Unmanned Aerial System Cybersecurity Risk Management Decision Matrix for Tactical Operators
Abstract
The Department of Defense (DoD) does not have a defined cybersecurity operational risk management process for unmanned aerial systems (UASs). The DoD acknowledged this discrepancy and suspended all commercial-off-the-shelf (COTS) UASs on 23 May 2018. The suspension was followed by a rigid DoD COTS UAS waiver process effective 01 June 2018. COTS UASs are defined by the Deputy Secretary of Defense Memorandum using three different criteria: UASs sold in the same form to the public and government, those commercially available systems that have software and/or hardware modifications, and those with specific ground command and control elements, such as smart devices and tablets. Cybersecurity vulnerabilities can span the acquisition, strategic, operational, and tactical levels. This research focused on the tactical level. Tactical commanders often lack the tools to identify and mitigate UAS cybersecurity vulnerabilities. This effort leveraged the standards developed by the National Institute of Science and Technology drafted Federal Information Processing Standards and Special Publication 800 series to develop the proposed UAS Cybersecurity Risk Management Decision Matrix. The matrix can enable tactical commanders to conduct a cybersecurity risk determination for UAS operators. This mitigates risk and strengthens strategic and operational decisions. Furthermore, three recommendations for future work are offered which will improve the UAS cybersecurity processes within the DoD.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2019
- Accession Number
- AD1080313
Entities
People
- Gary L. Lattimore
Organizations
- Naval Postgraduate School