Research Summaries

Back Unmanned Aerial System Cybersecurity Risk Management Decision Matrix for Tactical Operators

Fiscal Year 2020
Division Research & Sponsored Programs
Department NPS Naval Research Program
Investigator(s) Hale, Britta J.
Van Bossuyt, Douglas
Sponsor NPS Naval Research Program (Navy)
Summary In 2018, the USECDEF issued a decision memo enacting moratorium on COTS UAS across DoD. OSD stood up a board to assess COTS UAS on a case by case basis to exempt the COTS UAS from the policy and decision-making authority has further been devolved to the service branches. However, operators on the ground need the ability to assess if a COTS UAS can still complete its mission while posing an acceptable risk even when potentially compromised by an adversary. e.g. a COTS UAS with an encrypted and secure control link but an unencrypted video feed can be vulnerable to video feed intercept. Also, there is a risk of the adversary being alerted to the presence of opposing forces via video feed detection. We will conduct a survey of DoD COTS UAS. Will identify technology used on each COTS UAS including transmitter security types, data download link technology and security, separation and integration of control messages and data, etc. Qualitative analysis of security algorithms and protocols used in COTS UAS will be performed to understand the level of security provided. This information will be used to develop the cybersecurity operational risk management decision matrix. Will investigate bolstering the matrix by analysis of different potential outcomes from generic cyber-attacks. It is expected that some scenarios will be identified where a tactical operator may choose to continue operating in spite of the COTS UAS being compromised because the risk is sufficiently low compared to the benefit to the mission. The matrix will be verified using a NIST cybersecurity framework and/or DoD guidance, and/or other methods. Guidance will be provided on how to rapidly assess if a UAS may have compromised cybersecurity at the tactical operator level and how to continue to operate with degraded capability during a compromise. Research deliverables: theses, IPRs and final project briefs, a research summary and a detailed decision matrices addressing cyber compromises shall be published.
Keywords
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal