Understanding the Shifting Landscape of Cybersecurity in the Drone Industry
By Jeremiah Karpowicz
What defines a “secure” system or network? This seemingly straightforward question can lead to numerous interpretations, particularly in the drone sector, where security involves elements like data encryption and best practices concerning password management. Rather than viewing security merely as a checklist of tools or processes, it is more accurately conceived as a comprehensive approach and mindset.
Kip Gering, the Chief Revenue Officer at SpiderOak, embodies this security approach. His journey, starting in the U.S. Air Force, equipped him with unique insights into communication hurdles in space. This background led him to facilitate the deployment of expansive wireless networks for utilities in California and Texas, serving applications that benefit smart cities. His expertise spans helping industries implement remote access controls while safeguarding operational technology software and devices across critical infrastructure sectors like utility, oil and gas, and defense.
This foundation in industrial IoT cybersecurity informs Gering’s current focus at SpiderOak, where he emphasizes engineering solutions that meet today’s compliance, security, and usability requirements. SpiderOak’s data-centric cybersecurity approach aligns with a significant shift Gering has observed over recent years.
“The perception of cybersecurity is definitely evolving,” Gering noted. “In the past, you could consider a system ‘secure’ if it utilized a method called air gapping, where operational networks were isolated from the Internet. However, that notion is dated as the potential for breaches now transcends mere network connectivity, whether wired or wireless. This shift necessitates a new paradigm, moving towards zero trust frameworks and secure by design principles, areas where we excel.”
Zero-trust architecture represents a paradigm where defenses concentrate on individual digital interactions rather than a general perimeter. Resources within this model must always be authenticated before any data exchange occurs, regardless of their network location. This is in stark contrast to the traditional model where once a resource gains network access, its authentication does not extend to subsequent interactions.
SpiderOak’s zero-trust security approach is built on these principles, reflecting their commitment to secure-by-design standards. This methodology encourages software and hardware manufacturers to develop their products in a manner that minimizes susceptibility to cyber threats. By endorsing secure-by-design and secure-by-default principles, they create robust systems capable of secure digital interactions, fortified against AI-driven threats and advanced attacks on network vulnerabilities.
In an era where Malware-as-a-Service (MaaS) is a reality, this security focus is critical. Drone manufacturers, in particular, must adopt a security mindset in their hardware and software development. SpiderOak’s platform empowers tech providers to embrace secure-by-design principles and mitigate future vulnerabilities, ensuring users experience reliable security and communication.
“With drones, we foresee a surge in attempts by malicious actors to disrupt communication signals,” Gering explained. “Thus, there arises a genuine necessity for functionality in circumstances where communication is compromised or operates on a reduced bandwidth. This decentralization is our strength, enabling guaranteed eventual delivery of data, which bolsters communication resilience. It is particularly appealing to firms operating in environments with inconsistent connectivity.”
This communication reliability is vital for maintaining connections in autonomous swarm functionalities and ensuring comprehensibility in interactions with crewed aircraft—where the stakes are high. Furthermore, enhancing communication resilience is a built-in feature of their software.
The decentralized strategy also aids in managing who has access to operational data. In the context of public safety and surveillance operations, it is essential to delineate data sharing protocols, specifying who can access what information.
Gering emphasizes embedding cybersecurity conversations in the design phase of projects instead of attempting to retrofit them later. This preventive strategy ensures security is integrated from the outset, helping technology providers save on development costs and allowing end users to minimize additional security measures, thereby reducing operational costs and potential points of failure. Such a proactive stance addresses challenges like communication interceptions and spoofing, with embedded software authenticating each mission payload message and command function. These intrinsic security features distinguish their solutions and attract drone tech providers as partners.
“With SpiderOak, software developers can dedicate their efforts to operational features rather than implementing complex network communication protocols and security measures,” Gering remarked. “Our platform significantly simplifies the creation and implementation of secure messaging, benefiting drone solutions that typically depend on encryption and shared credentials. We offer a streamlined solution that checks all cybersecurity boxes, allowing for enhanced security, including authentication, access control, data integrity, and confidentiality.”
Such security capabilities are becoming increasingly essential for drone companies as mission complexities rise. As threats evolve alongside technological advancements, robust data protection and guarantees against unauthorized access will become crucial differentiators in the drone industry.
Moreover, these considerations extend beyond the drone sector. Gering stressed the significance of avoiding compromises when navigating these challenges. Often, opting for a simpler cybersecurity solution can seem appealing; however, it can increase vulnerability to breaches and spoofing.
Mitigating data breaches and more severe repercussions demands a robust approach far exceeding just secure systems. Remaining updated on the changing threat landscape and new attack tactics is equally critical. This underscores the need for an evolving, comprehensive security approach.
“Cybersecurity is a continuous journey,” Gering stated. “Practicing cyber-safe engineering is vital throughout system development and product life cycles. Technology providers must be aware of vulnerabilities and attack methodologies applicable to their systems, as the landscape is always progressing.”
Want more stories like this? Subscribe today!
