House lawmakers today chastised the US Department of Homeland Security for failing to take charge of security aspects related to the integration of unmanned aircraft systems (UAS) into civilian airspace.
The issue is gaining prominence in part due to recent tests showing that "remote hackers" were able to hijack an unmanned aircraft, and because the number of active commercial UAS is expected to leap from several hundred today to as many as 10,000 by 2017, according to the US Federal Aviation Administration (FAA). The acceleration will come in large part because Congress, as part of the FAA's recent budget authorisation, mandated the agency to integrate UAS into civil airspace by September 2015.
While trusting that the FAA will properly handle UAS safety, members of a House Homeland Security subcommittee and witnesses during a 19 July meeting on the future of UAS operations in civil airspace, are worried that no government agency has signed up to take responsibility for UAS security.
"[The Department of Homeland Security] seems either disinterested or unwilling [to take responsibility]," says Michael McCaul, chairman of the subcommittee on Oversight, Investigations and Management. "The Department does not see domestic use of drones as part of their mission, and has no role. DHS's lack of attention about this issue is truly incomprehensible."
Security fears increased in June when a professor and students at the University of Texas at Austin were able to spoof a commercial UAS and cause the vehicle to head toward a crash despite the operator having valid command and control links.
"Almost all civilian UAVs depend heavily on civilian GPS," said Todd Humphreys, an assistant professor at the Cockrell School of Engineering who headed up the experiments, at the hearing. "You can fool [an unmanned aicraft] into tracking your [GPS] signal instead of the authentic one. You can hijack it and you can do it from miles away."
Humphreys says the first spoofing test of the unmanned helicopter took place in June at a football stadium in Austin and later at the White Sands missile range as part of a DHS-funded demonstration.
"The experiment exploited the weakness of GPS," says Humphreys. The weakness has to do with the non-encrypted GPS signals that civil systems regularly use compared to the spoof-proof encrypted military systems. "It opens vulnerability and is easy to counterfeit, or spoof," he says.
Team used an $80,000 Hornet Mini UAV system from Adaptive Flight, a commercial system favoured by law enforcement, and developed a spoofing system that when activated caused the helicopter's navigation system to think it was rising when in fact it was not. The result was that the helicopter, previously in a level hover, descended rapidly toward the ground.
During the White Sands test, the team placed the "remote hacker's" spoofing system on a hilltop 0.5sm from the helicopter and demonstrated the same results - the helicopter dropped from a stable hover.
Humphreys explained that while encryption for command and control links is available and is used by commercial operators, the same is not true for the GPS signals the system requires for navigation.
Fears of spoofing may be overblown however. Michael Toscano, chief executive and president of the association for unmanned vehicle systems international (AUVSI), notes, in his written comments to the committee, that spoofing has been studied since the 1990s and is not a simply task to carry out.
"To successfully spoof a GPS signal, one must have the equipment and capability to broadcast a counterfeit signal at a high enough power level to overpower the GPS signals emanating from more than 20 satellites in orbit around the earth," Toscano writes. "One must know the location of the target vehicle and be able to track it. If the target vehicle is not in close proximity to the spoofing device, this requires a detection system such as radar. Meanwhile, custom software is needed to make adjustments to the target vehicle's course."
He says it took Humphreys' team four years to develop "the necessary software" and that Humphreys' has acknowledged that the skills involved in spoofing are "outside the capability of any average American citizen".
"That said, the industry takes the potential for spoofing very seriously and is already advancing technologies, such as SAASM - Selective Availability Anti-Spoofing Module - to prevent it," writes Toscano. "SAASM, which involves the authentication of encrypted satellite signals, is already widely used by the military to thwart GPS spoofing."
Humphreys points out that a GPS receiver with SASM would be "much more than double" the price of today's non-encrypted receivers. "You would hurt a nascent industry sensitive to price," he says, adding the encryption technology could also "end up in the wrong hands". He suggests a variety of low-cost, quickly achieved options that are not bulletproof, but would help.
Pressure on the DHS to get more involved may come in the form of recommendations in a Government Accountability Office (GAO) report scheduled to be published later this fall. Gerald Dillingham, GAO director of physical infrastructure issues, speaking at the hearing, said the report will explore three "emerging" issues with UAS security. Along with jamming and spoofing of GPS and command and control links, the report will also discuss privacy "as it relates to the collection and use of surveillance data" and lack of permission needed by model aircraft operators to fly.
Dillingham points out that DHS did not act on a recommendation the GAO issued in 2008 to address UAS security, believing instead that existing practices were sufficient.
Officials from the DHS did not attend the hearing.