Se­cu­rity

DEMM Engineering & Manufacturing - - CONTENTS - BY ILKKA HIIDENHEIMO, CEO OF SHARPER SHAPE INC. USA

PRO­TECT­ING SEN­SI­TIVE DATA

As drones en­ter the main­stream of com­mer­cial us­age, con­cerns have arisen about the safety and pro­tec­tion of sen­si­tive data they gather from theft by hack­ers. There isn’t a week that goes by with­out news about hack­ing at­tacks against com­pa­nies and tech­nolo­gies. As the ap­pli­ca­tion of drones in­creases, the ques­tion needs to be asked: are drones safe from hack­ing?

Sharper Shape Inc. uses drones to mon­i­tor the health of crit­i­cal na­tional in­fra­struc­ture, in­clud­ing the elec­tric grid, trans­mis­sion lines, so­lar and wind power in­stal­la­tions and oil and gas trans­mis­sion and dis­tri­bu­tion and pro­vid­ing that sen­si­tive data to util­i­ties se­curely in the Cloud.

UTIL­ITY CON­CERNS ABOUT DRONE DATA SAFETY

If a com­pany is us­ing com­mer­cial drones man­u­fac­tured in China or else­where, should util­i­ties fear po­ten­tial data leaks? Do some util­i­ties, used to hav­ing old school in­ter­nal data pro­tec­tion sys­tems, not trust mod­ern cloud- based so­lu­tions used by drone soft­ware com­pa­nies?

Cy­ber­se­cu­rity is very im­por­tant in the drone/ drone soft­ware in­dus­try. Nat­u­rally for drones the num­ber one is­sue is avi­a­tion reg­u­la­tion. For ex­am­ple, nowa­days com­mer­cial drones sup­port “no fly-zones”. What size drones are flown also af­fects how they are reg­u­lated.

Of course, not all drones are sub­ject to cy­ber­at­tacks. If you have only a ra­dio link to your drone, which you are f ly­ing man­u­ally, there is no con­nec­tion to the cy­ber world. If your sys­tem is con­nected to the In­ter­net then, yes, you are vul­ner­a­ble.

COM­PAR­ING DRONE DATA PRO­TEC­TION TO­DAY AND A FEW YEARS AGO

The cur­rent sit­u­a­tion is ex­tremely chal­leng­ing. Ear­lier it was enough to main­tain good soft­ware pol­icy and keep your anti-virus pro­tec­tion up to date. And, of course, you have to train your peo­ple. Now if you have valu­able in­for­ma­tion in your pos­ses­sion, or your sys­tem can be used as a way to hack other sys­tems (if you are, for ex­am­ple, a sub­con­trac­tor of an in­ter­est­ing com­pany) you will be hacked one day. This is in­evitable. You need to think early on how you build your de­fences and split your net­work, so you can limit and iso­late your dam­ages. This is also the way to min­i­mize your re­cov­ery costs.

Mil­i­tary drones are log­i­cal tar­gets for hack­ers, but that is re­ally a dif­fer­ent ball game and sub­ject to change. To date, drone hack­ing has not been a big is­sue. Us­ing anony­mous drones to col­lect in­for­ma­tion for ter­ror­ist pur­poses, like from a nu­clear power sta­tion, or us­ing drones to de­liver ex­plo­sives are thought to be the big­gest se­cu­rity risks re­lated to drones.

PRE­VENT­ING “DATA LEAKS” IN THE DRONE IN­DUS­TRY

There have been dis­cus­sions about the safety of drones send­ing in­for­ma­tion to man­u­fac­turer’s servers. There are ques­tions about what kind of data and how much is sent. That rep­re­sents a risk.

Sharper Shape’s pri­or­ity is pro­tect­ing in­for­ma­tion and pre­vent­ing unau­tho­rized use of data. To­day, it is one of very few com­pa­nies with real ex­pe­ri­ence of per­form­ing com­mer­cial au­ton­o­mous drone flights be­yond an op­er­a­tor’s vis­ual line of sight.

Be­labour­ing the ob­vi­ous, but it needs to be said: con­trol sys­tems must be prop­erly pro­tected. Your com­mu­ni­ca­tions should be en­crypted and pro­tected against hi­jack­ing. Phys­i­cal se­cu­rity is also im­por­tant. Drones should be pro­tected against theft or phys­i­cal changes to the sys­tem or com­po­nents.

LO­CAL VS. CLOUD DATA PRO­CESS­ING

Sharper Shape pro­cesses cap­tured data in the cloud. This in­cludes the data that is pro­cessed and used for drone flight plan­ning. Cloud pro­tec­tion is a dif­fer­ent animal than nor­mal com­pany data pro­tec­tion. Sharper Shape’s cloud only runs our soft­ware, which is used to de­liver our so­lu­tions. There’s noth­ing ex­tra used in­side the server where our ser­vices re­side and only way from ap­pli­ca­tion servers to data­base in­for­ma­tion is through ap­pli­ca­tion, which means that hack­ing ap­pli­ca­tion server is not enough. Cy­ber se­cu­rity is a men­tal­ity. Ei­ther you try your best and you ac­cept the al­ways evolv­ing se­cu­rity land­scape or you think that busi­ness comes first, and if some­thing hap­pens

I will fix the is­sues at that point. There are two prob­lems with the lat­ter ap­proach. Firstly, you take un­ac­cept­able risks, and se­condly, some­times im­ple­ment­ing se­cu­rity to a poorly de­signed sys­tem is al­most im­pos­si­ble or at least very de­mand­ing.

Se­cu­rity is some­thing Sharper Shape reg­u­larly analy­ses and bench­marks against known best prac­tices. No­body can prom­ise 100% se­cu­rity. If some­one claims that you can, you can be sure he or she does not un­der­stand what he or she is talk­ing about, or he or she is pur­posely ly­ing to you. You need to have pro­tec­tion based on what you are pro­tect­ing, and who are your op­po­nents. One thing we learned from Stuxnet* is that pro­tec­tion against state level hack­ers is a dif­fi­cult task.

CY­BER SE­CU­RITY IS NO LONGER AN IN­FOR­MA­TION TECH­NOL­OGY OR COM­PUTER DE­PART­MENT TASK

You ba­si­cally can di­vide threats and so­lu­tions into two cat­e­gories. Those are threats and so­lu­tions which are re­lated to the plat­form provider (in our case Ama­zon Web Ser­vices) and oth­ers which are re­lated to the busi­ness soft­ware that is run us­ing this plat­form.

Un­for­tu­nately, se­cu­rity usu­ally comes as an af­ter­thought. The drone in­dus­try is part of the avi­a­tion in­dus­try, which, based on its knowl­edge, keeps safety as a num­ber one is­sue. Part of the safety is to have proper pro­tec­tion for your sys­tems, in­clud­ing hav­ing se­cu­rity as one of the de­sign prin­ci­ples.

Cy­ber se­cu­rity is no longer an In­for­ma­tion Tech­nol­ogy or Com­puter De­part­ment task. This work should start at the board level. This also re­quires think­ing of the need for never end­ing learn­ing and hum­ble­ness. If some­one with enough re­sources makes you a tar­get, pre­vent­ing that is an al­most im­pos­si­ble task. You need to cre­ate de­fence in depth with mul­ti­ple dif­fer­ent pro­tec­tion meth­ods, in­clud­ing hon­ey­pots, etc.

The big­gest chal­lenge is that the bad guys’ knowl­edge and ca­pa­bil­i­ties are grow­ing faster than our ca­pa­bil­i­ties to protect us; es­pe­cially if you keep your se­cu­rity in-house, with lim­ited re­sources. ILKKA HIIDENHEIMO was the founder of Stone­soft Cor­po­ra­tion in 1990. Stone­soft was sold to In­tel for USD389 mil­lion in cash in 2013. Hiidenheimo has more than 30 years of ex­pe­ri­ence work­ing in the com­puter in­dus­try and IT- se­cu­rity.

Sharper Shape, Inc. is a “Drone Soft­ware as a Ser­vice (DSaaS) com­pany, driven to au­to­mate the en­tire process of util­ity in­spec­tions. Sharper Shape does not man­u­fac­ture drones but in­stead ‘makes them bet­ter’. The com­pany says it has cre­ated one of the world’s most ad­vanced aerial sen­sor sys­tems and their tech­nol­ogy pow­ers the au­to­matic col­lec­tion and analysis of un­manned aerial in­spec­tion data. https://sharper­shape.com.

*Stuxnet is a com­puter worm that tar­gets the types of in­dus­trial con­trol sys­tems (ICS) that are com­monly used in in­fra­struc­ture sup­port­ing fa­cil­i­ties (i.e. power plants, wa­ter treat­ment fa­cil­i­ties, gas lines, etc). In 2010 it was re­spon­si­ble for caus­ing sub­stan­tial dam­age to Iran’s nu­clear pro­gram. Although nei­ther coun­try has openly ad­mit­ted re­spon­si­bil­ity, the worm is be­lieved to be a jointly built Amer­i­can/Is­raeli cy­ber­weapon.

Newspapers in English

Newspapers from New Zealand

© PressReader. All rights reserved.