Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
2/2/2021
01:00 PM
Jeffrey Starr
Jeffrey Starr
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

RF Enables Takeover of Hostile Drones

Tempting as it may be to blast drones out of the sky, a less aggressive approach may yield better data about attackers - and keep bystanders safe.

The security team suddenly hears buzzing overhead at a seemingly secure government site, or critical facility such as a chemical plant. It's a small, unmanned aerial system (sUAS) – also known as a drone – that's entered the airspace, presenting an immediate, yet unpredictable threat to the sensitive site. What happens next? That largely depends on what type of counter-drone system has been deployed. 

Most people are familiar with UASs used for warfare and know that unauthorized aircraft of all shapes and sizes present a growing terror threat. But a new generation of ubiquitous drones are posing security risks to enterprises and other civilian organizations. They are cheap, powerful and easy to acquire or build. Security teams need to be alert and ready for their appearance.

Related Content:

Drone Path Often Reveals Operator's Location

Special Report: Understanding Your Cyber Attackers

New From The Edge: 4 Intriguing Email Attacks Detected by AI in 2020

Flights have been grounded and delayed at major airports worldwide, including in Newark, Dublin, and Dubai. Even the world's most secure airplane is not immune – Air Force One narrowly missed a collision with a drone in August as it descended in Washington, D.C.

Drones have menaced stadiums and disrupted four Major League Baseball games in 2020. Not long ago, a drone smuggling marijuana, cell phones, and cigarette lighters was caught in a net just above the fence at a prison in Mississippi.

Drones of every shape and size are increasingly breaching the security lines of restricted areas, and whenever a drone crosses into unauthorized territory, security teams first must make a critical determination: Is it friendly or hostile?

Not all drones pose an equal threat. Small, short-range drones employed by hobbyists often have a flight range of only a handful of yards or meters. They can be controlled by a smartphone and generally will not carry much of a payload. But there are longer-range drones, with heavy payload capacity, and weather and wind resistance, that can carry out significant attacks. In some scenarios, these drones may also carry evidence or intelligence, so the value of capturing and preserving them is high, assuming legal authorizations are in place to allow access to law enforcement personnel.

Most traditional methods of drone mitigation have their origins in the military counter-sUAS space and tend to utilize either jamming or kinetic methods. Jamming disrupts communication between pilot and drone, forcing the drone to land, or return to its home base. Security teams should note that jamming can cause serious communications interference to nearby operational or security communications, GPS navigation, or control systems, and can disrupt Wi-Fi and cellular networks. Also, a jamming-based system's effectiveness lasts only until the jamming stops, at which point the pilot may retake control of the drone.

The kinetic approach involves forcefully taking down the drone with ballistic systems or even using another drone. This creates shrapnel, which can cause collateral damage. The kinetic method destroys the drone, along with all the intelligence data the drone contains. 

In the not-so-distant future, our skies will be filled with drones. Gartner predicts that in five years, there will be 1 million drones carrying deliveries. As drones are increasingly used for security and emergency response, and by hobbyists and nefarious actors, organizations are significantly more likely to face drone infiltrations.

A newer technological alternative: radio frequency (RF), cyber-takeover of rogue drones allows for a safe landing of hostile sUAS and will help teams control the prospective threat and make safer, real-time, proactive decisions in sensitive environments.

How Does It Work?
The ground control station that pilots the drone has two parts: operators and communication links. Meanwhile, the drone itself has a base system, sensors, avionics, and communication links that speak to ground control. UAVs may hold a lot of data – much of it potentially sensitive. 

RF cyber detection and takeover mitigation allows security teams to overtake a rogue drone and safely take full control, without needing to jam, damage or otherwise destroy the drone – and the accompanying, possibly high-value security intel that the drone itself may provide to authorized investigators.

Let's return to that government or enterprise site, with its security team that is surprised when it notices a drone has entered its air space and must figure out how to proceed.

Traditional methods may work. The team could either use a jamming-based solution, or shoot down the drone and disable the threat. But jamming could also affect the organization's ability to communicate internally and shooting at the drone risks collateral damage.

A cyber takeover approach would offer the security team full control of the drone and a safe landing. Maintaining control preserves continuity of communications, transportation, commerce, and everyday life. In this case, the GPS of the drone and its home location are identified, allowing the security team to describe the pilot's location at the time of the drone's takeoff to law enforcement.

The drone can now be collected and examined so that proper information can be gathered according to local and federal regulations to learn about where the drone came from and what its operator's intentions were.

The goal of all security teams is to prevent incidents from spiraling into crises. As drones become ever smaller, quieter, more affordable, and durable, smarter takeover methods are required for them to proactively manage all incidents confidently.

Jeffrey Starr brings a track record of generating revenue and building market leadership with visionary business and product strategy, robust marketing and positioning expertise, and insightful executive direction for rapid growth in security, defense, safety, and compliance ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29446
PUBLISHED: 2021-04-16
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
CVE-2021-29451
PUBLISHED: 2021-04-16
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
CVE-2021-29452
PUBLISHED: 2021-04-16
a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make this ...
CVE-2021-29444
PUBLISHED: 2021-04-16
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDec...