Unmanned aerial vehicles, or “drones,” as they’re commonly called, touch on numerous hot-button cybersecurity issues. As devices connected to networks, they are important when considering the “internet of things.” As used by the government, they present surveillance concerns. Over the past decade, they have been increasingly used for military operations — although civilian drones now far outnumber military drones. (The FAA has estimated that by 2020, 10,000 civilian drones could be patrolling the skies.)
There are numerous legitimate civilian uses for drones for drones, including agriculture, weather forecasting, photography, and commercial package delivery. But the concerns present in the ubiquity of civilian drones use are much less about the dangers presented by legitimate use (and to be fair, there are such dangers — like, for example, drones crashing into each other or falling on pedestrians). Rather they are about the illegitimate uses that are difficult to regulate: spying on others, theft, or even surreptitiously harming others. Imagine, for example, a domestic terrorist using a home-crafted bio- or chemical weapon attached to a drone. There are also politically charged potential uses, too – such as a recent DHS request for proposal for a drone border monitoring program.
A significant problem from a cybersecurity perspective is that commercially-available drones are not necessarily securely designed. While security vulnerabilities present in the supply chain is not a new phenomenon (that is, in the time that it takes to design, manufacture, and sell a connected product, the threat environment likely has already appreciably changed), some specific commercial drone vulnerabilities have been well-documented– such a model of quadcopter that could, according to the United States Computer Emergency Readiness Team, be potentially compromised by someone who happened to have access to the drone’s wifi network.
The risk of drones being vulnerable to network attack can appear, frankly, terrifying. Botnet attacks — that is, an attack by someone who has control of numerous infected devices, normally home or office computers — are real threats with regard to drones (this is a significant concern with regard to the internet of things, generally). As Bloomberg news noted in an article last year, “connecting things to the internet also creates the potential for huge networks of robots, aka botnets, to be turned into drone armies for anyone with the software tools to take over enough devices.” Imagine this risk as drones become more common.
Drones present significant promise and significant peril. We will continue to monitor how drones are regulated, and what threats they might pose.