Unifly, a Terra Drone Corporation group company and a leading provider of Unmanned Traffic Management (UTM) systems, is proud to announce the successful completion of the groundbreaking Unified UTM Cybersecurity Model project, granted by the Federal Aviation Administration (FAA) as part of the Broad Agency Announcement call 003. In partnership with the Rhea Group and NY UAS Test Site (NYUASTS), the objective and purpose of the project was to refine a UTM cybersecurity model, including the requirements and certification scheme, and to validate the model in an operational environment.

Andres Van Swalm, CEO at Unifly, expressed his satisfaction, 'We are thrilled to have successfully led this R&D project in collaboration with FAA, Rhea, and FAA-designated UAS Test Site. As drone use continues to rise, it's vital to develop specific cybersecurity measures for UTM to ensure airspace safety and security. We take pride in our key role in this initiative.'"

With the rapid growth of the drone industry, ensuring the safety and security of our airspace is more important than ever. UTM systems have a big responsibility in this regard. The key characteristics of UTM systems - software-based, highly automated, and relatively recent - make them an attractive target for cyberattacks that exploit vulnerabilities, threatening aviation safety, the privacy of airspace users, and business operations. Although cybersecurity is unanimously recognized as a critical safety concern, UTM cybersecurity has only been partially explored to this date. This includes either considering a limited subset of security attributes (e.g., authentication) or applying generic cybersecurity frameworks (e.g., National Institute of Standards and Technology (NIST) Cybersecurity framework) that do not provide sufficient cyber resilience for the complex ecosystem that is UTM.

As a result, no comprehensive approach to system requirements, and much less a unified certification scheme, has been developed to assess and validate cybersecurity for UTM systems. These gaps have triggered an urgent need for an updated security framework.

In the initial phase of the project, interviews were conducted with the following stakeholders from the UTM ecosystem:

  • FAA ATO (Federal Aviation Administration - Air Traffic Organization)
  • NASA (National Aeronautics and Space Administration)
  • CNA (The National Security Analysis)
  • Nav Canada (The Air Navigation Service Provider of Canada)
  • DroneUp (Drone Delivery Service Provider)

During the interviews, the concept of a unified UTM cybersecurity model was presented. Feedback and security requirements were collected from all interviewees, who acknowledged the need for a new security framework.

Jared Thompson, Nav Canada explains: "When considering traditional Air Traffic Management (ATM), it never had a model that focused on the operational aspect. Therefore, as we introduce additional layers like UTM, it's imperative to establish a cybersecurity direction as a baseline. While some operational frameworks do exist, they have not been applied in the ATM context.'"

Joey Rios, NASA emphasizes, "We indeed require the appropriate prerequisites for a UTM-specific cybersecurity framework. Additionally, there is a clear need for a verification approach to ensure the implementation of these requirements."

Eldon Myers, DroneUp affirms, "There is unquestionably a demand for such a framework. It should not only address the cybersecurity information and requirements but also ensure alignment with already established frameworks."

Alongside this input, the project team refined both the system requirements and the security controls for the updated prototype model. The updated prototype model underwent a demonstration through actual flights conducted in an operational environment at the NY Test site in Syracuse, utilizing tracking facilities and Unifly's Broadcast Location and Identification device (BLIP).

The extensive validation process comprised more than 60 flights conducted in diverse operational environments. These flights encompassed three distinct scenarios: operations under optimal conditions, operations subjected to simulated attacks, and operations with the implementation of countermeasures against such attacks.

The thorough testing and demonstration of the updated prototype model in real-world conditions at the NY Test site confirm the need and efficacy of the implemented security controls.

After extensive research, testing, and data gathering, several reports containing findings and best practices have been delivered. These reports will serve as a baseline for future cybersecurity framework development.

The results of this project will not only benefit the UTM industry but also various stakeholders, including drone operators, regulators, and the general public, by ensuring the safety and privacy of all airspace users. By implementing advanced cybersecurity measures, we can all have peace of mind, knowing that our airspace is secure.

This successful collaboration among Unifly and these stakeholders underscores the importance of partnerships and innovation in the ever-evolving world of UTM. Unifly remains committed to working with industry leaders to drive progress and enhance the safety of drones in our skies.

Source: Press Release