Cybersecurity and Drones
Drones and Small Business Cybersecurity
by Carolyn Schrader
Drones are being used for many creative tasks. They are now used to deliver packages and take-out. Pizza
Cowboys may no longer need to ride the fence to look for damage. A rancher can send a drone with instant video
and GPS details to the ranch house. Repairs can be schedule efficiently. Farmers can send a drone over their
fields to look at crop growth and water levels. They can then remotely turn on needed irrigation. Real estate agents
can provide up to the minute views of a neighborhood to a prospective buyer. Buyers can see what their
prospective neighborhood backyards look like. Search and rescue workers can send a drone in advance to aid their
location efforts and identify the shortest route to a victim.
And drones are not just for the outdoors. A drone can fly down corporate hallways, through warehouse alleys and
inside large venues. How about a drone to capture your wedding from above?
With fabulous ways on the horizon to proactively use drones, there will likely be increased risk as well. Drones can
go places that security fences can’t stop.
Not your kid brother’s toy drone
“Hobby” drones typically have a camera and GPS service. As Scott Schober said in his blog, “think of them as
flying smartphones without the screen”. They can be flown 3+ miles away from the controller and be in the air 25-30
minutes. The cost for a hobby class drone can range from $200 up to $1,500. Some drones have target tracking
feature as well. As the market continues to expand, more features will be added to attract diverse customers.
Potential risks include a hacker modifying a drone to intercept signals between a WI-FI user and a public or other
accessible network. A mobile device could be tricked into thinking it connected to a legitimate network but the
transmissions actually were being rerouted to the drone’s ground crew and resent to another location.
Or equally deviously, a drone could intercept and reroute communications from a WI-FI system on a company’s
campus. Data harvesting could occur without the network administrators’ knowledge.
Jeff Melrose Sr. Principal Tech Specialist at Yokogawa USA gave a detailed presentation at Black Hat convention
in 2016 on interception tests. It is fascinating reading for anyone wanting more test information.
Another risk area is a hacker attacking your drone to steal the data the drone is gathering. If you are managing
aspects of your business by drone, it is conceivable that a competitor or nation state wants your information.
What businesses should do
Explore a variety of drones for your business purpose. Don’t decide on a model only on price. Find out what type of
security it has and how frequently and easily the security software will be updated.
A drone is a mobile Internet of Thing device. Just as you wisely evaluate security measures for other IOT products,
apply rigorous review of security measures. Think the worst of what a drone could do and plan accordingly.
Talk to your insurance agent as you make your decision on drone usage. This is a new area of insurance and you
should learn about the coverage needed for potential damage caused by your drone.
Evaluate establishing a company policy on use of personal drones in the work space. While there are a number of
positive uses (just as the first mobile phones used in the office were often personal ones rather than company
ones), be sure you are able to protect your computer network from casual drone usage that might have a malware