be intercepted, tampered with, or eavesdropped upon; and software vulnerabilities, such as buffer overflows, code injection or insecure handling of user inputs. They may also lack secure boot mechanisms or proper firmware integrity checks, and might not get regular updates and patches to firmware, operating systems and software applications. Payloads such as sensors and communications relays present their own cybersecurity risks. Sensor data can be very sensitive, with video feeds containing private information and Lidar data potentially exposing details of secure facilities, while communication payloads may be vulnerable to disruption of service, eavesdropping or data interception. GCS vulnerabilities can leave the system open to unauthorised control of the drone, data breaches or operational disruption. All of the communication protocols commonly used in UAV systems are also potentially vulnerable, whether they are wireless and inherently susceptible to eavesdropping, such as MAVLink, ZigBee, Bluetooth, wi-fi, 5G/4G/LTE, or wired but unencrypted, like CAN. Monitor the radios Of the individual subsystems in most UAV systems, however, the most vulnerable are radios in air vehicles and GCS units. “By design, radios are third-party products that are integrated into a UAS, and the design team sees them as a black box of capabilities,” Broberg says. “Thus, the radios can be delivered to the end-user with default passwords and no documentation to modify them. Beyond that, however, the radios are often running software with exploitable vulnerabilities that exist over multiple products for an extended period of time. “But that might be changing. My sense is there is a raised level of concern over such vulnerabilities, and vendors are getting more feedback from endusers, and responding appropriately with updates and patches.” Dark Wolf provides a cybersecurity checklist containing actions that make all of these potential vulnerabilities much harder to exploit. The list contains items that will be familiar to any IT professional, such as strong access control with complex passwords and two-factor authentication, regular software and firmware updates, comms link encryption, disabling of unused ports, regular penetration testing and good physical security. “I am proud of the cybersecurity assessments that our team has performed, knowing we are helping secure systems that need securing. Likewise, working with teammates on finding and reporting on exploitable vulnerabilities in communication gear is very satisfying,” Broberg says. “I am probably most proud of developing and presenting our workshop, which helps communicate this work to a wide audience.” His current work is focused on expanding the company’s level of knowledge and its range of effective testing processes in cybersecurity for all forms of wireless communication, which in practical terms means that he spends most of his time “playing with radios”. Broberg notes that he is nearing the end of his career, but suspects he will always be involved with the technology. “These last three years have been a wonderful capstone to my cybersecurity career, but I am not sure I will ever be able to completely let go of my SDR as I pursue deeper knowledge of radio communication in autonomous vehicles.” 23 Uncrewed Systems Technology | October/November 2024 Ronald Broberg earned a Bachelor of Science degree in Physics from Colorado State University, where he studied from 1991-95. He joined Lockheed Martin in 1996, where he spent 25 years in software engineering, working on satellite systems, and then command-and-control technologies, including the Theatre Battle Management Core System (TBMCS). Broberg left in October 2021 to join Dark Wolf Solutions, where he reports to a cybersecurity director. He also holds certificates as a wireless security professional and a wireless network administrator. As a child and young adult, he “spent an inordinate amount of time in metal armour, beating on people with wooden swords”; a recreation that chimes with his enthusiasm for fantasy and science fiction. These interests also colour Broberg’s personal and business philosophy, as he insists that everything you need to know about geopolitics and business can be learned from sci-fi classic Dune and action fantasy Conan the Barbarian, respectively. “Everything you need to know about love, well, you have to live that yourself,” he adds. This romantic streak is balanced by a deep interest in physics, mathematics and philosophy, which were his favourite subjects at school and in higher education. And in his free time, he loves to dance the tango. Ronald Broberg
RkJQdWJsaXNoZXIy MjI2Mzk4