After a recent presentation at the ASIS Toronto best practices seminar one of the attendees asked if I had any good news and I responded no. Later that evening I realized the perception of how much doom and gloom my presentation had. I have been talking about unmanned systems for some time now and every day I learn something new.
These systems are the next revolution similar to 6 August 1991, when the World Wide Web went live around the world. Now some of the biggest security threats emanate from the internet. However, I think the evolution of this threat will be much faster than the internet. ISIS used a software program similar to Skygrabber, developed by a Russian company and originally intended to download music and videos from the internet, to hack one of America's most sophisticated weapons. It’s funny they learned this trick from Iran after they successfully downed the CIA super drone in 2011.
Criminals and our enemies understand and use technology much better than we thought they would. They exploit technologies that have benefits and turn it against us. So how long will it take for them to put two and two together? Sadly I think they already have done it and they are just waiting. We have countless examples of criminal and radical group use.
The prevalence of this technology has exploded in the last year and continues to grow. One enterprising young individual over at the Hackerspace Knackatory decided to build a quad copter from e-waste (the junk and components like the fans that cool your desktop computer). If you have a 3D printer you can print a quad copter if you so inclined to. So ask yourself -- where does it end?
So how do we protect ourselves?
Companies are popping up with detection solutions but what is the point of detection if you have no response. Allow me to explain the “voodoo magic” of effective security. You must have effective Deterrence, Detection, Delay and Response.
Deterrence – visible physical security measures installed to induce individuals to seek other less secure targets.
Detection – physical security measures that allow for early detection of unauthorized intrusion and provide local and/or remote intruder annunciation or assessment.
Delay – security measures that delay an intruder’s access to an asset and provide time for incident assessment and response to arrive
Response – appropriate measures taken to assess, interrupt, and neutralize an intruder
Now apply this philosophy to a rouge drone or unmanned system!
You may have a minor problem with your response. Now if you’re guarding a nuclear power plant you may have the ability to shot down a rogue system, however, if you’re in downtown any major city in the world, then you may have an issue. The FAA on several occasion has tried to fine the fellows at Team Black Sheep $10,000 based on the content of one of their videos.
The skies are wide open and several young enterprising individuals are seeking fame and fortune testing the limitations of society’s tolerance. However, how long until it’s no longer just about “getting that killer video”? During my presentation I give a demonstration of how a person with limited programming knowledge can hack and reprogram an AR Parrot Drone and various applications associated with it do anything. For example dancing and saying hello or flying a completely autonomous flight in what is “controlled airspace” using GPS waypoint.
My point is that if I can do this with limited knowledge of computers and systems then what can someone with the knowledge do?
It may be “Doom and Gloom” but maybe we need to deal with that!
No comments:
Post a Comment