Unmanned Aircraft Systems (UAS) In the Cyber Domain: Protecting USA’s Advanced Air Assets is the working product of five talented authors to meet the needs of students enrolled in Kansas State University Polytechnic’s (KSUP) graduate Certificate in UAS – Cybersecurity. The book also serves as one of the technical resources for the KSUP Professional Masters in Technology (PMT) offering in their UAS – Cybersecurity discipline.
Interest in UAS-Cybersecurity Certificate / PMT specialty programs developed from two directions; one internal and external to the college. Internally it dates to 2014, when the KSUP Associate Dean for Research and Executive Director of the UAS Research Laboratory, Dr Kurt C. Barnhart, met with Professor Nichols to discuss the possibility of state-of-the-art Cybersecurity Masters and / or Certificate program. These would meet the need for outside online programs to enhance the University profit structure. Associate Dean Barnhart in 2014 approved the concept of a Graduate Certificate in UAS – Cybersecurity and gave permission to move forward with its development. The program was placed under the purview of the College of Technology and Aviation. Final program approval was given by the KSU Board of Trustees in January, 2017. The five courses in the Graduate Certificate UAS – Cybersecurity program were also approved for the Professional Masters of Technology (PMT) in 2017.
In 2014, Professor Nichols had discussions with students and professionals in multiple schools and states inquiring about the prospect of an Unmanned Aircraft Systems – Cybersecurity Masters curriculum or graduate certificate program at KSUP, especially the on-line component. Their perception was that there was a market of not only freshmen / transfers / graduate students who might be interested in such a program, but a larger market of working professionals in need of skill advancement, and of a forum for the discussion of developments in the industry. They also felt that the college could anticipate financial assistance from federal, state, aviation, corporate, law enforcement, and defense organizations to get such a program launched. There was considerable enthusiasm and a general feeling that a cybersecurity concentration to defend UAS assets and their Command, Control, Communications, Computers, Intelligence, Reconnaissance and Surveillance (C4IRS) systems from cyber-attacks would serve the interests of the college and its students, as well as those of the security / defense industries.
The outside interests from the intelligence and aviation communities became acute after the 2011 RQ-170 incident where Iran was credited with its capture. In addition, in 2014, Iran claimed the downing of an Israeli Hermes 450 Drone over Natanz. Reports like these caused major government concerns. Better risk assessment and teaching active cyber defenses is required to protect UAS assets. Hence, the graduate Certificate program in UAS – Cybersecurity was born.
The new MPT / Certificate discipline in UAS – Cybersecurity is NOT about drone training like that of Embry-Riddle Aeronautical University. Its mission is CYBERSECURITY protection of UAS / UAV / Drones as Information Assets in the Air, all the networked computer systems related to the Intelligence / Counter Intelligence functions, and their payloads.
A key concern is the safety of integration of UAS systems into the National Air Space (NAS). A critical component of this safety is the hardening of UAS/ sUAS /UAVs to cyber-attacks.
The focus of this new program is on leadership, planning, and state-of-the-art practice for professionals in UAS / UAV aviation concerned with protecting this advanced technology against cyber-attacks or hostile/ intentional control of Command, Control, Communications, Computers, Intelligence, Reconnaissance and Surveillance (C4IRS) systems, or Loss of Signal (LOS) to critical navigational components. This program applies to all UAS / UAV personnel preparing to act or working as pilots, operators, communications, payload, navigation, ground support, satellite coordination with assets, or air-to-air delivery.
The Graduate Certificate Program in Unmanned Aircraft Systems – Cybersecurity requires five three-hour credit courses for certification. Each course is required to reflect current knowledge and practice in terms of cybersecurity, Information Security (INFOSEC), Communications Security (COMSEC), and Risk Assessment (RA) as applied to both safe integration of UASs into the National Airspace (NAS) and deployment for global Counter Terrorism operations (CT).
All courses in the proposed certificate focus on knowledge and skills to understand UAS / UAV issues related to UAS cyber security. If students desire to complete a Professional Masters in Technology (PMT), four courses from this certificate can be applied as electives towards the professional Master’s Degree in College of Technology and Aviation.
The certificate program has one concentration – cybersecurity. CyberSecurity (in the context of cyber-conflicts) is defined in this document as, “the broad tree of investigation and practice devoted to cybercrimes, computer forensics, Information Assurance, Information Security (INFOSEC), Communications Security (COMSEC), and especially Cyber Counter Intelligence (CCI)” (Nichols, 2008). Cyber Counter Intelligence indicates the involvement of computer-based sensitive information, or information operations for three distinct sciences operating in the cyber realm: Cyber Counter Sabotage (CCS), Cyber Counter Terrorism (CCT), and Cyber Counter Espionage (CCE). (Nichols, 2008) In this book, Cybersecurity is limited to the prior three investigation areas. Computer forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law (US-CERT, 2015)
The primary concerns of the graduate certificate program are protection of UASs / Small UAS (sUAS) / Unmanned Aircraft Vehicles (UAVs) from cyber-attacks, through negligent or hostile means, and teaching cyber security risk assessment principles to practitioners involved with UAS operations on land, sea, air, or satellite platforms. The impact of Loss of Signal (LOS) or intentional interference in UAS communications or navigation systems cannot be overstated. At the lowest end of the scale is the risk of a downed vehicle, mid-range risk is collision and failure to sense and avoid other vehicles or commercial / military traffic, and at the top of the risk scale is the hostile takeover of a payload to be used against US or US interests. It is not “good enough” to operate, fly or support UASs. Professionals must be concerned with protection of their charges.
Unmanned Aircraft Systems (UAS) In the Cyber Domain: Protecting USA’s Advanced Air Assets is the authors attempt to provide some of the raw materials / tools for our students at a reasonable cost. (Free download like the MIT Open courseware project under a CCL open license arrangement.)
UAS – CYBERSECURITY CERTIFICATE PROGRAM COURSES
COT 680. Unmanned Aircraft Systems and Risk Assessment. (3) Fall. This course is an introductory course in Unmanned Aircraft Systems (UAS) history, elements, US aviation regulations, operations, use of geospatial data, automation and safety issues; detect and avoid systems, sensors and payloads, and human factors. Special attention to UAS Cyber Security Risks, Threats, Impact, Vulnerabilities, and Countermeasures will be identified. Various risk assessment equations will be used for qualitative risk analysis of threats so identified.
COT 682. Open Source Cyber Surveillance / Intelligence. (3) Fall. One of the key public concerns for safe integration of UAS into the NAS is privacy. This course questions the technical gaps, Intelligence Community (IC) assumptions, and important legal issues related to open source cyber surveillance / intelligence with emphasis on UAS activities/ deployment. Topics addressed include the responsible, legal, and ethical use of data and information gathered from the use of unmanned, semiautonomous systems, web data mining, social networks, and other modern technological systems.
COT 684. Advanced Topics in Cyber Data Fusion and Cyber Counter Intelligence. Prerequisites: three of four courses in the sequence. (3) Spring. This course is scenario-based applying cyber surveillance techniques and analysis of collected data to realistic, terrain-oriented problems. Topics include the digital soldier and sailor, 360-degree battlefield awareness and the use of unmanned, semiautonomous technologies. Risk assessment and cyber security countermeasures are the “glue” to successful implementation of data fusion techniques. Various risk assessment equations and other methods will be used for qualitative risk analysis of identified cyber threats. Cyber Counter Intelligence technology is applied to cases.
COT 686. Risk Management for UAS Operators, Pilots, and Ground Personnel. (3) Spring. UAS operators, pilots, and ground personnel must be committed to safety if the goal of UAS integration into NAS is to be accomplished. The best tool for assessment and determination of safest possible flight is risk management. This course introduces three risk assessment tools for UAS operators, pilots, and ground personnel to manage the workloads associated with each phase of flight.
COT 688. Sense and Avoid Technologies in UAS. (3) Summer / fall. This course is an advanced course in Sense and Avoid (SAA) technologies for UAS. SAA is extremely important concept and is the main obstacle for wider application of UAS in non-segregated airspace related to traffic safety in civilian and military/ defense domains.
Clearly, the students in the UAS -Cybersecurity Certificate and MPT programs, along with KSU’s Aviation and Technology Department and UAS Research Laboratory, are the targets for this book. Cyber attacks and hostile control of UAS should not be underestimated.. It is as real as cyber attacks on computers, networks, personal identities, intellectual property loss, and delivery of cyber weapons on the battlefield. The larger audience are UAS operators, pilots, and ground personnel, owners and computer network analysts to manage the workloads associated with each phase of flight in any service: military, commercial, or recreational. Those concerned with UAS communications, navigation, payload, battery, sense and avoid, emergency components, satellite links, ground station links, materials construction and risk assessment / management associated with novel designs may well benefit from our textbook. All are factors in the vulnerable cyber domain.
STRUCTURE OF THE BOOK
Several themes covered in this text:
- C4ISR, Payload recovery, communications interference in the many different platforms,
- SAA and navigational functions and their interactions in the NAS (i.e. vulnerabilities)
- Protecting UASs from hostile intent in the Cyber Domain, and
- SCADA systems and how they may be exploited and protected in UAS vehicles.
Unmanned Aircraft Systems (UAS) In the Cyber Domain: Protecting USA’s Advanced Air Assets is divided into five sections:
Section 1: The UAS Playing Field
Unmanned Aircraft Systems (UAS) – Defining UAS Cyber Playground
Chapter 1 A view of the UAS Market
Chapter 2 UAS Law – Legislation, Regulation and Adjudication
Chapter 3 Understanding Hostile Use and Cyber-Vulnerabilities of UAS: Components, Autonomy vs. Automation, Performance Trade-offs, SCADA and Cyber Attack Taxonomy
Section 1 above is concerned with the basic components and taxonomy of UAS that are vulnerable to cyber influence.
Section 2: UAS Information Security, Intelligence and Risk Assessment
Information Security (INFOSEC), Intelligence and Risk Assessments
Chapter 4 INFOSEC – Protecting UAS Information Channels & Components
Chapter 5 Intelligence and Red Teaming
Chapter 6 Case Studies in Risk for UAS
Section 2 above introduces the concepts and tools of Risk Assessment, Open Cyber Intelligence / Reconnaissance, network security, INFOSEC and vulnerability analysis. The use of Attack / Defense scenarios is introduced.
Section 3: UAS Heart & Soul – Sense and Avoid (SAA) Systems / Stealth
Sense and Avoid (SAA) – Heart of the UAS Package & Stealthy Design, its Soul
Chapter 7 SAA Sensors, Conflict Detection, and Resolution Principles
Chapter 8 Designing UAS systems for Stealth
Chapter 9 Smart Skies Project
Section 3 above focusses on the Sense and Avoid systems and common approaches to reduction of risk for failure of those systems. It also studies the brilliant Smart Skies project with speculations as to how the systems could be breached.
Section 4: UAS Weapons & ISR &IO
Payloads – UAS Delivery Systems
Chapter 10 UAS Intelligence / Reconnaissance / Surveillance Technologies (ISR)
Chapter 11 UAS Weapons
Chapter 12 UAS System Deployment and Information Dominance (ID)
Section 4 above concentrates on the unclassified UAS weapons systems, EW and IO systems, Information Dominance (ID) and surveillance technologies – all that can potentially be breached via cyber means.
Section 5: Computer Applications & Data Links – Exposing UAS Vulnerabilities via Electronic Warfare (EW) & Countering with Low Probability Intercept Signals ( LPI)
UAS Vulnerabilities and Electronic Warfare (EW)
Chapter 13 Data – Links Functions, Attributes, & Latency
Chapter 14: Exposing UAS Vulnerabilities via Electronic Warfare (EW) & Countering with Low – Probability Intercept Signals (LPI)
Section 5 above is concerned with the attributes, functions, latency features of UAS communications links on ground, air, sea, and satellite.
Section 6: UAS / UAV Hostile Use & Countermeasures
Adversary UAS / Drone Hostile Use
Chapter 15: Africa – World’s First Busiest Drone Operational Proving Ground – Where Counter-Terrorism and Modernization Meet
Chapter 16: Chinese Drones in Spratly Islands, and Threats to USA forces in Pacific
Section 6 above steps into the headlines of today. Part of the material comes from Professor Nichols’ presentations to the public about hostile use of drones.
As our book goes to press, more potent examples of UAS Cyber intrusion (globally) may arise and will be included as time permits. In the meantime, the authors suggest that interested readers follow www.globalincidentmap.com or www.aviation.globalincidentmap.com both track the current global terror and non-terror incidents involving planes, and UAS.
Randall K Nichols, DTM
Professor of Practice
Director, Unmanned Aircraft Systems (UAS) – Cybersecurity Certificate Program
Managing Editor / Author
Kansas State University Polytechnic Campus &
Professor Emeritus – Cybersecurity, Utica College
Illi nunquam cedunt.
“We Never Yield”
Nichols, R. K. (2008). Cyber Counterintelligence & Sensitive Compartmented Information Facility (SCIF) Needs – Talking Points,. Utica College, Chair Cybersecurity. Utica New York: Private Memo to R. Bruce McBride. Retrieved September 5, 2008
US-CERT. (2015, August 27). Computer Forensics. Retrieved from US-CERT: https://www.us-cert.gov/sites/default/files/publications/forensics.pdf