Cybersecurity in the UTM context has an expansive scope since it touches cyber-physical systems and covers different domains. The threat modelling template conceptualised by the Secure and Resilient UTM Task Force introduces a way of thinking to address the issues of cyber-security of UTM systems to build a secure-by-default UTM system. In the context of the drone ecosystem, UTM is just one component of the stack, and there are others, e.g. the vehicle itself, the command and control link, the identity and authorization of the flights, etc.
During the work of the Secure and Resilient UTM Task Force, a number of task force GUTMA members presented a short summary showcasing their work and technology that covers the broader offering in the context of cyber-secure systems. In this article, we share this “survey of practices” that will familiarize the reader with the broader work and efforts done by task force members.
This third article will focus on the contribution of Ericsson Drone Mobility.
Introduction
Ericsson Drone Mobility (EDM) is a cloud-based drone mission control hosted in Microsoft Azure or any other cloud platform. It allows users to share live video from their drones to other users and enables the remote pilots to take control of the drone. EDM leverages intelligence from telecom networks to enable Drone flight missions with Quality of service on demand, device density for ground risk mitigation, remote authorization and authentication, etc.
Ericsson is a telecommunication leader and has incorporated strict protocols compliant to 3GPP standards. Data captured by drones during inspection and missions could be sensitive. Hence Security is paramount.
Some of the risks and areas of concern in the drone operating environment could be:
- The drone and flight API endpoints could expose unauthenticated monitoring and management interfaces
- The Kubernetes environment or similar could lack hardening, resulting in malicious users with internal access from performing unauthorized actions
Risk assessment and privacy impact assessment for EDM are fundamental security assurance practices, as they bring a holistic understanding of products’ or solutions’ security and privacy threats. This highlights the necessity of implementing requisite functionality as mitigation and helps the scoping of security assurance activities where they are needed the most.
The scope of the security assessment typically involves activities, for example:
- Performing reconnaissance on internet-connected services
- Security testing of the main web application
- Testing the organization, drones, and flights API endpoints
- Testing of the Kubernetes infrastructure or similar
- Partial source code review
- Interface between the drone SDK, the web application streaming and controlling drones
Classification of Security Assets (CIA)
Identified assets are given security classification in terms of the traditional three security objectives: confidentiality, integrity and availability. The classifications range from Low (L) where loss of confidentiality, integrity or availability is expected to have no adverse impact on the product or the organization operating it, to various impacts as Medium (M), High (H), Very High (VH).
Some examples of Security assets are illustrated in Table 1 below:
| Security classification | |||
| Asset | Confidentiality | Integrity | Availability |
| Web Service | VH | VH | VH |
| Organization Management | VH | VH | VH |
| Identity and Access Management | VH | VH | VH |
| Organization Database | VH | VH | VH |
| Email Service | H | M | L |
| Drone Management | L | M | H |
| Drone Database | L | M | H |
Table 1: Examples of Security assets and classification
The relevant threat agents and their potential motives in the product’s context are identified. Examples of some are illustrated in Table 2 :
Threat Modeling is performed using STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) or TRIM tags, identifying threat categories and proposed mitigation. Risk evaluation is done by calculating the probability and impact of a threat from several contributing factors. The resulting probability and impact levels are placed on the risk matrix to find the resulting risk level.
Conclusion
The overall security and privacy posture on product or solution level is a combination of risks, evidence and other observations. The aim of regular Security Risk and Privacy assessments including Penetration testing is to identify and mitigate various risks and threats. The purpose of this brief report is to provide information for GUTMA member companies to build a basic understanding of security in the context of Drone operations. Standardized security and privacy techniques are implemented rigorously.
If you want to read the full Secure and Resilient Task Force report, click here and download the document.
GUTMA Task Forces are a Members-only initiative. If you wish to become a GUTMA Member contact us at secretariat@gutma.org or fill in this form.