Cybersecurity Risk Management Process For Unmanned Aerial Systems (Uas) At The Strategic Level

Abstract

In the last decade, the integration of unmanned aerial systems (UAS) into military operations has grown substantially. UAS have significantly contributed to U.S. military tactical, operational and strategic operations. Recently, the U.S. military has made increasing use of commercial off-the-shelf (COTS) UAS, yet none of the U.S. military services have a defined cybersecurity risk management process for COTS UAS. These systems have been susceptible to cyber attacks, leading to the May 2018 ban on the use of these systems across the Department of Defense (DoD). This research effort has developed a multi-echelon cybersecurity risk assessment process for the DoD. The proposed process would enable strategic, operational and tactical commanders to assess and communicate cybersecurity risks associated with COTS UAS. The process combined four steps from the Joint Risk Analysis Methodology (JRAM) framework and seven steps from a strategic risk business management process. This process would allow commanders to have an enhanced awareness of cybersecurity risks associated with COTS UAS operations, improved current cyber threat assessments, and tailored action plans for their areas of responsibility. The proposed process would help units and agencies across the DoD to resume their use, test and purchase of COTS UASs without the need for the current centralized waiver process.

Document Details

Document Type

Technical Report

Publication Date

Jun 01, 2019

Accession Number

AD1080393

Entities

Tags