Michael Ogata Computer Scientist

Michael Ogata Computer Scientist

OVERHEAD! CYBERSECURITY AND PUBLIC SAFETY UAS

#PSCR2021

DISCLAIMER

Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately.

Such identification is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

* Please note, unless mentioned in reference to a NIST Publication, all information and data presented is preliminary/in-progress and subject to change

#PSCR20213

DISCLAIMER

Guest speakers, Teague Forren (TAK Product Center), Randall Nichols (Kansas State University), and Raymond Sheh (NIST) produced and presented slides 17-31, 33-41, and 43-51 for publication in the National Institute of Standards and Technology’s PSCR 2021 The Digital Experience. The contents of their presentations do not necessarily reflect the views or policies of the National Institute of Standards and Technology or the U.S. Government.

Posted with Permission.

#PSCR20214

OVERHEAD! CYBERSECURITY AND PUBLIC SAFETY UAS

Michael Ogata Computer Scientist

National Institute of Standards and Technology

Applied Cybersecurity Division

5

BACKGROUND

UAS TECHNOLOGIES AND VULNERABILITIES

TEAM AWARENESS KIT

UAS AND PUBLIC SAFETY

ROUNDTABLE DISCUSSION

6

Background:

7

WHAT IS AN UNMANNED AIRCRAFT SYSTEM (UAS)?

8

unmanned aircraft system (UAS): a small unmanned aircraft and its associated elements (including communication links and the components that control the small unmanned aircraft) that are required for the safe and efficient operation of the small unmanned

aircraft in the national airspace system

9


10


Mobility

Maneuverability

Advancing Tech

Availability

11

HOW IS PUBLIC SAFETY USING UAS TECH ?

Video

Sensors

Comms

Payload Delivery

UAS & PUBLIC SAFETY

12

UAS & PUBLIC SAFETY

13

WHAT’S IN A DRONE?

14

Artificial Intelligence

Flight ControlReturn to home, object avoidance, autonomy

Command and Control

Receivers, base stations, pilot-as-a-service

GPS, triangulation, LiDAR

Location and Positioning

Embedded Systems

Device firmware & operating systems

Data channels

LTE, Wi-Fi, Bluetooth

15

PANEL MEMBERS

Randall NicholsProfessor of Practice UAS– Cybersecurity

Kansas State University Polytechnic

Raymond ShehResearch Professor

Georgetown University

Teague ForrenCybersecurity Lead

TAK Product Center

UPNEXT

#PSCR2021

Overhead! Cybersecurity and Public Safety UAS

Randy Nichols

PSCR STAKEHOLDERS ANNUAL MEETING

CYBER THREATS TO LEO-FR ISR MISSIONS

Randall K. Nichols, DTM

NIST PSCR UAS 3.0 Technical Lead –

Cyber Challenge

Professor of Practice

Director, Unmanned Aircraft Systems

Cybersecurity Certificate Program

Kansas State University Polytechnic Campus &

Professor Emeritus & Chair - Cybersecurity, Utica College

5/28/2021 Stakeholders Meeting Rev 6A Blue 17


UAS / CUAS / Cyber Expertise


AGENDA

• Two Major Cyber Threats to LEO-FR ISR Missions

• Ryan – Nichols Qualitative Risk Equations

• UAS Threat Targeting Dimensions

• Cyber Threats to LEO Drone Operations

• LEO -FR Drone Cyber Vulnerabilities

• LEO -FR Mission Cyber Impact

• UAS Cyber Threat Countermeasures

• LEO-FR Tactical & Strategic Benefits of Robust UAS Cybersecurity


CYBER THREATS - LEO-FR ISR MISSIONS

LEO’s – FR’S using DRONES for ISR & tactical response missions face two cyber-related / INFOSEC challenges critical to their UAS Communications & Navigation systems:

• [Protect their own- Enforce Cyber Hygiene] Provide Robust End-to End Security of LEO / FR drone controls, communications, frequencies, data/video transmissions, payloads, & SCADA systems operating in public domain.

• [Mitigate Unlawful Interference] Provide effective countermeasures against cyber-SPOOFING GPS or denial operations against their UAS navigation systems

Qualitative Risk Equations

We need a Qualitative INFOSEC RISK Metric →Ryan-Nichols Equations

RISK = {Threats x Vulnerabilities x Impact / Countermeasures }

RISK ~ f (Threats / Countermeasures) at time state =0

Where: Vulnerabilities & Impact are constants & drop out w.r.t. time

THREAT: The RISK of success of terrorist or criminal attacks on LEO – FR Air Defense Systems (ADS) via UASs / sUASis higher ~ improving commercial capabilities & accessibility


UAS/Drone Threat Targeting Area Dimensions


DIMENSION FUNCTION ACTION

Latitude

Longitude

Elevation

Friendly Force Location

Enemy Force Location

Direction of Weapons

Maneuver of Forces

Time Speed of Maneuver

Timing of Weapon Release

Timeliness of Attack

Enemy Vulnerability

Frequency Bandwidth Required

Frequency of Transmissions

Rate of Information Flow

Interference

Vulnerability to Jamming

Vulnerability to Intercept

Cyber Threats to LEO-FR Drone Operations

• Attacks on Flight Controller & Ground Control Station via Data link & acquired by sensors – internal system communication (SCADA)

• Spoofing GPS / jammed (unencrypted & unauthenticated) signals

• ADS-B [unencrypted & unauthenticated position & velocity]

• Manipulating captured footage coupled with GPS spoofing attack to take complete control of AV or human operated drone!

• Detect / Legally capture / disable / kill “Dark” drones or homemade No Limit Drones (NLD) variants [Prosecute felonious use]


Cyber Threats to LEO-FR Drone Operations

• Injecting falsified sensor data - effects radar, IR, & EO sensors

• Audio energy at resonance frequencies can alter MEMS outputs to rotors & crash drone

• Attacks on Data Link – violate CIA of communication between UAV and GCS on the data link.

• GCS spoofing / jamming – inject false wireless control commands using the datalink by MIM attack. Result: loss link state

• Malicious Hardware / Software - Trojans


LEO-FR Drone Cyber Vulnerabilities

• Three critical UAV subsystems: • Command Datalink system (links GCS for guidance,

telemetry, sensor information)

• UAV Optical / COMINT payload system/ payload links

• Flight Control & Navigation system

• Disruption of any of above = Mission Failure


LEO-FR Mission Cyber Impact

• Complete Failure of ISR Mission

• Loss of Drone to Enemy at ground location away from LEO – FR Control station

• Disruption of services

• False Surveillance Data transmitted to LEO – FR Operations

• Drone reporting unlawful activities at wrong location resulting in LEO-FR being sent on wild goose chase.

• Enemy control of waypoints or payload integrity

• Harm to population seeking assistance


UAS Cyber Threat Countermeasures

• Message Authentication Code schemes (MAC) to verify authenticity of drone signals

• Secure distance bounding protocols used to determine proximity of source received signals & compare it to last known location of UAV

• Geofencing- virtual, location-based barriers that prevent sensitive areas intrusion

• Remote ID – built into software, broadcasts real time

• ASPN w/wo GPS and encrypted capability to detect spoofing / jamming

• LAANC – chip embedded / PINS /ANS


Past & Present Solutions(INFOSEC / SCADA / Communications)

Past Countermeasures

• Patch control / Legacy measures

• Host-based / Network Based systems

• APT defenses

• Zero Trust systems

Sophisticated Countermeasures

• Cryptographic authentication - receiver & transmitter use mutual authentication processes avoiding interferences of external sources.

• ASIC & Hardware defenses

• Identify Friend or Foe (IFF)

• Feed Forward / Real-time countermeasures

• DOE National SCADA Test Bed recommendations


Past & Present Solutions (GPS Spoofing)

Past Countermeasures

• Amplitude discrimination

• Time-of-Arrival discrimination

More Sophisticated Countermeasures

• Cryptographic authentication - receiver & transmitter use mutual authentication processes avoiding interferences of external sources. Embedded ASICS with MFA

• Angle-of-Arrival discrimination

• Polarization discrimination

• Consistency of Navigation inertial measurement unit (IMU) cross-check

• Terrain-based location determination w/ CAS & w/o GPS or compass


LEO-FR Tactical Benefits of Robust UAS Cybersecurity

• Encrypting discovered data (i.e., imaging), transmitted out‐of‐band relative to the control transmission

• Detecting / countering Dark Drones that do not require RF communications or use GPS way points rather than ground control or transmit on nonstandard frequencies or use homemade noncommercial software

• Monitor control channel frequencies for Spoofing, replay or jamming to impair or disable control of the drone

• LEO to effectively administer Hacking /Jamming / Spoofing /Certification Laws:18 USC S32 /1362 /1367 (a); 47 USC S301 /302(b) /333; USC 2511 /1030 (a-c)

• LEO resources deployed / swarmed to correct locationsin volatile or combat conditions


LEO-FR Strategic Benefits of Robust UAS Cybersecurity

•Robust Security of drone control & data transmission systems.•Secured legacy communication channels that are public•Demonstrated resiliency •Expected performance maintained even if attempt is detected to disable UAV communications. •Safeguarding information in transit (COMSEC/ INFOSEC)•Verifiable / Measurable Threats & Vulnerabilities•Public Safety Awareness – converting the clueless, careless, arresting the criminals – saving lives & property

•Innovation in design and manufacture H/S


UPNEXT

#PSCR2021


Raymond Sheh

Cyber Security

for UAS in Public SafetyWhy Should you care? What are the risks? What Can you do?

Raymond Sheh

Research Professor


[email protected]

About me …

• Research Professor @ Georgetown University

• Guest Researcher @ NIST

• Adjunct Faculty @ Curtin University

Trusted Autonomous Systems:

• Performance Standards

• Explainable Artificial Intelligence

• Cyber Security 34

Cyber Security X Aerial Robots …

Pixel2013/ronymichaud, pixabay.com

35

Outline

•Why Should you Care?

•What are the risks?

•What can you do?

36

Why should you care?

•Who are you up against?

•What are they after?

•What bad things can happen?

37

What are the risks?

• On the robot/drone.

• On the comms link.

• On the operator station.

• Elsewhere in the infrastructure.

• In the people, policies, and community.

38

What can you do?

• Defense in depth.

• Intrusion detection.

• Secure supply chain.

• Watch your software!

• Make sure your people are well informed.

• Make sure your policies are realistic and sensible.

39

geralt, pixabay.com

Summary

• There is no such thing as perfect security, only

varying levels of insecurity.

• The adversary only needs to get lucky once.

• Use limited resources wisely.

40

Cyber Security

for UAS in Public SafetyWhy Should you care? What are the risks? What Can you do?

Raymond Sheh

Research Professor


[email protected]

UPNEXT

#PSCR2021


Teague Forren

UNCLASSIFIED43

Civilian Team Awareness Kit (TAK)

PSCR STAKEHOLDERS ANNUAL MEETING

04/05/2021

Teague Forren

Cyber Security Lead

TAK Product Center

[email protected]

Overview, UAS tool, and TAK Security

UNCLASSIFIED

Description

Civilian Team Awareness Kit (CivTAK)

• Geospatial Situational Awareness

• Operational Planning

• Data Sharing/Communication

• Elevation Data Visualization

Industries with TAK

• Military, Law Enforcement, Emergency First Response, Commercial, Recreational

• Software Products for Android, IPhone, Windows, and Virtual Reality.

TAK.gov

44

UNCLASSIFIED

DescriptionCore Strengths

• Moving map solution on Commercial-Off-The-Shelf hardware

• Network/Radio Agnostic

• Wide availability (Google Playstore/TAK.gov)

• Third-party Plugin Capability

Plugin Ecosystem

• Internal and Third-party Plugins

• Expands TAK functionality without bloating core application

• Benefits Overall TAK Community

45

UNCLASSIFIED

UAS Tool PluginPlugin Functionality

• Enhanced Situational Awareness

• Telemetry Data

• Full Motion Video

• Command & Control

Supported UAS Platforms

• AeroVironment – Puma, Raven, Wasp

• DJI – Mavic, Inspire, Phantom

• FLIR – Black Hornet, R80D

• Lockheed - Indago

TAK.gov

PAR Gov, TAK.gov

46

UNCLASSIFIED

UAS Tool PluginTAK UAS Network Diagram

47

UNCLASSIFIED

TAK SecurityData at Rest• 'Inactive' data stored on a device

• SQLCipher AES 256

• Utilizes OS application sandboxing (ATAK on Android)

Data in Transit• 'Active' data moving across a

network

• OpenSSL AES 256

• Benefits from network security (radio encryption, VPN, etc)

UAS Tool specifically implements SSL encryption for Full Motion Video

PAR Gov, TAK.gov 48

UNCLASSIFIED

TAK SecuritySoftware Security• DevSecOps CI/CD Pipeline software Engineering

• Micro Focus Fortify Static Code Analysis• Automatic scan upon software version build

• Regular Red Team Cyber Security Assessments• Bug Bounty Programs

• Offensive Security Researcher Tests

• Program Protection Review• Cyber Threat Landscape

• TAK Best Practices Guide• TAK Deployment Recommendations

49

UNCLASSIFIED

Civilian Use Case

Corona, CA Fire Department

• Large Scale wildfire response and rescue

• Samsung Galaxy S10 & S4 Tablets

• DJI Mavic UAS for enhanced SA

CoE Aerial Firefighting• Real-time Data Sharing

• UAS & Aircraft Live Video Feed

• Aerial Point Dropping

• Grizzly Creek Fire, Dec 2020

Corona FD, insights.samsung.com

www.thedenverchannel.com50

UNCLASSIFIED51

Thank you!

Teague Forren

TAK Cyber Lead

[email protected]

52

Placeholder for Roundtable Discussion

PSCR FUTURE UAS CYBERSECURITY RESEARCH

53

UAS1

F L I G H T & P A Y L O A D

2018

F L I G H T E N D U R A N C E

UAS2

2020

N A V I G A T E & D E T E C TG P S - D E N I E D C O M M S

&

C Y B E R S E C U R I T Y

UAS3

2021

UAS PRIZE CHALLENGES

IMAGE CITATIONS

• Drone by Blaise Sewell from the Noun Projecthttps://thenounproject.com/term/drone/32876/

• Blimp by Travis Avery from the Noun Projecthttps://thenounproject.com/term/blimp/2444517/

55

https://thenounproject.com/term/drone/32876/

https://thenounproject.com/term/blimp/2444517/

Michael Ogata Computer Scientist

Documents

Transcript of Michael Ogata Computer Scientist