SAR UAVs: Video examples of IR, optical, and other challenges

We are working on developing a program for UAVs for SAR in NH. Part of this effort involves evaluating and selecting appropriate sensors. Another is “simply” figuring out what works, what doesn’t, what the use cases are, how to meet those use cases (if we can), ….

We’ve done a lot of scenario work and put together some videos to illustrate some of the challenges SAR UAVs face.

---

 

• Successful IR find. Subject was on edge of the tree line, early in the day, away from the sun so the ground didn’t have a chance to warm up. As you can tell from the optical view, the subject probably would have been located via an optical sensor as well.

   

• Unsuccessful IR find. Subject was just inside the tree line and hard to detect with an optical sensor, one of those use cases where you want IR to work. But it was late morning on a ski slope that was in full sun for a few hours and the human’s heat signature gets lost in the clutter.(The subject appears in both 50 second video clips, and you know that they’re present. Now imagine that you’re looking at this in real time after flying for fifteen minutes. How likely are you to detect the subject then?)

 

---

 

Searching in real time with a UAV is hard. You must fly a slow, methodical flight path to get decent coverage. Conditions must be in your favor. The sensor operator must be trained to look for clues and, if you are using IR, the sensor operator must have experience interpreting IR imagery.

See the end of this video for another example of searching with an optical sensor.

In most cases, I think that searching with a UAV will either be a initial search (aka points and routes) or a post flight image review mission to get decent PODs.

 

Advertisement

Demonstrating Some UAVs for SAR Challenges

We’re developing a UAV program for SAR in New Hampshire. Lots of things “in flight” on this. Some recent posts:

• Building a tactical UAV kit for wilderness operations
• Example of rapid deployment using above kit

We are flying a lot of training scenarios. Educate the canine handlers, develop use cases, evaluate software, evaluate hardware, develop SOPs, everything.

I am sharing the following video from a recent training session to share some of our findings in an informal manner and to hopefully encourage others to do the same.

(If you are in New England and working on a UAV program for Public Safety, please contact me and I’ll add you to the New England Council for Public Safety email list. If you are elsewhere, I encourage you to join the National Council.)

Visual demonstration of requirements:

 

1) Really need a “go to UTM (or lat/long)” capability. The handler was under a tree and finding her was the first problem.
2) Seeing anything on a small screen is hard. I missed the ripples while flying. During playback, they clearly indicated where the handler was.
3) Need communications protocol. She was trying to guide me to a clue. Right, left, et al aren’t clear. River left only makes sense to river situations. (IR illuminators?) We did have radio comms but without a VOX mic, that slowed the process down.
4) Need strobes on the handlers to quickly locate them.
5) I am right over a pink Croc. Did you see it? I certainly did not until later.

Additional challenges, with narration:

A lot of people ask me about search patterns, height, detection capabilities, etc. I figured I’d just share this video and narrate it to show, in real time, some of the challenges I was facing.

Note: This is all done with a Mavic Pro. Other (more expensive) platforms will address some of these issues.

 

How to (Tactically) Succeed

I’ve had an insanely productive week – hired two people, built three antenna masts, built one “go kit” for SAR/EM communications, moved two wildly different critical projects forward, identified an issue in another organization and the person who could help us fix it, sealed and caulked a bath tub, …. You get the idea.

And so, after getting even more stuff done this Saturday morning (identifying RF issue affecting radio power supply, fixing it, sorting out various cables that need to be in that kit), I decided to pause and figure out WHY I’d been so productive.

I thought about the various projects, consciously and subconsciously, long enough to mentally ensure that everything was in place to accomplish the goals.

Looking back, what usually blocks me from completing a project is my failure to have the right resources – tools, components, people, software packages, whatever – available to get the job done. I’d get part way into the project and would be forced to stop while I located the missing resource. And once stopped, I stayed stopped because something else was there that I needed to accomplish. (Squirrel!)

This approach creates some semblance of chaos in the form of bits of random gear on the floor, or lots of tabs open in my browser, or an online shopping cart populated but not purchased. But when my mind says “Let’s go!” it seems to be triggered by a subconscious awareness that everything is in place to go, and to finish.

These were all tactical successes, but if you fail tactically too often, you are unlikely to achieve strategic success.

 

Rapid deployment of SAR UAV

We are working on developing a SAR UAV program. This includes SOPs, use cases, equipment load outs, software, training, everything.

As part of the R&D effort, I’ve been working on building our the UAV equipment kit to determine what is required, what is desired, what works, what fails, how to pack it, etc.

This video demonstrates our ability to transition from hiking to flight operations in two minutes, including the time required to remove the gimbal lock that I always forget.

The end of the video also shows some of our operational challenges, in this case finding a launch site and very dense foliage. I had to zig zag my way up. (And back down, which was more “interesting”.)

And, a drone’s eye view of the same operation.

Mavic Pro kit for search and rescue operations

I am assisting a local agency with developing a SAR UAV program. Among other things, we will develop use cases and their attendant requirements to drive platform selection but for the moment we’re using DJI Mavic Pros.

What follows is my working UAV SAR kit built around the Mavic Pro.

Each component of the kit will be discussed in more detail below. Clockwise from the upper left we have:

1. Lightweight HDMI external monitor, USB or 12V DC powered
2. Microsoft Surface Pro
3. Molle water bottle carrier (repurposed as a Mavic carrier)
4. Semi-hard shell Mavic case
5. Dedicated phone, external battery, cables, and spare props
6. Dual radio harness with type approved VHF radio, type approved air band radio, GPS
7. Rapid parallel battery charger, 12V “cigarette lighter” charger

---

 

External data viewing and processing

The kit includes a Microsoft Surface Pro running Windows 10. It doesn’t really have enough power to run Pix4D (for example) but it is sufficient for some in-field image processing. It can also run Mission Planner for PixHawk enabled UAVs and can serve as a backup data storage device.

The item on the left is a very inexpensive, lightweight, USB powered HDMI screen. The Surface Pro drives it quite well. We need to determine is the Mavic controller can.

Molle Mavic carrier

This is a molle water bottle carrier with a large semi-padded main compartment, a zippered front pouch, and a zippered lower pouch. The Mavic Pro fits snugly in the main compartment with room for a spare battery below it in that compartment. A second spare battery fits in the lower zippered compartment. Cables, phone, and other small items fit in the front compartment. There is no room for the controller but we will attach another molle bag to the side of this carrier to hold the controller.

This would be the bare minimum kit and could be strapped to other gear or carried on its own.

Semi-hard shell Mavic case

There are lots of Mavic cases out there. We went with this one because it has room for three spare batteries, the foam is laser cut rather than pick and pull, and the case is semi-rigid.

We also added prop clips (white item over Mavic) to hold the props in place when using the molle carrier, a controller stick guard (lower right, black) to keep the sticks from moving or being damaged when not in use, and a phone mount that moves the phone above the controller and allows for phones in hard cases to be used.

Dedicated phone, external battery, cables, and spare props

All SAR flight operations must use a dedicated mobile device rather than a personally owned device. This limits exposure to malware, keeps potential evidence on a device owned by the organization, and provides for consistency across kits. This happens to be a Galaxy 8, chosen for maximum screen brightness.

Also included here are an external battery for recharging the phone, a charger for the phone, spare props, and spare cables.

Dual radio harness, radios, GPS

The UAV operator needs to be able to communicate with others involved in the response and also with other manned and unmanned aerial assets. The kit includes a type approved VHF radio for response communications and a type approved air band radio for air operations. (The pilot program lead operator has a ham license (not required for this equipment) and manned aircraft ratings.)

Also included is a GPS unit. The team normally uses Garmin Alpha 100’s which automatically transmit on MURS frequencies to enable base to track assets in the field. To limit potential sources of interference, this GPS unit is passive and does not broadcast.

Rapid parallel battery charger, 12V “cigarette lighter” charger

The standard Mavic battery charger is serial – it charges one battery, then the next, then the next. Charging three batteries can take upward of four hours. This charger will charge three batteries and the remote controller in parallel, dramatically improving available flight time.

The stock 12V cigarette charger is included to go out with the molle carrier kit.

---

 

And that is the working draft of our basic Mavic Pro SAR kit.

Questions, comments, and feedback are most appreciated.

 

How to succeed as a startup

Book, in Firefly, once said “Out here, people struggled to get by with the most basic technologies; a ship would bring you work, a gun would help you keep it. A captain’s goal was simple: find a crew, find a job, keep flying.”

The startup version is:

“As a startup, people struggle to get by with the most basic resources; an idea will bring you attention, passion will help you keep it. A founder’s job is simple: build a team, find revenue, survive.”

Guidance to UAV Operators Responding to Florida

[I am the Public Information Officer for National Council on Public Safety UAS. This post is written in that role. We will stand up an official location for future announcements.]

The Director, Emergency Management and Homeland Security Program, FSU, working in conjunction with local, state, and Federal agencies, requests that all volunteer UAS operators respect the following:

Volunteer/humanitarian aid/emergency response operators:

1. Do not self-deploy during response/life-safety, it’s dangerous.
2. Register on volunteerflorida.org.
3. When the State gets to recovery, we will need help. Registered volunteers should report to a Volunteer Reception Center for vetting and assignment.
4. Be prepared to be self sufficient. Do not assume that food, shelter, water, transportation, power, medical support, and fuel will be available to support your activities

Commercial operators:

• All commercial operators working for utilities, insurance companies, etc should comply with their Part 107 restrictions.
• Please coordinate operations through local and state EOCs if flying during response phase.

Official agencies:

• Official agencies should contact the FAA Systems Operations Support Center (SOSC) at 202-267-8276 and request an Emergency COA or SGI. This authorization will permit operations inside any posted TFRs or within controlled airspace.

 

All operators in Florida should utilize Airmap (including registering of flights) for maximum visibility. Emergency Management is using Airmap to help deconflict air operations.

Other guidance:

• Low flying aircraft will be an issue. 
• Monitor FAA and other resources for new or changing TFRs.
• Follow the eCOA process when working with a sponsoring agency or private sector partner. 
• Be patient with the SOSC as they will get bombarded with requests

 

Defending Against UAVs Operated by Non-State Actors

The author hopes to help the reader understand the potential impact of consumer UAVs in the hands of non-state actors as well as the technical and regulatory challenges present in the United States that we face so that they can make informed decisions about public policy choices, investments, and risk.

Our hypothesis is that Western nations are not prepared to defend civilian populations against the use of small UAVs by non-state actors. This can be proved false by:

• • Identifying counter-UAV technology that can be deployed to effect a “win” against currently available UAVs that meet the UsUAS definition
  • Identifying the regulations that allow the technology to be utilized within the borders of the United States and at sites not covered by “no fly zones”.
  • Demonstrating that the solutions are capable of being deployed at sufficient scale to protect all possible targets, not just major events

The defenders are at a classical asymmetric warfare disadvantage – they need a nearly 100% success rate, and if they can demonstrate that success, even better. This is essentially an impossible victory condition to meet. If the scope is limited to critical infrastructure, and if the rules of engagement are adjusted, the odds increase dramatically for the defenders but are still daunting.

Attackers win if they can conduct a single terror attack using a UsUAS against any civilian target, one of thousands of Friday night high school football games for example.

A successful attack need not injure or kill civilians. It may not even make major headlines. It just needs to demonstrate enough capability to generate sufficient public outcry to slow consumer and commercial UAV sales and deployment. Lawmakers already show a great deal of interest in responding to requests for greater regulation and the industry has demonstrated little effective lobbying power to hold off these regulations. A notable hostile use of a consumer UAV could result in regulation that would have significant impact on the civilian industry predicted to be worth $2 billion by 2020.[1]

Full text of my thesis is available here – David Kovar – GMAP 16 – Thesis

[1] B. I. Intelligence, 2016 Oct. 2, and 092 2, “THE DRONES REPORT: Market Forecasts, Regulatory Barriers, Top Vendors, and Leading Commercial Applications,” Business Insider, accessed February 15, 2017, http://www.businessinsider.com/2016-10-2-uav-or-commercial-drone-market-forecast-2016-9.

 

Legal Challenges Facing Civilian Counter-UAV Systems

Legal Challenges Facing Civilian Counter-UAV Systems

Consumer/commercial unmanned aerial vehicles (UAV) sales and operations are increasing rapidly according to sales figures, media reports, and various studies. So too are unconventional uses of these drones by non-state actors and criminals, as well as perceived privacy violations by regular operators. The result is a well funded rush to develop UAV detection and counter measure systems for military and civilian use. At present, someone employing a counter-UAV system may be engaged in more serious criminal activity than the operator of the UAV. If the legal challenges affecting the deployment of these systems are not addressed, not only will those investments be put at risk but our nation may be exposed to greater risk of malicious UAV operators.

The technical challenges and efficiency of the solutions are often shrouded behind intellectual property protection at various startup companies. The legal challenges, however, are clearly defined in existing public law and regulation. We all have a vested interest in working with local, state, and federal lawmakers to enact new regulations that will enable individuals, corporations, and law enforcement agencies to effectively and legally defend against malicious UAVs.

For the purposes of this article we will define an Unconventional Small Unmanned Aerial System (UsUAS) as a UAV plus support ground control systems with the following characteristics:

• Military Group 1 UAV (0-20 lbs maximum weight, less than 1200 ft AGL operating altitude, less than 100 knots)
• Available to civilians without a license or other documentation
• Priced below $5,000
• Operated by terrorist, criminal, or malicious actors

Detection, Determination, and Response

Short of establishing a hard physical, electronic, or radio frequency barrier around an installation, anyone wishing to defend a site against a UsUAS must go through three stages – detection, classification, and neutralization. Once detected, the malicious nature of the operation must be determined before moving on to deterrence measures.  The mere presence of a UAV in civilian airspace does not define malicious behavior. Finally, even if a UAV is detected and classified as malicious the legal response options are almost exclusively limited to after the fact administrative, civil, or criminal charges.

In the United States there are very few areas where aircraft crossing a perimeter may automatically be treated as hostile or at least malicious. A declared National Defense Airspace as was used for the 2017 Presidential Inauguration is the most recent example.[i] In addition to civil and criminal charges, “the United States government may use deadly force against the airborne aircraft, if it is determined that the aircraft poses an imminent security threat.” These are the only areas within the United States borders where deadly force is authorized against aircraft, which includes UsUASs. Recent incursions into the airspace over the White House by UsUASs[ii] and by small aircraft[iii] illuminate both the difficulty of detecting incursions by these types of aircraft and the perceived unwillingness to engage them even over the most critical building in the United States.

Temporary Flight Restrictions (TFRs) issued by the FAA provides for temporary control of the airspace by other agencies and allows them to administratively control access to the airspace. Access violations are addressed through civil and criminal charges, if the operator can be located. Deadly force is not authorized under the Federal Aviation Regulations or their underlying statutes.

For several years agencies fighting wildfires in the western part of the United States have engaged in an ongoing dance with UAV operators who violate the TFRs established to enable aviation assets to safely operate near the wildfires. “Twenty-one drones were spotted at the scenes of wildfires nationwide in 2014-2015, and aircraft were grounded six times. And there have been at least two occasions when firefighting aircraft have had to take evasive actions to avert a collision with drones.”[iv] Few operators have been detected or charged. One operator was charged with a misdemeanor for interfering with firefighting operations and fined $1,000. California failed to pass a more strict law with harsher punishments.

The legal opportunities to challenge UsUAS operations over most federal lands open to the public as well as private or commercial property are even more limited. The debate hinges around two core issues: Who controls the airspace and privacy.

It is generally accepted that the Federal Aviation Administration controls all of the National Airspace (NAS). Many jurisdictions are attempting to write laws that depend on their ability to regulate local airspace, something they have no legal authority to do. Orlando, FL recently crafted an ordinance that may be more successful in defending against challenges by addressing the use of city land rather than the airspace. “It is prohibited to cause an unmanned aircraft to launch or land, or for any person to operate or assist in the operation of any unmanned aircraft system out of doors unless permitted to do so by the City of Orlando, when that person is on city property.”[v]

The vast majority of citizens in the United States desire to be free from surveillance by the government and by other citizens. Unfortunately, there are essentially no laws that protect an individual’s privacy outside of the walls of their homes. Any effective law would need to apply to all forms of aerial surveillance including helicopters, airplanes, and satellites. UAVs reignited and fueled debate and possible regulations addressing privacy protection from aerial surveillance but there are no broad laws in place that provide for civil or criminal redress, and particularly no laws that provide for shooting, netting, jamming, or hacking into an UsUAS.

Counter-USUAS Options

Non-military UAVs are susceptible to a variety of attacks that may disable them in flight, cause them to return to the launch point, or grant the attacker control over their operation. Methods range from shotguns to GPS jammers to nets and even to birds. Unfortunately, utilizing any of these methods in most domestic situations is illegal.

We will give examples of each type of attack, the operator’s ability to counter the attack, and examples of laws that any attacker could be charged with violating.

The following legal options for charging the person attacking the UsUAS will be used for each type of attack. In addition to these criminal charges, a variety of civil charges could be filed.

State criminal offenses

• Larceny –  The unlawful taking and carrying away of someone else’s property without the consent of the owner; and with the intent to permanently deprive the owner of the property.[vi] (state or local)
• Criminal mischief – Intentionally or knowingly damaging someone else’s property (state or local)
• Reckless endangerment – Carelessness which is in reckless disregard for the safety or lives of others, and is so great it appears to be a conscious violation of other people’s rights to safety (state or local)

Federal criminal offenses

• Destruction of aircraft – Sets fire to, damages, destroys, disables, or wrecks any aircraft in the special aircraft jurisdiction of the United States or any civil aircraft used, operated, or employed in interstate, overseas, or foreign air commerce. (18 U.S. Code § 32)
• Jamming – The use of devices designed to intentionally block, jam, or interfere with authorized radio communications is a violation of federal law.[vii] (The Communications Act of 1934, 18 U.S.C. § 1362, 18 U.S.C. § 1367(a))
• FCC Violation – Operating an unlicensed transmitter or interfering with the legal operation of another transmitter. (The Communications Act of 1934, Sections 301 and 333)
• CFAA – “Knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer” (Computer Fraud and Abuse Act, 18 U.S.C. § 1030)

Any attack that causes the aircraft to stop operating in a normal manner opens the attacker up to being charged with criminal mischief if the UAV or property on the ground is damaged as a result. Any attack that causes the aircraft to cease operating will add opportunities to charge the attacker with robbery, reckless endangerment, and destruction of aircraft due to the likelihood that the aircraft will strike the ground in an uncontrolled manner. Any attack using a transmitter to jam or access the control or data links on the aircraft will expose the attacker to being charged with FCC violations. Any attack using a transmitter to jam GPS signals, command links or data links will expose the attacker to all of the above.

Some attacks, and specifically GPS jamming attacks, have the potential to create safety risks far beyond the offending aircraft and could result in significant charges. Discharging a firearm against an offending aircraft could result in injury or death to individuals other than the operator and is almost always a crime. Deadly physical force may only be legally used against deadly physical force.

Physical/Kinetic

A physical attack on a UsUAS is intended to cause the aircraft to cease operating. Example attacks include firearms, nets, and birds.

The UsUAS operator can attempt to counter such an attack by flying erratically, either manually or via an automated flight path. Other defenses would require modifications to the aircraft that would likely be out of proportion to its value.

A successful attack will cause the aircraft to fall to earth in an uncontrolled manner. The person conducting such an attack could be charged with larceny, criminal mischief, reckless endangerment, and destruction of aircraft.

Jamming

Most commercial UAVs can be configured to “fail safe” in the event of unexpected loss of signal or interference. An attacker can jam the GPS signal, causing the UsUAS to lose one of the guidance options. This normally results in erratic behavior. A very careful GPS attack could force a UsUAS to land. An attacker can also jam either the control link used to operate the aircraft or the data link used to receive sensor data from the aircraft or both. Jamming the control link will result in a normally configured UAV to return to home and land.

A malicious operator can acquire a UAV capable of operating without a GPS signal or manually fly a standard UAV that has lost the GPS signal. This capability exists to allow indoor and other obstructed operations. The operator can disable the “return to home” function in the event of a control link loss and enable the UAV to continue operating in an autonomous mode.

The person conducting such attacks could be charged with larceny, criminal mischief, reckless endangerment, and destruction of aircraft depending on the outcome. The person could be charged a FCC violation for operating an illegal transmitter as well as a FCC violation for jamming.

Hacking

Most commercial UAVs depend on a radio frequency communication link to enable the operator to control the aircraft either directly or through a ground control station that enables semi-autonomous flight. This communication link is poorly secured in most cases and exploits are available for all major commercial UAVs. A defender can detect the frequencies in use and send signals on those frequencies to take control of the aircraft from the original operator. The defender will then attempt to land the aircraft either to terminate the operation or to seize physical control of it.

It is difficult to configure most off the shelf commercial UAVs to operate without any control link. However, there are some off the shelf UAVs equipped with flight controllers that can easily be configured to shut down the radio link and then operate in a fully autonomous mode. Once configured in this manner, the UsUAS is impervious to such attacks. It is also possible to utilize non-standard radio link systems or cellular network links to control the aircraft and thus prevent an attack on the control link. Such a configuration would still be detectable through radio frequency scans and possibly susceptible to jamming attacks.

The person conducting such attacks could be charged with larceny, criminal mischief, reckless endangerment, and destruction of aircraft depending on the outcome. The person could be charged with a FCC violation for operating an illegal transmitter as well as a FCC violation for jamming. And, in addition to all of the above, the person conducting the attack is now remotely accessing a computer system without permission, a violation of the Computer Fraud and Abuse Act.

Summary

Technical issues aside, there is insufficient broad legal support to enable a defender to determine that the behavior of a commercial UAV is malicious and thus subject to actions to cease such operations or charge the operator. Further, existing and frequently applied local, state, and Federal laws make almost all of the options available to counter malicious UAV operations illegal. These laws apply to civilians and law enforcement alike, and either group would require exemptions to deploy any of the known counter-UAV systems.

We must face the fact that there are very limited circumstances where physical force or electronic countermeasures are authorized against aircraft, including UsUASs. In all other circumstances, the legal options for defending against a UsUAS are all after the fact measures that require identifying and locating the operator. These are not significant barriers against non-state terrorists and criminal actors.

Our investment in counter-UAV technology should be matched with investment in updated laws and regulations to enable the deployment of these systems by organizations charged with defending our infrastructure and airspace. Failure to do so may put the public at risk. Failure to do so may also result in reactionary regulations passed immediately after a malicious event that would negatively impact an industry already challenged by overly burdensome regulations.

Endnotes

[i] “FLIGHT ADVISORY NATIONAL SPECIAL SECURITY EVENT 2017 PRESIDENTIAL INAUGURATION FESTIVITIES” (Federal Aviation Administration, December 2016), https://www.faasafety.gov/files/notices/2016/Dec/2017_Inauguration_Advisory.pdf.

[ii] Michael S. Schmidt and Michael D. Shear, “A Drone, Too Small for Radar to Detect, Rattles the White House,” The New York Times, January 26, 2015, https://www.nytimes.com/2015/01/27/us/white-house-drone.html.

[iii] “Florida Mailman Lands a Gyrocopter on Capitol Lawn, Hoping to Send a Message,” Washington Post, accessed January 30, 2017, https://www.washingtonpost.com/local/florida-mailman-lands-a-gyrocopter-on-capitol-lawn-hoping-to-a-send-message/2015/04/15/3be11140-e39a-11e4-b510-962fcfabc310_story.html.

[iv] Jeff Daniels, “Feds Turn up the Heat in Fight against Drones Interfering in Wildfires,” CNBC, July 26, 2016, http://www.cnbc.com/2016/07/26/feds-turn-up-the-heat-in-the-fight-against-drones-interfering-in-wildfires.html.

[v] “ORDINANCE NO. 2016-87” (The City Council of Orlando, Florida, December 7, 2016), http://www.mynews13.com/content/dam/news/images/2017/01/4/Drone_UAS_Ordinance_-_12_7_2016.pdf.

[vi] “Definition of Larceny.” Findlaw. Accessed February 09, 2017. http://criminal.findlaw.com/criminal-charges/definition-of-larceny.html.

[vii] “Jammer Enforcement,” Federal Communications Commission, March 3, 2011, https://www.fcc.gov/general/jammer-enforcement.

UAVs, IoT, and Cybersecurity

I presented a talk on UAVs, IoT, and Cybersecurity at the LISA conference in Boston on December 7th, 2016. The abstract for the talk was:

“Small Unmanned Aerial Systems (sUAS) aka “drones” are all the rage—$500 UAVs are used in professional racing leagues and major corporations are building $100,000 UAVs to deliver packages and Internet connectivity. UAVs are slowly working their way into almost every commercial sector via operations, sales, manufacturing, or design.

sUAS—emphasis on the final “S”—are complex systems. The aerial platform alone often consists of a radio link, an autopilot, a photography sub-system, a GPS, and multiple other sensors. Each one of these components represents a cybersecurity risk unto itself and also when part of the larger system. Add in the ground control stations, the radio controller, and the video downlink system and you have a very complex computing environment running a variety of commercial, closed source, open source, and home brew software.

And yes, there is already malware specifically targeting drones.

During this presentation, we will walk through a typical operational workflow for a UAV, all of the components of a representative system, and through a possible risk assessment model for UAVs. Even if you are not working with UAVs, you should consider that UAVs are an instance of “the Internet of Things”—a collection of sensors and computing devices connected to each other and to the cloud designed to gather, distribute, and analyze data in a semi- or fully-autonomous manner.”

The slides may be found here: https://www.usenix.org/conference/lisa16/conference-program/presentation/kovar