MOBILITY ENGINEERING Produced by SAE Media Group
MOBILITY ENGINEERING
Magazines
Magazine cover

Current Issue

Archives

Magazine cover

Current Issue

Archives

Magazine cover

Current Issue

Archives

Magazine cover

Current Issue

Archives

Cyber Risk Assessment and Scoring Model for Small Unmanned Aerial Vehicles

Based on lessons learned from similar domains of aircraft operation, information technologies, cyber-physical systems, and cyber insurance, a cyber risk assessment methodology tailored for small UAVs is developed.

The desire of man to fly is almost as old as time itself. Since the dawn of flight, aircraft have evolved to meet new demands and innovations, through the 20th century and into the 21st. While UAVs have been around since the earliest days of aircraft, technology in the last two decades has allowed an explosion of options that allow for militaries and commercial organizations alike to consider the aerial automation of missions like never before. In particular, small UAVs provide a lower cost of entry and less overhead, with much of the same aerial advantages as larger vehicles.

As with all computer devices, small UAVs come with risks associated with their missions, both physical and cyber related. The physical risks of collisions and damage to structures or people is reflected in United States government regulations and licensing through the Federal Aviation Administration (FAA). In contrast, the cyber risks accepted by organizations and individuals has received very little attention and over-sight by regulators. Most organizations do incorporate some sort of cyber risk framework to manage risks, but these frameworks are reliant on lackluster risk assessments for small UAVs.

Components of Typical UAV

In some sense, manufacturers currently control small UAVs’ cyber security standards by setting their own levels of protection, which may not be acceptable with consumers. Organizations have little measurement or insight into the risks accepted with purchasing and operating these vehicles as there is no formal method of comparison, as may be seen with other vehicle safety. Additionally, while manufacturers may have a vested interest in protecting their devices from outside compromise, the cost of cyber security efforts and overhead of components and software compete with financial and physical constraints.

This research defines a new cyber risk assessment for small UAVs using the lessons learned from assessments in related systems and then tests and analyzes this new scoring system by presenting case studies that represent the breadth of models and mission scenarios for small UAVs. The research objectives of this work are as follows:

  • Assess whether any cyber or physical risk assessments of similar domains accurately quantify the cyber risk of small UAVs.

  • Determine the success criteria a small UAV cyber risk assessment should meet, based on similar domain assessments.

  • Define a new small UAV cyber risk assessment tool (assuming none exists).

  • Establish the objectives a hardware-in-the-loop simulation of a small UAV should meet to best bring awareness to potential vulnerabilities.

The hypothesis of this research is that no cyber risk assessment tool currently exists and no similar domain assessment accurately portrays the risk of small UAVs to its operators/owners. If none exist, a new tool will need to be built using the lessons learned and scoring models of similar domains that have seen success.

The approach consists of first analyzing and comparing many of the similar domains’ risk assessments for applicability to small UAVs and defining the best set of objectives for a new risk assessment based on the unique characteristics. Utilizing the closest risk assessment to the required need, a new cyber risk assessment specific to small UAVs will be defined with as little deviance from the scoring model as possible to maximize the value of the chosen tool’s lessons learned. The new tool will then be analyzed against a multitude of case studies to verify its ability to easily and accurately quantify associated risk of the vehicles to mission scenarios. Lastly, from the analysis of the case studies, a proposal for objectives that a hardware-in-the-loop simulation for small UAVs must meet will be presented.

The analysis of similar domains’ risk assessments assumes that all practical assessments have been discovered. It is expected that there are many risk assessments that are not public domain or unclassified that may relate to this research. This research also assumes that all publicly available specifications and configurations of utilized small UAVs (under 55 pounds per FAA regulations) are correct. This research is limited to risk assessments for only small UAV platforms due to the unique characteristics, though there may be benefits or applicability of the new tool to larger UAVs.

This work was done by Dillon M. Pettit for the Air Force Institute of Technology. For more information, download the Technical Support Package below. AFIT-0001

Topics:
Aerospace Aircraft Cybersecurity Data acquisition and handling Mathematical models Regulatory and Guidance Documents Risk assessments Safety testing and procedures Simulation and modeling Software Standards and Standards Development Unmanned Air Vehicles/Systems (UAV/UAS) Unmanned aerial vehicles Vehicles
This Brief includes a Technical Support Package (TSP).
Document cover
Cyber Risk Assessment and Scoring Model for Small Unmanned Aerial Vehicles

(reference AFIT-0001) is currently available for download from the TSP library.

Don't have an account?

More From SAE Media Group

    Magazine cover
    Aerospace & Defense Technology Magazine

    This article first appeared in the May, 2021 issue of Aerospace & Defense Technology Magazine (Vol. 6 No. 3).

    Read more articles from this issue here.

    Read more articles from the archives here.

    Overview

    The document is a master's thesis titled "Cyber Risk Assessment and Scoring Model for Small Unmanned Aerial Vehicles" authored by Captain Dillon M. Pettit, USAF, and completed at the Air Force Institute of Technology. The research addresses the increasing vulnerabilities associated with small unmanned aerial vehicles (UAVs), which are characterized by their small radar cross sections, low heat signatures, and diverse sensor capabilities. Despite their growing use in various applications, the security of these UAVs is often neglected, leaving consumers without adequate information regarding the hardware and software protections in place.

    The thesis identifies a significant gap in the market: the absence of a standardized risk index for small UAVs. To fill this void, the author proposes a tailored cyber risk assessment methodology that draws from established practices in aircraft operation and information technology. This methodology aims to provide organizations with a means to evaluate the cybersecurity posture of small UAVs before acquisition, enabling them to make informed decisions based on a quantitative assessment of risk.

    The research is structured around case studies of popular UAV models and various mission-environment scenarios, demonstrating the proposed assessment's effectiveness in meeting three key objectives: ease of use, breadth of application, and readability. By implementing this cyber risk assessment model, organizations can better compare and select UAVs that align with their operational needs while mitigating potential cybersecurity threats.

    The document also discusses the broader implications of UAV security, emphasizing the need for increased awareness and proactive measures in the development and deployment of these technologies. The findings contribute to the ongoing discourse on cybersecurity in the context of emerging technologies, particularly in the realm of cyber-physical systems.

    In conclusion, Captain Pettit's thesis provides a valuable framework for assessing the cyber risks associated with small UAVs, highlighting the importance of security in the rapidly evolving landscape of unmanned aerial systems. The proposed model not only addresses current vulnerabilities but also sets the stage for future research and development in UAV cybersecurity, ultimately enhancing the safety and reliability of these systems in various applications.

    Top Stories

    INSIDERDefense

    Feature Image F-35 Proves Nuke Drop Performance in Stockpile Flight Testing

    INSIDERMaterials

    Feature Image Using Ultrabright X-Rays to Test Materials for Ultrafast Aircraft

    INSIDERManufacturing & Prototyping

    Feature Image Stevens Researchers Test Morkovin's Hypothesis for Major Hypersonic Flight...

    INSIDERManufacturing & Prototyping

    Feature Image New 3D-Printable Nanocomposite Prevents Overheating in Military Electronics

    INSIDERRF & Microwave Electronics

    Feature Image L3Harris Starts Low Rate Production Of New F-16 Viper Shield

    INSIDERRF & Microwave Electronics

    Feature Image F-22 Pilot Controls Drone With Tablet

    Webcasts