全球智库信息集成服务系统

The cybersecurity threat landscape introduced by a wider range of UAS use is not well understood

• A combination of "blue" and "red" team approaches to enumerating, understanding, and categorizing cyber threats related to UAS as targets and UAS as weapons can help stakeholders better understand the space.
• Emerging trends such as autonomous flight, UAS traffic management, swarming, AI, and blockchain will continue to add complexity to this space.

Compromised drones can have real impacts on security for the Department of Homeland Security

• If faced with compromised drones, Customs and Border Protection might lose intelligence, surveillance, and reconnaissance (ISR) capabilities, creating visual blind spots in detection of smuggling or other nefarious activities at borders and ports.
• Compromised Federal Emergency Management Agency (FEMA) drones might reduce the agency's capability to identify, reach, or supply individuals in peril or medical distress in disaster zones.
• Compromised Cybersecurity and Infrastructure Security Agency (CISA) drones would degrade the ability of CISA to conduct critical infrastructure inspections in some cases, and could be used in a cyberphysical attack to damage the critical infrastructure it was meant to survey.
• Compromised Immigrations and Customs Enforcement drones will reduce overall capability, require fallback to less-familiar concepts of operation, and increase risk for the agents in the field.

This work explores approaches for understanding, inventorying, and modeling cybersecurity implications of the rapid growth in unmanned aerial systems (UAS), focusing specifically on current vulnerabilities and future trends. The authors propose conceptual approaches meant to enable the enumeration and categorization of UAS-related cyber threats and explore some of the potential benefits and challenges of modeling the commercial UAS threat. These approaches are applied to real-world threat scenarios to test their validity and illustrate the types of attacks that are currently feasible. Industry trends and the implications of these trends for cybersecurity are presented. Finally, the authors consider the UAS-related cybersecurity threat from the perspective of the Department of Homeland Security (DHS). Specifically, the authors describe the vulnerability of particular DHS components to the threats described in this report and suggest possible means of threat mitigation.

• Chapter One

  Introduction

• Chapter Two

  Understanding the UAS Threat Space

• Chapter Three

  The UAS and Cybersecurity Threat Space Today

• Chapter Four

  Industry Trends and the Future of UAS Cybersecurity

• Chapter Five

  UAS, Cybersecurity, and the Department of Homeland Security

• Chapter Six

  Conclusion and Recommendations

• Appendix A

  Attack Categorization