Skip to main content
SpringerLink
Log in

A Cybersecurity Risk Framework for Unmanned Aircraft Systems under Specific Category

  • Invited paper
  • Published:
Journal of Intelligent & Robotic Systems Aims and scope Submit manuscript

Abstract

Nowadays, safety and cybersecurity are some of the most important issues involving the development of Unmanned Aircraft System (UAS) operations. For safety, the lawmakers and aviation authorities have a lot of efforts to establish an adequate safety level for UAS operations within the current airspace system. One of them is the Specific Operation Risk Assessment (SORA) methodology developed by Joint Authorities for Rulemaking on Unmanned Aircraft System (JARUS). This methodology provides a guide to conduct risk assessments for UAS operations under the Specific Category. However, the methodology supports only some problems related to safety. In this paper, we introduce our approach to extend the SORA methodology toward cybersecurity. We illustrate this approach by extending the methodology to cover the privacy problem - an aspect related to cybersecurity. Besides that, we also introduce our supporting tool in the form of a web application that helps users conduct automatic risk assessments.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Tran, T.D., Thiriet, J.M., Marchand, N., El Mrabti, A.: Toward Cybersecurity of Unmanned Aircraft System Operations under “Specific” Category. In: 2020 International Conference on Unmanned Aircraft Systems (ICUAS), pp. 1433–1441 (2020)

  2. Giones, F., Brem, A.: From toys to tools: the co-evolution of technological and entrepreneurial developments in the drone industry. Bus. Horiz. 60(6), 875–884 (2017)

    Article  Google Scholar 

  3. Vattapparamban, E., Guvenc, I., Yurekli, A. I., Akkaya, K., Uluagac, S.: Drones for Smart Cities: Issues in Cybersecurity, Privacy, and Public Safety. In: 2016 International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 216–221. IEEE (2016)

  4. Moskwa, W.: World Drone Market Seen Nearing $127 Billion in 2020, PwC Says Bloomberg (2016)

  5. Drone market size and forecast 2019-2024. Drone Industry Insights. https://www.droneii.com/project/drone-market-size-and-forecast-2019-2024 (2019). Accessed 25 Feb 2021

  6. European drones outlook study: Unlocking the value for europe. Single European Sky Atm Research Joint Undertaking (SESAR). https://www.sesarju.eu/node/2951 (2016). Accessed 10 Sept 2019

  7. Drones market research report - forecast 2028. Market Research Future. https://www.marketresearchfuture.com/reports/drones-market-1124 (2018). Accessed 25 Feb 2021

  8. Commercial drones in 2022. Interact Analysis. https://www.interactanalysis.com/drone-market-2022-predictions (2018). Accessed 25 Feb 2021

  9. De Miguel Molina, B., Oña, M. S.: The Drone Sector in Europe. In: Ethics and Civil Drones, pp. 7–33. Springer, Cham (2018)

  10. Bassi, E.: From here to 2023: Civil drones operations and the setting of new legal rules for the european single sky. J. Intell. Robot. Syst., 1–11 (2020)

  11. A-NPA 2015-10: Introduction of a regulatory framework for the operation of drones. European Union Aviation Safety Agency (EASA). https://www.easa.europa.eu/document-library/notices-of-proposed-amendment/npa-2015-10 (2015). Accessed 21 Feb 2021

  12. Commission implementing regulation (EU) 2019/947 of 24 may 2019 on the rules and procedures for the operation of unmanned aircraft. European Union Aviation Safety Agency (EASA). https://www.easa.europa.eu/document-library/regulations/commission-implementing-regulation-eu-2019947 (2019). Accessed 26 Feb 2021

  13. Ericson, C. A., et al.: Hazard analysis techniques for system safety. Wiley (2015)

  14. Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Safety 110, 110–126 (2013)

    Article  Google Scholar 

  15. Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Safety 139, 156–178 (2015)

    Article  Google Scholar 

  16. Raspotnig, C., Opdahl, A.: Comparing risk identification techniques for safety and security requirements. J. Syst. Softw. 86(4), 1124–1151 (2013)

    Article  Google Scholar 

  17. Steve Kremer Ludovic Mé, D.R., Roca, V.: Cybersecurity - Current Challenges and Inria’s Research Directions. Technical report, INRIA (2019)

  18. Schneier, B.: Modeling security threats. Dr Dobb’s Journal (1999)

  19. Gorbenko, A., Kharchenko, V., Tarasyuk, O., Furmanov, A.: F(I)MEA-Technique of Web Services Analysis and Dependability Ensuring. In: Rigorous Development of Complex Fault-Tolerant Systems, pp. 153–167. Springer (2006)

  20. Piètre-Cambacédès, L.: Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP). In: 2010 European Dependable Computing Conference, pp. 199–208. IEEE (2010)

  21. McDermott, J. P.: Attack net penetration testing. In: Proceedings of the 2000 workshop on New security paradigms, pp. 15–21 (2001)

  22. Kornecki, A. J., Liu, M.: Fault tree analysis for safety/security verification in aviation software. Electronics 2(1), 41–56 (2013)

    Article  Google Scholar 

  23. Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security Application of Failure Mode and Effect Analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) Computer Safety, Reliability, and Security, vol. 8666, pp 310–325. Springer International Publishing (2014)

  24. Abdo, H.: Dealing with uncertainty in risk analysis : combining safety and security. PhD Thesis université Grenoble Alpes (2017)

  25. Functional safety Essential to overall safety - An introduction to Functional safety and the IEC 61508 series. International Electrotechnical Commission (IEC), https://www.iec.ch/functionalsafety/explained/ (2015). Accessed 25 Feb 2021

  26. Guidelines and Methods for Conducting the Safety Assessment Process on Airborne Systems and Equipments. SAE International. https://www.sae.org/standards/content/arp4761/ (1996). Accessed 24 Feb 2021

  27. ISO/IEC 27000 glossary standard. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). http://www.iso27001security.com/html/27000.html. Accessed 26 Feb 2021

  28. Kobes, P.: Zoom Sur La Norme Internationale IEC 62443 Pour La Cybersécurité Des SystèMes Numériques Industriels. In: Cybersécurité Des Installations Industrielles. CéPaduèS (2016)

  29. Idrees, S., Roudier, Y., Friedewald, M., Leimbach, T., Andreas, F., Sigrid, G., Olaf, H., Roland, R., Matthias, R., Henrik, B., Ludovic, A., Renaud, P., Gabriel, P., Alastair, R., David, W., Benjamin, W.: Security Requirements for Automotive On-Board Networks Based on Dark-Side Scenarios. Technical report, EVITA (2009)

  30. EUROCAE: Airworthiness security process specification ED-202/ DO-326 (2014)

  31. Favaro, J.: Report on the Evolution of Co-Engineering Standards. Technical report, Electronic Component Systems for European Leadership Joint Undertaking (2018)

  32. Joint Authorities for Rulemaking on Unmanned Systems (JARUS): JARUS guidelines on Specific Operations Risk Assessment (SORA) (2017). Version 1

  33. Nikodem, F., Bierig, A., Dittrich, J. S.: The New Specific Operations Risk Assessment Approach for UAS Regulation Compared to Common Civil Aviation Risk Assessment. In: DLRK 2018 (2018)

  34. European Union Aviation Safety Agency (EASA): Acceptable Means of Compliance (AMC) and Guidance Material (GM) to Commission Implementing Regulation (EU) 2019/947 (2019)

  35. European Union Aviation Safety Agency (EASA): Introduction of a regulatory framework for the operation of unmanned aircraft (2015)

  36. Joint Authorities for Rulemaking on Unmanned Systems (JARUS): Annex E of SORA - Integrity and assurance levels for the Operation Safety Objectives (OSO) (2019)

  37. Joint Authorities for Rulemaking on Unmanned Systems (JARUS): JARUS guidelines on Specific Operations Risk Assessment (SORA) (2019). Version 2

  38. Pauner, C., Kamara, I., Viguri, J.: Drones. Current Challenges and Standardisation Solutions in the Field of Privacy and Data Protection. In: 2015 ITU Kaleidoscope: Trust in the Information Society (K-2015), pp. 1–7 (2015)

  39. Winkler, S., Zeadally, S., Evans, K.: Privacy and civilian drone use: the need for further regulation. IEEE Secur. Privacy 16(5), 72–80 (2018)

    Article  Google Scholar 

  40. Zhi, Y., Fu, Z., Sun, X., Yu, J.: Security and privacy issues of UAV: a survey. Mob. Netw. Appl., 95–101 (2019)

  41. Finn, R. L., Wright, D., Friedewald, M.: Seven Types of Privacy. In: European Data Protection: Coming of Age, pp. 3–32. Springer (2013)

  42. Li, Z., Gao, C., Yue, Q., Fu, X.: Toward Drone Privacy via Regulating Altitude and Payload. In: 2019 International Conference on Computing. Networking and Communications (ICNC), pp. 562–566 (2019)

  43. Villasenor, J.: Observations from above: Unmanned aircraft systems and privacy. Harvard Journal of Law Public Policy (2013)

  44. Park, S., Lee, K.: Developing Criteria for Invasion of Privacy by Personal Drone. In: 2017 International Conference on Platform Technology and Service (Platcon), pp. 1–7 (2017)

  45. Bonetto, M., Korshunov, P., Ramponi, G., Ebrahimi, T.: Privacy in Mini-Drone Based Video Surveillance. In: 2015 11Th IEEE International Conference and Workshops on Automatic Face and Gesture Recognition (FG), vol. 04, pp. 1–6 (2015)

  46. Babiceanu, R. F., Bojda, P., Seker, R., Alghumgham, M.A.: An Onboard UAS Visual Privacy Guard System. In: 2015 Integrated Communication, Navigation and Surveillance Conference (ICNS), pp. 1–8 (2015)

  47. Blank, P., Kirrane, S., Spiekermann, S.: Privacy-Aware restricted areas for unmanned aerial systems. IEEE Secur. Privacy 16(2), 70–79 (2018)

    Article  Google Scholar 

  48. Capitán, C., Capitán, J., Castano, A. R., Ollero, A.: Risk Assessment Based on SORA Methodology for a UAS Media Production Application. In: 2019 International Conference on Unmanned Aircraft Systems (ICUAS), pp. 451–459. IEEE (2019)

  49. MULTIDRONE project - University of Bristol: Deliverable D2.1: Multidrone media production requirements (2017)

Download references

Acknowledgements

We thank the authors of the MULTIDRONE project for publishing their works. Based on the information from this project we could test and discuss about the proposed methodology.

Author information

Authors and Affiliations

  1. CNRS, Grenoble INP, GIPSA-lab, University of Grenoble Alpes, 38000, Grenoble, France

    Trung Duc Tran, Jean-Marc Thiriet & Nicolas Marchand

  2. SOGILIS Company, 38000, Grenoble, France

    Trung Duc Tran & Amin El Mrabti

Authors
  1. Trung Duc Tran
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Marc Thiriet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nicolas Marchand
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amin El Mrabti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Trung Duc Tran.

Ethics declarations

Authors’ Contributions

– Literature search: Tran Trung Duc

– Idea for the methodology: Tran Trung Duc, Amin El Mrabti, Jean-Marc Thiriet and Nicolas Marchand

– Case-study and result analysis: Tran Trung Duc and Jean-Marc Thiriet

– Writing - original draft preparation: Tran Trung Duc

– Writing - review and editing: Jean-Marc Thiriet and Tran Trung Duc

Funding

This work is a part of a Ph.D. program funded by

– the SOGILIS company (France), 4 Avenue Doyen Louis Weil, 38000 Grenoble

– Association Nationale Recherche Technologique (ANRT), 33 rue Rennequin - 75017 Paris

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This is an extended version of the paper published in the Proceedings of the 2020 International Conference on Unmanned Aircraft Systems (ICUAS’20), Athens, Greece [1]

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tran, T.D., Thiriet, JM., Marchand, N. et al. A Cybersecurity Risk Framework for Unmanned Aircraft Systems under Specific Category. J Intell Robot Syst 104, 4 (2022). https://doi.org/10.1007/s10846-021-01512-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10846-021-01512-0

Keywords

Search

Navigation