This publication below was published by E-ISAC on May 22, 2018. ICIT strongly encourages you to visit the E-ISAC to search for additional information security resources which are freely available.

Key findings: Cybersecurity risks posed by unmanned aircraft systems

The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information. Malicious actors could also exploit vulnerabilities within UASs and UAS supply chains to compromise UASs belonging to critical infrastructure operators and disrupt or interfere with legitimate UAS operations.

SCOPE NOTE: This Critical Infrastructure Security and Resilience note assesses cybersecurity risks to critical infrastructure associated with UASs. This product assesses the risks associated with malicious cyber actors utilizing UASs for offensive purposes, but does not assess the technical vulnerabilities associated with UASs or critical infrastructure systems. OCIA does not know of a confirmed incident utilizing a UAS for malicious cyber activity against critical infrastructure systems. This product provides situational awareness of potential current and potential future malicious actions, with malicious acts noted in this paper having occurred inside controlled environments. This product supports Federal, State, local, and private sector partners with UAS equities. OCIA coordinated this product with the DHS/NPPD/Office of Infrastructure Protection, DHS / NPPD / Office of Cybersecurity and Communications/National Cybersecurity and Communications Integration Center, the DHS/Office of Intelligence & Analysis, DHS/Science & Technology Directorate, the Department of Transportation (DOT)/Federal Aviation Administration (FAA), the DOT/Office of the Secretary, the Federal Bureau of Investigation/Cyber Division, the National Counterterrorism Center, United States Army/National Ground Intelligence Center, the Northern California Regional Intelligence Center, the Aviation Information Sharing and Analysis Center (A-ISAC), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and Argonne National Laboratory