David Kovar (URSA Inc)
Talk Recording: https://www.youtube.com/watch?v=BqqXjyrVH-g
The Global Drone Security Network (GDSN) is the only event of its kind focusing on Cyber-UAV security, Drone Threat Intelligence, Counter-UAS, and UTM security. Watch the full recording here: https://www.youtube.com/watch?v=vZ6sRr65cSk
Speaker: https://www.linkedin.com/in/davidkovar/
DroneSec is a cyber-uav security and threat intelligence company who hosted this second series of the GDSN community event.
https://dronesec.com/
4. The key piece of knowledge necessary for
building defenses capable of withstanding or
surviving cyber and kinetic attacks is an
understanding of the capabilities posed by
threats to a government, function, or system.
SANDIA NATIONAL LABS, 2007
“
”
6. What Creates The Risk?
Any sub-$2,000 drone
• ISR
• Distraction
• Confusion
DJI Mavic
• Long range with extra battery
• Cellular using Raspberry Pi and
cellular modem
• 1 lbs. of C4 payload
Homebuilt
• Fully autonomous using PixHawk
• Custom data link avoids most/all RF
detection
• Very low RCS
Avartek Boxer Hybrid
• 5kg payload, 2 hour flight time
FireFly6
• EPO VTOL w/ 50 minutes endurance,
1.5lbs payload
• $8,000
Syrian homebuilt
• ~50km range
• Apparently fully autonomous
Jet turbine fixed wing
Raspberry PI + OpenCV + ISR
• En route and terminal guidance, no GPS
SDR
7. Capability
UAS Class (size/altitude)
Small/Low Medium/Medium Large/High
Long Range/Endurance YES YES YES
Base of operations in Remote Area YES YES YES
Very high altitude (>60,000 ft) YES YES YES
Very low altitude (<1000f ft) YES YES NO
Vertical Profiling YES YES YES
Heavy lift (>2000 lb) NO YES YES
All Weather Conditions YES YES YES
Monitoring/control Multi-ship Operation; mother-daughter-ship YES YES YES
Terrain Avoidance / terrain following YES YES NO
Formation Flight / stacked, horizontal YES YES YES
Precision Trajectories / flight line, mapping YES YES YES
Payload-directed flight; event-driven flight YES YES YES
Quick deployment / quick turnaround YES YES YES
Disposable systems / low cost systems YES NO NO
Human Factors: Training, Operations, CONOPS YES YES YES
Access to the Airspace - NAS (for UAS) or International YES YES YES
Planning, scheduling and visualization tools; flight tracking YES YES YES
Over-the-horizon comm.; real-time data YES YES YES
Relevance
of the
Capabilities
to the UAS
Classes
This matrix shows that
the entire list of
capabilities provided to
the TWG’s have relevance
to at least one UAS
class, and most
capabilities are relevant
to multiple UAS classes.
Therefore, the entire
list of capabilities were
considered during the
identification of the
technologies for UAS.
8. What Are The Risks?
• Physical layout from all angles, not just satellite / Google Earth
• LIDAR, IR
• Multiple times of day, lighting, situations
• RF collection
• What frequencies are used?
• What are they used for?
• Capture and collect comms traffic
• Distraction
• Response Analysis
• Intimidation
ISR - INTELLIGENCE, SURVEILLANCE, RECONNAISSANCE
PASSIVE
PAYLOAD DELIVERY
10. Palo Verde Nuclear Power Plant
• September 29, 30 of 2019
• Five to six UAVs, ~ two feet in
diameter, on site for eighty minutes
• NRC ILTAB (Intelligence Liaison and
Threat Assessment Branch) – Please
stop calling us during off hours
• NRC doesn’t require CUAS at nuclear
plants, asserting that “small
drones” could not damage reactors
• Previous UAV overflights on Dec 21,
2017.
• Later overflight December 2019, possibly
with CUAS deployed on site
PALO VERDE NUCLEAR POWER
PLANT – LARGEST IN U.S.
11. U.S. Nuclear Sites
• 3 ”Open”
• 5 “Closed Resolved”
• 49 “Closed Unresolved”
• All Unresolved
• Palo Verde – 3
• Limerick – 5
• Perry – 6
• Diablo Canyon – 7
57 UAV INCIDENTS FROM
DECEMBER 2014 TO OCTOBER 2019
12. Eastern Colorado
“MULTIPLE HIGHLY CREDIBLE
OFFICIAL REPORTS FROM TRAINED
OBSERVERS.”
• Number of UAVs ranges from 2 –
16
• Approximately 6 feet in width
• Flight time between two and
three hours
• Night operations
• Flying grid like patterns
“… allude to a unique arrangement
in which a large drone seems to
have been accompanied by a fleet of
smaller ones”
THE DRIVE: THE WAR ZONE (JULY 15, 2020)
13. Eastern Colorado
“We have contacted entities (UAS
companies, pipeline operators,
colleges, etc.) that have received
permission to operate UAS in
these areas, but to date, none of
these approved operators have
been determined to be the source
of the UAS operations.”
FAA MEMOS
“In response to concerns the Army
or one of their contractors was
conducting UAS operations or testing
and evaluation, on January 13, the
FAA contacted multiple offices within
the Pentagon in both the Army and
the Office of the Secretary. All
provided negative responses.
Combined with previous DOD
engagement [by FAA] with USAF and
NORAD/NORTHCOM, there is high
confidence these are not covert
military activities.”
FAA MEMOS
14. Colorado – What is Normal?
“Drone thermal imaging consulting in the oil
and gas industry is the future of pipeline
inspections. Unreachable pipe and dangerous
locations have become accessible and our
hearty drone with an infrared camera payload
can withstand intense environmental
conditions. <X>’s nighttime waiver enables
flight without daylight constraints, and in
fact, some thermal inspections are better
done in the dark.”
“More often than not, operators
hire contractors and
subcontractors who hire their
own subcontractors, etc.”
“The <X> VTOL UAV … range can be extended up
to 40km using GPS waypoint navigation, and
flight endurance is 88 minutes.
The UAV can withstand a maximum humidity of
90%, heat of up to 50°C, and cold environments
of up to -20°C.
15. Elsewhere
Three Spanish males arrested for flying UAV over Valero
facility in St. Charles Parish, LA (2018)
“Dy. Jones also observed a smaller drone with white and green lights
hover for approximately 15-20 minutes in an unknown area to the east of
DOW chemicals. While on scene dy. Jones advised the smaller drone did
not move but remained stationary and appeared to rotate 360 degrees
while hovering.” – St. Charles incident report (2/4/2019)
“James Jackson advised he was driving his work truck to a job site
within the plant at approximately 2039 hours when he observed an object
fly in front of the truck and crash onto the ground.” – St. Charles
incident report (5/8/2019)
They claimed to work for a film production company, but did not provide
additional information about the company, they also stated they were
flying the drone recreationally.”
LOUISIANA
MULTIPLE CREDIBLE REPORTS, PICTURES APPARENTLY EXIST
16. Elsewhere
Greenpeace France flies drone into
nuclear plant (2018)
Multiple drones attack Saudi Aramco
facilities (Sept 2019)
Drones spotted over seven nuclear
plants in France (2014)
FRANCE
SAUDI ARABIA
U.S.
Mavic found next to a non-bulk
electric substation. Ropes attached
to UAV supported copper wires.
19. I think this shows a significant gap
in our understanding and national
security understanding of the threat
drones pose. U.S.
SENATOR CORY GARDNER , JAN. 8, 2020
“
”
20. Should drones gain longer flight times,
greater route autonomy, and especially, an
ability to carry larger, heavier payloads
without losing much flight time, those would
be the factors that should suggest a rethink
of infrastructure hardening.
KELSEY D. ATHERTON, FORBES, JULY 31, 2020
“
”
21. … restricted airspace will do nothing to stop an
adversarial attack … detection systems identified have
limited success rates, … low likelihood that law
enforcement will arrive quickly enough …
We should be focusing our attention on getting Federal
regulations and laws changed to allow sites to be
defended and to identify engineering fixes that would
mitigate an adversarial attack …
JOSEPH RIVERS, NRC SENIOR LEVEL ADVISOR ON SECURITY
“
”
22. Remote ID and UTM
• Remote ID and UTM are three years out
• Both systems will likely be federated solutions requiring multiple
commercial and government entities to collaborate with perfect cyber
security
• Both will have legitimate back doors, compromised legitimate backdoors
and pure exploits
• There are a lot of reasons not to disclose where drones are operating and
why
• Malicious operators will hide in the gaps and in the noise
• The FAA has a poor track record enforcing compliance
• Hobbyists, open source activists, and foreign tech imports will likely
create a “non-compliant” noise floor to hide in
23. CUAS Test and Evaluation
• “The C-UAS industry has grown exponentially in recent years. We have identified over 230 C-UAS
products produced by 155 manufacturers in 33 countries” Counter Drone Systems. Bard College,
Center for the Study of the Drone, Feb. 2018
• As one CUAS researcher put it, “We have no source of truth.”
We don’t know what works.
Threat information is silo’d.
We’re selling solutions for last year’s challenges.
25. CISA
Recognizing and implementing security practices that meet
Federal, State, and local regulatory requirements are key to
successfully managing potential security incidents associated
with UAS. Although no single solution will fully mitigate this
risk, there are several measures that can be taken to address
UAS-related security challenges:
• Research and implement legally approved counter-UAS
technology.
• Know the air domain around the facility and who has
authority to take action to enhance security.
• Contact the FAA to consider UAS restrictions in close
proximity to fixed site facilities. More information can
be found at www.faa.gov/uas/.
• Update Emergency/Incident Action Plans to include UAS
security and response strategies.
• Build Federal, State, and local partnerships for
adaptation of best practices and information sharing.
More information can be found at www.dhs.gov/hometown-
security.
• Report potential UAS threats to your local law
enforcement agency.
• Weaponized or Smuggling Payloads
Depending on power and payload size,
UAS may be capable of transporting
contraband, chemical, or other
explosive/weaponized payloads.
• Prohibited Surveillance and Reconnaissance
UAS are capable of silently monitoring
a large area from the sky for nefarious
purposes.
• Intellectual Property Theft
UAS can be used to perform cyber crimes
involving theft of trade secrets,
technologies, or sensitive information.
• Intentional Disruption or Harassment
UAS may be used to disrupt or invade
the privacy of other individuals.
WHAT ACTIONS CAN YOU TAKE?
UAS-RELATED THREATS MAY INCLUDE:
27. Project Folder / Camera Geospatial Referencing Drone Flight (GPS Data) Geospatial Referencing
Drone(s)
Live or Post Capture Content Sources
SensorsTelemetryRadioVehicle Cams
Safety
Exercises & Training
Boat Cams Ground Cams
Operational
Oversite
Emergency
Preparedness
Maritime
Intelligence/Security
IOT Devices
Command and Control – Live and Archive Data Fusion with Geospatial-referencing
Counter-UAS Actionable Information System (AIS)
Analyze, Archive, Manage, Collaborate & Training
Remote Deployable System
Live Map Viewer
GeoSpacial
Visualization
Mission Product
Generation
Temporal Data Fusion/
Analysis
Live & Post Mission
Logger
Temporal Data Fusion/
Analysis
Mission Product
Generation
One Man Carry
Time Line and Time
Span
Emergency Response
Awareness
Inspection
Management
Infrastructure
Project Tracking
External Media (All file types supported from all devices)
Documents Archive FormatsAudio FilesVideo Files IOS/Android Still Cams Adobe
External Touch Screen Monitor
GeoSpacial
Visualization
Application Server and
Storage
Fold Out Client Station
Historical
Searching
Project
Archive
Lessons
Learned
Project
Workflow
Mission
Products
Safety
Exercises
Asset
Manager
Job
Manager
Knowledge
Base
Mesh Radio Link
Counter-UAS Actionable Information System (AIS)
28. Adversary Drone Application Model (ADAM TM )
Threat
Actor
Target
Goals|Strategy|Objectives
What does the adversary want
to accomplish?
Intelligence
First intelligence collection
campaign against the target.
Target Development
Detailed studies of the target
and local area.
Operational Planning
Operational assessments
culminating in several courses
of action and finally a plan of
execution.
Resources
Determination of required
resources.
Technology & TTPs
Acquisition and development of
the means of attack.
Intelligence
Second intelligence collection
campaign against the target.
Training & Rehearsal
Training for the technology,
TTPs and mission.
Operational Planning
Adjusting the plan of execution.
Deployment Preparation
Final arrangements for
deployment.
Deployment
Movement of support and action
elements into the area of operations.
Drone Mission
Launch, penetration, action,
withdrawal, and recovery.
Intelligence
Final reconnaissance of the target.
Area Operations
Mission support in the area of
operations.
Ground Operations
Operations in the target area and at
the launch site.
Variable Fidelity
Threat
Simulations
for
ü Risk Assessments
ü Counter-UAS Plans,
Policies and
Procedures
Development and
Evaluation
ü Counter-UAS
Technology
Evaluation
ü Training
ü Investigations
Some of Our Support Tools
üA database of over 550
tactics, techniques, and
procedures (TTPs) for
adversarial drone use
üSOARS™ Launch &
Recovery Site Selection
Tool
üMATLAB/Simulink-based
flight simulations
üProfessional drone
analysis tools
Operational Planning
Final adjustments.
Planning Preparation Execution
ExpertNovice
29. AV-ISAC
MISSION STATEMENT
To collectively enhance autonomous vehicle cyber, physical, and supply chain security across multiple sectors
and national borders to enhance public safety and the financial health of the member organizations and their
respective national economies.
ABOUT THE AV-ISAC
The Autonomous Vehicles Information and Analysis Center (AV-ISAC) is a member-driven, non-profit organization
addressing the needs of an international and cross-sector membership. The AV-ISAC is designed to enable its
member institutions to share timely, relevant and actionable physical and cyber security threat and incident
information.
The AV-ISAC will create a secure and confidential space for the AV-ISAC staff and participating members to
collaboratively gather, analyze and share information among the membership, supplementing this with
information from other sources such as commercial security firms, government entities and other trusted
resources.
The AV-ISAC will quickly disseminates alerts, analysis, best practices and other critical information to help
the membership and the sectors they represent to prepare for, respond to and mitigate risks and threats.
The AV-ISAC addresses the needs of one sector – autonomous vehicles – operating in four domains – air, ground,
marine, and space.
30. Cross Domain, Private Sector Fusion Center
• We are engaged in a futuristic war …
• While often asked to fight last year’s battles …
• Against adversaries ranging from activists to criminals to non-state actors to
nation states …
• With limited resources …
• Hampered by a challenging regulatory environment …
• And working with limited intelligence, often due to our own inability or
unwillingness to collaborate.
31. Cross Domain, Private Sector Fusion Center
Chatham House Rule – “Participants are free to use the information received, but
neither the identity nor the affiliation of the speaker(s), nor that of any other
participant, may be revealed.
Not for disclosure, restricted to participates only.
TLP: RED
Limited disclosure, restricted to participates’ organizations.
TLP: AMBER
Limited disclosure, restricted to the community.
TLP: GREEN
Disclosure not limited.
TLP: WHITE
&
32. D K O V A R @ U R S A S E C U R E . C O M • W W W . U R S A I N C . C O M
34. I think this shows a significant gap in our
understanding and national security understanding
of the threat drones pose. If we can't find out
who they are, how they are being controlled, who
is controlling them, what is to keep a nation
like Iran or North Korea from looking at this
instance and saying ‘Boy now we should come out
and do the same thing with cameras and sensor
equipment to find out the kinds of things that
would help with international security' so I
think it is a concern.
U.S. SENATOR CORY GARDNER, JAN 8, 2020
“
”
35. Should drones gain longer flight times, greater
route autonomy, and especially, an ability to
carry larger, heavier payloads without losing much
flight time, those would be the factors that
should suggest a rethink of infrastructure
hardening.
In the meantime, reactor security will likely rest
in the strength of the infrastructure as it was
built, rather than as it has been hardened.
KELSEY D. ATHERTON, FORBES, JULY 31, 2020
“
”
36. I would point out that restricted airspace will do nothing
to stop an adversarial attack and even the detection systems
identified earlier in this email chain have limited success
rates, and there is even lower likelihood that law
enforcement will arrive quickly enough to actually engage
with the pilots.
We should be focusing our attention on getting Federal
regulations and laws changed to allow sites to be defended
and to identify engineering fixes that would mitigate an
adversarial attack before there our licensed facilities
become vulnerable.
JOSEPH RIVERS, NRC SENIOR LEVEL ADVISOR ON SECURITY
“
”
37. THE DAILY BEAST ARTICLE ON 2018 SWARM
ATTACK ON RUSSIAN AIRBASE.
“
”
The aircraft has a unique, improvised design,
which doesn’t appear to come from any known
commercial models or kits, suggesting a
stronger connection between the drone offered
for sale on Telegram and the models captured
by Russian and Syrian forces. “From what I can
see, this ‘drone’ was fabricated using wooden
parts and tape. Perhaps the servos and engine
were purchased online, although it’s more
likely been scavenged from a model airplane,”
says Mike Blades, a drone industry analyst at
Frost & Sullivan.
UAVS FLEW APPROXIMATELY 50KM.
38. Nuclear Regulatory Commission, Physical
Protection of Plants and Materials.
This part prescribes requirements for the
establishment and maintenance of a physical
protection system which will have capabilities
for the protection of special nuclear material at
fixed sites and in transit and of plants in which
special nuclear material is used.
The primary threat is from:
“A determined violent external assault, attack by
stealth, or deceptive actions, including
diversionary actions, by an adversary force …
“
”https://www.law.cornell.edu/cfr/text/10/73.1
41. Cross Domain, Private Sector Fusion Center
• We acknowledge that people will use the knowledge gained to improve their own situational
awareness for their organizations and clients.
• The knowledge base required to excel in this field is large and cannot be assembled by just a
few people, or just the private sector, or just the U.S. government.
• Other groups are doing this for profit, or to provide a specific service, or as part of a
narrow vertical sector. We hope that this group will remain free and in service to our country
and the missions we follow.
• There will be times that our research will be delivered to the general public as part of what
we do for our jobs on a normal basis. This should only be done while respecting Chatham House
and TLP.
• We are not an elite covert intelligence group leaking death star intelligence.
• Members will likely want their names, contact information, affiliations to remain
private/anonymous. This must be honored and respected by all.
• Individual members are allowed to acknowledge the existence of the group and their
participation if they wish but they should respect other’s needs for privacy and not share for
marketing purposes.
42. Cross Domain, Private Sector Fusion Center
• We will collaborate and communicate as openly as possible and leverage this
community to create new connections and benefit from each other’s knowledge.
• We will strive to be a place where competitors share research and knowledge
regularly for the benefit of society at large.
• We will be multi-disciplinary to include geopolitical awareness of event
drivers as well as skill sets in various areas such as forensics, red
teaming, link analysis, data mining, tool development.
• We will strive to avoid silos and to recruit members from many different
fields and sectors.