Global Drone Security Network Event #2- Mike Monnik

Masumi Arafune
Global Drone Security Network Event #2- Mike Monnik

Global Drone Security Network virtual event went really well and many of you remember how exciting it was.This event featured speakers from around the world, bringing together industry experts and leaders covering topics on drone threats, drone vulnerabilities, security, regulations, the future evolution of drones and CUAS, and more.

As you already know GDSN #3 is just around the corner but before we jump in, let's review our talks from GDSN #2!

This is the first post of GDSN #2 review. If you haven't checked GDSN #2 talks yet, it is a good time to do so!

Mike Monnik - The State of Drone Security Analysing 1000+ drone incidents

Okay, so it's 750. And I've got about 45 minutes, which makes it absolutely perfect before Chris's talk. And one thing I wanted to make sure we do here today is that I want to kind of set the scene, I am the first presenter here. And so, I am going to go into a little bit of an introduction around drone security, before the main part of my talk, which will be going through the different drone incidents that we have seen. So, I will do a bit of a beginner's introduction for anyone, you know, basically new to the scene. So, my name is Mike Monnik. And I'm the founder and CTO of DroneSec, we focus on both defensive and offensive drone security operations. And, you know, threat intelligence is a large, large key component of that, and I'll get into why we did that. But you know, it this really all started in the industry, when we saw drones being hacked out of the air and being used for different nefarious reasons and thought that there has to be a better response to that. So that is something we actively work towards whether it's white papers or frameworks, or just systems and databases that allow others to do their job better when it comes to drone security. So since about early 2019, we set about hiring people with threat intelligence backgrounds, drone security consultants, people who would be able to help us data log data, catalogue and log all of the drone incidents that there was, in order to help our red teams, because red teams really need effective adversary Intel, in order to use their same tools, their tactics, their procedures, and then use that to replicate against, say, a simulation, whether it's against an airport or a counter UAS system. So, a lot of our focus has been on mapping out all of the incidents, to get the right adversary, to take the right adversary and simulate that in a red team. That is basically what we do.

So, I want to first kind of kick off with a pretty interesting story in the jungles of Guatemala, I don't know how many of you have actually been there. But the jungle is quite rich and thick. And it's hard to move in and out of there. But one thing that law enforcement found recently was that they would cut these very small runways into the jungle, and planes fully loaded with narcotics, were able to somehow land in these very narrow areas, in the middle of the night, in pitch black out planes, no lights on, no lights on the ground, didn't know how they were doing it. They slowly kind of started to discover that some of these drones with lights kind of pointing upwards, and on these drones down the runway, were able to enable a plane to land in the forest in the jungle and drop down their contraband, their narcotics. And this isn't necessarily a drone that is doing anything bad. It's simply being used to enable something or enable a larger vehicle to drop that. But it's quite innovative. And I think this goes for the whole drone security industry is that people will use the nefarious reasons to come up with really innovative solutions. We see that in Syria and Iraq as well, Ukraine, and we're going to cover some of that today. But you know, it's not just Guatemala where they use drones in innovative ways. Even here in Melbourne, nefarious individuals have uploaded or sent a drone up into the sky to do counter surveillance and try to look for you know, where police might be hiding in order to combat that. So, it's a worldwide problem that we catalogue a lot of it. All the way from the cartels, and you know, near Mexico, where they adopt improvised explosives to small drones, they can fly them against enemy cartel members, all the way to attaching some hacking firmware or Raspberry Pi's to a small drone, in order to breach Wi Fi networks and hide, you know, hard to reach towers and things like that. So, it can be quite an interesting, innovative industry. And it's all enabled by these small, you know, computer like systems that can go anywhere and are very cheap to try and buy. But the innovation is also on the good side, right in Mexico City, Uber use these drones to drive down the road and basically told the vehicles that, you know, there's an alternative option, get into Uber pool and you can beat all the morning traffic and be able to get past that. And so, I don't think we'd be allowed to do that over here in Australia, but they certainly make use of that over there in Mexico City. And there's countless operations where we see the uses of drones, you know, from doing 3d models of crash scenes so that law enforcement can get to the next accident, to saving people who are drowning in the water to cleaning, you know, rubbish of powerlines there's just so many applications. And so, our mission here is to make sure that the innovative ingenuity of the good applications continues to increase. And that these you know, key nefarious actions by guys with bad drones are, you know, controlled in a way that is risk controlled and we remove that potential element. So, you know, when considering the security in the context of drones, and most of this fall under that you want to know, first, the protection of friendly drones against attackers, you want to know that there's the protection of the systems that support, control and manage drones as well. And of course, we want to protect against rogue drones or countering them. And that's where the counter UAS stuff comes in. But essentially, you know, if we embed security into all of these operations, hopefully, we can have a much more safer, you know, landscape being able to utilize drones in this way. So when we talk about different types of drones, and again, this is just a quick recap for anyone, you know, really new to the industry, or kind of getting a gauge for, there are different types of drones each have their own kind of characteristics, you know, a hobby drone might cost less, but you know, it can fly for 30 minutes, but it can only go in a range of you know, three to five kilometres. If you have a larger drone, like a farming drone, it actually flies for less time, but it can carry a heavier payload, which if you're thinking of security gives you a different matrix to work by. And of course, you have your racing drones, and other things like that, where they can go extremely fast, but they're limited in range. So again, your risk scenario changes. And all through this presentation, and I'm sure all the other speakers tonight, they're going to call them UAS, UAV, RPAS, drone is really different in different places. You know, in South Africa, I recognize RPAS a lot. You know, same here in Australia, in the US, I see a lot of UAS or UAV. We at Dronesec, we usually call them drones. So, let's keep that interchangeable terminology today. And just a quick kind of summary over you know how drones really work. As we go into the next, you know, few presentations and conversations. Basically, you get control from a controller and an app on that controller, and it sends those commands to a drone, which then makes the movement happen and controls where it goes. And a lot of that feedback is then sent back to the video of the controller itself, it’s using GPS. And nowadays, you know, a lot of these drones are connected to the internet. So, it means you might have to unlock where you're flying, it might be sending who you are, or if you're allowed to be in that area. And all these kinds of tricky parts that go back to, you know, some of that vendor server, depending on the drone and the company as well. And when you have something like an autonomous drone, you're kind of removing that controller out of the equation. So, you've got a single computer or a server that makes those commands happen. Sometimes that can happen by radio networks, sometimes by you know, custom networks. And that drone just does the commands that you want it to do, you know, without any person or controller sitting there. So, you start to realize that drones are very similar to computer networks. In fact, if you were to line them up side by side like this, you'll notice that drones and their applications all have different IP addresses, they compete, they communicate, just like computers, and they have computer systems involved. They have communication devices, wireless devices. And so, you start to realize that a lot of the attack vectors that affect drones are very much transferred from the digital cyberspace industry. And this is important to note, it's something that David Kovar, who's speaking a little bit later, you know, he came up with a lot of the forensics to do with drones. And Chris Church as well from Interpol will talk on that a little bit. The fact that you know, when you're doing forensics for drone system, a lot of it is transferable from computers, it's just that these are computers that are flying around, they're collecting video, they're collecting in some cases, audio, telemetry data, and there's so many different layers in that stack that you now have to account for. So, for those of you from a computer security or a computer background, you can kind of equate a single drone to being like a desktop PC, or the laptop you're using. Now, a UTM system is very similar to having an enterprise network of different makes and models and sometimes BYOD as well. And on the other side, you have the antivirus systems, and they're here trying to make sure good files or good, you know, drones are coming in and out. And they're keeping the bad ones out. And that counter drone system. In today's world, you can kill off any malware you see, counter drones today are very much only used by authorities that can so we're going to have a few discussions around that through the event. So just quickly, if we're talking about them being in the context of a computer system or digital devices, what are the kind of attack vectors out there? Well, one of the bug bounty programs that is currently set up for DJI for example, they will roughly pay out 5,000 to 30,000 USD depending on the bug. If you can remotely hijack that drone or permanently you know, conduct denial of service. And this is because if you have a drone in the air and you managed to you know, hack into it, you can cause it to fall down you can cause it to lose its contents or extract its content contents, extract that out. It's really important that you know, they protect that kind of stuff. But it also goes to note that they will also pay if you are able to circumnavigate the infrastructure that actually supports drone operations. Now we're finding that more and more that a UTM system, or a system that is doing drone analytics, all of that is interconnected. And if you're able to breach one of those. The potential is that you can then have control of other drone systems that are out there. And so, it's quite important to note that, you know, companies are now taking this quite seriously in the, in the side of, you know, trying to put money there to ensure that security researchers are looking at this stuff. And, you know, we'll talk a little bit about that, and how much that occurs. Not going to go into it today. But there are just a bunch of different security risks, which you can go over and be able to find with some drones, depending on the make, model and manufacturer. And all of these boil down to those privacy and data security concerns that people have today. So, when you think drone security, it often does fall down to some of these common security risks and trying to alleviate some of those as well. So, in terms of cybersecurity, for DroneSec, I wanted to include this slide because I thought it was quite interesting in the past year alone. One of our departments is cybersecurity focused within drones, counter UAS systems, UTM systems. And there's been times where, you know, the innovation of drones passes so quickly and so fast that they forget to secure the components that undermine the whole operation. So, I just picked out seven of these for the past year. But these vulnerabilities have included everything from you know, actually being able to locate the customer and pilot information from a drone or from a drone system. Actually, having control panels where people control counter UAS systems, or even UTM control panels where they have a few drones interconnected by a single control point. And being able to have access to those as an unauthorized remote attacker. Again, we've had police departments, where you can basically see which types of drones and drone make and models they're purchasing, which, of course, is not very good for your operational security, all the way down to being able to grab the video and telemetry from a drone that's done an operation, they think it's been secure and safe, and you're able to pull that down. So, this is just a quick squeeze on numbers, but the rest of the presentation is going to be going through these in a lot more detail. So, it wouldn't be suffice to kind of just stop there and dig into the analytics without just quickly mentioning the bad actors. And what some of these will detail when we go into those steps. So, I'm going to show you a quick clip. If you're not comfortable with battlefield or of violence, in terms of footage, just maybe look away for the next 30 seconds or so because I am going to just go over and play that. So, in the height of ISIS in Syria a couple years ago, a lot of drones were being used by ISIS because they're really cheap. They're easily available to get and, you know, it allowed them to perform not only long-range recon, but the ability to attach small payloads like this little mortar here, attach it with a badminton shuttlecock go from the top of exactly where they know that their targeting is and drop that on, say, for example, a vehicle here that is covered with arms and ammunition, so it can be quite deadly. And it's you know, it's great because commercial drones for them have great balance. They're fighting against the wind, and all those kinds of other factors. And the technology companies are making these better and more innovative all the time. So, they make a great way of doing a long-range dropping IED. And when you think about it in the context of say an RPG, they really are disconnected from the threat. So, an attacker with an RPG, located 100 meters away or so would probably have some return fire. Whereas someone with a drone, even if you take the drone down, it's very difficult to locate that operator, very small chance they are actually going to be found or get caught. And this continued to, you know, the innovation was incredible. And Memri has some great reports, but they go into detail on, you know, having classes on teaching terrorists or ISIS members on how to utilize drones. This included attaching multiple batteries and wiring them so that as it was flying, if one battery exhausted, the next battery would start to be used, or making sure that it was you know, defended against countermeasures by using different types of frequency bands, or even just making sure it could carry heavier payloads and making sure that was really accurate. So, there was a real threat in Syria, there still is. And of course, in the Ukraine right now, we're seeing a lot of that movement, with drones and drones being jammed, currently at the moment. And this is something that I put in almost every presentation because it's quite an important note. And it's a great document and quite an interesting read. But one of these in terms of what the US Army says about UAS is that they represent a significant threat to the army. If the a UAS is observed above your position, you're already compromised. And units are supposed to attempt to engage or destroy the UAS using any organic means available. And I'm pretty sure they didn't mean that type of organic. But the organic they did mean was that General David Perkins of the US Army went ahead to say that at one point they had a small UAS in the air, and the only way to actually bring it down was eventually by firing a $4 million Patriot missile at the drone. He goes on to say, Yes, it did work. But the economic trade off was so bad that $4 million, compared to say, a $200 drone, it's just, you just can't imagine. And if ISIS were to continue sending small drones would they have used up more of their missiles is quite a bad economic trade off and something to be concerned about. And we've seen, you know, issues with drones near airports all the time, drones don't have to be necessarily carrying a weapon to be the weapon. In some cases, they could simply be in the airspace, to cause a lot of frustration. And a really good author and friend of mine, David Hambling once mentioned that, you know, drones are sometimes referred to as giant mechanical geese from hell. And the reason why he goes on to say this is because drones are not like birds, or geese, you know, that that often collide with planes in the air, they really are made up of little metal pieces, and they have plastic, they also have Lipo batteries in them, which do explode in impact. So, there's been a few studies done, and there's a lot of agreement that drones cause damage to airplanes, and helicopters. And so much so that when you're thinking about risk modelling for drones, what would shut down an airport for a few days, if it was just a threat, at this point, if you were to call any other claim against an airport, they would probably have to verify it or try to use a lot of equipment and technology and people to verify that threat exists. Now, when it comes to drones, it is quite a, an open field, if there is a drone sighting, it could be used as a threat to do something. So, it's quite hard to figure that in and think about your risk matrix when a single drone could be potentially so dangerous to an aeroplane, if used in the wrong way. So, one of the pinnacle areas of drone security is counter drones or counter UAS, and I am not going to go into them today, because we have an excellent speaker who I actually have on the next slide, Jacob Davis, and he'll be speaking a little bit later. But I've often reflected on his paper, drone defence is still illegal. One of the reasons why he writes that is because in many countries, only authorities can use it. But he has such a great cadence of say, you know, jam, fry, break, shoot spoof grab hack, and there's so many different countermeasures out there. And a lot of them have been created, because of all the different, you know, legal, you know, situations in different countries, one will ban something, so they'll create a different countermeasure and so forth and so forth. But I'm not going to go into the positives and negatives of them today. And there's certainly presentations for that out there. And I'll let Jacob talk to that. That you just need to know, that is certainly one of the topics we're going to cover today.

So, I want to kind of bank now on threat intelligence, we are at 730 in Australian time, and I've only got about half an hour left, before we move on to our next speaker. So, threat intelligence for us is really a case of you know, do we see multiple incidents in an area that we can catalogue baseline put together and start to get an understanding of is there you know, a certain type of make and model used in an area that keeps coming up, that we can then inform police or law enforcement to focus on that type of drone, rather than wasting resources or energy elsewhere. And if there's a threat actor that is consistently using the same tools, tactics and techniques, can we baseline that and then predict what they're going to do next. And the best way to really explain this is, you know, when we were at the air show in Singapore, back when COVID-19 really was first kicking off, they started contact tracing, right. And it was this process of finding out who the person was that was infected, and then try, you know, trawling back and finding out where they had been, what they had touched who they had met, and then off the back of that they could try to predict who would be there next, and from that prediction, that would be preventing future cases from happening. And if you think about it, you know, contact tracing is a form of threat intelligence. And for us, that comes under the same angle of drones, right, if you can connect all the little dots from the sightings from the counter UAS systems, the detection systems, you know, maybe there's some of the social media and underground forums, all the way to law enforcement reports and even manufacturers, sometimes you can create a good, pretty good baseline of threat intelligence to prevent or predict against attacks. And it's a great way of informing your SOPs, and making sure an airport is prepared and ready, or a prison is prepared and ready because they have seen it, they have practiced it and they've done it time and time again, to try and make sure that they're protected against that. So, what happens when we put all this together into a specific threat actor because I did mention a threat actor. Well, you try to look for number one, their motivations, their goals, who makes up that threat actor, but then also, yes, they might have a certain environment they operate out of, but what are their tactics and techniques, what are their procedures, and so we do have a document like this, and I encourage you to email us once vetted to get access to that. But we currently track around 11 threat actors in terms of around the world using those same TTPs over and over again. And in this example, one of these groups operates near the Kashmir border near Pakistan and India, their motivations are really to supply troops on the other side of the border, or, you know, conduct surveillance on some of those troops. And, you know, their TTPs include the fact that they recruit local youths to do the dirty job for them, they take off from close border villages, you know, they, they modify some of those drone parameters to be able to, you know, lift heavier weights, we recorded the exact drone types and make and models that they use. Sometimes they use kind of unique things like low noise propellers, and the stuff they carry in terms of payloads. So, you start to recognize that we're not worried about the simple, you know, stuff that is occurring on a basis that doesn't have an effect on people. When it comes to companies and people that is, you know, certainly a priority. But when it comes to say, this type of threat actor, they're after violence and extremism, and they're trying to supply weapons and troops, so quite a bad one. So that's something that we would track and make sure we can track their movements and the types of drones they use. So, in terms of actually tracking some of the stuff, obviously, you have an AI base, neutral language net, which basically captures a bunch of keywords that you're trying to look for and analyse anything to do with, say, UAV, UAS, RPAS, drone, spin that through a whole bunch of different language translations.

And of course, pair it with, you know, places you're trying to look after, maybe it's Tullamarine Airport, or Michigan Stadium, you know, the bison power station, all of these things are constantly looked at in real time and pairing that with all the different sources. We tried to create a picture of what's happening. And you may see over the right-hand side there, and you know, obviously, we've got social engines and sorry, social media. And you might think, how does that apply? Well, I'll give you an example, quickly to kind of give you the sense of how it goes. This is an example picture, by the way, but it is a real incident. So, we had an image come up on Twitter, that tagged one of our keywords. It tagged the German word for drone, as well as the airport in question. The time and date was June 1, that we actually saw the artifact happen. And we recognize from the picture and also the airport, which airport it was. Now something else interesting is that if you track which airports and obviously most of this is public information, which airports or prisons or places are housing what counter drone system, you're able to pair that together and say, well, there should have been a counter drone system at that airport, there's obviously been a picture of a drone above it. What does that mean? Was the drone legally allowed to be there? Or did the counter UAS system not engage? Or was there an issue with the airport, all of these things can be questioned, which can help those, you know, SOPs, and help them both kind of improve their products and response to something like this. So now, I want to really get into the thick of it, I want to go over some of the incidents that have occurred, and that we've been able to see over the past year. And it's interesting, because, you know, when we talk about incidents, high priority incidents are just that they're, they're, what's the word, relevant to a number of different parties. And so, as we go through this, I want to kind of get into, you know, why the drones are present, why all these incidents have occurred. But all you should know is that here, we're only tracking the bad stuff that has occurred. So, in terms of high priority incidents, we saw around 90, in 2020, we tracked 29, that were direct cybersecurity related towards drones , UTMs, or counter UAS systems. We tracked about 293 medium to low priority incidents. A medium to low priority may simply be, for example, a small prison incident that didn't result in a payload being dropped, and no one was apprehended, and the drone wasn't seized. A high priority incident might include something that has happened recently, is to a critical infrastructure piece, or it reflects a great need for our customers to know about it immediately. The good news was that we saw over 266 white papers and publications focused on UAV security just in the in the last year alone, really. And a lot of these were either legislation, or it was a focus on, you know, departments and governments securing their drone systems, or just, you know, even enablement in counter drone systems and how that works. And of course, you have the Interpol drone responders framework come out as well. So those kinds of things are all included in that number. So, the first thing we're really focused on is the movement of narcotics using drones or at least prisons and by the way, I can see some of these questions coming through. So, I will get to some of them as the time ticks on but going from the top left to the bottom right, you know, drones have been used for narcotics and over prisons for a great reason. They're super cheap, they're really easy to be able to access and fly, almost anyone can do it. And they're really easy to acquire. And so, we've seen everything from, you know, a customized spork mechanism, which can drop drugs into a prison yard, all the way to string mechanisms to purchasing, you know, an Alibaba dropping mechanism for just a few dollars online, all the way to, you know, having the drone be a one-way crash mission just as long as the object gets in there. And this is something that is increasing, you know, a huge, huge amount, and these statistics on drone drops is certainly redacted. And I'll go into that. But you know, when you look at what prisons are reporting to authorities, and then actually making public, the figure is actually quite low, lower than, than it really is. And of course, these are ones that are made public. So, we saw roughly 46 kind of major narcotics incidents, I should say, major. 23 of these were prisons, 17, were really cross borders. And six of those were kind of major narcotics incidents again, but in suburban areas. So, in a bit of a leader board on the right-hand side, you can see the countries that were most affected. And I'll really dig into some of that data now. So, in terms of what we saw, when drones were seized by authorities. So 28% of those drones that were actually seized were when the drone had been crashed, okay, and it kind of goes to the fact that we can look at how this happened. Sometimes it's simply the weight of the payload, they're carrying a large number of narcotics. And it means that they lose control, they hit a lower hanging, you know, tree or something like that, or they simply lose battery, you know, quicker than they would have expected. Sometimes it's because they're flying at night, and they can't see or they're beyond that visual line of sight. And other times, it has simply been trees or wires have been in the area. But we do notice that a fair amount of those drones are seized simply because they crash. And that kind of brings me to my second point is that a lot of the drones used for prison narcotics are often under 2kgs. And it's quite interesting, you know, to pair that, you know, these drones sometimes have less battery life, but putting a payload on them means you drastically reduced their battery life. And so, most of those we found that were reported, again, were lodged within five kilometres of the prison itself. And this is done by conducting some forensics and finding out which launch point actually was, most of these ended up being vehicles or forests, where they actually took off from and some of those were obviously found before the take-off, they were found in vehicles or on the persons as they approached. Now an interesting figure is that 10% of the actual operators apprehended were because of a certain amount of forensics, whether that was finding the telemetry and tracking that back to a person, or the person owning the drone. Or simply, you know, as we saw with Montreal, just this last week, tracking the drone down to a certain launch location, combining that with CCTV, and being able to track back the CCTV to see the person exiting the building with the drone in hand, and then visually matching that drone to the one found in the prison. So pretty interesting, you know, type of forensic work there, but certainly something that is on the rise. And again, you know, the most common payloads we see with narcotic drones, or drones, shipping narcotics, is combining that with SIM cards for communication, or shivs and small weapons, all the way to cash, lighters, whatever might be currency in that prison at that certain point in time. And I want to take you across three kind of key, you know, scenarios or interesting additions we've seen to prisons just in the last year that we didn't kind of notice back in 2019. So, the first one is canary drones. In two events, we found that operators would send a smaller, non-payload equipped drone to fly over the prison. And they were trying to enumerate whether there was counter UAS that would try to mitigate or engage with the UAS, or if the staff actually alerted and tried to, you know, do something about and, you know, get everyone back into the buildings. Both of these incidents, one of them happened more than 24 hours before the next one. So, you actually have to try and figure out what the attribution is if you can link them together. The other Canary drone happened just 10 minutes before. So, 10 minutes, fly a small, you know, smaller drone, then a little bit later, send your actual drone with the payload. So, if your first one gets caught, you were simply flying, if your second ones get caught, while you are carrying, you know, a culpable number of narcotics.

The other interesting scenario that we saw was pseudo swarm drones. Now, when it comes to swarms, you have swarms that are flying in relation to each other as part of one swarm, or you have swarms that are, you know, independent of each other, but within the same, you know, single control operator. They're operating independently but following the same kind of lead. Now, pseudo swarm drones are when you have, you know, your multiple drones flown by, say, separate operators as a form of deception tactics. And so, in one event, specifically, we found that there were three drones flying over the same facility, guards were alerted. And you know, often a drone might scurry off when they're alerted. But in this case, they stayed there for roughly 10, sorry, seven minutes. And the thought was that while the two drones were actually flying around that third one was the one with the payload, so a bit of cat and mouse there, and a way to try and deceive them. No idea in this case, that the information wasn't too clear whether that was flown by three separate people from three separate launch locations, or you had someone mixed up in the larger group, but it was certainly an issue that is recorded, and something to try and go by in terms of a future Red Team tactic. The other one was anti forensics. So there have been multiple cases where they have found either SD cards removed from the drones, the mobile applications have caching disabled so that there's no telemetry, or at least there's no video cache on those devices, the return to home functions are disabled. So, if counter UAS does engage it, it's not going to fly back to the operator and surprise them and lead the law enforcement straight to them. Sometimes the serial information is filed off, and other times they'll find that the drone itself and the batteries were purchased second-hand. So, there isn't really attribution to the immediate drone seller, and one specific drone that got caught up in an incident and they tracked it down to the owner, the owner had provided his DJI login address to the person when he had sold it second-hand. So, a big no no, but his account was being used to conduct criminal acts in the future, which is not your greatest combination. And then, of course, using customized applications to try and cover that if there is a link, you know, where that information is being sent back to a vendor that might you know, hold them culpable. So, what do we see with the forecasts of, you know, prisons when it comes to drone security? Well, keep in mind is, you know, just our kind of forecasts and analysis, but this is looking over all of those events and trying to see the similarities and differences. Well, the main thing is that, you know, many counter UAS are probably look at keeping one side of the house detection, one side of the house mitigation were legally possible. And this is because it has been a long time in terms of legislation for some countries, and some still don't have that authorization to do mitigation options. And so there, there will be a time where they need to think, okay, we've only got detection, how are we now going to respond and create procedure around that to resolve. One prison in particular, and this was a discussion at another conference was the fact that they wanted to put a fish wire netting above the prison itself, so that if any contraband was dropped it would fall on the netting, drones would get tied up in the netting. It's a type of deception technique. And of course, I think there's no one better to speak about deception, then then Ulf Barth, one of the speakers today as well. So, he'll get into some of that, potentially, but quite an interesting kind of thought, when you think these prisons for so long, they've had such great protections against outsiders. And now they need to think about, you know, their airspace as well. The other thing is drone capabilities, you know, when you come to these heavy lift drones that are being produced, even a motorcycle gang or an organized crime can spend roughly $80,000, for a good drone, that can carry you know, 25 kgs of payload. And so, these are the questions being asked by drone manufacturers and small, you know, shops is, you know, how do we secure and, and inscribe you know, the identity of the buyer into the hardware into the software, make sure it's identifiable, you know, we don't want to sell something that will be in future used for a crime. And so that is another thing that we're kind of looking at, but I never hope this is true. But I've got a feeling that you know, this is a big topic being looked at law enforcement at the moment is that second-hand sales of drones to then people who use that in a nefarious way. And so, we don't quite know how this will pan out. But there are rumblings of the fact that second-hand drone sales may be tried to be attributed to the person purchasing them, as with many bad guys out there, they probably won't use that same thing. And they won't go by compliance. But it's something to keep in mind.

And lastly, there has been a long-standing traditional protection against, you know, hostile vehicle mitigation with prisons, and only recently, some of them, especially, you know, in Canada that we've seen time and time, again, are facing these drone threats, you know, on a consistent manner. And in fact, most reflections that we hear from those with prison facilities is that in reality, they actually have a lot more than are published. And that's something David Kovar will touch on as well. It's just that lack of information and understanding getting back to authorities or the people there or incorrect reporting about a drone incident and you know, post-mortem analysis. So we're going to see, you know, maybe in the future, they'll start to classify them as a separate or a similar type of hostile vehicle mitigation for the airspace. And the next one I kind of want to focus on because I do realize I've only got 10 minutes left at this point, there's, there's lots I would love to share with you. And I'll make sure there's enough resources in the contents. But border crossings have been a really, really interesting part of the year 2020. In fact,  if you could take any incident that we have logged consistently on a day-by-day basis, border crossings are that. And so, if you go from your top left, all the way to the top right, on the top left, you've got you know, Singapore, you know, drone that flew across the strait there from Malaysia to Singapore, you have some of the smaller ones you can see have been shot down by a small arms fire in the bottom hand corner. And I'll tell you about that, all the way to the top right, you have quite a large drone that was used to carry the M4 you see on your left, as well as ammunition with a heavier payload lift. And all the way down on the left, you have, you know, drones used by cartels to create them into IEDs. So that they can fly them into enemy cartels as well. So huge range of varying drones, many of them, as I get to the slide, are over 2kgs. But I just want to quickly show you the numbers here. So, we saw roughly 64 border incidents that were major classified incidents, you know, attribution and tried to verify that these were true and you know, all well and good. And most of these occurred between India and Pakistan with the other borders over there on the right. In terms of, you know, the key numbers that we saw, there was a high number of drones seized by authorities, but a very low amount of them were actually engaged due to counter UAS on the border areas. And there's some interesting thoughts about this. But one of them is that, you know, most of these are one-way flights, they want to get the payload and deliver it, they've got a lot of money, potentially and supplies. And so, they don't really care about, you know, keeping that drone alive, like maybe some of the prison flights, they're also across a border, so attribution becomes a lot harder. And the other thing to remember is that your risk model changes depending on the category and the payload that your drone is carrying, right. And so, for example, if you are carrying heavy weapons and payloads, then your ability to shoot with small arms fire is going to be a lot easier. Just going to check here I saw someone say the screen is blurry. But hopefully it's all fine. Okay, so getting back to it. Some of them have payloads removed once they've gotten across the border, which means that you know, the perpetrators have already gotten to the content, they've removed the payload, and they've left it there simply because if you're smuggling narcotics across a border, your small baggie is going to be worth 10 drones of the type of drone they carried it in. So that that cost benefit there is quite interesting. And in terms of the number of operators apprehended that is extremely low, we barely see any reports about cross border people arrested. And when it is, it's usually people who have been unsuspectingly recruited by those who are in charge of those criminal operations. So, they're not even suspecting that they're going to be involved in a crime when they're hired to do that. I want to put a question to the really to the audience. And I'm not going to really have much time for Q&A after this. But feel free to put your questions in the comments. And I'll reply to all of them is most of these drones are over 2 kgs. And you know, our wonder is maybe they have more funding, maybe it's because they're trying to ship weapons, which are bigger payloads, but there seems to be a stark contrast towards those, you know, within prisons that are generally under that two kg limit. And again, you know, we see everything from grenades to M4sto communication devices, GPS, you know, tracking units, all these things being flown across borders at the moment in 2020. In terms of scenarios, drones over borders aren't just being used for the drone themselves. There's a large portion of them which are being used to enable larger operations that are happening. In one case, we heard that drones caused a bit of a commotion in one angle to pull responders away from a key choke point. So, they can actually get a vehicle through that choke point and they were successful, and the law or the force, the first responders then had to return to that choke point as quickly as they can, realizing that the other drone that was causing the commotion, just had a tennis ball attached with nothing in it. So, a little bit deceiving there. And the same thing for human trafficking. This is attributed back to some first responders who have come to us privately and said that, you know, by having eyes on where those Border Protection areas are or knowing where those first responders are, human trafficking albeit less because drones can do some of the some of their job is now able to occur on a on a higher percentage of confidence knowing where they are. And then of course, you know, we're talking about using you know, as a guide to land planes in the cut-out jungle areas, it's possible to use drones in ways that are innovative, and really the specific threat. So, more kind of indications around cross border ones is camouflage and deception, you know, they will use low profile, noise reduction propellers, you can grab a pair off, you know, eBay for 20 bucks, and then might reduce it by a small amount. But custom-made propellers can also sometimes do that. And it really depends on the weight, and the payload weight of the drone that you're flying. We've seen drones that are painted over sky blue, or cloud white to match in with the sky. Flying night missions with those lights tapped over, taped over, or the LED is taken out of the little sections there. And of course, the key thing here that I want to mention about attribution is that, you know, commercial drones can be bought by anyone, even a civilian. They have a very low price point. And so, it's very hard to attribute that back to a military, although it can be used for weapons of choice similar to military, so military suppliers, remote weaponization IEDs, all possible by these, you know, $500 items, and very hard to attribute back. And so, it's very hard to figure out whether it was actually a nation state, a rebel or say, a hobbyist. So, in terms of the forecast, I realize that don't have too much time left, so you know, counter UAS, they're going to require larger footprints. There's, you know, different talk from Telcos in terms of, should we be putting detection systems within telecommunication towers? Should we, you know, be attaching that to physical assets or walls or perimeters? How do we make sure that detection or countermeasures software, and systems can protect along areas? And another reason for that is that, you know, if you've got a prison, that's probably a built-up area, or many of them are, when it comes to borders, they're long, sweeping planes or open periods of water, like Singapore, Malaysia, Australia, and so your range is extended by the drone. In fact, I love flying near the beach, because you get much further range. And so, they're going to have to deal with people launching those drones from a much further away section. And, of course, when it comes to, you know, your side of the border, you need to ensure that you know, you're protecting that side of the border, and your geo positioning or, or geo fenced area is very controlled not to affect, you know, legal or law enforcement drones on the other side. I'm not going to go into remote ID and geo fencing, but it's a conversation that's come up, certainly a few years away as well. But it's something where, you know, how do they control what, you know, if drones can just come in and out of their airspace? Do they treat it like traditional aircraft? Or do they treat it like something else? Excuse me. And when it comes to, to, you know, comparing something like prisons and borders, hard stop countermeasures is a choice of military, it's not really a choice of that of civilians, private customers and commercial entities. But when you have drones that are flying, you know, military weapons, explosives and ordinance across a border, it does get to that point where you may need to have multi layered defense, including hard stops. So, I don't know how the legislation is going to go with that when it comes to actually, you know, stopping that, but we'll see how it goes. I'm going to quickly go through, and my next speaker is Chris, so I'm going to try and make sure I don't cut into too much of his time. But this is where we saw the most incidents occur in terms of rank, with law enforcement, you know, the COVID-19 really provided a huge increase of using drones, you know, search and rescue, all of that kind of thing. But they're still they're still scraping by with some legislation, which make it very hard for them to intercept or trace where drones are. In terms of cybersecurity, you know, I think there's a huge component of, you know, manufacturers are trying to get lots of privacy in there. They're realizing you know that there's a lot of, you know, cybersecurity and hacking going on. But at the same time, some of your UTM and counter UAS vendors are looking at what is the number one-way people would try to bypass our systems using a drone, though they'd probably go from the cybersecurity angle first, just skipping through to make sure we have enough time. In terms of counter UAS systems, as I said, they're probably going to be splitting that detection and response a little bit. More and more UTM systems and smart cities are going to want to have lots of drones flying around. And so, if they combine with counter UAS, there will probably be like an allowed denialist where you can, you know, keep the bad ones out while keeping the good ones in. So, I think from what we've seen, in terms of, you know, cataloguing, different counter drone systems since throughout, you know, 2016, many of them were trying different things, nets, and, you know, kinetic measures and all this. I think the jamming and signal manipulation is definitely taking the forefront at the moment. You know, in terms of that, and, you know, obviously legislation needs to continue to improve on it. You know, what can we do about the people I spoke about right at the very start of the presentation, when they have a need to stop it from affecting them and their organizations. Threat intelligence informs what counter UAS will focus on next. That's why we log, you know, the different threat actors. And really interesting, as you know, Australia airservices, Australia released their RFI recently for a national drone surveillance program, you know, will they start combining air traffic management, UAV traffic management, and you know, all those kind of technologies into one, that's something we're starting to just kind of hear little peeps about. So, in the end, I hope I've kind of really set the scene for the rest of the talks, we do have a huge calibre of speakers today from different areas. And you need to remember those all makeup drones, drones are something new, right? They're electronic, they have kinetic components to them, they move around, they can, you know, be in close proximity to humans, as well as flying up, you know, higher with the planes up there. So, we need to really focus on making sure we combine all these and create new security, adoptions and regulations, which you know, don't result in restrictions in the industry. So, I want to thank you for attending. And I really appreciate anyone who's joining us for the rest of the presentation, especially those who got up early. I will share the slide at the end and these links but just on the right-hand side is you know, some links to our weekly UAS threat intel newsletter, some of our slack discussion group where we you can chat amongst others, and most of the speakers here on that slack group too. If you'd like to get a hold of the threat actor glossary, please just message me. And of course, for the interested in our threat intelligence platform, we have that, too over there. But I'm going to bring this up at the end. But I just want to say a big thank you to you know, the organizers and those involved in getting this event off the ground. And just a huge thank you to the speakers as well, who we're going to start off with Chris Church next. I can't thank you enough for all taking part. And to the audience, thank you. So, you're in for a good ride of the rest of the speakers. And I'll take my due and I'll be introducing Chris very soon so I'm going to stay on camera. And if you're just give me a moment.

Back to Blog top

Ready to take your drone security to the next level?

Let's Talk