6 July 2023
More and more UAVs are taking to the skies on professional missions. Their functions range from capturing film and photographic images from above to examining roller coasters and wind turbines from the air. In the future, these unmanned flying objects look set to increasingly deliver parcels, drugs or even people’s lunches. To ensure that they don’t get hijacked as they go about their business, their IT security needs to be assured. TÜV NORD has carried out the world’s first cybersecurity certification for a UAV system.
#explore: Mr. Springer, how can UAVs be manipulated by hackers, and what are the possible consequences?
These days, UAVS are no longer only connected to classic remote controls, but are also networked via Bluetooth, WLAN and radio connections – which are used, for example, to install updates remotely or direct the aircraft from a control centre. This opens up lines of attack for cybercriminals. If the interfaces for these connected functions aren’t adequately secured, a hacker can, for example, contact the UAV pretending to be its control centre; this is referred to as a “man in the middle” attack. Then it can be hijacked and redirected to steal its shipment, or the UAV can even be misused in a terrorist attack.
TÜV NORD has carried out the world’s first cybersecurity certification for such UAV systems. How does this kind of certification work?
We start with a risk analysis. We ask ourselves what attack scenarios are conceivable. From these, we pick out the worst-case scenario and use it to develop a multi-level protection system. This is important, because if you cover the maximum requirements, you will also be protecting the systems against more minor attack scenarios. Based on our risk analysis and the catalogue of requirements, the company to be certified, in this case HHLA Sky, then goes into specific development and programming. As we go along, we regularly check in with the company to ensure that the development is going in the right direction. In other words, we take a “security by design” approach, in which IT security is an integral part of product development. In this way, security vulnerabilities are avoided from the outset instead of having to be fixed afterwards. In the next step, our experts from another department can then check whether the protective measures can actually withstand cyber attacks. To do this, they try to hack into the systems in different ways.
About Matthias Springer
Matthias Springer runs the Functional Safety and IT security department at TÜV NORD.
So, do such protective measures ensure hacker-proof communication between the UAV and the control centre?
To make this communication safe, we set great store by secure authentication procedures, by which I mean that we ensure the drone and control centre can clearly identify themselves and each other. We work with the kinds of certificate-based systems that are also familiar from Internet protocols. In this public key infrastructure, digital keys are exchanged between the UAV and the control station to verify with every communication that they really are who they say they are. The communication between the control centre and the UAV is also highly encrypted, so that control information can’t be intercepted and manipulated. If you want to create another protective wall against a hostile remote takeover, you can also specify that an authorised person must be physically in contact with the UAV when a new mission is launched.
© HHLA/Thies RätzkeA swarm of drones could fly up and down the Elbe River to see if any unauthorized fluids have been discharged, while also checking the dams.
What might countermeasures look like in the event of an attack? How can and should the UAV react in such a case?
If the UAV detects that it is under attack or receives a warning from the control centre, it flies to one of the predetermined emergency landing sites on the operational route. If this is no longer possible, it automatically goes into a safe state, meaning that it switches itself off and uses a parachute to come down to earth. This allows the consequences of the incident to be mitigated and injury to people to be avoided as far as possible.
© HHLA/Daniel NideA control station in the control center from which aircraft are controlled.
