Unmanned Aerial System Risk Management Decision Matrix
Abstract
The Department of Defense (DOD) lacks a suitable method for identifying and managing the cybersecurity risks associated with commercial off-the-shelf (COTS) unmanned aerial system (UAS) use. With no method in place to mitigate the cybersecurity risk, the DOD suspended the purchasing and use of COTS UASs in a memorandum by the deputy secretary of defense on May 23, 2018, until a strategy was developed to mitigate the known cybersecurity risks and vulnerabilities. This research establishes a method to identify and mitigate the cybersecurity risk of COTS UASs at the tactical level. The chosen method was a cybersecurity risk-management decision matrix that would help produce a risk assessment to help tactical operators make informed operational decisions. More specifically, an architecture, method, and processes were developed for commands to be able to create their own risk matrices. Utilizing a systems engineering approach, the UAS was broken down into subsystems to help identify potential cybersecurity vulnerabilities. These vulnerabilities were then used to create inputs to the matrix that would assign an output risk that tactical operators could use to make real-time decisions. The matrix was then validated using the National Institute of Science and Technology (NIST) framework.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2020
- Accession Number
- AD1114616
Entities
People
- Aaron M. Daponte
- Calvin J. Roldan
- Gregory A. Maguire
Organizations
- Naval Postgraduate School