Drones, also known as unmanned aerial vehicles (UAVs), are employed in a variety of applications. In some cases, multiple drones are controlled simultaneously in swarms via internet service providers, introducing a new paradigm called the Internet of Drones (IoD).
The Ukrainian military, for example, used SpaceX’s Starlink satellite internet service to control military drones until Elon Musk decided to limit its functionality in February 2023.
Shadi Razak, CEO of smart city security provider Angoka, said at InfoSecurity Europe on June 21, 2023, that a swarm of drones will be used to film outdoor events, logistics and delivery of healthcare products. It is said that it is increasingly used for private purposes such as.
“It can be autonomous, but regulation usually requires a pilot,” he added.
The Internet of drones is a cyber-physical system, so it can pose physical hazards as well as cyberspace risks. “Many drones are insecure by design. Some networks rely on simple off-the-shelf virtual private networks (VPNs) that are easily compromised. Many of them are full of misconfigurations.”
Drones can therefore be used for malicious purposes, leading to the destruction of materials and their surroundings, or, as we saw in China in 2021, dozens of drones being shot at a show. It may even be defective, like the dropped. Both people and cars,” Razak recalled.
After three years of research on drone control systems, Angoka discovered 156 different threats. Many of them were critical or high priority.
The top 50 of these fall into four categories:
- Reporting tampered data
- Deny access to real-time data
- Impersonation of UAS and its operators
- Tuning with telemetry data
“Because it is a young industry, many drone operators have adopted traditional, behind-the-walls cybersecurity approaches, which are inadequate to effectively defend against modern cyberthreats.” continued Razak.
To improve the security of drone control systems and move from perimeter security to zero-trust architecture, Angoka’s solution is what Razak calls a security blueprint compliant with the National Institute of Standards and Technology (NIST) 800-207. is built on the basis of
This blueprint consists of five main processes:
- Generates an immutable digital ID embedded in the drone’s root of trust microcontroller
- Perform mutual device authentication to prevent drone identities from being easily compromised
- Micro-segment the drone-to-drone and drone-to-ground communication infrastructure into many Device Private Networks (DPNs).
- Generate DPN Unique ID and Session Key
- Always authenticate endpoints and messages
Angoka was named the Most Innovative Cyber SME of 2023 by the UK Department for Science and Information Technology (DSIT) on 21st June 2023.
The company is currently involved in five multi-stakeholder projects involving drones across the UK, including Skyway, which aims to build the world’s largest drone corridor in Europe from north to south of the UK.
