Guide for cybersecurity in UAS operations

In aviation, safety is the highest good. This also applies to the use of drones. In addition to the actual flight operations, questions of IT resilience are becoming increasingly important. Technical failures or deliberate disruptions can lead to risks in the air and on the ground. To address this, various basic IT protection profiles for the commercial use of drones have been developed by UAV DACH – European Association for Unmanned Aviation.

The number of cyberattacks on companies remains alarmingly high. What may be merely annoying for stationary computer networks can have serious consequences for unmanned flight systems. As flying computer networks, UAS, along with their ground control and monitoring technology, are particularly vulnerable. To further enhance the safety of commercial UAS operations and to provide assistance, especially to small and medium-sized enterprises, several IT basic protection profiles have been developed within the Competence Group IT Safety & Security of the UAV DACH industry association. Most recently, this work focused on the use of unmanned flight systems in the „Specific“ operational category according to the European Drone Regulation.

Three guides as practical orientation

The IT basic protection profiles for drone operations were developed in close coordination with the Federal Office for Information Security (BSI). Currently, three guides (Open, Specific, BOS) are available and fit within the established system of informational materials from the BSI. They serve as practical orientation aids for operators using drones as tools in their business operations. The newest publication is the „IT-Grundschutzprofil für den Betrieb von UAS Band 2: UAS-Betriebskategorie „Specific (Speziell)“: https://bit.ly/IT-Grundschutz-Profil_Specific (German)