How to succeed as a startup

Book, in Firefly, once said “Out here, people struggled to get by with the most basic technologies; a ship would bring you work, a gun would help you keep it. A captain’s goal was simple: find a crew, find a job, keep flying.”

The startup version is:

“As a startup, people struggle to get by with the most basic resources; an idea will bring you attention, passion will help you keep it. A founder’s job is simple: build a team, find revenue, survive.”

Advertisement

Guidance to UAV Operators Responding to Florida

[I am the Public Information Officer for National Council on Public Safety UAS. This post is written in that role. We will stand up an official location for future announcements.]

The Director, Emergency Management and Homeland Security Program, FSU, working in conjunction with local, state, and Federal agencies, requests that all volunteer UAS operators respect the following:

Volunteer/humanitarian aid/emergency response operators:

1. Do not self-deploy during response/life-safety, it’s dangerous.
2. Register on volunteerflorida.org.
3. When the State gets to recovery, we will need help. Registered volunteers should report to a Volunteer Reception Center for vetting and assignment.
4. Be prepared to be self sufficient. Do not assume that food, shelter, water, transportation, power, medical support, and fuel will be available to support your activities

Commercial operators:

• All commercial operators working for utilities, insurance companies, etc should comply with their Part 107 restrictions.
• Please coordinate operations through local and state EOCs if flying during response phase.

Official agencies:

• Official agencies should contact the FAA Systems Operations Support Center (SOSC) at 202-267-8276 and request an Emergency COA or SGI. This authorization will permit operations inside any posted TFRs or within controlled airspace.

 

All operators in Florida should utilize Airmap (including registering of flights) for maximum visibility. Emergency Management is using Airmap to help deconflict air operations.

Other guidance:

• Low flying aircraft will be an issue. 
• Monitor FAA and other resources for new or changing TFRs.
• Follow the eCOA process when working with a sponsoring agency or private sector partner. 
• Be patient with the SOSC as they will get bombarded with requests

 

Defending Against UAVs Operated by Non-State Actors

The author hopes to help the reader understand the potential impact of consumer UAVs in the hands of non-state actors as well as the technical and regulatory challenges present in the United States that we face so that they can make informed decisions about public policy choices, investments, and risk.

Our hypothesis is that Western nations are not prepared to defend civilian populations against the use of small UAVs by non-state actors. This can be proved false by:

• • Identifying counter-UAV technology that can be deployed to effect a “win” against currently available UAVs that meet the UsUAS definition
  • Identifying the regulations that allow the technology to be utilized within the borders of the United States and at sites not covered by “no fly zones”.
  • Demonstrating that the solutions are capable of being deployed at sufficient scale to protect all possible targets, not just major events

The defenders are at a classical asymmetric warfare disadvantage – they need a nearly 100% success rate, and if they can demonstrate that success, even better. This is essentially an impossible victory condition to meet. If the scope is limited to critical infrastructure, and if the rules of engagement are adjusted, the odds increase dramatically for the defenders but are still daunting.

Attackers win if they can conduct a single terror attack using a UsUAS against any civilian target, one of thousands of Friday night high school football games for example.

A successful attack need not injure or kill civilians. It may not even make major headlines. It just needs to demonstrate enough capability to generate sufficient public outcry to slow consumer and commercial UAV sales and deployment. Lawmakers already show a great deal of interest in responding to requests for greater regulation and the industry has demonstrated little effective lobbying power to hold off these regulations. A notable hostile use of a consumer UAV could result in regulation that would have significant impact on the civilian industry predicted to be worth $2 billion by 2020.[1]

Full text of my thesis is available here – David Kovar – GMAP 16 – Thesis

[1] B. I. Intelligence, 2016 Oct. 2, and 092 2, “THE DRONES REPORT: Market Forecasts, Regulatory Barriers, Top Vendors, and Leading Commercial Applications,” Business Insider, accessed February 15, 2017, http://www.businessinsider.com/2016-10-2-uav-or-commercial-drone-market-forecast-2016-9.

 

UAVs, IoT, and Cybersecurity

I presented a talk on UAVs, IoT, and Cybersecurity at the LISA conference in Boston on December 7th, 2016. The abstract for the talk was:

“Small Unmanned Aerial Systems (sUAS) aka “drones” are all the rage—$500 UAVs are used in professional racing leagues and major corporations are building $100,000 UAVs to deliver packages and Internet connectivity. UAVs are slowly working their way into almost every commercial sector via operations, sales, manufacturing, or design.

sUAS—emphasis on the final “S”—are complex systems. The aerial platform alone often consists of a radio link, an autopilot, a photography sub-system, a GPS, and multiple other sensors. Each one of these components represents a cybersecurity risk unto itself and also when part of the larger system. Add in the ground control stations, the radio controller, and the video downlink system and you have a very complex computing environment running a variety of commercial, closed source, open source, and home brew software.

And yes, there is already malware specifically targeting drones.

During this presentation, we will walk through a typical operational workflow for a UAV, all of the components of a representative system, and through a possible risk assessment model for UAVs. Even if you are not working with UAVs, you should consider that UAVs are an instance of “the Internet of Things”—a collection of sensors and computing devices connected to each other and to the cloud designed to gather, distribute, and analyze data in a semi- or fully-autonomous manner.”

The slides may be found here: https://www.usenix.org/conference/lisa16/conference-program/presentation/kovar

UAV (drone) forensic analysis presentation available on YouTube

Earlier this year, Greg Dominguez and I developed the second UAV (drone) forensic analysis presentation. I presented it at SANS in Austin this summer and that presentation is now available on YouTube.

 

https://t.co/dnrAElYJKi

 

It was “Next Gen” when presented but we’ve moved on. We’re already working on a more comprehensive version for several conferences next year. Stay tuned.

UAV Forensics – version 2

Working with Greg Dominguez and Cindy Murphy, we updated my UAV Forensics presentation from last year to address the Phantom P3, it’s additional data sources, some new tools for analyzing data, and our first pass at JTAG analysis.

Greg and I gave the presentation at Techno Security in June and a PDF version is attached here: UAV Forensics -TS16-final distribution

Public Agency Operations and Part 107

After consulting with a UAV lawyer and an FAA representative, I believe that:

• Public Agencies (PAs) still have to operate under a COA
• PAs can also operate non-Public Agency Operations (PAOs) under Part 107.

See pages 61-68 of the Rule for details

If a PA wishes to examine the roof of the court house for hail damage, a Part 107 operator working for the PA can perform the task.

If a PA wishes to conduct a SAR mission, or fly a UAV in support of fire fighting operations, they need a COA or to contract with a 333 exempt operator with the appropriate COA.

 

ASTM Efforts on Small UAS

Quoting from a widely distributed email. I work on one UAS ASTM effort to type Small UAS. Here are their other efforts. Of particular interest is F2908 “Specification for Aircraft Flight Manual (AFM) for a Small Unmanned Aircraft System (sUAS).”

Small UAS Operations

ASTM International Committee F38 on Unmanned Aircraft Systems has recently approved seven new standards that cover all major facets of small unmanned aircraft systems operations, including design, construction, operation and maintenance requirements. 

The following seven new ASTM standards, written for all sUAS that are permitted to operate over a defined area and in airspace defined by a nation’s governing aviation authority, have now been approved by F38: 

       F2908, Specification for Aircraft Flight Manual (AFM) for a Small Unmanned Aircraft System (sUAS). F2908 defines minimum requirements for the aircraft flight manual, which provides guidance to owners, mechanics, pilots, crew members, airports, regulatory officials and aircraft and component manufacturers who perform or provide oversight of sUAS flight operations. 

       F2909, Practice for Maintenance and Continued Airworthiness of Small Unmanned Aircraft Systems (sUAS). F2909 establishes a practice for the maintenance and continued airworthiness of sUAS. Requirements for continued airworthiness, inspections, maintenance and repairs/alterations are included. 

       F2910, Specification for Design and Construction of a Small Unmanned Aircraft System (sUAS). F2910 defines the design, construction and test requirements for sUAS. In addition to general requirements, F2910 covers requirements for structure, propulsion, propellers, fuel and oil systems, cooling, documentation and other key areas. 

       F2911, Practice for Production Acceptance of Small Unmanned Aircraft System (sUAS). F2911 defines production acceptance requirements for sUAS. Requirements covered include several aspects of production, system level production acceptance, quality assurance and documentation. 

       F3002, Specification for Design of the Command and Control System for Small Unmanned Aircraft Systems (sUAS). F3002 provides a consensus standard in support of an application to a nation’s governing aviation authority to operate an sUAS for commercial or public use. The standard focuses on command and control (C2) links, including a diagram of a C2 system and general requirements for C2 system components. 

       F3003, Specification for Quality Assurance of a Small Unmanned Aircraft System (sUAS). F3003 defines quality assurance requirements for design, manufacture and production of small unmanned aircraft systems. Guidance is given to sUAS manufacturers for the development of a quality assurance program. 

       F3005, Specification for Batteries for Use in Small Unmanned Aircraft Systems (sUAS). F3005 defines requirements for battery cells used in sUAS. Mechanical design and safety, and electrical design battery maintenance are primary battery-related areas that are covered. 

“The introduction of these standards developed by F38 will help to provide a safe and appropriate path for near-term routine sUAS operations in airspace systems of the United States and other countries,” says Theodore Wierzbanowski, chairman F38. 

Committee F38 encourages participation in its standards developing activities. “The user community for these standards is vast,” says Wierzbanowski. “Feedback on what works and what doesn’t during these early stages of sUAS operation is critical.” 

F2908 is under the jurisdiction of F38.03 on Personnel Training, Qualification and Certification, and F2909 was developed by F38.02 on Flight Operations. The other five new standards are under the jurisdiction of F38.01 on Airworthiness. 

To purchase ASTM standards, visit www.astm.org and search by the standard designation, or contact ASTM Customer Relations (phone: 877-909-ASTM; sales@astm.org). 

CONTACT Technical Information: Theodore J. Wierzbanowski • Punta Gorda, Fla. • Phone: 626-429-8864 | ASTM Staff: Stephen Mawn • Phone: 610-832-9726

Position Papers – UAS Operations in Support of Search and Rescue

UAS, unmanned aerial systems, can play a significant role in search and rescue (SAR) operations. There are a number of hurdles to deploying these assets successfully. In my role as advocacy director for the National Association of Search and Rescue (NASAR)  I’ve written position papers to address two of the hurdles:

1. UAS deployment in support of SAR (and other disaster response incidents) requires professional UAS operators. At the present time, that means that all UAS operations must be performed under a valid COA either by public agencies or by Section 333 exempt operators. I wrote a paper for NASAR explaining this position and how public agencies and SAR volunteers can fly in support of SAR missions while complying with FAA policy/rules/guidelines.Here is the NASAR announcement which includes a link to the paper.
2. Current FAA policy places three significant restrictions on UAS operations that make deployments extremely difficult and very ineffective:
   • The operator must issue a NOTAM 72 hours before flying. (SAR is an emergency. UAS assets are extremely helpful in the early stages. Search is an emergency.)
   • The operator must fly at or below 200 feet. (Imaging wide swaths of the area, operating in hilly or mountainous terrain, or establishing a communications relay with wide area coverage, requires higher altitudes.)
   • The operator must not fly any closer than 500 feet to non-participating individuals or property. (Search subjects do not go missing in areas with zero population and no structures.)

To address these issues, Jason Kamdar and I wrote a proposal for a “First Responder COA (FRCOA)”  to submit to the FAA. The document can be found here and the NASAR announcement about the paper and other related activity is here.