The commercial market for buying and deploying drones is almost as accessible as buying toys from amazon. So why should you care, you may think?
“Drones are becoming less expensive while the technology behind them continues to develop rapidly. As such, we are seeing an increase in their use not only recreationally and commercially but also for criminal purposes.” writes Jürgen Stock, INTERPOL Secretary-General, in his foreword of releasing a framework for managing drone incidents. Unfortunately, managing and responding to drone incidents to ensure public safety requires a holistic approach beyond a technical skill set alone. Criminals now have upgraded their modus operandi in cyberspace and are becoming more sophisticated at an alarming pace according to a recent RAND study.
How do you build human readiness and mitigate cyber risk when employing drones and securing the airspace?
How do you make decisions at the speed of light when multiple stakeholders are involved, at different levels of expertise, and with other interests?
Especially with the increased cyber risk, which changes the traditional configuration of stakeholder engagement. Building bridges between regulators, air traffic controllers, law enforcement, military, and many more can be daunting, to say the least, in mitigating the cyber risk of drones.
How do you work with the centralized decision-making processes in cemented bureaucracies while criminals operate with agile, dispersed, and decentralized business models?
How do you change mindsets to address drone risk in an era where cybercrime is soaring?
Scientific papers published by the University of Leuven and the IEEE and actual life events demonstrated existing backdoors and vulnerabilities of the most widespread commercial off-the-shelf drones. What if these were exploited? Hacking tools for drones are almost as easy to procure as the drones themselves.
How can you adequately protect your drone fleet and drone operations against such threats?
From drone incidents to drone disasters
Imagine a scenario where the national police of Country X is conducting a covert counter-terrorist operation. It has enough evidence and data to suspect that Person A, named one of the top ten sought-after terrorists by Interpol, is hiding in a densely populated area in the Capital of Country X. On the day of the covert operation, it deploys for discrete aerial support four of its most sophisticated UAS in a large park where the suspect, Person A, is believed to be hiding. However, there are many obstacles as the park is densely populated, while the window of opportunity before the UAS starts to get noticed is shrinking at a fast pace.
The chief of operations within the national police of Country x decides to go ahead with the covert operation. It is a unique opportunity they have been waiting for, for the past six months. He sees no viable reason to cancel the process. All four of the UAS are deployed as vectors to conduct an Intelligence, Surveillance, and Reconnaissance mission and gather data and visuals of the suspect, Person A.
The UAS has built-in AI facial recognition and has been tested by the country’s most prominent AI experts. After two hours into the operations, the police operators of the UAS get prompted error messages on their ground control stations, and the telemetry links to the drones start to return inconsistent data.
Control link to all the drones is lost, and the situational awareness screens that provided 360-degree perspectives are now filled with blind spots and conflicting information with the telemetry. Information and data collection have been disrupted, the screens go black, and the data collected are entirely unreliable.
Twenty minutes after the drones of the national policy from Country X have been compromised, they reappear in a densely populated area of the park, flying in what seems to be a coordinated swarm. The police have no control over the drones, but they are visibly present in the public park and seem to “behave” autonomously.
The drones are causing panic and civil unrest as they are being operated at low altitudes. The police are being attacked by some of the civilians and accused of spying and invasion of privacy. The police operators of the UAS are not succeeding in regaining control back of the UAS and only have one attack UAS to take out the compromised drones. Because of the panic and civil unrest, their mission to kill the operating system of the compromised drones seems impossible.
One week after the incident, the news media reports that insider threats in the national policy were the cause for the cyber attack on the UAS incident in the park. It published information that cybercriminals had infiltrated police networks for months allowing them to track their covert operations, enter their UAS operating systems and take control of the police-owned and used drones. They also managed to inject a malware virus into the drone’s operating system, enhancing their capabilities and tasking the UAS to carry out terrorist attacks without any human in the loop; even if the terrorist cell is apprehended, the drones will keep performing their missions.
Why EQ matters in exercising stakeholder engagement.
We cannot simply wait and see what happens when societies will need to deal with drone attacks. The decisions and actions we take today will shape the future of tomorrow.
The six Emotional Intelligence (EQ) markers that form the foundation of our stakeholder engagement tabletop exercises are decision-making, flexibility, stress tolerance, interpersonal relations, and empathy.
Decision-Making and sound judgment under pressure and personal interest. The build-up of getting very close to capturing the person of interest can cloud the overall assessment and decision-making process based on the high-risk profile of the situation.
They are exercising flexibility and stress tolerance during unforeseen disruption. Their survival instinct influences people’s behavior and response options in a loss of visibility and technical connection. They can harm the incident and crisis management procedures.
Interpersonal relations and empathy to ensure negotiation and influencing tactics and calm down the civil unrest. However, using violence as a counter-measures can turn into more significant civil unrest and have damaging long-term consequences on the national police’s reputation and public confidence in them. Especially when working with non-traditional stakeholders in dealing with this new configuration of cyber threats in the field of UAS can feel daunting.
Stakeholder engagement and crisis communication as now the complex web of stakeholders has enlarged. The state-sponsored proxy actors managed to influence public opinion and apply divide and rule principles of hybrid warfare. The national military, Interpol, politicians, public advocacy groups, and media are just some of the stakeholders needing to be managed by the police.
Everything humankind does exist in polarity, as does the criminal mind. We may never eradicate cybercrime, but we must think faster and act prepared so we can recover and thrive quicker than before. Especially when disruptive technologies such as AI can be manipulated and deployed by cybercriminals to disrupt societies as a whole.
Thrive with EQ and Cybrid Thrust’s tabletop exercises help you build human readiness in the digital age. We invite you to Simulate, Exercise and Collaborate so you can build human preparedness and mitigate the cyber-risk of UAS.
Matteo Baronio, CEO/Founder of Cybrid Thrust. Matteo achieved combined degrees in pure mathematics and security studies, with professional experiences in the military and the private sector. He delivers solutions for international organizations, government agencies and private industries, in the fields of drones, sensors, automation and related emergent technologies for security applications.
Nadja El Fertasi, CEO Founder of Thrive with EQ and former Senior Executive at NATO. Nadja helps people build emotional firewalls to minimize the pain of cyber crime. As the Founder/CEO of Thrive with EQ, she focuses on helping IT leaders evolve into a people-centric role and helps them navigate the complex web of stakeholder engagement and behavioural change in minimizing cyber pain, and mitigating cyber risk in people’s map of the world.