has been on DJI and other Chinese companies which may or may not pose a security concern. However, one would expect that American and other drone manufacturers may have created similar protocols for transmission of data, ostensibly to allow them to improve their products and their customer service. While the level of security concerns may be as high with these companies, there still may well be commercial issues that bear investigation.
The controversy over the potential for covert sharing or transmission of data will continue. It illustrates the need for drone services providers and those using their services to ensure that they fully understand - and if necessary control - the transmission of drone-derived data. Customers and service providers who are using an integrated drone application need to stop thinking of drones as flying cameras or radars and view them for what they are (or will be once the FAA regulations permit their use in the highest-value operations) - data acquisition nodes on a world-wide, interconnected communications network.
This type of controversy is not new for communications networks. Similar questions about data interception and transmission by other types of network equipment have existed for years. Some Western governments have expressed concerns about and even gone so far as to forbid the use of Huawei equipment by government agencies and contractors (see this report about NSA’s investigation: http://spectrum.ieee.org/tech-talk/computing/hardware/us-suspicions-of-chinas-huawei-based-partly-on-nsas-own-spy-tricks). In other countries, similar concerns have been expressed about the use of Cisco equipment manufactured in the U.S., and in some cases formal or informal bans on foreign government agencies’ purchases of Cisco equipment have been implemented.
The UAS network is comprised of the drone itself, the communications link between the drone and the server (whether on the service provider premises or in the cloud), the software program used to analyze or process the data, the servers where the data is stored and the transmission links over which the data is distributed. In order to provide the necessary level of security, drone services providers and their customers need to be aware of the terms of use and privacy policies of each entity in the communications, including the platform operators.
The first area of concern for customers ought to be the privacy policies and data usage policies of their service provider. Does the provider have the right to keep a copy of the data and if so what use can the provider make of it? Similar concerns exist with regard to the platform providers. Most drone services companies will be using one of several platforms to upload, store, manipulate and obtain actionable information from the data for their customers. The risk to service providers and their customers comes not just from potential back doors or malware, but also from the use and distribution of data by others in the network chain. For example, there has been very little thought given by customers or most service providers to the potential for platforms such as Drone Deploy or Skyward to reuse, store and distribute aggregated or individual customer data.
At this point, there are no industry best practices or hard-and-fast answers for any of these issues. Drone services providers and their customers need to keep these risks in mind as they purchase or provide services and develop the UAS ecosystem.
sUAS Guide / Q3 Update, October 2016 19