitigated or improved based on the attack circumstances. Impact is an after-the-fact accounting of the cyber-attack. No matter what the magnitude, it is a constant. Countermeasures are a host of technologies that can be applied to mitigate threats and reduce Risk. Increased Threats means increased Risk. Increased Countermeasures means decreased Risk. In practice, these equations require a qualitative legend to make comparable cases. Conversely, decreased threats means decreased Risk and decreased countermeasures means increased Risk. (Nichols R.-0. , 2016)Some authors use Vulnerabilities to assess Risk. (Garcia, 2006) Therefor our cyber-attack taxonomy must work for either Risk approach. There are many approaches to evaluating Risk. The authors choose the simplest approach to understand the attack vectors.

Espionage

Let us define some of its elements. First, we have espionage by foreign hackers. One of the main culprits are the Chinese who both encourage stealing state secrets have been quite successful. (Brenner, 2011) Hackers have successfully attacked U.S. Transportation Command (TRANSCOM) networks, “Stole designs for advanced U.S. weapons systems, including:

• F-35 Joint Strike Fighter,
• F/A-18 Fighter Jet,
• Patriot Missile System,
• RQ-4 Global Hawk Drones,
• P-8 Poseidon Reconnaissance Aircraft,
• UH-60 Black Hawk Helicopter,
• Littoral Combat Ship,
• Army’s Terminal High Altitude Area Defense Missile Defense System
• Navy’s Aegis Ballistic Missile Defense Program,
• compromised White House computer systems for espionage against military offices, targeting: Interoffice communication;
• Nuclear codes,
• took temporary control of National Oceanic and Atmospheric Administration’s (NOAA) weather satellites, and
• Civil Reserve Air Fleet systems by compromising computers defense contractors.” (Sood A.K. & Enbody, 2014)

Adding to our taxonomy, there are three Vulnerability classes exploited in UAS cyber-attacks: “Software-based, Insider Threats, and Hardware-based. Software and hardware vulnerabilities are result of poor coding practices and dearth of security understanding in developers. Hardcoded passwords exist because programmers prefer an effortless way for recovery purposes such as debugging. Vulnerabilities have drastic impact on security of software.” (Sood A.K. & Enbody, 2014) “Developers or programmers with malicious intent may implant computer hardware with code as part of a targeted attack. Insider threat vulnerabilities are difficult to assess due to human element involved. Multi-layer defenses are required to combat vulnerabilities in software/hardware world.” (Sood A.K. & Enbody, 2014)

Software – Based Vulnerabilities

“Military UAS defense systems deploy widely used software in their network devices: Operating systems, open source software, routers, radio frequency devices, Internet Connection Sharing (ICS) and SAA SCADA.” (Sood A.K. & Enbody, 2014) UAS ground system network software may have the standard vulnerabilities; “hardcoded passwords, backdoors in firmware, insecure protocols, Remote Command Execution (RCE), default passwords for Human-Machine Interfaces (HMIs), Insecure authentication and authorization, malicious hardware, critical infrastructure systems have hardcoded passwords embedded in firmware which may allow attackers to gain complete access to system.” (Sood A.K. & Enbody, 2014) It doesn’t end there. Other software-based vulnerabilities: “Backdoors exist for support or remote access purposes, Hardcoded passwords easily obtained by: Reverse engineering firmware, analyzing functional components,” (Sood A.K. & Enbody, 2014) Remote Code Execution (RCE) which is an attacker’s ability to execute attacker’s commands on target machine or target process remotely. Another RCE vulnerability is a software bug that gives attacker way to execute arbitrary code or ability to trigger arbitrary code execution from one machine on another. (Nichols R.-0. , 2016)

Unfortunately,” Remote Code Execution (RCE) can be triggered by exploiting security flaws in:

Operating system components, browsers,” ICS, SCADA, routers, Microsoft Office, Adobe Reader, and Java. Remote Code Execution (RCE) is a powerful threat to UAS and supporting computer systems. “Attackers exploit security issues; buffer overflows (stack, heap, integer), use-after free errors, race conditions, memory corruption, privilege escalations and dangling pointers.”

Remote Code Execution (RCE) vulnerabilities keeps growing and RCE vulnerabilities allow “attackers to execute arbitrary code on compromised systems, drive-by downloads, spear phishing attacks.” (Sood A.K. & Enbody, 2014)

ICS/SCADA is particularly vulnerable to remote code execution vulnerabilities. Another form is SQL injections, “which exploits weaknesses in web applications to allow attackers’ queries to be executed directly in backend database” and allow attackers to extract sensitive information such as credentials, emails, critical documents, intelligence. “Data stolen using SQL injection can provide critical information for advanced UAS targeted attacks.” (Sood A.K. & Enbody, 2014)

The final group in the software- based vulnerabilities set is “insecure authentication and file uploading flaws. These allow remote attackers to access critical systems by exploiting weak authentication design and uploading malicious code or firmware. This security issue persists due to inability of systems to implement granular control through proper authentication and authorization checks. File uploading attacks exploit a system’s inability to determine type of files being uploaded on server.” (Sood A.K. & Enbody, 2014)

Insider Threat Vulnerabilities

“Insider threats involve a malicious employee or contractor that steals sensitive organizational assets or otherwise diminishes integrity of organization.” (Sood A.K. & Enbody, 2014) Insider threats may be intentional or unintentional. The outcome is the same, increased risk.

Intentional Insider Threats (IIT): is “when contractors or employees turn malicious,” their motives: revenge, personal grudge, and /or greed. Regarding Unintentional Insider Threats (UIT), “the US military defense outsources jobs to contractors, which presents a softer target than military facilities. The result is compromised contractors’ assets allows attackers to steal intelligence from military defense networks. The contractor acts as a proxy to provide entry for attacker, even though contractor has no intention to conduct spying / stealing assets.” (Sood A.K. & Enbody, 2014)

“Edward Snowden worked as a contractor for Central Intelligence Agency and NSA. Snowden leaked copious amounts of information, including information of Government Communications Headquarters (GCHQ) and National Security Agency (NSA) project, ‘Anarchist; Hacking of Israeli drone feeds; ‘The Drone Papers’ – The Intercept and Leaks regarding drone usage in Afghanistan, Yemen, and Somalia.” (Sood A.K. & Enbody, 2014)

Hardware-based Vulnerabilities

The US sometimes picks the wrong vendors to supply its UAS critical hardware. Hardware imported from China includes backdoor access to hardware after deployment. “Exported Chinese manufacturing units compromised military-grade FPGA computer chips, circuits, and counterfeit devices, such as scanners.” “Zombie Zero malware has been implanted in software of scanner hardware manufactured in China as part of attack targeting shipping and logistics industries, especially printers. When scanners are connected to networks they provide platforms for compromising networks. Counterfeit devices and circuits developed in China for U.S. military and defense contractors to be used in warships, missiles, airplanes and

UAS.” (Sood A.K. & Enbody, 2014) (Threat to all nations that receive hardware preinstalled with malware.) (Nichols R.-0. , 2016)

“Hardware based vulnerabilities observed in actual attacks on military defense systems (Army) and applications include the following; backdoors and hardcoded passwords, compromised

GPS Satellite Communication (SATCOM) systems,” SCADA systems vulnerable to buffer overflows, and compromised GPS SATCOM systems. The Navy had its share of hardware-based threats; Remote Code Execution – “XMLDOM Zero-day vulnerability was exploited to attack U.S. Veterans of Foreign Wars’ website, SQL injections, Royal Navy website hacked, U.S. Army website hacked, insecure protocols, spoofing and hijacking and attacks to spoof GPS communication to control U.S. drones.” (Sood A.K. & Enbody, 2014)

Wireless attacks are the most generic form of hacking. “Strategies to compromise a system’s ability to be controlled by rightful owner include:

• Password Theft
• Wireshark
• Man-In-the-Middle Attacks
• Trojan Horse Virus
• Gain Scheduling
  • Fuzzing
  • Digital Update Rate,
  • Distributed Denial of Service,
  • Buffer Overflow.” (Rani, 2015)

Password cracking/theft. “Even complex passwords can be cracked using software tools such as dictionary attacks and brute force attacks”. Cracking programs are easy to obtain. “Statistical methods such as Aircrack-ng” which is a “Wired Equivalent Privacy and Wi-Fi Protected Access Pre-Shared Key cracking program is freeware.” (Rani, 2015)

Wireshark. A robust tool to analyze and capture packets for wireless networks. It provides valuable and sensitive information of transmitted packets. Wireshark allows effortless access to “client system and gain control over it.” It displays a list of available interfaces. A victim’s username and password can be obtained on a Graphical User Interface (GUI).

Another cyber-goodie is the Man-in-the-Middle (MIM) attack: “Attacker gains control of sensitive data by furtively modifying communication link between two parties. End users are usually unaware of manipulation performed by attacker.” (Rani, 2015) “Attacker forms fake connections between server and client. “Forms of MIM attacks are:

• URL manipulation
• Rogue Domain Name Server
• Address Resolution Protocol poisoning
• Duplication of Media Access Control
• False Emails” (Rani, 2015)

Trojan Horse Virus. It is malicious program or software that causes detrimental effects. It can monitor traffic over a network, damage hard drives, leverage of a security glitch, multiply/replicate like rabbits, give attacker an access to system remotely, “Trojan can continuously delete files and ultimately demolish Operating System and cannot be easily identified by anti-virus programs.” (Rani, 2015)

Gain Scheduling. A special form of cyber- attack. There are four classes: fuzzing, digital update rate, Distributed Denial of Service (DDoS), buffer overflow. “Gain scheduling is used to control non-linear UAS systems and hybrid UAS systems.” (Rani, 2015) “UAS will need different gains for control depending on states of UAS: Mass, Altitude, Speed, Flaps down.” “In a hybrid system, a system is assumed to have multiple modes of operation corresponding to take off, landing, and cruising.” “UAS will have different gains for controlling the vehicle. Control gains are often pre-computed and trusted. Gain parameters are coded into on-board autopilots. Without strict monitoring of software, an override of gains goes undetected. Changes to gains or gain scheduling logic can cause decreased performance in autopilot or instability in UAS.” (Rani, 2015) Attacker can manually override safety systems for an hour, shut down system, and take control. Not much is required; IP address of SCADA Server, path to server and then a Trojan or back door can be installed. (Nichols R.-0. , 2016)

Gain Scheduling attack methods vary depending on UAS SAA systems. “There are generally five methods of attacks:

• Sensor spoofing to cause mode confusion,
• Overriding gains through hacking,
• Infinite switching between gains, will cause loss of control,
• Causing Denial of Service (DOS) between controller gain block, and
• UAS controller block by overloading the on-board processor.” (Kim, 2012)

Fuzzing. “In UAS autopilot system, random inputs with expected distributions are not uncommon, and Gaussian noise inputs are routinely accounted for however, unexpected, invalid, or completely random inputs can cause unknown behaviors. Attacker can access any data flow between components and corrupt them with bogus values.” “Attackers use malicious fuzzing to discover SAA vulnerabilities.” Intentional white-box and black-box fuzzing tests can determine system robustness of Guidance, Navigation and Control (GNC) algorithms. Avionic and UAS programmers develop GNC for unmanned rotatory and fixed-wing aircraft. GNC algorithms are key to counter-terrorist activities and targeting High Value targets (HVT). “Consequences for a fuzzing attack: Aircraft instability, Process lock-up and/or invalid outputs to next SAA/GNC process. Common fuzzing attack methods include buffer overflow attacks, sending malicious packets with invalid payload data to UAS, and adding malicious hardware between components.” (Kim, 2012)

Digital Update Rate. UAS autopilots are digital computers. Inputs/outputs to/from the autopilot are discretized. (Zaharia, 2012) “Any continuous inputs to autopilots are converted to digital inputs through discrete sampling. If the autopilot was designed with a continuous controller, it is also converted to a discretized form. For a discretized system, as sample time increases system becomes unstable/uncontrollable. For data collection, longer sampling periods will increase probability of data aliasing.” (Kim, 2012) Hackers, knowing the above, have created a few methods cyber-attacks; “changing sampling time of analog-to-digital converters through buffer overflow, hardware manipulation and Denial of Service (DOS) or Distributed [networked] Denial of Service (DDOS) attacks that prevent processor from running controller or navigator at desired update rate.” (Kim, 2012)

Distributed Denial of Service (DDoS). “A large-scale intrusion method performed by a host source which causes detrimental effects to legitimate users by withholding services. This either causes system to shut down completely or rapidly drain system resources such as computing power and bandwidth.” (Rani, 2015) “Once attacker gains access new tools can be installed to enable control of host. Infected systems continue to look for other vulnerable systems and attack them too. Distributed Denial of Service (DDoS) attacks results in a master-slave process where affected victim is controlled by the attacker.” The attacker comes into possession of controls of many systems. “Resources of system are exhausted rapidly, and flooding of packets occurs on victim end. Attacker then removes all traces that could lead to locating the source of attack by using spoofed Internet Protocol address preventing victim to permeate illegal traffic targeted towards them.” (Rani, 2015)

The question is how is a DDoS attack initiated and how related to UAS? Think team or swarm configuration controlled at a ground-station network.

“Steps in initiating a complex DDoS attack:

Compilation of vulnerable agents

• Network first scanned for vulnerable agents for attacker to compile list of agents to attack
• Possible to attack systems by setting up automated software to scan network and take over vulnerable agents

Defuse

• Flaws in security and agent vulnerability are misused by attacker
• Software codes used to automatically attack and disband owner from controlling system
• Actions are taken by attacker to safeguard code planted from being Distributed Denial of Service (DDoS)

Connection

• Protocols such as TCP or UDP used to connect with numerous agents and plan attacks accordingly via scheduling
• Attacks can be performed on either single or multiple agents

Intrusion

• Features of victim such as port numbers are conformed
• Attacker launches attack and alters properties
• In favor of attacker since alteration of packets would lead to complications in identification of source of attack” (Rani, 2015)

“Distributed Denial of Service (DDoS) Scanning attack techniques:

• Random
• Local subnet
• Hit-list
• Permutation
• Topological

Distributed Denial of Service (DDoS) System Shutdown for at least five minutes:

• • UAS Operations can no longer monitor or control process conditions
  • SCADA locks up, must be rebooted
  • When comes back on-line, locks up again
    • Items Needed for DDoS:
    • Ability to flood server with TCP/IP calls
    • IP Address of SCADA Server
    • Path to server” (Rani, 2015)

Buffer Overflow SCADA Attack. Exploiting a buffer overflow vulnerability is to overwrite some control information to modify flow of control in a program, exploiting and compromising control information to give control to the attacker’s code. It involves overwriting return address stored on stack to transfer control to code placed in buffer or past end of buffer. On hardware implementations, stack grows downwards towards lower memory addresses.

When a function is called, the address of instruction following function call is pushed onto stack, so that the function knows where to return control when it is finished. While the called function is being executed, it allocates local variables on stack, variables and buffers, allocated at lower memory addresses than return address. The process permits writes to base address of buffer plus offset to return address, overwrites value of return address.

In a buffer overflow SCADA attack, if the return address is overwritten with some arbitrary value, control will be transferred either to invalid location in memory or location that does not contain valid executable code. This results in segmentation fault. If the overflow SCADA attack

return address is overwritten in a clever manner, it can transfer control to code inserted by the attacker in a buffer overflow. Attacker can place executable code into the buffer, then overwrite return address with the address of buffer. Control will then be transferred to executable attack code contained in buffer. (Nichols R.-0. , 2016)

Control Acquisition Attack (CAA). The objective of attacker in a CAA is to assume direct control of unmanned vehicle. A proven example is to use GPS spoofing to shift flight path of UAS to suit purposes of attacker with limited control. If the attacker can gain complete control of unmanned vehicle, the possibility of a man-in-the-middle attack is promulgated. The attacker could send falsified data to original controller to make it appear that vehicle is behaving normally, when it is being controlled by attacker. CAA is undetectable attack that is especially dangerous. (Nichols R.-0. , 2016)

General Attack Possibilities

Autopilot Hardware Attack. The attacker can link directly to UAS autopilot to give control over UAS and/or tactical data. “They can corrupt data stored on-board autopilot or install extra components that corrupt data flow. Hardware attacks affect UAS survivability, control and allow tactical data to be collected. Hardware attacks can be carried out during maintenance, storage, manufacturing, and delivery phases.” (Kim, 2012)

Wireless Attack. “Attacks are carried out through wireless communication channels. They can occur if an attacker uses wireless communication channels to alter data on-board UAS autopilot. Worst case scenario is if an attacker can break encryption of communication channel. Attacker can gain full control of UAS if communication protocol is known and then can use a buffer overflow or like corrupt data onboard or initiate some event.” (Kim, 2012) Another type of attack is sensor spoofing. The attacker send false data through on-board sensors of UAS autopilot. The danger of wireless attacks they can be carried out from afar while UAS is being operated. (Nichols R.-0., 2016)

Control System Security. “Attacks that prevent hardware/CPU from normally

Include buffer overflow exploits through some input device, forced system resets to load malicious code, and hardware changes or additions to system.” (Kim, 2012)

Application Logic Security. These attacks use malicious manipulation of sensors or environment, providing false data to control system. The control system behaves as programmed without fault, but some or all inputs to system are corrupted. Attacks include sensory data manipulation

Vehicle/system component state data manipulation, navigational data manipulation, command and control data manipulation, to gain complete control over connected drone and gained access to corrupt pre-programmed flight path. Since the communication channel between ground station and flight controller of drone is based on an unsecured protocol, a hacker can easily attack and gain real-time access to drone. (Nichols R.-0. , 2016)

Conclusions

Unmanned Aircraft Systems represent some of US most advanced air assets. They are critical to the US ADS. Because they were designed on top of open communications, SCADA controlled, and interact with the Internet for ground, air, sea, and satellite support, plus use COT software/hardware, they are vulnerable to a host of cyber-attacks to control their destiny. Based on the sheer diversity and number of potential cyber weapons that can be used at every stage of the UAS mission, and the significant growth of UAS for defense purposes, the risk of hostile use against US ADS is steadily increasing. Couple this with a huge growth and sophistication in the UAS commercial technologies supporting and global sectors requiring UAS, the threat of hostile use cannot be minimized.

Discussion Topics

1) You are a terrorist. Contemplate the Risk and Success of a hostile take-over or destruction of a friendly UAS by the following four methods:

What cyber tools from the Chapter 3 Cyber- Attack Taxonomy would you use to accomplish the 1A- 1D goals?

2) Discuss the cyber counter measures that could be used to terminate/disrupt/destroy a SWARM attack of fifty or more UAS on an ADS facility.

3) U.S Navy Vessel Collisions in the Pacific:

Facts:

In 2017, there were chain of incidents/collisions involving four U.S. Warships and one U.S Submarine. On 20 August, the guided-missile destroyer USS John S McCain collided with the 600-foot oil and chemical tanker Alnic MC at 0624 JST. Ten sailors died. On 17 June, the destroyer USS Fitzgerald collided with the ACX 30,000-ton container ship at 1330 JST, leaving seven dead. Records show that the ACX turned sharply right at the time of collision. The route of the destroyer is not shown on maps because commercial tracking data does not include military ships. Damage to the starboard side of the USS Fitzgerald indicates it would have been on a bearing of approximately 180 deg. (South). The captain of the Philippine-flagged container ship accused the Navy destroyer of failing to heed warning signs before the crash. On 9 May, the guided-missile cruiser USS Lake Champlain collided with a South Korean fishing boat off the Korean Peninsula. There were no injuries. On 31 January, the guided-missile cruiser USS Antietam ran aground dumping more than 1000 gallons of oil into Tokyo Bay. On 18 August, the ballistic- missile submarine, USS Louisiana collided with the Navy Offshore Support Vessel in the Strait of Juan de Fuca. No injuries.

US Navy Response

In all five incidents, the US Navy blamed their field leadership for not responding in an appropriate manner. Court marshals and relief from duty are the punishments of the day. The Navy blames funding, lack of readiness, and lack of training. Investigations and maintenance “holds” have been initiated. Reading between the lines, this response would imply that the Skipper/XO/COB and at least five watch sailors on each Naval vessel (roughly –forty to fifty personnel including bridge staff) were judged incompetent. Many US Navy careers were finished. Further, this would also imply that all five vessels radar, emergency positioning alert systems, AIS, sonar, and long-range collision avoidance equipment must have been functioning perfectly, without a catastrophic failure or interference of any kind.

OR…

The Case for a Cyber Weapon

To this researcher, there appears to be valid evidence to support the theory that at least two of the US Navy Warships above AND the commercial vessels they struck were the on the wrong end of a cyber-weapon. They were receiving wrong GPS generated positional information. The Cyber Weapon may have been deployed by UAS off a small, nearby vessel by an adversary. The author believes, that the subject cyber weapon is an advanced modular entity that can spoof the GPS signals received by all vessels in its range. Vessels given misleading data will make incorrect decisions in terms of navigation and emergency responses – potential leading to collisions and deaths.

Contemplate and comment on the viability of the researcher’s cyber-weapon theory.

Bibliography

Adamy, D. -0. (2015). EW 104 EW against a New Generation of Threats. Boston: Artech House.

Adamy, D. (2001). EW 101 A First Course in Electronic Warfare. Boston, MA: Artech House.

Adamy, D. (2009). EW 103 Tactical Battlefield Communications Electronic Warfare. Boston, MA: Artech House.

Adamy, D. L. (2004). EW 102 A Second Course in Electronic Warfare. Boston: Artech House.

Adamy, D.-9. (1998, Jan). Lesson 4: the basic link for all EW functions. (electronic warfare)(EW Reference & Source Guide). Journal of Electronic Defense, Jan 1998 Issue.

Alford, L. (2000). Cyber Warfare: Protecting Military Systems. Acquisition Review Quarterly.

Angelov, P. (2012). Sense and avoid in UAS research and applications. Hoboken: NJ.

Army, U. (1992, November 23). US Army Field Manual FM 34-40-7. Communications Jamming Handbook.

Austin, R. (2010). “Design for Stealth”, Unmanned Aircraft Systems UAVS Design Development and Deployment. New York: John Wiley and Sons.

Barker, W. (2003, August). SP 800-59 Guidelines for Identifying an Information System as a National Security System. Retrieved from NIST: https://csrc.nist.gov/publications/detail/sp/800-59/final

Barnhart, R. K. (2012). Introduction to Unmanned Aircraft Systems. New York: CRC Press.

Beaudoin, L. e. (2011). Potential Threats of UAS Swarms and the Countermeasures Need. ECIW.

Boutros, D. (2015, May 15). US Navy War College. Retrieved from Operational Protection from Unmanned Aerial Systems: http://www.dtic.mil/dtic/tr/fulltext/u2/a621067.pdf

Brenner, J. (2011). America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare. New York: Pilgrim Press.

Burch, D. (2015). RADAR for Mariners. New York: McGraw-Hill.

C4ISystems. (2013). basics-of-information-operations. Retrieved from Blogspot: http://c4isys.blogspot.com/2013/11/basics-of-information-operations-24.html

Chairman, U. (2012, March 23). Countering Air and Missile Threats, final coordination, JP 3-01. CJCS.

Clothier, R. (2017, April 02). The Smart Skies Project: Enabling Technologies for UAS Operations in Non-segregated Airspace. Retrieved from QUT ePrints: http://eprints.qut.edu.au/40465/3/40465.pdf

Clothier, R. F. (2010). The Smart Skies Project: Enabling technologies for future airspace. . Clothier, R.A., Frousheger, D., Wilson, M., (2010). The Smart Skies Project: Enabling technologies for future airspace. Australian Research Center for Aerospace Automation, Commonwealth Scientific and Industrial Research Organization, Boeing Research an. Australian Research Center for Aerospace Automation, Commonwealth Scientific and Industrial Research Organization.

Clothier, R. R. (2011). The Smart Skies project. IEEE Aerospace and Electronic Systems Magazine.

DoD. (2018). Dictionary of Military Terms. Retrieved from JCS.Mil: http://www.jcs.mil/doctrine/dod_dictionary/

DoD-01. (2018). JP 1-02. Retrieved from Department of Defense Dictionary of Military and Associated Terms: www.dtic.mil/doctrine/new_pubs/jp1_02.pdf

DoD-02. (2018). Information Operations (IO) in the United States. Retrieved from JP 3-13 : http://www.dtic.mil/doctrine/new_pubs/jp3_13.pdf

DoD-03. (2015). Unmanned Systems Roadmap 2013 to 2038. Retrieved from DTIC: http://www.dtic.mil/dtic/tr/fulltext/u2/a592015.pdf

Editor. (2012, April 22). RT Question More. Retrieved from Iran starts cloning of American spy drone: https://www.rt.com/news/iran-spy-drone-copy-667/

FAA. (2018, February 1). Part 107 Rule for sUAS. Retrieved from Fly under the Special Rule for Model Aircraft: https://www.faa.gov/uas/getting_started/model_aircraft/

Filbert, F. &. (2014, (July – August). Joint Counter Low, Slow, Small Unmanned Aircraft Systems Test. Fires PB644-14, no 4. Washington: DoD.

Fitts, R. (1980). The Strategy of Electromagnetic Conflict. Los Altos, CA: Peninsula Publishing.

Garcia, M. (2006). Vulnerability Assessment of Physical Protection Systems. Albuquerque: Sandia National Laboratories,BH.

Greenburg, H. (2015). Hackers Remotely Kill a Jeep on the Highway—With Me in It. Retrieved from Wired : https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Hartman, K. a. (2013). The Vulnerability of UAVs to Cyber Attacks – An Approach to the Risk Assessment. 2013 5th International Conference on Cyber Conflict . Tallin: NATO CCD COE Publications.

Horowitz, M. C. (2014). Droning On: Explaining the Proliferation of Unmanned Aerial Vehicles. University of Pennsylvania and Texas A&M Universities. University of Pennsylvania and Texas A&M Universities.

Hubbard, R. K. (1998). Boater’s Bowditch. Camden, MA: International Marine.

Kania, E. (2017, July 6). Swarms at War: Chinese Advances in Swarm Intelligence. China Brief Volume: 17 Issue 9. China Brief Volume: 17 Issue 9.

Kilman, D. &. (2003). Framework for SCADA Security Policy. Albuquerque, NM: Sandia National Laboratories. Retrieved from Energy.gov: https://www.energy.gov/sites/prod/files/Framework%20for%20SCADA%20Security%20Policy.pdf

Kim, A. G. (2012, June). Cyber Attack Vulnerabilities Analysis for Unmanned Aerial Vehicles. Retrieved from Infotech@Aerospace.com: https://www.researchgate.net/publication/268571174_Cyber_Attack_Vulnerabilities_Analysis_for_Unmanned_Aerial_Vehicles

Liteye. (2018, August 25). AUDS. Retrieved from Liteye Corporation: http://liteye.com/products/counter-uas/auds/

Marshall, D. M. (2016). Introduction to Unmanned Aircraft Systems, 2nd Edition. New York: CRC Press.

Merrick, K. (2016). Future Internet. 10.3390/fi8030034 Review, 8(3), p. 34.

Moir, I. a. (2006). Military Avionics Systems. New York: Wiley Aerospace Series.

Monahan, K. (2004). The Radar Book: Effective Navigation and Collision Avoidance. Anacortes, WA: Fineedge Publications.

MORS. (2018). Military Operations Research Society . Retrieved from http://www.mors.org/meetings/oa_definition.htm

Myer, G. (2013, May-June). Danger Close Definition. Retrieved from US Army Magazine: www.benning.army.mil/infantry/magazine/issues/2013/May-June/Myer.html

NASA. (2018). Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) Project. Retrieved from NASA: https://www.nasa.gov/feature/autonomous-systems

Nichols, R. K. (2008, September 05). Counterintelligence & Sensitive Compartmented Information Facility . (SCIF) Needs – Talking Points.

Nichols, R. (Nov 28-30, 2006). Cyber Terrorism, Critical Infrastructure, & SCADA Presentation. In R. Nichols (Ed.), Defense Threat Reduction Agency Conference. Shirlington VA: Utica College, Utica NY.

Nichols, R.-0. (2016, March 29). NCIE UAS SAA Final Rev 4. 2016 INFOWARCON conference presentation April 4-7, Nichols, R.K. et. al. (3-29-2016) Presentation to INFOWARCON April 4-7 on NCIE UAS SAA Final Rev 4, presented to 2016 INFOWARCON conference, Memphis TN. Available as PPTx presentation download from author or in CANVAS. Memphis, TN, USA: INFOWARCON16.

NTSB. (2009, September 16). National SCADA testbed Documents and Media. Retrieved from National SCADA Testbed Fact Sheet: https://www.energy.gov/sites/prod/files/oeprod/DocumentsandMedia/NSTB_Fact_Sheet_FINAL_09-16-09.pdf

Pettit, R. (1982). ECM and ECCM Techniques for Digital Communication Systems. Belmont, CA: Lifetime Learning Publications .

Rani, C. M. (2015). Security of unmanned aerial vehicle systems against cyber-physical attacks. The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology.

Shapiro, J. (2006, February 14). Slideplayer.com. Retrieved from Cybersecurity: http://slideplayer.com/slide/4545982/

Singer, P. W. (2010, February 25). Will Foreign Drones One Day attack the US? . Newsweek.

Sood A.K. & Enbody, R. (2014, December 19). https://www.georgetownjournalofinternau-s-military-defense-systems-the-anatomy-of-cyber-espionage-by-chinese-hackers. Retrieved from georgetownjournalofinternationalaffairs.org/online-edition: https://www.georgetownjournalofinternationalaffairs.org/online-edition/u-s-military-defense-systems-the-anatomy-of-cyber-espionage-by-chinese-hackers

Toomay, J. (1982). RADAR for the Non – Specialist. London; Lifetime Learning Publications. London: Lifetime Learning Publications.

TRS, S. (2018, July 10). Tontechnic-Rechner-Sengpielaudio. Retrieved from Tontechnic-Rechner-Sengpielaudio Calculator: www.sengspielaudio.com/calculator-wavelength.htm

Wiley, R. G. (1993). Electronic Intelligence: The Analysis of Radar Signals, 2nd ed. Norwood, MA: Artech House.

Wilson, M. (2012). The Use of Low-Cost Mobile Radar Systems for Small UAS Sense and Avoid. Sense and Avoid in UAS Research and Applications.

Yan. (2017, December 23). China’s commercial drone market to top 9 bln USD by 2020. Retrieved from Xinhuanet: http://www.xinhuanet.com/english/2017-12/23/c_136847826.htm

Yu, X. &. (2015). Sense and avoid technologies with applications to unmanned aircraft systems: Review and prospects. Progress in Aerospace Sciences, 74, 152-166.

Zaharia, M. D. (2012). Discretized Streams: An Efficient and Fault-Tolerant Model for. Retrieved from UNIX Org: https://www.usenix.org/system/files/conference/hotcloud12/hotcloud12-final28.pdf

Zwijnwenburg, W. (2014, October 8). ZwijnwenbDrone-tocracy? Mapping the Proliferation of Unmanned Systems. Retrieved from Sustainable Security.org.

 

Readings

Abbot, C, Clarke, M, Hathorn, S, Hickie, S. (2016) Hostile Drones: The Hostile -Use of Drones by Non-State Actors against British Targets.

Aeronautical Decision Making (2015) (PDF) Professor Handout.

Ang, C. and Costello, M. (n.d.). When Firmware Modifications Attack: A Case Study of Embedded Exploitation. Columbia University, NY

Anonymous (n.d.). 21 Steps to Improve Cyber Security of SCADA Networks, Department of Energy.

Anonymous. (2012). Advanced Threats in the Enterprise: Finding an Evil in the Haystack with RSA ECAT (Rep.). RSA.

Anonymous, (2011). Keeping Track of Unmanned Aircraft by Overcoming “Lost Links”, MITRE.

Anonymous (2004). National Communications System Technical Information Bulletin 04-1. Supervisory Control and Data Acquisition (SCADA) Systems. Virginia, Chantilly.

Anonymous (n.d.). Unmanned Aircraft Systems: Perceptions and Potential, Arlington, VA, Aerospace Industries Association.

Anonymous, (2009). Unmanned Air Systems: The Future is Now, New York, Access Intelligence LLC.

Barnhart, R.K., Hottman, S.B, Marshall D.M., and Shappee, E. (2012) Introduction to Unmanned Aircraft Systems. New York: CRC Press.

Bartelds, T., Capra, A., Hamaza, S., Stramigioli, S., Fumagalli, M., (2015). Compliant Aerial Manipulators: Towards a New Generation of Aerial Robotic Workers, IEEE.

Beaudoin, L. et.al (2011) Potential Threats of UAS Swarms and the Countermeasures Need. European Conference on Information Warfare and Security (ECIW), Tallin, Estonia.

Birnbaum, Zackary (2012). Behavior based analytics for securing cyber-physical systems. Binghampton University.

Brenner, J. (2011) America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare. NY: Pilgrim Press.

Bristeau, P., Callou, F., Vissiere, D., and Petit, N. (2011). The Navigation and Control Technology inside the AR. Drone Micro UAV. Proceedings of the 18th IFAC World Congress, 1477-1484. Retrieved February 11, 2016.

Boutros, D.A, LCDR. (2015) Operational Protection from Unmanned Aerial Systems: Drones, UAS Proliferation, ISR Platforms, UAS Capabilities and Vulnerabilities, Current Protective Measures, Protection Shortfalls. UAS Navy War College, Newport, RI: Progressive Management Publications.

Brodsky, D. W. (2012). An Analysis of the Vulnerabilities of Unmanned Aircraft Systems to Cyber Attack. Retrieved February 13, 2016.

Bunker, R. J. (2015). Progressive Management Publications (United States, Department of Defense, U.S. Army).

Christensen, R. (1997). Effect of technology integration education on the attitudes of teachers and their students. Doctoral dissertation, Univ. of North Texas. Based on Russell, A. L. (1995) Stages in learning modern technology. Computers in Education, 25(4), 173-178.

Class Lecture [Personal interview]. Randall Nichols (2016, February 23).

Class Lecture [Personal interview]. Randall Mai (2016, February 23).

Claveau, D., (2015). Autonomous UAS Controlled by Onboard Smartphone, International Conference on Unmanned Aircraft Systems.

Compton, M.D., (2009). Improving the Quality of Service and Security of Military Networks with a Network Tasking Order Process, Wright-Patterson Air Force Base, OH, Air Force Institute of Technology.

Delves, P. and Angelov, P. (2012). Sense and Avoid in UAS: Research and Applications (2nd Edition), John Wiley and Sons.

Dekker, M. (2013). Transforming Information Security: Future-Proofing Processes (pp. 1-13, Rep.). RSA.

Derynck, R. (2004). SCADA system security threats, vulnerabilities and solutions. IEE Seminar on Developments in Control in the Water Industry.

Elkaim, G. H., Pradipta Lie, F. A., and Gebre-Egziabher, D. (2012). Principles of Guidance, Navigation and Control of UAVs [Scholarly project]. Retrieved March 11, 2016, from https://users.soe.ucsc.edu/~elkaim/Documents/UAV_GNC_chapter.pdf

Federal Aviation Administration, (2011). Unmanned Aircraft Operations in the National Airspace System, U.S. Department of Transportation, Unmanned Aircraft Systems Group.

Finke, C., Butts, J., Mills, R., and Grimalia, M. (2013). Evaluation of a Cryptographic Security Scheme for Air Traffic Control’s Next Generation Upgrade. Retrieved March 9, 2016.

Firmware [Personal interview]. Danny Mersch (2016, January 26).

Fonash, P., Schneck, P., (n.d.). Cybersecurity: From Months to Milliseconds, US Department of Homeland Security, Outlook.

Garcia, M.L. (2006) Vulnerability Assessment of Physical Protection Systems. Sandia National Laboratories. Albuquerque, NM: BH.

Gardinier, M. (2013). The Critical Incident Response Maturity Journey (Rep.). RSA.

Giancarmine, F. and Domenico, A. (2015) Radar Electo-Optical Data Fusion for non-cooperative UAS Sense and Avoid Retrieved February 6, 2016

Gowda, C. R. (2015). System Security, Threat Detection and Prevention Measures of Autonomous Systems. Retrieved February 19, 2016.

Hartman, K. and Steup, C (2013). The Vulnerability of UAVs to Cyber Attacks – An Approach to the Risk Assessment. 2013 5th International Conference on Cyber Conflict NATO CCD COE Publications, Tallinn. Retrieved February 5, 2016.

Heitner, K. (2014). Cyber Threats within Civil Aviation, Utica College. Retrieved February 17, 2016

House, Commonwealth of Virginia, (2013). Unmanned Aircraft Systems Protocols for use by Law Enforcement Agencies, Virginia Department of Criminal Justice Services.

Idaho National Laboratory, (2006). Control Systems Cyber Security: Defense in Depth Strategies, Department of Homeland Security.

Horowitz, M.C. & Fuhrmann, M. (2014) Droning On: Explaining the Proliferation of Unmanned Aerial Vehicles. University of Pennsylvania and Texas A&M Universities.

IKANOW. (2015). Managed Service Providers: The Talent and Tech to Beat Back Cyber Attacks (Rep.).

IKANOW. (2015). Threat Intelligence Ranking (Rep.).

Incze, M.L., Sideleau, S.R., Gagner, C., Pippin, C.A., (n.d.). Communication and Collaboration Among Heterogeneous Unmanned Systems Using SAE JAUS Standard Formats and Protocols, Newport, RI, Naval Undersea Warfare Center Division.

Jackson, A., (n.d.). Operational Reconnaissance and Intelligence Gathering is Critical to Battle Success, Audio Visual Innovations.

Jackson, B. A., Lostumbo, M. J., Frelingeer, D. R., and Button, R. W. (2008). Evaluating novel threats to the homeland: Unmanned aerial vehicles and cruise missiles. Santa Monica, CA: RAND National Defense Research Institute.

Jacobs, T., Coffey, J., (2015). Arctic Shield 2015 Unmanned Aircraft Systems Test Plan and Operational Assessment, NOAA UAS Program Office.

Kania, E. (6 July 2017) Swarms at War: Chinese Advances in Swarm Intelligence. China Brief Volume: 17 Issue 9. The Jamestown Foundation.

Kaspersky Lab (2015). Equation group: Questions and Answers. Retrieved February 24, 2016

Kim, A., Wampler, B., Goppert, J., Hwang, I., and Aldridge, H. (2012). Cyber Attack Vulnerabilities Analysis for Unmanned Aerial Vehicles. Infotech@Aerospace 2012. Retrieved February 13, 2016.

Kilman, D. & Stamp, J. (2003) Framework for SCADA Security Policy. Albuquerque, NM: Sandia National Laboratories. https://www.energy.gov/sites/prod/files/Framework for SCADA Security Policy.pdf

Kindervater, K.H., (2015). Lethal Surveillance: Drones and the Geo-History of Modern War, University of Minnesota.

Knapp, E. D., and Langill, J. T. (2015). About Industrial Networks. Industrial Network Security, 9-40.

Lacher, A., Zeitlin, A., Maroney, D., Markin, K., Ludwig, D., Boyd, J., (2010). Airspace Integration Alternatives for Unmanned Aircraft, the MITRE Corporation.

Ledbetter III, T., Munoz, C., (2010). Outgoing USAF Intel Chief Sees Need for More Autonomy in UAS Platforms, Arlington, Inside Washington Publishers.

Lemay, A., (2013). Defending the SCADA Network Controlling the Electrical Grid from Advanced Persistent Threats, University of Montreal.

Li, L., Heymsfield, G., Schaubert, D.H., McLinden, M.L., Creticos, J., Perrine, M., Coon, M., Cervantes, J.I., Vega, M., Guimond, S., Tian, L., Emory, A., (2016). The NASA High-Altitude Imaging Wind and Rain Airborne Profiler, IEEE.

Loukas, G., Gan, D., Vuong, T., (2013). A Review of Cyber Threats and Defense Approaches in Emergency Management, London, UK, University of Greenwich.

Loukas, G. (2015). Cyber-physical attacks: A growing invisible threat (First Ed.). Waltham, MA: Butterworth-Heinemann.

Lugabihl, J., Owen, D., Rand, T. A., and Tran, P. M. (2013). Taking Charge of Security in a Hyper-connected World (Rep.). RSA.

Lyu, Y., Pan, Q., Zhao, C., Zhu, H., Tang, T., Zhang, Y., (2015). A Vision Based Sense and Avoid System for Small Unmanned Helicopter, Key Laboratory of Information Fusion Technology, Ministry of Education, Northwestern Polytechnical University.

Mackie, J., Spencer, J., and Warnick, K. F. (2014). Compact FMCW radar for a UAS Sense and Avoid system. 2014 IEEE Antennas and Propagation Society International Symposium (APSURSI).

Maddox, S., Stuckenberg, D., (2015). Drones in the U.S. National Airspace System: A Safety and Security Assessment, Harvard Law School.

Matolak, D.W., Sun, R., (2015). Air-Ground Channel Characterization for Unmanned Aircraft Systems: The Near-Urban Environment, IEEE.

McCallie, Donald. (2011) Exploring Potential ADS-B Vulnerabilities in the FAA’s Nextgen Air Transportation System. Air Force Institute of Technology. http://www.hsdl.org/?abstractanddid=697737

McCallie, D., Butts, J., and Mills, R. (2011). Security analysis of the ADS-B implementation in the next generation air transportation system [Scholarly project]. Retrieved March 9, 2016.

Meixall, B., Forner, B., (2013). Out of Control: Demonstrating SCADA Exploitation, Cimation.

Mukherjee, A., (2015). First Ever Anti-Drone Weapon that Shoots Down UAVs with Radio Waves, Death Ray.

Mumm, H. (2015). Applying Complexity Leadership Theory to Drone Airspace Integration. Melbourne, Florida: Motivational Press

Mumm, H. (2015, December 4). Managing the Integration and Harmonization of the National Airspace for Unmanned and Manned Systems. Lecture presented at DuPont Summit in the Historic Whittemore House, Washington D.C.

Nestler, V. (2015, October 15). The Age of Drones and Cybersecurity. Lecture presented at Centers of Academic Excellence TECH TALK in Capitol Technology University, San Bernardino, CA.

Nichols, R.K, and (Nov 28-30, 2006) Cyber Terrorism, Critical Infrastructure, and SCADA Presentation: Utica College, Utica NY. Defense Threat Reduction Agency Conference, Shirlington VA

Nichols, R.K. (2004, January 1). “Trust Me, Its Encrypted”. Lecture presented at Rutgers University, New Brunswick, NJ.

Nichols, R.K., and Lekkas, P.C., (2002) Wireless Security: Models, Threats and Solutions, New York: McGraw Hill.

Nichols, R.K., Ryan, D.J., and Ryan, J.C.H., (2001) Defending Your Digital Assets against Hackers, Crackers, Spies and Thieves, McGraw-Hill.

Nichols, R.K. (2009, April 16). Terrorism – The Mutating Threat CYBERSECURITY – A Future in Crisis? Lecture presented at NYSETA Plenary in SUNYIT, Utica, NY.

Norris, A. (2013). Legal Issues Relating to Unmanned Maritime Systems, Monograph. Retrieved November 23, 2015.

O’Connor, T. (2011). Military Intelligence, Mega Links in Criminal Justice.

Oded, G. (2014). Understanding the threat to SCADA networks.

Oltsik, J. (2013). The Big Data Security Analytics Era is Here (Rep.). RSA.

Oltsik, J., McKnight, J., Gahm, J. (2010). Enterprise Strategy Group, “Assessing Cyber Supply Chain Security Vulnerabilities within the U.S. Critical Infrastructure.”

Ott, J.T., (2014). Well Clear: General Aviation and Commercial Pilots’ Perception of Unmanned Aerial Vehicles in the National Airspace System, San Jose State University.

Owen, M. and Duffy, S. (2014). Unmanned Aircraft Sense and Avoid Radar: Surrogate Flight Testing Performance Evaluation.

Paganini, P., (2013). Hacking Drones – Overview of the Main Threats, Infosec Institute.

Paganini, P. (2015). SCADA and Security of Critical Infrastructures. In InfoSec Institute. Retrieved February 11, 2016, from http://resources.infosecinstitute.com/scada-security-of-critical-infrastructures/

Pauner, C., Kamara, I., Viguri, J., (2015). Drones. Current Challenges and Standardization Solutions in the Field of Privacy and Data Protection, University Jaume I, Spain, Vrije Universiteit Brussel, Belgium.

Parker, D.B, (1991) Proceedings of the 14th National Computer Security Conference.

Petersen, J. (2001). Understanding surveillance technologies: Spy devices, their origins and applications. Boca Raton, FL: CRC Press.

Pitchford, M., (2013). What’s needed to ensure safety and security in UAV software, Military Embedded Systems?

Radmanesh, M., and Kumar, M. (2016). Flight formation of UAVs in presence of moving obstacles using fast-dynamic mixed integer linear programming. Aerospace Science and Technology, 50, 149-160. Retrieved February 11, 2016.

Raffetto, M., (2004). Unmanned Aerial Vehicle Contributions to Intelligence, Surveillance, and Reconnaissance Missions for Expeditionary Operations, Monterey, CA, Naval Postgraduate School.

Ramasamy, S., Sabatini, R., Gardi, A., (2014). Avionics Sensor Fusion for Small Size Unmanned Aircraft Sense-and-Avoid, Melbourne, Australia, RMIT University – SAMME.

R.G., D.M., (n.d.). SCADA Security and Terrorism: We’re not crying wolf, Internet Security Systems.

Sabatini, R. (2015). Airborne Lasers and Integrated Weapon Systems: Design, Development, Test and Evaluation, RMIT University.

Sabatini, R., Gardi, A., Richardson, M., (2014). A Laser Obstacle Warning and Avoidance System for Manned and Unmanned Aircraft, Melbourne, Australia, RMIT University – SAMME, Shrivenham, Swindon, UK, Cranfield University – DAUK.

Shaneck, M. (2003). An Overview of Buffer Overflow Vulnerabilities and Internet Worms [Scholarly project]. In University of Minnesota. Retrieved February 20, 2016, from http://www-users.cs.umn.edu/~shaneck/MarkShaneck_BufferOverflows.pdf

Shull, A.M., (2013). Analysis of Cyberattacks on Unmanned Aerial Systems, West Lafayette, IN, Purdue University.

Stockwell, T. M. (2012). Defending Against Data Breach: Developing the Right Encryption Strategy (Rep.). Linoma Software.

The National Intelligence Strategy, (2009).

Thiobane, F. (2015). Cyber Security and Drones, Utica College.

Tsang, R. (n.d.). Cyberthreats, Vulnerabilities and Attacks on SCADA Networks [Scholarly project]. Retrieved February 19, 2016.

Wapner, J., (2016). Medical Transport Drones Could Transform Health Care in Overcrowded Cities, India, Newsweek, Global Ed.

Wilhoit, K., (2013). The SCADA that Didn’t Cry Wolf, Trend Micro.

Yagdereli, E., Gemci, C., and Aktas, A. Z. (2015). A study on cyber-security of autonomous and unmanned vehicles. The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, 12(4), 369-381

Yu, X., and Zhang, Y. (2015). Sense and avoid technologies with applications to unmanned aircraft systems: Review and prospects. Progress in Aerospace Sciences, 74, 152-166. Retrieved February 13, 2016.

Zeitlin, A., Lacher, A., Kuchar, J., and Drumm, A. (2006). Collision Avoidance for Unmanned Aircraft: Proving the Safety Case [Scholarly project]. Retrieved February 11, 2016.

Zhu, B. and Anthony, Joseph. (n.d.). A Taxonomy of Cyber Attacks on SCADA System. University of California, Berkley.

Secondary References