Inside Unmanned Systems

AUG-SEP 2017

Inside Unmanned Systems provides actionable business intelligence to decision-makers and influencers operating within the global UAS community. Features include analysis of key technologies, policy/regulatory developments and new product design.

Issue link:

Contents of this Issue


Page 43 of 67

CYBER RISK REDUCTION 44 unmanned systems inside August/September 2017 place, Kennedy said. Their protections should be at least as robust as your own and consistent with any legal obligations the company has to protect the data. Review contracts to ensure they represent and warrant that the vendor has implemented an appropriate informa- tion security program. The vendor should also commit to disclose any security breaches, and comply with applicable laws and regulations. Be critical of the vendors you use, Finisterre said. Push them to be public about their data policies and what they do with their data, or to openly make a statement that they won't use your data for their own purposes. ten they'll keep you up to date as they work to de- termine who attacked and what data was taken. You might want to have a lawyer review the data protection agreement before you sign. "If a company is outsourcing UAVs and f ly- ing pipelines and crops, they want to get as many f light hours in as possible so they can bill and grow the company," Kovar said. "They may not be taking the time to develop internal data protection. So instead of f lying your property, taking all the data off the UAV and putting it into an encrypted folder that's only available to the client and the company, they may put it all on a thumb drive and put it in the back of a car, where it stays until the next f light." Remember, your organization is only as strong or as secure as your supply chain, Kovar said. If you're buying unsecure equipment and not tak- ing steps to secure that equipment, it puts the entire organization at risk. The same applies for software as a service. If you're using an external site for processing image data and the compa- ny's servers are not secure, your data could be stolen—and the vendor might not even know it. Secure From the Start As the technology evolves and manufacturers rush to get the latest and greatest out the door, most, while they have good intentions, aren't investing as much time and effort in security as they should, Kovar said, whether it's hard- ware, software or operational products. "You can't bolt security on after the fact. You have to design it in from the start," he said. READ USER AGREEMENTS If you're using a cloud service that does any type of post processing or data analysis, you sign an end user license agreement, said Kevin Finisterre, senior software engineer at the fi rm Department 13. You have to understand what that license agreement allows them to do with your data and make sure you're OK with it before accepting the terms. Some services say they have the right to do whatever they want with the data, which is a situation you want to avoid. The problem is, if you don't accept the terms, you won't be able to use the service. CHECK SECURITY EVEN ON THE CLOUD If service providers are using the cloud to store your data, there's reason to believe that environment is more secure, said David Kovar, president and founder, Kovar & Associates, but no matter how good Amazon or Microsoft is, if the service provider hasn't made use of the cloud resources and security controls appropriately, your data could still be vulnerable. That's why it's important to ask questions and to do your research before signing on with a third party service provider. " THE MOST IMPORTANT THINGS FOR A CYBERSECURITY PROGRAM ARE PEOPLE, PROCESSES AND TECHNOLOGY. PEOPLE SHOULD COME FIRST, BUT UNFORTUNATELY A LOT OF CORPORATIONS FIGURE OUT THE TECHNOLOGY FIRST." David Kovar, president and founder, Kovar & Associates Photo courtesy of Hypack. Ask these companies how they're protecting your data and where it will reside, Kovar said. If it's in the cloud, ask which one. Microsoft? Amazon? Something the company built itself? Is the server in the U.S., China, Russia or some- where else? If data is stored on a server in anoth- er country, you have to figure out whose laws ap- ply to accessing that data, how you'll be notified if the data is accessed illegally and your rights to the data. Find out what the notification require- ments are if the company is hacked and how of-

Articles in this issue

Archives of this issue

view archives of Inside Unmanned Systems - AUG-SEP 2017