Drones are the latest in modern spy technology, but drones can also be victims of spying. Malware in drones, either in the form of a Trojan Horse built into the original electronics or smuggled in via software update is a major issue, especially when those drones are supplied by a foreign power. Ensuring drones are trustworthy has become a major undertaking.
Ever since its start in around 2014, the small drone business had been dominated by Chinese companies. In particular industry giant DJI claims something like 70% of the consumer drone market, selling Phantom and Mavic consumer drones by the millions. The drones were popular with all sorts of users, including law enforcement and the military. The problem is that DJI drones send back data and receive software updates from the company on a regular basis.
Friend or foe? U.S. Army Pvt. Brandon Ruehl prepares to release a Chinese-made quadcopter for … [+]
This might at the very least provide DJI with information about where the drones are based and when and where they have been flown. It might also provide them which much more information about tactical operations, or even give them the power to selectively disable drones. Naturally DJI stress that they are not working for the Chinese government.
U.S. lawmakers take a cautious view, and in December they added DJI to their Entity List – that’s the list of bodies considered a ‘national security concern.’
This is just the latest in a series of security measures against foreign drones. Individual U.S. agencies have taken their own measures, including the Pentagon, Department of Justice, while in 2019 the Department of Homeland Security issued an alert that Chinese-made drones were stealing data.
This has led to a U.S. government initiative to build and encourage an American small drone industry to create a supply of trustworthy drones. Perhaps the most significant restriction is Section 841 of the National Defense Authorization Act, which prohibits the Department of Defense from acquiring anything with a printed circuit board from China (or Russia, Iran or North Korea).
That includes pretty much everything electronic and ought to solve the problem – except it’s not that simple, according to Dave Sharpin, CEO of Auterion Government Solutions, a company in the forefront of the move towards open-source drone software and hardware.
“Something may say ‘Made in America’ but you need to look very closely at the supply chain,” says Sharpin. “If you look at, say, a camera, it may have been assembled in one country but some of the components may have come from somewhere else.”
Even when you break it down on a component-by-component basis, tracing the source may not be that simple. Auterion found this when they dug deeper into suppliers records.
“Some manufacturers build some lots in one country and some in another,” says Sharpin. “We find we sometimes have to work on a lot-by-lot basis.”
The important thing, according to Sharpin, is carrying out the due diligence in advance. Discovering components from a banned entity in the end product is too late.
U.S. Army Sgt. Jesse Moore operates a Chinese-made quadcopter in 2018. U.S. forces operated several … [+]
A similar audit process is carried out with software, tracing back every aspect to a trusted source. Each set of code is verified and validated, and tested to ensure that it performs according to specification. This can involve testing, simulation and even flight tests
The demand for drones that can be trusted in every way may be growing. Sharpin says he is getting a lot of interest now not only from government customers but also from business enterprises that are not bound by the same rules but want drones which are guaranteed reliable.
The requirement to prove that drones are trustworthy is only going to increase for one simple reason.
“Trust is becoming more important as autonomy increases,” says Sharpin.
At present, most drones are operated under direct human control. Increasingly though they are getting smarter with higher levels of on-board AI, and capable of carrying out not just landings and takeoffs but entire missions without human direction. And when a drone is making its own decisions, the operator needs to have faith in its decision-making process. While many current AI systems are black boxes which are impossible for humans to decipher, drone software needs to be transparent. It is a challenge, but not an insurmountable one.
“We are committed to autonomous systems that can be fully trusted,” says Sharpin. “But we’re just at the beginning of understanding how that process will work.”
For example, when dealing with a machine-learning system, the testing process will also involve validation of training data to ensure that it is accurate and that the resultant learning is — for example, that a system can accurately distinguish American-made from Russian-made tanks, if that is its role.
As Sharpin indicates, the field is evolving fast, with increasingly sophisticated AI software being developed all the time enabling drones to recognize objects, make decisions, or modify their routes. At this stage we do not even know what types of AI might exist in a few years’ time, and regulations are likely to need regular updating.
“Anything we do now is going to look archaic in a few years,” says Sharpin.
This is an evolving field. As drones become more important, there will be more incentive to hack into them, either by spiking the hardware supply chain or by infiltrating the software. And the process of defending them will become ever more challenging.