by R. Kurt Barnhart, Ph.D., KSUP Associate Dean of Research
It gives me great pleasure to commend this work to you the reader after having spent a great deal of time with the manuscript in recent weeks. Although still in draft form at the time of my review, I can say with certainty that the breadth and quality of information you will find herein is unparalleled in the unclassified sphere. This book will fully immerse and engage the reader in the cyber-security considerations of this rapidly emerging technology we know as unmanned aircraft systems (UAS). Many of these same vulnerabilities affect unmanned technology across the board and regardless of mode, however the focus of this work is exclusively on those vehicles which operate in the National Airspace System (NAS).
Aircraft without on-board human pilots have been around in various forms longer than piloted aircraft. In 1783 Joseph-Michael and Jacques-Ètienne Montgolfier performed the first heavier-than-air vehicle flight in Annonay France. The passengers were a sheep, a pig, and a chicken (at least the chicken had a fighting chance if things went awry). It has, however, only been within the last couple of decades that this technology has burst onto the modern stage driven by the distinct technological advantages associated with eliminating the risks and limitations of protecting humans on-board. Advances in hardware and software have driven UAS capabilities far beyond what many imagined just a few short years ago. Today we stand at the precipice of a period in history where, looking forward, most vehicles in the air will not be occupied. As a result, given that we in the U.S. are constantly on the receiving end of withering cyber-attacks, a detailed treatment of this subject matter is of national importance as we protect and secure our national interests.
When noted cyber-security pioneer and lead author professor Nichols and I began to engage in a dialogue on this topic several years ago, it was clear that there were large and looming gaps in unmanned systems that had already been exploited on the international stage from a cyber-perspective. Many of those gaps remain unaddressed today. Understandably, commercial technology developers remain keenly focused on gaining a competitive advantage and delivering products to market albeit often without thorough cyber risk assessments and mitigations. This book will give system designers, users, and their management teams an introduction to what it will take to begin to close many of the vulnerabilities associated with UAS in order to produce systems that will serve the market better by being much more reliable, capable, and secure than they would be otherwise. This book takes advantage of the extensive knowledge of multiple working experts in the realm of cyber-security and they have each done an excellent job at uncovering and detailing the core issues at hand as we continue the march toward full NAS integration of UAS in the not-to-distant future. Let’s take a brief look at what the reader will find herein.
In Section one, “The UAS Playing Field” the reader will gain an understanding of the history and scope of UAS as a technology and will come to have a greater understanding of the UAS market and of the policies which both enable, and inhibit the deployment of the technology into the NAS. In chapter three, the final in section one, some of the key vulnerabilities associated with UAS are introduced and discussed.
In section two, “UAS Information Security, Intelligence, and Risk Assessment”, the reader will gain a more detailed exposure to the vulnerabilities of the information necessary for UAS to operate and thereby will appreciate the differences between explicit, implicit, and derived security requirements. Chapter four concludes with a paragraph which says that “Communications may need to have confidentiality, integrity, and availability protected”. How that is integrated into UAS design is of high importance. Chapter five examines types of, and sources of, intelligence data and discusses common attack/defense scenarios for UAS. Finally, section two concludes with case studies that highlight the vulnerabilities of UAS in the cyber-domain.
Section three is all about collision avoidance systems which are indeed the “heart and soul” of a fully integrated and useful system of unmanned aircraft. Sense and avoid (SAA) systems are discussed in depth along with one significant antagonist of SAA systems which is “stealth design”. Finally this section concludes with a detailed discussion of a related system which is the ‘smart skies’ collaborative commercial project of which SAA is a critical component.
Section four primarily relates to the defense applications of Intelligence, Surveillance, and Reconnaissance (ISR), weapon systems security, and electronic warfare considerations and other information-centric operations. This section should not be dismissed by those without a focus on military applications as often it is the military that simply encounters technological vulnerabilities first given the dynamic operational environment they are associated with.
Section five looks at the data vulnerabilities of the various system components and explores the relationships and associated vulnerabilities of intra-system communication pathways. Chapter 14 delves into the realm of electronic warfare from a detailed perspective including a discussion of the intelligence information cycle as well as “jamming” operational vulnerabilities. This section concludes with discussion of current international threats and considerations related to still-emerging political scenarios where UAS technology is front and center.
As I conclude this overview of the work you are about to delve into I would encourage you to read this work along with a ready-copy of today’s most current headlines. In doing so you will discover that the topics covered in this book are not only of interest today, but of critical importance to the future of us all.
Dona nobis pacem,
R. Kurt Barnhart, Ph.D.
Associate Dean of Research
Kansas State University Polytechnic