1. When considering security for the UAS is important to take a holistic approach, paying equal cognisance to technical, policy and physical security for the UAS as a whole. Utilising this approach will help ensure that issues are not overlooked that may affect security and ultimately safety.
2. By utilising proven industry approaches to the protection of Confidentiality, Integrity and Availability (CIA), security measures applied can benefit the UAS operator by assuring availability of service and the integrity and confidentiality of both data and operations.
Security Aspects to be Addressed
1. Security aspects are required to address particular potential weaknesses to UAS such as employees, location, accessibility, technology management structure and governance.
2. Such security aspects include but are not limited to:
⁃ The availability of system assets, e.g. ensuring that system assets and information are accessible to authorised personnel or processes without undue delay;
⁃ Physical security of system elements and assets, e.g. ensuring adequate physical protection is afforded to system assets;
⁃ Procedural security for system elements and assets, e.g. ensuring adequate physical protection is afforded to system assets;
⁃ Procedural security for the secure and safe operation of the system, e.g. ensuring adequate policies such as Security Operating Procedures are drafted, applied, reviewed and maintained;
⁃ Data exchange between system elements, e.g. ensuring the confidentiality and integrity of critical assets is maintained during exchanges within the system, over communication channels and by other means such as physical media;
⁃ Accuracy and integrity of system assets, e.g. ensuring threats to system assets caused by inaccuracies in data, misrouting of messages and software/hardware corruption are minimized and actual errors are detected;
⁃ Access control to system elements, e.g. ensuring access to system assets is restricted to persons or processes with the appropriate authority and ‘need-to-know ‘;
⁃ Authentication and identification to system assets, e.g. ensuring all individuals and processes requiring access to system assets can be reliably identified and their authorization established;
⁃ Accounting of system assets, e.g. ensuring that individual accountability for system assets is enforced so as to impede and deter any person or process, having gained access to system assets, from adversely affecting the system availability, integrity and confidentiality;
⁃ Auditing and Accountability of system assets e.g. ensure that attempted breaches of security are impeded, and that actual breaches of security are revealed. All such attempted and actual security incidents must be investigated by dedicated investigation staff and reports produced;
⁃ Object Reuse of system assets, e.g. ensure that any system resources reusage, such as processes, transitory storage areas and areas of disk archive storage, maintains availability, integrity and confidentiality of assets;
⁃ Asset Retention, e.g. ensuring that system assets are securely retained and stored whilst maintaining availability, integrity and confidentiality.
Identified and derived requirements would then sit within each identified security aspects and be applied (where necessary) to parts of the UAS, e.g. ground based system (including the communications link) and the UA itself. The requirements must be ultimately traced to the overall policy requirements.
Any agreed security design, evaluation and accreditation process will be integrated (where necessary) with the existing certification, approval and licensing processes utilized for manned aircraft.
• The security design, evaluation and accreditation process will be considered as a factor to the operational scenario, including but not limited to:
⁃ Applicable flight rules;
⁃ Aircraft capabilities and performance including kinetic energy and lethal area;
⁃ Operating environment (type of airspace, overflown population density);
⁃ Opportunities for attack and desirability.
• The operational scenarios, along with other applicable factors, must be combined with possible weaknesses to the system to determine a measure of perceived risk. A possible security lifecycle for the UAS is referenced to as the risk assessment phrase of the process.
• Risk management techniques must then be utilized to reduce the perceived risk to an acceptable level of residual risk. This phase is referred to as the risk mitigation phrase of the process.
• The risk management techniques implemented are verified and evaluated for effectiveness in a regular cycle of ‘action and review’ ensuring optimum effectiveness is maintained throughout the lifecycle. This phase is referred to as the validation and verification phase of the process.
• Although the approach above is directly applicable to technical security it must be borne in mind that this process must be supported by the application of both good physical security and procedural security and these could be drawn up by interactions between industry, the CAA and Government agencies.
Current UAS Security Work
The current security research work draws on sector experience and recognized security standards. Through liaison with Government agencies, system security policies are formed that are not only thorough due to their holistic approach but also achievable due to the recognition that systems will have varying operational roles.