This post is a quick recap of Global Drone Security Network (GDSN) #3.
We are honoured to host presentation from Jiin Joo Ong from Garuda. If you haven't watched his talk "Cyber Security for Internet Connected Drones" please visit our YouTube channel.
Cyber Security for Internet Connected Drones
All right. Thank you. And Thanks, Mike. And thank you everybody for dialing in. This will be the first time I'm speaking at DroneSec. And a lot of our sharing we're going to do today is based upon our experience in Singapore and Southeast Asia. I hope is going to be useful for everybody sharing. So I'm going to focus a lot about internet connected drones, because that's something that comes close to my heart. And we have been trying to push out the internet as the kind of backbone for drones. Before I start maybe I'll give a quick introduction about our company, Garuda robotics, we are an AO company we're based in Singapore, we have presence in Malaysia. But we also fly pretty much everywhere in Southeast Asia and South Asia as well. Our business is organized into three different segments, right, so we are in on one side. In the left side, you have the FlySafe product team to look at BVLOS, it's a very important capability. And we were active in doing inspections, deliveries, review command centers. And we also organize a lot of training and compliance consultancy for customers. In the middle you have our GeoSmart team which very much focus on the artificial intelligence type of thing, we have built applications for facilities management, smart cities, and plantations and so on. And we use geospatial technology as an AI, machine learning computer vision in order to get our drone data analyzed. And on the right, we have a business around security, specifically around Homeland Security, to help airspace management for the regulators as well as cyber security. And this will kind of be the focus of this, of today's topic. And in general, other kind of homeland security use cases like delivering an AED drone to an air station. Now this slide is just to kind of motivate why we talk about internet connected drones. It's a, in my opinion, it's an inevitable outcome. Right? So the fact that the drone industry today is so vibrant, and there's so many players, it's also partially driven from 10 years ago, we started adopting mobile based technologies, right? We have GPS becoming so cheap, and all these IMUs, mem chips, and it is becoming so affordable that people could just slap it onto a drone and start flying. And you have, and you end up with many, many companies being built around these use cases. Why not go all the way, right? So to put a SIM card on a drone, basically, what we say. So this is, these are numbers I took from GSMA and I apologize for those who I borrowed quite a bit of pictures from a different slide and study. So GSMA published a study just, I think this id last year, right? And these are the sort of numbers they said right? So a lot of drones, especially their estimate to be 6.5 million drones, by 2025, will be connected to the internet in real time, right? And a lot of it will be in logistics and transportation, public sector and so on. The ones I dotted up are the ones that we create, and we have a lot more information about and the product that we have built around these internet-connected drones. And this is not kind of a first day. I mean, I guess we have been we've been trying to do this for the last five years. And these are some of the examples of ourselves as well. Some of our partner companies in Singapore, who have been flying some internet-connected use cases, right? Example would be we'll be working for a hospital called Parkway Pantai, who do, who try to do like, delivery of blood samples. Another example would be the Maritime Logistics, which I think last week we did a bit of a launch of a maritime drone estate with a couple of other companies who are saying that we're going to use this maritime drone to do shorter ship deliveries. At the same time, we have the first responder side right? We created a system called the responder, which is to deliver AED but also other kinds of emergency medical devices. Again, controlled by the internet, right? For incident response, we have a product together with a partner, fly dynamics, to do perimeter patrols as well as respond to incidents like fire and so on, coverage. During the last year's lockdown period, we've been helping government customers to do safe distancing by connecting, again drones, directly to a cloud and running computer vision algorithms to find where are people crowding up to prevent all the virus from spreading and so on. And last but not least, we've be working MNOs like Singtel where we can try to do something called UAV hardware tracker, to track drones as they fly to give the regulator's a full vision of the airspace, right? So this is basically something related to the upcoming topic of Remote ID.
So how do our product kind of look like. Just to give you a sense of it, we've been putting cellular technologies onto both, all three parts, right, so on the left, you have the tracer, and this is the kind of, the current version of it, that we will be miniaturizing it at 60 grams, it is a self enclosed, it's complete in itself, right? So it has its own IMU, GPS, 4g connections, and so on. And it can transmit basically, securely the position of the drone, whichever drone you stick on, right to a regulator or to a UTM provider and so on. The middle picture you saw there is just an onboard computer, I think many people are building such on-board computers, ours, we've been building it with two modems, one for 4g and one for 5g. Because there are quite a bit of 5g projects being rolled out this year, we're trying to get into the market to help customers understand how to connect via 5g, and as well as internet connected drones itself. That means out of the box, you can buy drones from us that already have this cellular connectivity. So the talk for today we are going to go from the left to the right, so we’re going to focus a lot first on the hardware tracker that you see here. Which turns out to be quite contentious, I was surprised. So when we started doing this tracker three or four years ago, when we looked at it, it was a no-brainer right? We should just be able to just put the tracker and put a sim card in and be done with it. Well turns out there is this large community around the world talking about this whole idea of a Remote ID, right? Essentially, what we all want is eventually, right, the equivalent of the car plate. Every country in the world, every car has a car plate of some sort. You don’t know how drives the car, you don’t know where the car is going, but when the car does something that it’s not supposed to do you have the car plate number which you can call the police with and say that car just banged into me and the ID is so and so. So fundamental to any kind of management of airspace, it’s basically the ability to identify any object, right? So this was taken from one of the latest versions of documents, the picture I mean, that basically stipulates that these are the two possibilities for us to actually have a car plate, the equivalent of digital license plate for drones. Now, you can’t have the same equivalent physical plate because the drones are so far high in the sky, you can’t really see it with your eyes, right? You don’t carry a binoculars around. So we tend to use some form of a remote, radio frequency. So you have the first case where you have what we call the broadcast Remote ID or broadcast UAS, where you will use technologies that’s kind of common to all of mobile phones like Bluetooth, Wi-Fi – there’s a technology called Wi-Fi aware, which all the devices like your apple, your android and so on will be able to just connect to it and receive information about the drone. What is the latitude, longitude, the ID of the drone, what is the velocity and potentially even like, whether it’s in an emergency mode, it’s actually trying to come down because it’s not doing well and so on. And then you can verify whether this drone is releasing what it’s supposed to say because there might be attempts to spoof the information. On the middle side, there’s this more complex architecture, right? Which is this network Remote ID or Net RID as we call it. Where either the drone or the GCS, GCS is the ground control station, right? The app or the transmitter that controls the drone for the pilot that’s standing on the ground would share this information via the internet, right? So maybe via the mobile phone’s internet or directly on the drone itself, you kind of put a sim card there right? To the cloud, some provider, in this case the envisioned provider is what we call a UAS service supplier, a USS, and through some very complex and very, how do I put it? Very secure way of passing the information, that information eventually still passes on to the user of the mobile app on the right. And of course there’s a third kind which we won’t focus much on. Basically to say that there could also be other ways to say, to know who is flying is you ring fence a place like a university of school where the students are the only ones in the school flying. So it’s fine, you can just let them go and you don’t have to force them to build a broadcast or network device. On the right, you have basically, the public, the law enforcement people. A lot of people are interested in who is doing what with a drone, right? So everyone wants to get the telemetry. Partially it’s also because, from my perspective, right, I mean I grew up with this website called Flightradar24 and I really like to just go to the website and watch planes fly. The planes, they do broadcast their location, using a technology called ADSD, automated dependent services broadcast, which allows us to see where every drone is. I can kind of follow where like my parents are flying to, to Singapore, I can follow the plane and know whether they’re arriving. So I thought it would be a very normal thing that everybody just shares what they were doing. But it turns out that’s just not true. A lot of people actually, are actually not comfortable at all sharing where they are, what they’re doing to people they don’t know. Which brings me to this, kind of a spectrum. So during the whole proposal for Remote ID, there were some strong proponents on the left, which is for the broadcast Remote ID, and strong proponents on the right, which is the network Remote ID. So, if you look at the left, which is the broadcast only side, and we’re diving a bit later, so this is the current latest status from FAA. The FAA by the beginning of this year finalised a ruling around this and together with ASTM they have this standard called F3.11-19 where it basically just says forget the network, just do the broadcast. So you just have either Wi-Fi broadcast, Bluetooth broadcast, either your drone broadcast or you have a attached UAV hardware tracker that you broadcast onto it. Now there's a lot of pros to this, right? It’s cheap, it’s independent. You don't have to like, rely on a subscription of some sort, there's nothing upon failure and so on. And we again dive into the pros and cons as seen on this slide and generally the security risk is low. That means that if you're flying in say Arizona, a guy in New York won’t see you because your broadcast does not go so far. By the same time from a regulator standpoint you don't have a full assist map or just like your local assist manager you don't know who is doing what still until you are in the same vicinity, within 100 meters of the drone then you can get the RF information. On the right you have the network only guys, so those people were saying that, okay use the internet but the internet is a dangerous place you all know that. So mainly you have to pair it with some sort of VPN or some central control. The hope is that some benevolent dictator would take all your telemetry data and not do anything bad with it. You have basically then the full access information all coming through the cellular network and you can do a lot of additional things like you can deconflict the use of airspace, like you have permits for this air space, you get to go first, and the other guys have to wait and so on. So this is kind of the basis of traffic management in the future when the air space becomes more dense, when all our food is delivered by drones and parcels and e-commerce and so on. The cons of course is that if this information starts flowing over the internet it basically inherits every single risk profile of the internet. So you have to kind of design it properly. In the EU for example, they say that broadcast is going to be mandatory but network is optional because I think without network already you can't do things like beyond visual line of sight operations and some other advanced use cases. So let's take a look, since this talk is more about cyber security let's take a look at what the Americans say because I think they were really, really against its own network ID. So this is a picture I took from FAA’s website right so this is the final decision right from the government. You can basically fly RID on the drone or RID on broadcast module or go to an area where you don’t need RID but the FAA recognise that that area is actually a FRIA, a recognised identification area. So you don’t have to fly with the RID. But if you look on the right this is, I mean FAA did a good thing like they published literally everyone's feedback and when I read that document I was surprised there's like 20, 30 pages of people just saying no. And these are links they brought up. What if there’s, this real example, of this effect on the RND USF. So basically the server aggregates your telemetry, and once the data goes there then it's, I mean you can say it's secure and so on, but the data is kind of owned by RID, right? The USS, right? So this is very, very much driven by people's fears today, that a lot of data is aggregating in a few big tech companies like google amazon and so on. And would that same situation happen in the drone world where all the telemetry actually goes to a few USS companies. And also bigger countries like the US there's many places with just no coverage and then there's many little drones with actually some form of a network coverage device right so it's expensive to put in place and if you want to connect it to the internet potentially the information might also go to some adversarial country. There is potential hacking or spoofing and so on right, so you can go read the rest of it and in general, the end of it, I think the one thing that kind of make or breaks this is just doing this across a large country like the US, it’s just five times more expensive to ensure that every single part of the country has cellular networks and every drone has a cellular connectivity. When I read through this I thought that, you know, look, those are all reasonable requirements and I think that as a large country and a large place with deserts and large sorts of forests. It makes sense that broadcast would be the de facto way that you kind of do Remote ID. Where even as the central FAA will not have the full picture. However, we as a company, we develop these technologies we also re-looked at our own situation right and we also really look at where the entire drone industry is going forward. We felt that, you know without network RID you can't enable more advanced use cases so one simple example would be just to look at all the beyond visual line of sight, right? To do drone delivery, to do surveillance you to be able to know where you're going all the time. Your drone is going to be connected by something. So you need basically, some network, it could be cellular, it could be satellite, it could be anything else but basically if you cannot stay in control of the aircraft at all times you cannot enable BVLOS and the fact that you are connected means that the identifier or whatever you are doing is already coming back through some connectivity. The other issue we find that is if you look at the broadcast specifications that eventually got selected it was not some special aviation band, it was just your Wi-Fi it was just your Bluetooth. All of them they operate at the ISM band of 2.4 gigahertz which is very crowded and there's a lot a lot of interference so if you live in Singapore, to your international friends, when I turn on my laptop the list of access points available is in hundreds. It’s just that many access points and that many different devices trying to connect and qualify for that Wi-Fi range that sometimes I feel that if you're going to implement this broadcast RID in again another crowded city like Singapore it's going to be some issues when you reach our density. The third point was interesting because I was having conversations with a number of people in the industry in Singapore and one of the points that was brought up was not every drone wants to tell you where they are because they are doing something important or secret. So if a police drone is trying to silently come around you or do some surveillance they are not going to be broadcasting their ID but they would definitely be happy to share that network RID with say for example a national level UTM system. Which is also controlled by again, potentially the military or the aviation regulator. So if you do, if you have only half the people or some, most of the people sharing your telemetry information and some don't, you still don't have the full assets, you still cannot do the deconflict. And last but not least we actually felt that there's a lot of work that needs to be done in the standards currently to address all the cyber security concerns around the protocol. So which brings me into the next slide, I went around to prepare for this talk, I went around to look for who has been kind of the proponents of network RID and what are the major things that they think about when they talk about network. So I found a few, again GSMA published and had a nice document that responds to the ASTM F311 document which I take down the pictures from. But I think that the concepts are very similar so that's the concept of, you really want to preserve the operations privacy, so that although you see a drone that's flying via your app or something you shouldn't know what the drone is doing. All you need to know is that there's an ID if anything you have a complaint, you have some recourse basically. Let's just say that there's a drone outside my house and it is ID 123 you call the police, the police knows who id 123 is, they're going to find the pilot and get the pilot to stop. So that kind of ops privacy is important, to be confidential but at the same time allow for the ID to be to be easily read by anybody. The second part is basically that a lot of comms channel encryption is pretty straightforward I think, this is it's kind of sad that like ADSB protocol for example is not encrypted but most of the internet-based communication should be encrypted by now. So most browsers ignore http right now you have to have https. We all use TLS and so on and on top of that because if you tag yourself to the cellular network, the cellular industry also comes with something called a IMEI, international mobile equipment identifier which is another identifier which you can use to identify the aircraft so if you pair it well and also the sim card itself also has an identity, which if you pair well with the system, if you design it right, you can use that as a very good way to identify and authenticate that is indeed that transmitter that's providing the information. And thirdly this important other part, which is for transmission to happen you have the mass market side, you need the infrastructure to support the entire country. Again that's why the proponents of bigger countries would say that you know I don't have coverage. In the case of Singapore, we have pretty much every single corner covered. And there's a there's a committee in around the world called 3gbp that's setting standards so there's going to be a lot of devices that you can slap on the drone which is affordable because of the massive scale that the cellular network can get to. And looking at existing aviation technologies like ADSB analysis, this is a no-go. The way it’s designed it’s going to be flooding basically the entire frequency and we won’t be able to handle every drone having an ADSB out transmitter. But that said, given all these design principle, there's still a lot of questions that need to be addressed. The security review, this slide will give you a framework on how to think about these. These are the challenges, again, using the existing framework of using multiple, multiple UTM service providers. Right. So for example, if there's a first, if a pilot 1 who flies drone ID one, connected to some mobile networks, and from the operating center, and you connect it to some UTM service 1, and so on. So what exact information then during the exchange, do you need to just exchange the ID or need to exchange the ID and the location? Or the idea, the location and the velocity? Like how much information do you actually have to share in order to know what the other guy is doing? Again, let's connect that back to the land transport, right? You can see a car, you know how fast the car is going, like just look at it right? And the car is going way too fast. You look at a car plate and call the police and say this car is speeding, okay, pretty straightforward, but how do you how do you do it in the drone world? And let's say the drone ID 1 and drone ID 2 is about to collide. Right? Who decides who to give way? Right? It's not so easy in the sky to say, Okay, keep left. You can, or keep right, right? It depends which part of the world you are in, but somebody has to give way, somebody is going to go on, the other way has to wait. Right? Who is the decision maker? Ultimately, if there's multiple UTM service providers? And there's also this thing, it's the mobile networks sitting in the middle, right? Are we just treating mobile to some pipeline? Or is there something else that we can do in the mobile network? So you can enable the security, privacy, confidentiality and integrity of the drone data? What if a hacker connects to the mobile network to provide a spoof data? Right? And last but not least, if given UTM service portal one and two, how about law enforcement? Would they then send the information to the law enforcement? Or would the law enforcement people also run their own UTM? And how do they know who is, who is telling the truth? What is the UTM that has been compromised? Right? So we don't have an answer to every question here. But we can share that in the product that we do, and moving forward and we've our partnership with some of the mobile operators, we actually proposed that you know, all these Remote ID, if you're going to do the net based Remote ID, it should be done through a private APN, which is basically a network that behaves like you can just connect to any, basically to set up a private set of sim cards, that will allow the drone to connect to the cloud. And essentially, it kind of forms a VPN tunnel to the regulator, as well as Operation Center, whoever has the authority to look at the data. Right? I won't go into the details of this because it goes into the mobile side of things and goes very detailed, but I'm happy to answer questions after this. Right. So the product that we work closely with our partner in Singapore Singtel is this thing called IoT Connect plus, which you all can take a look if you're interested. So that is the first part, which is the UAV hardware tracker, now if you look at what about the rest of the right, you also have the internet connected drones itself, right? Remote ID is one that is kind of a touchy topic for everybody. But you don't have to fly internet connected drones, we have internet-connected drones in our offering and what we do is that we allow public VPN. So basically, in this case, we don't do private ATMs, because might be too expensive. But if you still want to say I want to have my drones, stream 4g, over 4g or 5g stream video, right, and so on, then we do have solution and all our solutions are taking cybersecurity seriously. Because it's important that the drones that are being flown, send information back securely, and especially if the drone also received command from the Operations Center, that the commands are really authenticated to the pilot and not any random person who then hijack the drone to fly somewhere else. Right. So this is a basic architecture that is all connected by VPN, not that the UTM is out of scope for this particular product, but we can be easily integrated. There's also use cases where we push out our software, especially the parts that requires a lot of GPU into the mobile age, there's something that's upcoming called mobile edge computing, where the mobile new operator also want to run like a tiny data center at the bottom of their telco tower, which is much closer to the drone to enable advanced use cases to do communication processing with safe navigation and strong control and so on. Right. So to give you a sense of how it looks like, this is my office, you can see like, that is basically a combination of UTM system on top, as well as the pilot console, where you can see the live streaming of the video on the map, where are the drones flying, where are the nearby other drones flying, as well as a nice video streaming that comes back into the, into the operation center. Right. And there are many, many use cases. Now, once you once the data comes back to the operation center, you also have this, this thing, right, because the data now starts flowing back from the devices, which you saw on the left, up to the command, the ground control station. Whether it's the app version on the ground, or the command center version in the room, and then goes up again, it goes to the cloud, goes to a fleet management system, to UTMs and you can send information further upstream to maybe some national FIMS or air traffic management system. Well, ourselves when we do the enterprise stuff, we have integrated with other ERP system, GIS systems and so on. So the surface area for attack for a UAS in a network, network connected environment is actually pretty large. Right. But the only good part is that once you come to this side of the world, it becomes familiar ground, so it's a typical cybersecurity standards that you need to apply, right, make sure that you will harden all your interfaces, make sure you don't open ports you aren't supposed to open and so on. Right. So there's a lot of collaboration here, because on the left, we have these devices that are flying out there in the sky, and something goes wrong in the skies that is mission critical, and it is catastrophic, right. On the right side, you have the system that traditionally, yes, is four lines, but sometimes some sometimes regulators ask for more lines than four lines. So in the case of Singapore's case, when we are going to do beyond visual line of sight flight, for example, once you want to the medium risk and the high risk case, the design of entire UAS not just the drone itself, needs to be able to handle kind of what we call 1x10^-6 per flight hour. With a safety objective, the probability of a catastrophic event should be much lower than that. So this becomes super hard to design. But at the same time, it is definitely the level that we need to go towards, if you're going to enable your mission and operation. And so to generalize that, basically all the non flying systems is related to the flying system as a whole in the aircraft, as well as all the other information in the cloud, you need to be able to specify reliability and availability probabilities very well. And on the flip side, the regulators should also be very, very clear about when is it good enough? Because it's definitely much higher requirement than your typical, say, websites. But how much higher do we need to beat the banking level or even even higher, and so on? There's a lot more, there's a lot more to go into. There's another few examples of things that we go through and think through every day, for example, risk assessment, cybersecurity framework, incident response, and what else are there that's currently being very well specified in the aviation world, but the moment you plug in the internet, right, you have to also put in all the best practices of incident state aviation regulation, because the aviation regulations governing the whole thing of the UAS unmanned division aircraft system rather than just unmanned aircraft vehicle. Right. So SORA is one example of a pretty well adopted risk assessment framework for drones. And we we are trying to understand and unpack that right now and kind of figure out how that our cybersecurity framework kind of fits inside our risk assessment. So the last part, I mean, I guess, just want to point out where the direction of where all this is going. And again, this is kind of a very Singapore experience, right? So in Singapore ,C-UAS, the situation of current Singapore is very forthcoming in saying that, yes, you want to look at BVLOS. But you really have to, really tell me how to keep the safety of the airspace, right? So many, many partners, friends, competition, and so on. We all have increasing different kinds of solutions and demonstration. This is a good picture that I think NTU air traffic management published a few years back. And I don't think we have come to a final conclusion yet, but I think it's very important that we keep an open discussion on how to keep these asset safe. Another point to kind of bring out is more towards what we are doing currently, which is, we are a manufacturer of the hardware tracker. And we also have minimum software that can show you where the track of the drones are. But we are also looking for what's next on this, right, because if the ASTM site only wants to broadcast, which we can do, where is the network side of the Remote ID going to go towards, we are hoping that at some point, there will be some acceptance on the network Remote ID, especially in the crowded areas and places we could deliver connectivity. And once we have those network RID in place, we can start talking about higher order stuff, right? So an example would be how can we work closer with law enforcement agencies rather than have them just specify what is good and what is bad? Right. So actually go down and try it out, right, a different kind of framework on how we can deconflict maybe there's a emergency ambulance drone flying the future, maybe you have an asset that is ferrying you to the hospital, how can that deconflict with just your drone doing inspection and deconflict with the drones who are just flying maybe for fun, right, for recreation, and so on. So those are also very important topics. And cybersecurity, we'll have to factor into that. And last but not least, it's just kind of to again thank the PrivaSec and DroneSec, for inviting me here. And I think the work they are doing is important, which is whatever thing you plan out, you have to try, you have to audit it, you have to rehearse it. They provide this red teaming, which I thought was really fantastic. They will pretend to be the adversary. And you can see whether your cybersecurity standards actually meet the level of protection needed. And I think that's all I have for my presentation. hope that was useful. And if there's any questions and happy to answer them.