
Cyber security for unmanned systems
Cyber Security in the field of defense and industry sector is a priority. Exail ensures for its unmanned systems availability, confidentiality and integrity.
Definition of cyber security
Cyber security are measures or adopt of technologies, processes and practices aim to protect computers, networks and digital data from attack.
Context
Unmanned wireless systems are growing in terms of time/space autonomy: long range, long duration. Depending on use cases, operations may be done under a wide range of supervision levels: from tight monitoring (remotely operated drones) to extremely low information exchange (autonomous drones), thanks to confidence in embedded autonomous behaviors.
Lloyds has recently released a classification scale for autonomy levels:
- All actions are taken by a human. At level 2, low level automation is running on remote vehicle
- Humans are present, but only in supervisory roles which go beyond autopilot operations
- Vehicles are be fully autonomous, with decisions actioned with no human supervision
- At level 5, humans may still act for a limited few particular decision
- At level 6, human is not needed anymore
Exail systems are mainly classified in categories AL3, AL4 and AL5. AL6 is not reached yet because of the necessary redundancy on most of equipment.
Performance in autonomy mainly comes from massive use of advanced IT technology as core of the drones. Unfortunately an obvious drawback is that unmanned wireless systems are highly exposed to risks related to the IT subsystems. Cybersecurity is no more an option for drones industry.
Cyber security assessment
It is usually considered that cyber threats include:
Availability: capability to provide the expected service
Confidentiality: capability to protect data against access from unauthorized personnel
Integrity: capability to guarantee IT materials (hardware, software, data) origin
In unmanned systems, cyber threats mainly concerns the following segments or functions:
Mission execution
Data storage
Advanced algorithms Intellectual Property (IP)
Main IT risks for unmanned systems
An allocation table of the most sensitive risks (threats vs segments) is given below:
- Mission Execution
- Risk 1 - Availability
- Risk 2 - Integrity
- Communication
- Risk 3 - Availability
- Risk 4 - Confidentiality
- Risk 5 - Integrity
- Data Storage
- Risk 6 - Confidentiality
- Risk 7 - Integrity
- Advanced Algorithm IP
- Risk 8 - Confidentiality
Above risks may have different mitigation methods depending on the use case requirement, the amount of acceptable residual risk, or the technical/budgetary feasibility of the accurate solution.
The Exail policy, regarding IT risk management, intends to start with state-of-the-art industrial IT risk assessment and, whenever necessary, offer tailored solution for any kind of customer requirement. This flexibility comes from Exail's double skill level:
- As drone manufacturer
- Full control of the detailed architecture of systems by our Design Offices
- Capability to choose and integrate a wide range of equipment providing gradual assessment of the IT risk for most-concerned components (data storage, LAN distribution, encryption modules, wireless communication)
- As system solution provider
- Overall understanding of the security threats and risks, allowing risk reduction measures at any stage of the system life cycle (storage, operation, maintenance)
- Homogeneous risk assessment over each segment (drones, control stations, workshop tools)
- Whenever applicable and efficient, increase given segment protection by complementary measures provided by another segment
For obvious reasons, Exail detailed security measures cannot be unveiled. Nevertheless, a non-exhaustive catalog of usual practices on Exail's unmanned systems (respect to risk table 2) is given below:
Risk 1: Mission execution - Availability
- Basic: Use receiver compatible with various constellation (GPS, GLONASS, GALILEO)
- Basic: Manual input of original position and motion estimator. Position accuracy depends on the navigation sensors grade
- Basic: Operator steering using the environment sensors (camera, IR, radar)
- Advanced: For naval drone: position reset based on radar picture vs digital map matching
- Advanced: Fit vehicle anti-spoofing GNSS receiver (military grade equipment)
Risk 2: Mission execution - Integrity
- Basic: Keep drone networks disconnected from Internet or company infrastructure
- Basic: Run antivirus on targets prior software installation/implementation
- Advanced: OS hardening respect to recommendations coming from security agencies (ANSSI, CIS, …)
Risk 3: Communication - Availability
- Basic: On site user selectable frequency channel and associated wizards for best choice
- Basic: Make system robust to short term communication loss: continue mission plan, loitering patterns, way-back patterns
- Advanced: Fit system with hopping frequency radio sets
Risk 4: Communication - Confidentiality
- Basic: Use private communication infrastructure instead of public ones
- Basic: Prevent use of consumer electronics modems. Choose equipment using proprietary encoding/modulation at frequency level instead
- Basic: Use software encryption capabilities (e.g. AES 256) at modem level
- Advanced: Use certified hardware encryption modules (military grade applications)
Risk 5: Communication - Integrity
- Basic: Data to include signature
- Basic: Prefer variable length - variable format messages instead of fixed length - fixed format
- Advanced: Signature algorithm to change over time in order to prevent from play-back attacks
- Advanced: Reject all external communications except the ones initiated by the known drones (e.g. using iptables)
Risk 6: Data Storage - Confidentiality
- Basic: Remote access to internal network and computers shall be strictly controlled: Use accounts privilege to segregate access to various type of users, an strong password policy
- Advanced: Role Based Access Control (RBAC)
- Basic: Software level disk encryption
- Advanced: Hardware level disk encryption with irreversible key erase capability
- Advanced: Use non standard plugs for network connection
Risk 7: Data Storage - Integrity
- Basic: All accesses to file system and user account privileges are logged
- Basic: Prefer binary data format to text data
- Basic: Software level encryption
- Advanced: Signature mechanism
Risk 8: Advanced Algorithm IP - Confidentiality
- Basic: Obfuscation (sensitive parts of code are “hidden” into hundreds of useless lines)
- Basic: Mathematic function always come with setting values that may give information on the type of algorithm. Hard coding into program has many drawbacks for trials, system configuration and customization. Preferred method is encryption of the parameter files
- Advanced: Remove small but key parts of the software from the main program. Those parts are hosted in a kind of proprietary dongle with high level of protection against offline electronic analysis, or data protocol analysis