Authors – French Caldwell and Richard Stiennon

Key takeaways –

1. Air transportation infrastructure is particularly vulnerable to non-lethal attacks by drones
2. Regulatory controls alone will not stop drone attacks
3. Attacks like the one at Gatwick this week are a serious reputational blow to the drone industry and rapidly growing drone control software and analytics vendor ecology

For two nights in a row, people living along the flight path of London’s busy Gatwick airport have slept soundly.  Thanks to a drone attack that started at 9p.m. GMT on 19 December 2018, all flights have been grounded.  Sussex police have been playing whack-a-mole with whomever is controlling the drone or drones – every time they think they may be getting close, the drone disappears, only to reappear later.  Meanwhile Gatwick’s neighbors are experiencing life without jet noise, while tens of thousands of holiday travelers have been stranded. 

 Hacking geofencing.  This incident demonstrates in spades the fragility of critical infrastructure and the challenge posed by emerging technologies.  Drone pilots are required to follow rules that should prevent interference with airport operations, and the rules are enforced through the control system software for the drones.  Geofencing built into the software should shutdown drones that stray into restricted airspace.  The geofencing is built into either the application software on a smartphone or laptop external to the drone, or into the firmware internal to the drone – the former being the case for toy or hobby drones and the latter usually being the case for industrial drones used by businesses or government agencies.

 However, the mobile or laptop application software is most likely not un-hackable, and regarding industrial drones, former Gartner analyst Jeffrey Vining who has followed drone technology for over a decade stated, “The firmware is potentially hackable over the wireless connection from the operator to the drone,” enabling the operator to disable the geofencing.

 Drones have proven to be an effective means of disruption. The General Atomics MQ-1 Predator,piloted from remote workstations in Nevada, have wreaked havoc on suspected insurgents throughout the Mideast. In July, Houthi rebels claimed a drone attack against Abu Dhabi airport.  A Houthi military source said the armed drone flew 1,500km.  That claim of attack has been discredited but there have been drone attacks by Houthi in Yemen, most recently in April 2018.

There is no question that commercially available drones for hobbyists should have built-in systems that help reduce their ability to interfere with airports, freeways or stadiums, and perhaps avoid power transmission lines.  However, it will always be possible for hackers to circumvent those built-in controls or build their own flying devices with no controls at all.

Fragile infrastructure.  The infrastructure that is the network of airports around the world has proven to be fragile. Any frequent traveler knows that a major backup at a large hub like Dulles, or Heathrow, can have repercussions felt around the world as flights are diverted or delayed. The cause is usually weather, but the specter of a coordinated series of drone attacks that leverage this fragility calls for more robust defenses than regulatory-imposed controls alone. 

 Counter-drones and contingencies.  Counter-drone systems are already under development. The Silent Archer system from SRC combines drone sensing and targeting capabilities. ()Most counter-drone systems rely on radio frequency jamming to disable drones.One commercial venture, Apollo Shield,has a handheld device that looks like a futuristic rifle for taking out drones. Counter-drone laser and microwave systems such as those being developed by Raytheon for the U.S. military also offer a solution to interference by drones in restricted airspace.  However, intentionally crashing drones could introduce new problems, particularly for large drones where the hazardous materials from batteries or fuel may need to be dealt with following a crash. 

It would be easy to criticize Gatwick Airport for not recognizing their vulnerability to rogue drone flybys and investing in counter-drone technology. But, as always, the first victim is the test case for new attacks that illuminate threats. Now would be a good time for the U.K. Home Office and the U.S. Department of Homeland Security to work with air traffic authorities on drone attack contingency plans and start educating airport administrators on the need to invest in counter-drone technology.

Recommendations

1.  Public and private sector operators of airports,railroads, highways, stadiums, and other high traffic infrastructure should develop and practice contingency plans for drone attacks
2. Governments should accelerate drone air traffic control system projects, and include defenses and drone attack contingency plans in those projects
3. Commercial drone manufacturers like DJI, Yuneec, GroPro, and the rapidly emerging drone geofencing and analytics software ecology, including vendors like Airmap, PrecisionHawk, sensefly, Airware and others, should develop common standards that support drone air traffic control and non-military counter-drone defenses

Originally published at The Analyst Syndicate