114 Recent conflicts have highlighted the vulnerability of UAV data links to a variety of attacks on them, ranging from what might be regarded as traditional electronic warfare to cyber techniques (writes Peter Donaldson). Developers of uncrewed systems of all kinds therefore need to be aware of the threats as well as the defences against them that have evolved over more than a century since the adoption of radio comms, and the 80 years or so since the advent of digital computing. Security threats to UAVs have a great deal in common with those that affect any edge computing device, and can in principle be countered by many of the same methods, albeit applied and updated in the struggle between measure and countermeasure at a pace dictated by high-intensity combat. The key electronic warfare technique of jamming disrupts UAV data links by overwhelming the target system’s receivers – those aboard the UAV being the most exposed – with noise in its operating frequency band. Jamming can be countered by techniques such as frequency hopping, but brute force techniques such as barrage jamming over the entire target waveband, and more sophisticated ones in which jamming systems follow the target receiver as it hops, remain serious threats. Jammers, however, although powerful radio emitters, can be detected and targeted by opposing forces. UAV datalinks are also targets for comms intelligence systems that intercept and analyse their signals for vulnerabilities that would enable the attacker to gather information about the UAV’s mission or even take control of it. Strong encryption and secure key management are crucial to prevent this. In spoofing attacks, the adversary might send false signals to the UAV to trick it into taking actions not intended by its controllers; the counter to this are robust authentication mechanisms to verify the legitimacy of incoming commands. ‘Manin-the-middle’ cyber attacks are similar, in that they involve hackers inserting themselves between the UAV and its GCS, intercepting and altering data; the defences against them also overlap, relying on secure authentication and strong encryption, for example. In denial-of-service attacks, the adversary system seeks to overwhelm the data link with excessive traffic to render it unusable. Here, defences centre primarily on redundant comms channels and traffic filtering. UAVs are also potentially vulnerable to other cyber attacks, including intrusion attempts and the introduction of malware such as viruses, trojans and rootkits. To stave of this type of threat, good computer hygiene practices such as regular software updates, antivirus and intrusion detection systems are essential. Physical security of the areas in which UAVs are stored and maintained is also crucial to prevent tampering and data theft. Lastly, human operators, even in military settings, represent potentially vulnerable social engineering attacks that try to trick or manoeuvre them into revealing sensitive information or taking actions that compromise security. Against that, training and awareness programmes are essential mitigation measures. All these measures inevitably add to the financial cost and effort involved in operating uncrewed systems, particularly as both threats and countermeasures are in continuous evolutionary competition. But, like it or not, they are here to stay. UAV security threats have a great deal in common with those that affect any edge computing device, and can be countered by many of the same methods October/November 2023 | Uncrewed Systems Technology PS | Security of UAV data links Now, here’s a thing
RkJQdWJsaXNoZXIy MjI2Mzk4