In recent years, the rise of connected devices, including drones, has brought about significant cybersecurity risks. Drones, in particular, have been the target of various cyberattacks, highlighting the vulnerabilities in their systems. Here are some notable examples:
These examples underscore the importance of robust cybersecurity measures to protect connected devices like drones from malicious attacks.
In the EU, drone regulations are categorized into three main categories: Open, Specific, and Certified. Each category has its own set of requirements and considerations, including aspects of cybersecurity:
In the United States, the primary compliance requirement for drone manufacturers is ensuring that drones are compliant with the National Airspace System (NAS). This includes incorporating Standard Remote ID capabilities, which act as a "digital license plate" for drones, allowing authorities to identify and track drones in real-time.
Applus+ Laboratories offers comprehensive testing and certification services for drones, supporting manufacturers in meeting both EU and US regulatory requirements. Their services include:
While Applus+ Laboratories can help manufacturers meet existing regulatory requirements, they also offer additional cybersecurity services to go beyond these regulations. Given that current regulations are weak on cybersecurity requirements, Applus+ Laboratories provides advanced cybersecurity evaluations to ensure drones are resilient against various cyber threats.
While drones are increasingly integrated into various sectors, they lack the stringent cybersecurity regulations that other IT products, such as payment terminals, modems, and operating systems, must adhere to. These IT products are often required to be certified using robust certification schemes like Common Criteria (CC) or FIPS 140-3, which ensure a high level of security. For instance, payment terminals must be certified against vulnerabilities such as unauthorized access, data breaches, and tampering. Modems and operating systems are evaluated for secure communication protocols, data integrity, and protection against malware. In contrast, drone regulations do not comprehensively cover these cybersecurity aspects, leaving drones vulnerable to various cyber threats.
Some specific cybersecurity vulnerabilities that other IT products must be certified against, but drone regulations do not cover, include:
Vulnerability assessments and penetration testing campaigns can help identify and mitigate these vulnerabilities, ensuring that drones are better protected against cyber threats.
In the context of drones, a Threat and Risk Assessment would analyze various threats, assets, and key categories, such as:
Existing cybersecurity standards like Common Criteria (CC) can address these issues by providing a framework for evaluating the security of drones. CC certification involves rigorous testing and assessment of the product's security features, ensuring that it meets specific security requirements. This includes evaluating the drone's ability to protect against unauthorized access, ensure data integrity, and maintain secure communication.
By adopting such standards, drone manufacturers can enhance the cybersecurity of their products, ensuring they are resilient against various cyber threats and providing greater assurance to users and regulators.
Another crucial approach that manufacturers can adopt to enhance the cybersecurity resilience of drones is implementing Security by Design principles. This approach ensures that security is integrated into every stage of the drone's development, guaranteeing confidentiality, authenticity, integrity, and availability. Key aspects include:
By incorporating these Security by Design principles, manufacturers can significantly enhance the cybersecurity resilience of drones, making them more robust against various cyber threats and ensuring their safe and secure operation.
Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). You can accept all cookies by pressing the "Accept" button or configure or reject their use. Consult our Cookies Policy for more information.
They allow the operation of the website, loading media content and its security. See the cookies we store in our Cookies Policy.
They allow us to know how you interact with the website, the number of visits in the different sections and to create statistics to improve our business practices. See the cookies we store in our Cookies Policy.