Following their talk at ISC2 Security Congress, ISC2 Insights spoke with Nathan Sweaney, CISSP, cyber innovation advisor at the Oklahoma Cyber Innovation Institute and his colleague, executive director David Keely, about the cybersecurity challenges posed by the increased use and commercialization of our airspace by drones and other unmanned aircraft.
The increasing adoption of drones and unmanned aerial vehicles (UAVs) in both military and civilian sectors has created significant cybersecurity challenges. UAVs rely heavily on wireless communication networks, satellite navigation systems, complex flight software and extensive remote control infrastructure, making them an enticing target for various cyber threats. As drones are increasingly used for logistics, disaster response, infrastructure inspection, civilian surveillance and law-enforcement, as well as military applications, ensuring their cybersecurity has become a critical priority.
Nathan Sweaney, CISSP, cyber innovation advisor at the Oklahoma Cyber Innovation Institute and his colleague, executive director David Keely, recently presented on this subject at ISC2 Security Congress. ISC2 Insights caught up with them to follow-up on some of the themes they discussed.
They explained how this new generation of aircraft, performing everything from parcel delivery to surveillance and environmental monitoring faces an array of cybersecurity risks and attacks, often from inexpensive hardware. They also explain how new regulation and policies need to work together with technology defense.
How Cyber Threats Impact Drones
One of the primary concerns is the vulnerability of communication links between drones and ground control stations. Attackers may intercept or manipulate these communications through techniques such as signal interception, command injection, or man-in-the-middle attacks. Additionally, drones that depend on GPS signals are susceptible to spoofing and jamming, which can mislead navigation systems or disrupt operations entirely.
Another significant challenge involves the exploitation of software and firmware vulnerabilities within UAV systems. If attackers gain access to these systems, they may install malicious code, alter flight behavior, or gain persistent control over the drone. Furthermore, drones often collect and transmit sensitive data, including video footage and environmental information, creating risks related to data breaches, privacy violations, and industrial espionage.
The increasing use of coordinated drone swarms introduces further complexity, as cyberattacks targeting swarm communication networks could disrupt collective operations or spread compromise across multiple UAVs. Supply chain vulnerabilities also present risks, as compromised hardware components or software libraries may introduce hidden backdoors into drone systems.
Security Musk Keep Pace With Changing Applications
Along with a variety of technical threats, consideration is also needed for how legislation and public policy evolves to account for the use of drones and UAVs in these new ways. The U.S. FAA is one such regulatory body that is tacking this challenge, having produced rules for what it terms “Beyond Visual Line of Sight (BVLOS)” drones, introducing requirements that simply didn’t exist to account for autonomous or remote piloted craft.
Overall, the growing reliance on UAV technology highlights the urgent need for robust cybersecurity strategies, including secure communication protocols, encryption, authentication mechanisms, intrusion detection systems and stronger regulatory standards. Addressing these challenges is essential to ensure the safe, reliable, and secure deployment of drones in both military and civilian applications.
