The Joint Authorities for Rulemaking of Unmanned Systems (JARUS) is a group of experts from 60+ national aviation authorities and regional aviation safety organizations, including the UK CAA.
JARUS has recently published an update to its Specific Operations Risk Assessment (SORA) for external consultation, with the final version to be published in Q3 2023.
SORA is a methodology used within the drone industry to help keep their operations safe and reliable. SORA includes an annex E relating specifically to cybersecurity.
In this article, we will highlight the key notions detailed in SORA Annex E, as they provide a good “training syllabus” to cybersecurity challenges and UAS.
Drone = UAS (Unmanned/Uncrewed Aircraft System) = RPAS (Remotely Piloted Aircraft System)
The need for effective and risk‐proportional cybersecurity is paramount given that aviation is reliant on interconnectivity between large numbers of systems controlled and operated by many stakeholders. The aviation sector may be an attractive target for a cyber‐attack, for various threat actors, with a wide range of motivational reasons, capabilities, and sophistication to achieve their objective to successfully exploit vulnerabilities in the aviation ecosystem.
These vulnerabilities exist in humans, equipment, and processes/procedures alike and exploitation can either target one of these elements in an isolated manner or scale up to complex multi‐vector attacks affecting the whole system. Lack of effective and risk‐proportionate cybersecurity can have a negative impact on aviation safety, as well as on an operator’s business operations from dispatch reliability, data collection, information privacy and service uptime.
First, let’s review key notions:
1. Cybersecurity: Refers to the protection of information systems and data from cyber‐related events that may disrupt organisation's business and activities.
2. Aviation Safety: Is the state in which risks associated with aviation activities, related to, or in direct support of the operation of aircraft, are reduced and controlled to an acceptable level.
3. Aviation Cyber Safety: Aviation Cyber Safety is seen as the union of the two previous domains and refers to the protection of aviation operational technologies to prevent cyber related events from affecting Aviation Safety. Operational technologies may rely on corporate IT resources, therefore the dependencies and the assumptions on the security provided by corporate IT shall also be considered.
Cybersecurity in aviation requires cybersecurity threats to be considered as part of the risk management process. Cybersecurity threats in aviation are understood as intentional unauthorized electronic interactions impacting aviation safety.
These threats exist across the global aviation ecosystem and can impact the entire aircraft and operations lifecycle, i.e., design, build, operate, maintain and disposal.
Attacker profile can vary from basic user, insider, hacktivist, terrorist to nation‐state. Depending on the profile of the attacker considered, the probability of the threats may vary. Also, motivations are often linked to financial gains but may cover making a social or political point, espionage or in intellectual challenge. For example, in regard to the difficulty of an attack, man‐in‐the‐middle attacks on a secured network are rather difficult; if combined with a low motivation, such an attack may be given a lower priority for mitigation.
Cybersecurity Attributes “C-I-A” and “A-A-A”
Although cybersecurity in aviation (or what we are calling Cyber Safety) focuses on the potential effects on safety, the attributes of the information that shall be protected, as well as the basic concepts and the threats, are common to the broader notion of cybersecurity. In the following paragraphs an introduction to the above‐mentioned concepts is provided.
C – I – A: Confidentiality, Integrity and Availability are the key security attributes, requiring appropriate protection and which underpin cybersecurity.
Confidentiality – Confidentiality is the attribute that information is not made available or disclosed to unauthorized individuals, entities, or processes.
Integrity – Integrity focuses on maintaining and assuring the accuracy and completeness of data over its entire lifecycle but preventing unauthorized or undetected modification.
Availability – The information has to be available when it is needed.
Authenticity – Ensures an entity/identity is genuine and not corrupted from the original.
A – A – A: Authentication, Authorisation, and Accounting represent an identity and access management model and is used to manage access to assets and maintain system security
Authentication – Ensures the system, device, person, entity, identity, application etc is true and genuine . Avoid unauthorised access by someone who isn’t who they say they are.
Authorisation – Ensures that people can only access the information they are meant to access and nothing more.
Accounting / Non-repudiation – The process of ensuring that everyone is held accountable for their actions and can’t deny what has occurred. It can also be seen as assurance that an electronic transaction had happened.
Concepts of cybersecurity
Security by design – The project should be designed from its foundation with the objective of being secure, using known security tactics and patterns to provide cyber resilience.
Cyber hygiene – Most cyber-attacks are allowed to happen because of those who use the net without practising cyber hygiene. This refers to the best practises that users can undertake to improve cybersecurity, such as creating unique passwords, not exposing unnecessary details online which can be used to impersonate you, and only interacting with trusted sources.
Supply chain security management – Supply chains can be complex and involve many suppliers from different countries, so it’s vital that the chain is managed to keep it streamlined and ensure that there’s no gaps for exploitation.
Defence in depth – Multiple layers of security controls or design features are placed throughout an IT system to improve resilience by several protection layers in case a security control fails or vulnerability is exploited.
Least privilege access – The user’s access rights are kept to a minimum, only allowing them to interact with programs or systems that they need to carry out their respective duties.
Secure by default – Default configurations should be the most secure settings possible.
Denial of Service/ Distributed Denial of Service (D/DoS) – This is where the attacker disrupts a service by flooding the system with endless requests until it overloads and can’t process further, legitimate requests. DDoS is an amplified version that does the same thing from multiple systems to make it harder to stop by blocking individual sources.
In addition, electromagnetic jamming can also be understood as a form of DoS/DDoS because it saturates the electromagnetic spectrum to such a degree that signals between e.g., an Unmanned Aircraft System (UAS) and the operator (ground control station) cannot be transmitted reliably anymore.
Spoofing – The hacker disguises fake information as legitimate which can be used to either siphon information or provide fake information, which could make a drone follow the wrong instructions etc. . Spoofing can also happen in the RF domain when the signals are not cryptographically protected like GNSS and ADS‐B.
Hijacking – The attacker takes control of the communication link between two sources and acts as one of them.
Malware – The system is injected with malicious software designed to compromise the confidentiality, integrity, or availability of the systems data, information or communication. This could be ransomware, trojans, and other types of code that allows attackers to take over operational control of the UAS.
Some protection against these threats include continuous monitoring of systems, retrospective alerting and remediation, implementation of protection mechanisms for multiple attack vectors such as a firewall, and for the malware to be examined in a secure environment and analysed (advanced capacity).
UAS focus areas of Cybersafety
This can be equated to the operating system of the UAS where communication between the various subsystems are allowed, managed and controlled. The “Base System” can be understood as the “operating system” or “motherboard” of the UAS which allows, manages, and controls the communication between the various subsystems.
The communication links represent the links between the unmanned aircraft and the control station, including command, control, and communications, as well as other non‐payload and payload links. Communication links typically rely on radio frequency‐based technologies.
UAS typically employ a wide range of sensors essential to the safe operation of the unmanned aircraft. Other examples of systems or sensors of an UAS include ADS‐B and camera systems which are often used for “detect and avoid” capability.
Avionics are responsible for converting input signals (received through sensors or command and control links) into commands to control the flight of the unmanned aircraft. This includes such things as engine control, flight controls etc.
The guidance system of an UAS is responsible for the determination of the flight path and includes information on waypoints, mission objectives, collision avoidance, etc.
A subsystem for autonomous control allows the UAS to operate without the intervention of a remote pilot. Often these controls are enabled by machine learning and artificial intelligence‐based technologies.
Flight Termination System (FTS)
Some UAS are designed with a flight termination system. A flight termination system consists of those components needed to end the unmanned aircraft’s flight in a controlled manner during off nominal conditions.
For more information, please read SORA Annex E.
By Robert Burns and Anne-Lise Scaillierez
Disclaimer: this overview is correct to the best of our knowledge, but may contain misunderstandings or inaccuracies to comment, feel free to contact us at firstname.lastname@example.org.