2.8. Control stations and control signal security

The second most important components in unmanned aerial systems beside the drones are the control stations (EASA calls them remote-pilot stations). These are the units used by the remote pilots to control the flight path of drones.

Control stations can be specific for specific drone types or they can be of a more general use type. The complexity of control stations varies greatly and depends mostly on the type of work a drone needs to perform, which in term is linked to the payload a drone carries.

While some drones perform very generic tasks like aerial photography, others are equipped with special sensors or special instruments. In both cases it is usually necessary for the on-board equipment to be controllable from the ground, which requires that the control stations are configured to do this.

Complex ground control stations contain one or more personal computers and one or more displays. If you encounter complex control stations pay special attention to the section on visible line of sight vs beyond visible line of sight.

All control stations typically contain lithium-based batteries. Refer to the section on batteries and battery chargers for additional information.

The personal computers at the heart of complex control stations usually come with operating systems and a large number of hard and software drivers, which need licenses and maintenance in the form of patches and updates to keep them safe and secure.

Some drone manufacturers (e.g. DJI) are know to sell drone systems which communicate flight data via the internet back to their servers. While this can be done for useful purposes, it does create a larger attack surface for hackers and additional confidentiality issues.

Radio communication related risk are dealt with in a separate section.

Risks

  1. Old and unpatched software enables hackers to take control of drones in flight or disturb the communication between pilots and drones.
  2. Unlicensed software installed on control stations violates intellectual property laws.

Audit Steps

  1. Review the system in place to ensure that the software used on control stations and controllers is up-to-date and legal.
  2. Sample test the software of control stations for up-to-date software patches.
  3. Review the provided encryption levels for the flight control and data links between control stations and drones.
  4. Evaluate if a potential transfer of flight data to the manufacturer (see background) is acceptable and if not, investigate further.

 

drone audit program index