Commercial drones expected to fly US skies in coming years, delivering pizza or monitoring power lines, would be dangerously vulnerable to hackers without a variety of potentially costly countermeasures to their GPS navigation systems, results of a federal study indicate.
Privacy and flight-safety concerns have dominated public debate since Congress voted two years ago to let thousands of parcel-laden or observational commercial drones trundle across US skies by 2015.
But an equally serious, if less recognized, threat lies in drone vulnerabilities to hackers seeking to commandeer unmanned aerial vehicles (UAVs) by “spoofing,” or faking, GPS satellite navigation signals using cheap GPS transmitting equipment. Such spoofing, when directed at a drone, could make it crash, drone experts say.
“Hacking commercial drones is a serious concern,” says Dennis Gormley, senior lecturer at Graduate School of Public and International Affairs at the University of Pittsburgh. “There are plenty of people who argue we’re not doing enough, even with respect to securing our more sensitive and costly military drones. So, yes, I’m concerned about the civilian side of things.”
The Federal Aviation Administration's Next Generation Air Transportation System now in development is expected increase its reliance on GPS – the core of the US-operated global navigation satellite system (GNSS). To address the GPS spoofing threat, the FAA in 2012 initiated a federal study of GPS navigation vulnerability. That study – by the GNSS Intentional Interference and Spoofing Study Team – concluded last fall, but findings have not been released publicly. An FAA spokesman declined to comment on the study.
An overview of the study, obtained by the Monitor, lists major vulnerabilities that affect UAVs – as well as newly identified countermeasures to defeat attackers, an expert who has seen the overview says.
“GNSS receivers are susceptible to intentional interference and spoofing,” according to the overview report, which was delivered by an FAA expert at an international conference in New Zealand in April. “Inexpensive, and readily available, GNSS repeaters and GNSS simulation tools can transmit hazardously misleading information ‘spoofing’ GNSS use.”
That much had been suspected since UAV tests at White Sands Missile Range, which allowed University of Texas researchers to demonstrate in 2012 how a drone could be made to dive toward the ground by spoofing.
But the federal research team has apparently advanced the investigation by identifying and investigating no less than eight “intentional interference & spoofing threat scenarios,” including four “interference” (GPS signal jamming) scenarios and four signal-spoofing scenarios, the study overview indicates.
Yet the team also found “numerous technical, operational, and legal mitigations” to limit some of those threats. The report cites six specific technical recommendations to limit GPS hacking, including the use of advanced antennas and digital authentication signatures for satellite signals, according to the overview.
Still, the “ability to recognize deception is problematic” for equipment, pilots, and air traffic controllers, the overview notes. None of the security fixes are likely to come cheap, either – a major issue if the cost of drones is to be kept down to compete with drone-makers in other countries, experts say.
“The strategies they recommend are far from foolproof, but they're sensible: each of them would complicate a successful spoofing attack,” says Todd Humphreys, a professor and satellite navigation expert who led the University of Texas team during the White Sands demonstration and reviewed the study overview and findings for the Monitor. “The question on my mind, and I'm sure on theirs, is how soon some or all these could be implemented. I expect it'll be 5-10 years or more,” says Professor Humphreys, who made these comments via e-mail.
Peter Singer, a strategist at the New America Foundation, a nonpartisan public policy think tank based in Washington, agrees with him.
“Communications of any kind can be jammed or hacked given the right level of skill, motivation, and time,” he says. “So you want to focus not just on improving protection and prevention, but also resilience and response.”
Technical fixes will plug those GPS navigation system vulnerabilities not only for UAVs, but also for other aircraft, say commercial UAV industry officials.
“There are weaknesses to just relying on GPS for navigation, but those weaknesses are not just for unmanned aircraft,” says Ben Gielow, general counsel for the Association for Unmanned Vehicle Systems International, which represents the UAV industry. “It is a concern and it is being addressed, certainly.”
Still, the federal study findings arrive against a backdrop of rising public concern over the prospect of having drones hovering overhead. Last month, the Obama administration’s use of military drones was criticized by a bipartisan panel of experts for creating a “slippery slope” that could lead to perpetual war.
Civilian drones flown with FAA's permission are also in the limelight. Law enforcement agencies, universities, and other registered drone users reported 23 accidents and 236 unsafe incidents since November 2009, according to FAA records, The Washington Post reported last week.
In May, the Post reported, a quad-copter drone with four rotors crashed into the 30th floor of a St. Louis skyscraper. In March, the FAA fined a Brooklyn man $2,200 for hitting two midtown Manhattan skyscrapers with his quad-copter before it nearly crashed into a pedestrian.
Testing on UAV systems to improve safety could delay their arrival in US skies beyond 2015, many say.
Yet once given an FAA stamp of approval, the economy will feel a boost from the commercial drone business, Mr. Gielow says. The military and civilian UAV market is predicted to more than double over the next decade to more than $11 billion in 2023, according to the Teal Group, a Fairfax, Va., consulting firm.
In May, the Pentagon’s Defense Advanced Research Projects Agency (DARPA) unveiled an experimental drone built with secure software aimed at preventing its control and navigation systems from being hacked. Such systems could eventually work their way into commercial drones.
Yet some experts are circumspect about the prospect of preventing drones from being hacked, even with advanced mitigation measures.
“We agree the command-and-control link is one of the easiest to make a fix to by adding encryption,” says Humphreys in a phone interview. “The other weak point is the navigation link. It’s not encrypted and is easy to falsify. But changing signals so they are encrypted will, for civilian drones, take years, a decade – or never. It’s a serious problem.”