UAS Cybersecurity

Overview​

While unmanned aircraft systems (UAS) are considered aircraft, they are also information and communication technology system (ICTS) devices that receive and transmit data. Each point of connection is a potential target for malicious actors to compromise sensitive information. 

• Foreign-manufactured UAS: UAS manufactured by foreign adversaries may contain vulnerabilities that allow government and intelligence officials access to sensitive information.  
• Software and firmware vulnerabilities: Certain software and firmware used in UAS operations may pose data privacy risks, which can result in stolen data or unauthorized control of the UAS. 
• Peripheral devices: The transfer of data between UAS and connected devices, such as controllers, smartphones and docking stations, allow for vulnerabilities that may be exploited.  

What Actions Can You Take?

Consider Secure by Design UAS 

Opting to use UAS manufactured with Secure by Design principles can minimize cybersecurity vulnerabilities and protect data privacy. Understand where UAS are manufactured and what laws the manufacturer is subject in order to clarify security standards and assess supply chain risks. 

Implement a Zero Trust Framework

Zero Trust (ZT) architecture ensures all network access and transactions across the UAS devices are continuously verified and authenticated, minimizing unauthorized access and shrinking the overall attack surface.

Take Precautions When Installing Software

• Read software user agreements and privacy policies to understand where your data is transferred, stored and potentially shared.  
• Review each software installation page manually for each setting; do not accept the “default” installation options offered. 
• Run all files through an antivirus program. 
• Ensure UAS devices involved do not access the enterprise network directly. 

Secure Accounts and Connected Devices

Isolate, air gap or segment networks to prevent any potential malware or breach from spreading to the enterprise network. Implement multi-factor authentication methods and use strong passwords to secure organizational accounts and data. Perform periodic log analysis and compliance checks to determine if any anomalies exist across UAS data and accounts. 

Minimize Data Storage and Network Vulnerabilities, Pre- and Post-Flight

• Maintain robust data-at-rest and data-in-transit procedures for encryption and storage to ensure the confidentiality and integrity of data collected via UAS.​ 
• Delete collected data from the UAS to include imagery, Global Positioning System (GPS) history and flight telemetry data after data has been transferred and stored.​ 
• Remove and secure portable storage such as secure digital (SD) cards from the UAS prior to storage to prevent unauthorized access.​  

Minimize Data Vulnerabilities During UAS Flights 

• Maintain a secure connection with the UAS during flights by using a virtual private network (VPN), secure Wi-Fi or other encryption method to protect the confidentiality and integrity of communication pathways. 
• Turn on Local Data Mode (LDM) to block UAS data from being transmitted or shared during flights. 
• Set a pre-determined ‘Return to Home’ location to minimize GPS-related risks and ensure proper UAS recovery. 
• Do not broadcast or live stream to the internet to prevent the unauthorized acquisition of real-time sensitive data. 

Return to Home Page