City Research Online

Abstract

The subject of this study is the proactive cybersecurity analysis process of Unmanned Aerial Systems (UAS). The goal of this study is to reduce cybersecurity risks in UAS operations by developing a proactive analysis method that combines systematic risk identification with empirical validation in a controlled environment. The objectives of the study are: (a) to justify the usefulness of proactive cybersecurity analysis for UAS, (b) to develop a corresponding method, (c) to experimentally demonstrate the usefulness and applicability of the proposed method experimentally, and (d) to derive and assess a list of recommended countermeasures. The methods used in the study include Intrusion Modes and Effects Criticality Analysis (IMECA) and penetration testing. The results of the study are as follows: (a) a staged method for proactive UAS cybersecurity analysis was developed, combining a priori assessment, controlled reproduction of selected intrusion scenarios, and a posteriori refinement of risk estimates; (b) a block diagram of proactive UAS cybersecurity analysis was developed to formalize the vulnerability identification and assessment process; (c) a SITL platform deployed on a workstation running Kali Linux was used for reconnaissance, vulnerability and misconfiguration scanning, and intrusion mode simulation; (d) preliminary identified intrusion modes were experimentally confirmed, which led to the discovery of 35 additional intrusion modes linked to a common initial access vulnerability in the Wi-Fi protocol, four of which fell into the unacceptable risk zone; (e) a priori and a posteriori IMECA tables and criticality matrices were constructed; and (f) recommended countermeasures were derived and assessed. The conclusions of the study are as follows: (a) the proposed method enables systematic identification of intrusion modes and empirical refinement of probability, severity, and risk estimates; (b) the scientific novelty lies in integrating the IMECA method with a priori prediction and a posteriori refinement based on observations from UAS penetration testing procedures; (c) the developed block diagram proved useful for formalizing vulnerability detection and minimizing uncertainty in risk assessment; (d) the proposed method’s usefulness and applicability were demonstrated on the SITL platform; and (e) no intrusion mode remains in the unacceptable risk zone following the potential implementation of the recommended countermeasures; three Wi-Fi-dependent modes retain a residual risk whose complete elimination requires an architectural rather than a configuration-level decision.

Publication Type:	Article
Additional Information:	© The Authors. This is an open-access article distributed under the terms of Creative Commons: Attribution Non-Commercial License 4.0 (http://creativecommons.org/licenses/by-nc/4.0/).
Publisher Keywords:	Unmanned Aerial Systems; cybersecurity; IMECA; penetration testing; vulnerabilities; intrusion modes
Subjects:	H Social Sciences > HN Social history and conditions. Social problems. Social reform H Social Sciences > HV Social pathology. Social and public welfare Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology School of Science & Technology > Department of Computer Science School of Science & Technology > Department of Computer Science > Software Reliability
SWORD Depositor:	Symplectic Administrator

Export

Downloads