Universal Framework for Unmanned System Penetration Testing

Multiple industries, from defense to medical, are increasing their use of unmanned systems. Today, many of these systems are rapidly designed, tested, and deployed without adequate security testing. To aid the quick turnaround, commercially available subsystems and embedded components are often used. These components may introduce security vulnerabilities particularly if the designers do not fully understand their functionality and limitations. There is a need for thorough testing of unmanned systems for security vulnerabilities, which includes all subsystems. Using a penetration testing framework would help find these vulnerabilities across different unmanned systems applications. The framework should encompass all of the commonly implemented subsystems including, but not limited to, wireless networks, CAN buses, passive and active sensors, positioning receivers, and data storage devices. Potential attacks and vulnerabilities can be identified by looking at the unique characteristics of these subsystems. The framework will clearly outline the attack vectors as they relate to each subsystem. If any vulnerabilities exist, a mitigation plan can be developed prior to the completion of the design phase. Additionally, if the vulnerabilities are known in advance of deployment, monitoring can be added to the design to alert operators of any attempted or successful attacks. This proposed framework will help evaluate security risks quickly and consistently to ensure new unmanned systems are ready for deployment. Verifying that a new unmanned system has passed a comprehensive security evaluation will ensure greater confidence in its operational effectiveness.