The drone business environment is healthy. It is expected to increase nearly 20% annually until 2023, according to IDC—but a growing number of industry insiders believe that for the UAV market to really thrive, a few things need to happen. As an industry, we need to develop a series of public standards, frameworks, and certifications. These next steps will help businesses and consumers alike feel comfortable with what drones are doing—and how they’re doing it. 

These are the conclusions that members of CompTIA, the world’s largest non-profit IT association, have arrived at after nearly two years of intense research and collaboration. The first result of that effort is a set of Drone Standards and Best Practices developed by the organization’s Drone Advisory Council. They are parameters for implementing UAS operations internally or hiring professional services providers.

While the standards provide practical, tangible guidelines to help companies reduce their liability risk and improve safety and support professionalism, there’s still much work to be done. The members of CompTIA’s Drone Advisory Council also realize that it is imperative for drone industry executives to work closely with government regulators and policy makers to identify, discuss and implement further measures that promote growth and innovation in the market.

“We need to more effectively navigate drone security, data security, and management from a drone perspective,” said Mario Rebello, vice president of government relations at DJI, a Shenzhen, China-based UAV/drone manufacturer and a member of CompTIA’s Drone Advisory Council that helped develop the initial Standards and Best Practices document. 

“There aren’t any industry-recognized, vendor-neutral UAV frameworks or protocols in place,” Rebello said. “And while it’s great to grow business in that sort of white board environment for a while, we’ve reached a point where government agencies and corporate businesses need more formality and industry norms to get involved with drone technology.”

In addition, a lack of regulations is the biggest drag on the industry, according to David Kovar, CEO and founder of URSA, a Manchester, N.H.-based risk management platform for the UAV industry. “Remote ID is a prime example,” he said. “Without Remote ID we will not get broad access to BVLOS, flights over people, and night operations.”

KEEP THE CONVERSATION GOING

To ensure that the development of standards continues—and continues to represent both business and user interests—several organizations have asked James Stanger, CompTIA’s chief technology evangelist, to represent the organization. His job will be to represent CompTIA’s members by proxy in ongoing talks.

Stanger is working with the Aerospace Industries Association (AIA), which focuses on larger federal and enterprise manufacturers. For the next several months, the AIA will focus on finding compromise that helps grow the industry and avoid a stagnation in business demand that would also impact tech innovation in the UAV industry. Stanger is excited to work with the AIA, because it is helping foster innovation by getting disparate entities to work together.

“Innovation is often worked on in siloed environments, which could impact cooperation and duplication of effort,” said Stanger. “There’s a misperception that standards hamper innovation. It’s quite the opposite. They help create cooperation and that focus brings progress, open standards and competition.”

Ideally, drone standards protect both businesses and consumers, according to Adam Gittins, general manager of HTS Ag, a Harlan, Iowa-based drone service provider.

“Standards in any industry are created to raise the level of professionalism and enhance safety—drones are no different,” Gittins said. “Standards allow us to follow what is known to be best and allows some consistency and predictability when they are being used.  This helps businesses avoid costly mistakes, and consumers can have peace of mind knowing that flights are being conducted with integrity.”

The day is coming where Amazon, for example, might regularly deliver packages via drone. Theoretically, Amazon would be in a position to gather a tremendous amount of discrete, topical information about the recipient. For example, let’s suppose that the drone takes a picture of the home, and a subsequent AI function notices a few things. It may notice that the home needs a new paint job. The drone may also notice that the grass is getting a bit long. Does this mean the owner wants to purchase some paint and a lawn mower? 

Opportunities such as this raise myriad questions about how—and if—information should be gathered, transmitted and secured. Those questions are important but also just scratch the surface of larger discussions in play regarding the security and data management of UAV solutions, according to Stanger.

“There are existing security and privacy standards, including the NIST 800 series and the ISO 27000 standards, that we can use as a template and then ask new questions and discuss issues of security and privacy,” Stanger said. But these security and privacy standards are just a beginning.

He cites MITRE cybersecurity standards, developed jointly by public and government-based factions as an example of standards successfully created, implemented, and now recognized by the likes of Northrup Grumman and Lockheed Martin. “Governments have a good way of starting things and making it possible for groups to then create new, solid standards,” he said.

The AIA hopes to have a completed standards protocol by Q2 or Q3 2020, at which point the discussion would turn toward possible certifications, training and how the standards would be applied in the marketplace. But that’s not all. People will still be running drones, and they need to be trained properly. But CompTIA is used to training people. 

“From an efficiency perspective, how do we train people? You really can’t use a single vendor’s standard or approach. The training has to be based on something more universal and global,” Stanger said. “You’ll need to consider various regulations, including GDPR, HIPAA, and others from around the world. We’ll figure it out. We have to, because without it, it hinders creativity, hinders progress.”

COOPERATION AND COMPROMISE ARE KEY

“Thus far, most government leaders and policy makers have embraced the notion of drones and are calling for standards to help the market grow,” Kovar said. “The FAA is not just amenable to working with the industry, they’ve clearly demonstrated their dependence on the private sector to accelerate adoption. The NPRM on Remote ID leaves a lot undefined, such as how to design, build, operate, and secure the underlying infrastructure. Any standards relating to these items are left to the industry, and specifically the service providers, to determine. We will face significant risk if the service providers rush to deploy solutions that are not based on well-understood and agreed-upon standards, but it is unlikely that the government will contribute to determining which standards in any meaningful manner.”

The CompTIA Standards and Best practices document is a set of principles to establish a necessary framework and foundation on which to build larger standards and possibly certifications, Rebello said.

“It’s a starter. Drones represent a complicated platform. They touch your network, your mobile devices, the cloud, your data. CompTIA is on the right path, recognizing that we do need standards. This is the preface, to move toward those industry standards.”

According to Stanger, developing standards for the UAV industry has far-reaching consequences, because drone solutions touch so many other technology categories, including aircraft, electronics, computing, surveillance, storage, and security.

“Drone tech is probably the most powerful manifestation of the emerging technologies in use today: In one form factor, a drone incorporates IoT, information gathering, AI, flight technology, GPS, gyros, lasers, thermal, delivery mechanisms, and more,” Stanger said. “The potential for misuse is enormous. Standards will definitely alleviate concerns, but no one can say we won’t have to work through some rough issues. I’m confident we’ll get there though.”