Abstract
The growing market for commercial-off-the-shelf unmanned aerial vehicles has brought with it innate rewards and vulnerabilities. Aerial technology presents unique cyber risk characteristics that must be managed in new ways. A key stage of the risk management process is risk assessment – the earlier in the lifecycle the assessment is performed, the more the security that can be designed into the operational environment.
This chapter presents a quantitative risk assessment framework for unmanned aerial vehicles based on qualitative cyber measures and requirements that captures the dynamics of probability and severity. The assessment uses 14 sub-metrics that cover unmanned aerial vehicle security, temporal aspects and mission environments to express the risk as a single score ranging from 0.0 (best) to 10.0 (worst). A case study involving three popular unmanned aerial vehicle models in three mission-environment scenarios demonstrates the breadth and variability, general applicability and ease of use of the risk assessment framework. Performing risk assessments before unmanned aerial vehicle acquisition will enable organizations and individuals to accurately compare and select the best vehicles for their missions and environments.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
E. Ancel, F. Capristan, J. Foster and R. Condotta, Real-time risk assessment framework for unmanned aircraft system (UAS) traffic management (UTM), Proceedings of the Seventeenth AIAA Aviation Technology, Integration and Operations Conference, 2017
B. Clinton, Executive Order 13010: Critical Infrastructure Protection, The White House, Washington, DC (www.hsdl.org/?abstract&did=1613), 1996
F. Corrigan, DJI Mavic 2 Pro and Zoom Review of Features, Specs with FAQs, DroneZon (www.dronezon.com/drone-reviews/dji-mavic-2-pro-zoom-review-of-features-specifications-with-faqs), April 20, 2020
Dimensional Research, Trends in Security Framework Adoption: A Survey of IT and Security Professionals, Sunnyvale, California (static.tenable.com/marketing/tenable-csf-report.pdf), 2016
DJI, Mavic 2 Pro/Zoom User Manual v2.0, Shenzen, China (dl.djicdn.com/downloads/Mavic_2/20190417/Mavic_2_Pro_Zoom_User_Manual_v2.0_en.pdf), 2019
P. Fahlstrom and T. Gleason, Introduction to UAV Systems, John Wiley and Sons, Chichester, United Kingdom, 2012
J. Feist, Intel’s drone business explained – Falcon 8+, Shooting Star and Insight, Drone Rush (www.dronerush.com/intel-drone-business-12568), May 8, 2018
Forum of Incident Response and Security Teams (FIRST), Common Vulnerability Scoring System SIG, Cary, North Carolina (www.first.org/cvss), 2020
J. Gray, Design and Implementation of a Unified Command and Control Architecture for Multiple Cooperative Unmanned Vehicles Utilizing Commercial-off-the-Shelf Components, M.S. Thesis, Department of Systems Engineering and Management, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, 2015
K. Hartmann and K. Giles, UAV exploitation: A new domain for cyber power, Proceedings of the Eighth International Conference on Cyber Conflict, pp. 205–221, 2016
K. Hartmann and C. Steup, The vulnerability of UAVs to cyber attacks – An approach to risk assessment, Proceedings of the Fifth International Conference on Cyber Conflict, 2013
Intel, Intel Falcon 8+ System, Santa Clara, California (www.intel.com/content/www/us/en/products/drones/falcon-8), 2020
P. Kopardekar, Unmanned Aerial System (UAS) Traffic Management (UTM): Enabling Civilian Low-Altitude Airspace and UAS Operations, Technical Report NASA/TM-2014-218299, NASA Ames Research Center, Moffett Field, California, 2014
P. Kopardekar, Unmanned Aircraft Systems Traffic Management, U.S. Patent No. 0275801 A1, September 22, 2016
F. Mohammed, A. Idries, N. Mohammed, J. Al-Jaroodi and I. Jawhar, UAVs for smart cities: Opportunities and challenges, Proceedings of the International Conference on Unmanned Aircraft Systems, pp. 267–273, 2014
Parrot, Anafi, Paris, France (www.parrot.com/global/drones/anafi), 2020
D. Pettit, R. Dill and S. Graham, Zero stars: Analysis of cybersecurity risk of small COTS UAVs, Proceedings of the Thirteenth International Conference on Emerging Security Information, Systems and Technologies, pp. 90–95, 2019
K. Scarfone and P. Mell, An analysis of CVSS version 2 vulnerability scoring, Proceedings of the Third International Symposium on Empirical Software Engineering and Measurement, pp. 516–525, 2009
I. Stine, A Cyber Risk Scoring System for Medical Devices, M.S. Thesis, Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, 2017
Subcommittee on Security, Drone Security: Enhancing Innovation and Mitigating Supply Chain Risks, Hearing, Committee on Commerce, Science and Transportation, U.S. Senate, Washington, DC (www.commerce.senate.gov/2019/6/drone-security-enhancing-innovation-and-mitigating-supply-chain-risks), June 18, 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 IFIP International Federation for Information Processing
About this paper
Cite this paper
Pettit, D., Graham, S. (2020). Assessing the Cyber Risk of Small Unmanned Aerial Vehicles. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XIV. ICCIP 2020. IFIP Advances in Information and Communication Technology, vol 596. Springer, Cham. https://doi.org/10.1007/978-3-030-62840-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-62840-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62839-0
Online ISBN: 978-3-030-62840-6
eBook Packages: Computer ScienceComputer Science (R0)