Cybersecurity Threats to the Internet of Drones in Critical Infrastructure: An Analysis of Risks and Mitigation Strategies
Ved å adressere de identifiserte sårbarhetene og implementere flere av de foreslåtte strategiene for risikoredusering, kan operatører av kritisk infrastruktur styrke sikkerheten til sine IoD-nettverk og dermed sikre en trygg og pålitelig drift av disse systemene. As the deployment of Unmanned Aerial Vehicles (UAVs), commonly known as “drones”, is becoming more and more common, ensuring the cybersecurity of these interconnected systems is of huge importance. Internet of Drones (IoD) is a relatively new term arising from Internet of Things (IoT) by replacing “things” with “drones”, and hence are prone to attacks just as IoT. Also, as more and more UAVs are connected to the Internet, they can be compromised by an adversary, since everything connected to the Internet is vulnerable. An application area where IoD can be useful, is within critical infrastructure. As such services may have severe consequences if disrupted, it is important that the IoD network is resistant to cyberattacks.
This master’s thesis presents a comprehensive analysis of cybersecurity threats to IoD in critical infrastructure. The research aims to identify potential vulnerabilities and effective mitigation strategies to enhance the security of IoD networks. To that aim, we first conducted seven interviews with key stakeholders in the drone sector, including drone operators, communication technology professionals, and industry experts. The interviews provided valuable insights into current practices, challenges, and perceptions regarding cybersecurity threats to UAVs and the IoD. We further conducted a technical experiment with several scenarios focusing on Global Positioning System (GPS) spoofing of the UAVs. The experiment helped us identify the level of difficulty for exploiting the UAVs. Furthermore, we estimated the costs and resources associated with GPS spoofing and Denial of Service (DoS) attacks by using an analysis tool called Resource Cost Model (RCM). The RCM illustrates which steps need to be taken by an attacker to carry out the attacks and gives an indication of how costly the attacks will be. Throughout the semester, we conducted a literature study on existing studies and relevant academic papers on the topic.
By addressing the identified vulnerabilities and implementing several of the proposed mitigation strategies, stakeholders can enhance the security of their IoD networks, especially in critical infrastructure, and thereby ensuring the safe and reliable operation of these systems.