The University of Tulsa’s Oklahoma Cyber Innovation Institute (OCII) recently completed its fifth cybersecurity review of drone manufacturers seeking a Green UAS certification from the Association for Uncrewed Vehicle Systems International (AUVSI) with three more reviews under way and several others ready to begin.
Through a unique partnership with the nonprofit AUVSI organization, OCII at UTulsa and the Oklahoma Aerospace Institute for Research and Education at Oklahoma State University provide support for Green UAS certification. Other organizations participating in the partnership include Tulsa Innovation Labs and commercial firms.
Launched by AUVSI in August 2022 as the first product of the association’s broader Trusted Cyber Program, this critical initiative evaluates commercial uncrewed aircraft system (UAS) products, such as drones, for cybersecurity vulnerabilities in domains like corporate cyber hygiene, product and device security and supply chain risk management.
“We are seeing a rapid increase in the number of organizations seeking Green UAS certification,” said OCII Executive Director David Keely. “Our team evaluates 240 security controls on each product.” Some of the controls are easy to understand but require expertise to assess, but other controls require a deeper dive into the system to determine the level of security present.
Examples of those controls include:
- Endpoint security, such as anti-virus and anti-malware protection
- Patching, such as regularly scheduled updates
- Security awareness, such as regular employee training
- Backup and recovery, including creating and testing backups
- Authentication, including strong passwords and multifactor authentication
- Limited data access, including access management
- Secure firewall and Wi-Fi, such as protected networks
- Secure configurations, including all devices
- Log and monitor, such as information correlated from multiple sources
- Physical security, including controlled access
“We ask the questions: ‘Can someone hack the controller?’ or ‘Can someone interfere with the onboard communications?’ Those are the kinds of considerations that determine whether a drone is secure and can be trusted,” Keely said.
The UAS products undergoing certification could be used in commercial applications as well as emergency management situations. In each case, the manufacturer, the user and the public want to know the unmanned aerial vehicles, as well as the overarching control system, is safe.
UTulsa is widely recognized as one of the country’s top institutions for cybersecurity education and scholarship, holding two designations from the National Security Agency’s Centers of Academic Excellence. The university recently added an Institute for Robotics & Autonomy to complement the academic environment and engage with OCII to investigate cybersecurity vulnerabilities in robotic systems.
“The University of Tulsa and Oklahoma Cyber Innovation Institute are uniquely positioned to test and ensure the security of these products,” said Rose Gamble, vice president for research at UTulsa. “OCII leverages the expertise of our computer science and cyber studies faculty and students while working with advisory and industry partners to meet the cybersecurity needs of businesses.”