Command and Control: THE Critical Factor for Modern Unmanned Systems

Examining what’s needed to assure secure command and control links.

The need for automation and active intelligence is driving the adoption of Internet of Things (IoT) technologies by many industries. Unmanned Aircraft Systems (UAS) in particular have experienced a rapid rate of adoption among the commercial and industrial sectors. Industries like oil and gas, agriculture, public safety, military and defense, border patrol, and mining are using drones to enable mission-critical, cost-saving and even lifesaving operations. Beyond industrial applications, the drone market also reaches into real estate, cinematography and recreational use by hobbyists. According to the Federal Aviation Administration’s (FAA) latest estimates, we can expect about seven million drones flying over American skies by 2020.

Black Quadcopter Drone Flying on the Sea Shore Under Blue and White Sky during Sun Set

Black Quadcopter Drone Flying on the Sea Shore Under Blue and White Sky during Sun Set

When the FAA announced the approval of the first drones for commercial UAS operations in July 2013, it opened the doors to what is now the proliferation of UAS for commercial purposes. However, the effort to create standards and regulations is a work in progress. In June 2016, the FAA released the Small Unmanned Aircraft Regulations (Part 107), outlining requirements for using drones in the commercial airspace. The drones must be small—under 55 pounds, and can only be operated by a pilot who is at least 16 years old, upon completion of a written test. Commercial drones may only be flown below 400 feet, at least five miles from airports, during daylight and always within Line-of-Sight (LOS).  There are also guidelines for recreational use. However, general drone use does not require any specific training for operators.
While UAS are helping streamline operations for a number of industries, there are big challenges facing the commercial and recreational drone markets. The widespread use of UAS, along with the rapid trajectory for adoption and use, creates increasingly crowded skies. Reports of human error and inexperienced operators created enough concern among the FAA that it released a report on drone safety that in part examined the severity of injury from a falling drone or drone/human collision. Having more drones in operation also raises concerns that drone-crowded skies could affect the drones used in mission-critical operations, such as emergency response.

Credit: Paul Brennan

Credit: Paul Brennan

While there are plenty of resources available to educate the beginner UAS pilot, manufacturers also must build reliable systems in order to keep people safe and be competitive. The command and control (C2) link in which the unmanned system operates plays an essential role in meeting security requirements, and with a reliable and secure C2 link, a UAS can be trusted to operate effectively. Organizations such as the Radio Technical Commission for Aeronautics (RTCA) Special Committee 228 continues to work towards developing the minimum operational requirements for use of the allocated safety-critical spectrum, particularly as related to the Control and Non-Payload Communications (CNPC).

What’s in a C2 Link?
After decades of serving mission-critical applications in government and defense, the command and control capabilities of advanced wireless data communications have begun to migrate into the commercial drone markets. There are a number of secure wireless data communications solutions available that enable reliable C2 links and have been trusted by the government and defense industry for years. Additionally, there are solution providers that offer multiple frequencies for C2 links offering unmanned systems manufacturers a portfolio of options to deploy. While frequency options are important considerations, a C2 link is only as strong as the security capabilities it offers. With appropriate security measures and encryption capabilities in place, C2 links can be better protected to thwart malicious attacks on unmanned systems.

A combination of proper training, education, and reliable, secure command and control links (C2) can lead to a safe drone environmentparticularly as it relates to secure and reliable command and control (C2) links and sense and avoid tactics. Here are key considerations for secure C2 links that need to be integrated as part of the overall unmanned system:

Access Control Methods by Authentication, Authorization and Accounting
One option that some unmanned systems operators have employed is the use of proprietary wireless data communication systems and devices (especially when they offer many “knobs” and configuration options to create private, user defined networks). These proprietary solutions can offer a higher degree of security in some scenarios. This exemplifies a key security approach. The verification of identity, or Authentication, is based on the presentation of unique credentials to that system. The unique serial number of a wireless device for example (if it is neither “spoofed” nor counterfeited) may be such a unique credential, though some view the use of serial numbers as less than fool proof.

Advanced Data Encryption and the Federal Information Processing Standards (FIPS)
The Federal Information Processing Standards (FIPS) are issued by the National Institute of Standards and Technology (NIST), as set forth by the Information Technology Management Reform Act of 1996 and the Computer Security Act of 1987. FIPS are a set of U.S. government computer security standards that define aspects of information security management, including document processing, encryption algorithms and other various IT standards.

Advanced Encryption Standard
In November 2001,  FIPS Publication 197 announced the Advanced Encryption Standard (AES), a cryptographic algorithm that could be used to protect electronic data. AES is “the” industry standard for data encryption and was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen and adopted by NIST due to the need for a newer and more secure data encryption algorithm. Today, AES is a Federal Government and commercial standard, trusted even by the NSA to protect sensitive information and maintain data privacy.

AES encrypted devices offer a variety of key strength options, including 128, 256 and others. NIST has also defined 5 modes of operation for AES: Cipher Block Chaining, Electronic Code Book, Cipher Feedback, Output Feedback, and Counter Mode. It is argued that counter mode is the most secure of the five because it uses a sequence of blocks to encrypt the data and is never repeated.

FIPS Publication 140-2
NIST issued the 140 series of FIPS Publications to identify the key requirements for cryptography modules. FIPS 140-2 validation consists of four clear levels of security, with Level 1 being the lowest and each Level thereafter building upon the next with additional security and/or trusted requirements, all the way up to Level 4. For example, Level 2 adds requirements for checking physical evidence of tampering, as well as role-based user authentication. Level 3 requires physical tampering resistance (further physical qualities making the module itself more protected against attackers attempting to gain access to sensitive information within the module itself) and a stricter identity-based authentication. Level 4 adds even more physical security requirements and requires an even greater robustness to the platform, in order to hold up against environmental attacks.

Unmanned systems manufacturers should ensure that their need for wireless links is provided by reputable wireless technology providers with a proven track record. These technology solutions should incorporate at the very least, the basic levels of the FIPS and AES standards. A safe and dependable C2 capability should be able to thwart hijacking attempts, prevent unauthorized access, and protect all critical dataall of which are essential in mission-critical and lifesaving operations. These standards are tried and true and by incorporating these techniques into the C2 communications link for UAS, there is an assured reliability necessary when using these platforms in the national airspace.

Final Considerations for Wireless C2 Link Technology
Secure wireless data communication devices that leverage data encryption capabilities, adhering to FIPS and AES standards, have been heavily relied on for mission-critical government and defense applications for decades. Furthermore, wireless technologies that are proven to be reliable and secure in nature can further add to the overall data security scheme. For example, frequency-hopping techniques can leverage coordinated, rapid changes in radio frequencies that literally “hop” in the radio spectrum, thus evading detection and the potential of interference. Some wireless products also deliver multiple user-defined cryptography keys (as many as 32 user-defined keys in some cases), providing a more robust link security by allowing the automatic and frequent changing of cryptographic keys.

With a secure C2 link in place, unmanned vehicles are far less likely to suffer from technical errors and bad-actor intrusions. This is a very important consideration because not only will there be more unmanned vehicles operating in industrial and commercial sectors, but many will require and transport critical information where link failure to operate is not an option. As the unmanned systems industry continues to reach important milestones, the widespread growth of UAS into commercial spaces will continue to grow and develop. With this in mind, there needs to be a level of assurance that UAS are operating safely.  When the drone is crafted with field-proven C2 links and new drone operators leverage the assortment of available educational tools to educate themselves, both manufacturers and operators help champion the pursuit of responsible drone operations.

Scott-Allen-PRScott Allen is Chief Marketing Officer at FreeWave Technologies. Allen is an executive leader with more than 25 years of experience in product lifecycle management, product marketing, business development, and technology deployment. He offers a unique blend of start-up aggressiveness and established company executive leadership, with expertise in product delivery, demand generation, and global market expansion. As CMO of FreeWave, Allen is responsible for product lifecycle/management, GTM execution, demand generation, and brand creation/expansion strategies. Prior to joining FreeWave, Allen held executive management positions at Fluke Networks (a Danaher Company), Network Associates (McAfee), and several start-ups including Mazu Networks and NEXVU Business Solutions. Allen earned his BA in Computer Information Systems from Weber University.

Share and Enjoy:
  • Digg
  • Sphinn
  • Facebook
  • Mixx
  • Google
  • TwitThis