UAVs, IoT, and Cybersecurity

Wednesday, December 7, 2016 - 11:00am11:45am

David Kovar


Small Unmanned Aerial Systems (sUAS) aka “drones” are all the rage—$500 UAVs are used in professional racing leagues and major corporations are building $100,000 UAVs to deliver packages and Internet connectivity. UAVs are slowly working their way into almost every commercial sector via operations, sales, manufacturing, or design.

sUAS—emphasis on the final "S"—are complex systems. The aerial platform alone often consists of a radio link, an autopilot, a photography sub-system, a GPS, and multiple other sensors. Each one of these components represents a cybersecurity risk unto itself and also when part of the larger system. Add in the ground control stations, the radio controller, and the video downlink system and you have a very complex computing environment running a variety of commercial, closed source, open source, and home brew software.

And yes, there is already malware specifically targeting drones.

During this presentation, we will walk through a typical operational workflow for a UAV, all of the components of a representative system, and through a possible risk assessment model for UAVs. Even if you are not working with UAVs, you should consider that UAVs are an instance of "the Internet of Things"—a collection of sensors and computing devices connected to each other and to the cloud designed to gather, distribute, and analyze data in a semi- or fully-autonomous manner.

David Kovar

David Kovar was recently a cyber security and incident response leader for a major consulting firm. He shifted focus to disruptive technologies and is currently pursuing a Master’s degree in International Affairs while consulting on UAVs. He runs a commercial UAV company that provides disaster response, precision agriculture, surveying, and other aerial imaging services. He’s also been an entrepreneur, ediscovery consultant, software engineer, search and rescue incident commander, executive protection agent, and lethal forensicator. He’s collected images in China, rescued wayward Americans in Australia, fenced with APT actors from all over the world, and led a mission to Tajikistan to evaluate the emergency preparedness of many local agencies. Oh, and he flies sailplanes, fixed wings, helicopters, and drones.

LISA16 Open Access Sponsored by Bloomberg

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {201485,
author = {David Kovar},
title = {{UAVs}, {IoT}, and Cybersecurity},
year = {2016},
address = {Boston, MA},
publisher = {USENIX Association},
month = dec

Presentation Video 

Presentation Audio