SlideShare a Scribd company logo

A TASK BASED information break down of COUNTERING UAV

Edwin Hofte
Edwin Hofte

THE RAPID SPREAD AND GROWING USE OF UNMANNED AERIAL VEHICLES (UAV) BY INDIVIDUALS, THE PRIVATE SECTOR AND TERRORISTS HAS GIVEN WAY TO NUMEROUS DEVELOPING SECURITY CONCERNS. THIS ARTICLE ANALYSES HOW GOVERNMENT, REGULATORS, SECURITY SERVICES, LAW ENFORCEMENT CAN ADDRESS SOME OF THESE CONCERNS. COUNTERING THESE SECURITY THREATS IS COMPLEX AS THE THREATS HAVE TO BE COUNTERED AT DIFFERENT TECHNOLOGICAL LEVELS AND INTENDED USE SUCH AS TERRORIST, CRIMINAL, MILITARY, INTELLIGENCE, SAFETY ETC. TO ENABLE ANALYSIS A FRAMEWORK IS INTRODUCED TO CLASSIFY THE TASKS COMMONLY ASSOCIATED WITH ADDRESSING SECURITY THREATS: INTELLIGENCE, GUARD AND SECURE, OPERATIONS AND LAW ENFORCEMENT. USING THIS FRAMEWORK A BREAKDOWN OF THE INFORMATION NECESSARY TO PERFORM THE DIFFERENT TASKS IS INTRODUCED. WE ANALYSED WHAT INFORMATION NEEDS TO BE GATHERED TO ENABLE THE DEVELOPMENT AND EXECUTION OF COUNTER MEASURES ASSOCIATED WITH THE DIFFERENT TASKS. SPECIAL ATTENTION IS PAID TO HOW DIGITAL FORENSICS ON UAV’S COULD CONTRIBUTE TO THE TASKS OF INTELLIGENCE, GUARD AND SECURE, OPERATIONS AND LAW ENFORCEMENT.

Technology
1 of 8
Download to read offline
BIJDRAGE: ing E. Hofte CISSP CEH CIH en dr. Ir. A.P.M. Zwamborn - Royal Netherlands Marechaussee dr. A.J. Hoogstrate - Netherlands Defense Academy ABSTRACT THE RAPID SPREAD AND GROWING USE OF UNMANNED AERIAL VEHICLES (UAV) BY INDIVIDUALS, THE PRIVATE SECTOR AND TERRORISTS HAS GIVEN WAY TO NUMEROUS DEVELOPING SECURITY CONCERNS. THIS ARTICLE ANALYSES HOW GOVERNMENT, REGULATORS, SECURITY SERVICES, LAW ENFORCEMENT CAN ADDRESS SOME OF THESE CONCERNS. COUNTERING THESE SECURITY THREATS IS COMPLEX AS THE THREATS HAVE TO BE COUNTERED AT DIFFERENT TECHNOLOGICAL LEVELS AND INTENDED USE SUCH AS TERRORIST, CRIMINAL, MILITARY, INTELLIGENCE, SAFETY ETC. TO ENABLE ANALYSIS A FRAMEWORK IS INTRODUCED TO CLASSIFY THE TASKS COMMONLY ASSOCIATED WITH ADDRESSING SECURITY THREATS: INTELLIGENCE, GUARD AND SECURE, OPERATIONS AND LAW ENFORCEMENT. USING THIS FRAMEWORK A BREAKDOWN OF THE INFOR- MATION NECESSARY TO PERFORM THE DIFFERENT TASKS IS INTRODUCED. WE ANALYSED WHAT INFORMATI- ON NEEDS TO BE GATHERED TO ENABLE THE DEVELOPMENT AND EXECUTION OF COUNTER MEASURES ASSO- CIATED WITH THE DIFFERENT TASKS. SPECIAL ATTENTION IS PAID TO HOW DIGITAL FORENSICS ON UAV’S COULD CONTRIBUTE TO THE TASKS OF INTELLIGENCE, GUARD AND SECURE, OPERATIONS AND LAW ENFORCEMENT. KEYWORDS UAV, CHAIN, DRONE, FORENSIC, DIGITAL FORENSICS, EXPLOITATION, MARECHAUSSEE C-UAV 1515
Introduction Nowadays there is an increasing use of Unmanned Aerial Vehicles (UAV). Privately owned or used by military and law enfor- cement. There have been various incidents and threats through mis- or abuse of UAV. On July 22 2014 an unmanned air vehicle came within 20 ft. of colliding with an Airbus A320 airliner as it made its final approach into London Heathrow airport. Detailing the incident on July 22 this year, investi- gators from the U.K. Airprox Board, which examines the causes behind air proximity incidents in British air space, said the inci- dent posed a serious risk of collision (Tony Osborne, 2014). May 23 2017, a drone has been involved in a near-miss with a plane making a descent into Edinburgh Airport (BBC, May 23, 2017). Apart from these civil originating incidents there are incidents that are military born. In 2011 a UAV was hijacked by Iranian forces. President Barack Obama said that the United States has asked Iran to return a U.S. drone aircraft that Iran claims it recently brought down in Iranian territory (CNN, 2011). And then there is a development that ISIS is using drones as an ‘increasingly unconventional’ weapon, to drop grenades on army forces (Walker, 2017). This kind of threat can easily be transfer- red into home territory as experiences, developments and success-stories by our adversaries increase in time. For less than $1,600, anyone can acquire a ready, GPS-enabled and camera- equip- ped consumer drone that can carry a small amount of weight. IS introduced terrorists to new and innovative capabilities in executing attacks, particularly the ability to bypass traditional security measures such as fences and gain unprecedented access to a vul- nerable target. Lone wolves in the United States break the mold of global terrorism, motivated by anti- governmental ideologies more than reli- gious or other principles. Innovators among these lone wolves may use consumer dro- nes to target a number of long-term static, temporary static or mobile targets in the coming years. Consumer drones currently on the market offer a diversity of capabilities, of which payload, maximum range and maximum speed are most important. In general these consumer drones can carry up to 1.0 kg of a substance, significantly limiting the destruc- tive capacity of an explosive-laden drone; even so, a precision attack can render de- vastating effects against a vulnerable target. Currently, commercially available drones capable of more payload weight are beco- ming available with lesser budget. Conse- quently its availability to adversaries is, to our opinion, just a matter of time. It should be noted that lone wolves are expected to use traditional arms and bombs in attacks rather than explosive-laden consumer drones due to a much higher probability of inflicting more casualties and causing more damage. So in the short term the UAV born threat will more likely be an individual who acciden- tally crashes into an airplane, rather than a lone wolf with malicious intention (Hughes and Hess, 2016). At least for now. Military Engineer Troops use services offered by civil organizations for GIS and surveying critical infrastructure 1616 C-UAV
1717 The doctrine describes the way one can counter IED’s. Understanding the threat and gather intelligence to create operational awareness. The organization needs to be prepared in case of an attack. She must be able to attack the operational (organiza- tional) network and must understand the technical and operational nature of the IED system in order to become abtle to succes- fully engage such a threat. All components form several attack surfaces. Interventions at multiple components or combinatins are possible. The combination of knowledge, skills and means provide the ability to protect. This research will describes the technical way that leads to situational awareness and understanding of countering UAV’s, lear- ning from the approach model for C-IED. The UAV Counter Chain Model consists of four counter phases. 1. Detection; 2. Classification and Identification; 3. Neutralization; 4. Attribution; The business processes are being visua- lized as columns. The height of the yellow Countering UAV attacks How can an UAV born threat or abuse be countered? Countering these threats in the Netherlands is a shared responsibility of dif- ferent organizations. The Royal Netherlands Marechaussee (Royal Netherlands Mare- chaussee, (n.d.)) is one of them. It watches the security of state in the Netherlands and beyond. It is deployed globally to places of strategic importance. From the Royal pala- ces to the external borders of Europe. From airports in the Netherlands to war theatres and crisis areas around the world. The Marechaussee has 3 main tasks: 1. Border police case; 2. Guard and secure; 3. International and military police tasks. The Marechaussee performs these tasks for the Ministry of Justice and Security. While delivering these tasks it faces more and more new digital- or digitalized threats. The misuse or abuse of UAV is one of them. Besides the Marechaussee several other organizations have to deal with this threat as well, The National Police, the security services as well as the military. Countering the threat is for each of these organizations differs from an operational point of view as they all have slightly different tasks and therefore different priorities, operational constraints and consequently business ob- jectives. However, the available techniques for detection, identification and engaging a possible threat are equal. We therefore describe what the business objectives dictate as to countering UAV’s. Is intelligence gathering the objective or do we need to stop its flight to prevent a possible attack or disaster? In an ultimately case we have to take the human control- ler of the UAV to court. Several primary processes could all benefit from countering UAV. Intelligence, Operations and Policing, the latter is the law enforcement task. The business value is mainly dependent on the kind, the quantity and quality of data that is retrievable out of the UAV, its command and control or sensing components. Insight in data creates understanding in how we could counter UAV born threats and its value to the primary processes of the Marechaussee and the other governmental organizations. The different business objectives in coun- tering a UAV born threat require different amounts of data and consequently informati- on. We introduce a model that measures the amount of data and relates it to the business objective. From an operational point of view it should be noted that positive identification of the UAV is paramount. Otherwise it could be that an officer is mistakenly tracking an air van of a vehicle. In this respect, one could think of utilizing white/black listing to reduce the time to recognize a UAV in flight. The first step is to model a UAV Counter Chain Model. Developing the model Prior to establishing a model we studied the lessons learned from countering Improvi- sed Explosive Devises (C-IED) formalized through the Allied Joint Doctrine for Counte- ring - Improvised Devices. NATO AJP-3.15 (Ministry of Defense, 2017). C-UAV Different COTS and MOTS systems to counter- act UAV are available in the market, this is an example of SteelRock Technologies NATO AJP-3.15 An UAV with a C-IED capability
1818 upon commercial available UAV’s mentio- ned in the threat model of Matthew Hughes & James Hess (Hughes and Hess, 2016). To further structure our approach we divide the exploitation fields into an electromagne- tic section, representing OSI layers 1-2 and the cyber section, representing OSI layers 3-7. We follow a similar approach as in elec- tronic warfare, the Cyber Electro Magnetic Actions (CEMA) [16]. ELECTROMAGNETIC SECTION Electromagnetic detection delivers every UAV visible in the range of a detector. Radar is an effective methods to detect and track aerial threats. It is able to distinguish small UAV’s from birds using precision radar, but this defense mechanism encounters unique challenges when applied to consumer UAV. (Maddox et al., 2015) It’s challenge is to reduce false positives. Furthermore, operators may fly at low altitudes, below 30 meter (derived from 100 feet, Elias, 2016), to capitalize on inter-visibility lines created by surrounding terrain, e.g. trees or buil- ding blocks to block line-of-sight required for radar detection (Elias, 2016). What is a possible better way to detect an UAV? Detection There are several ways to detect an UAV. [10] Audio detection does NOT work in urban environments. Most microphones only cover well at 8 to 15 meter so, mainly due to the ambient noise in the area. Video detection is a useful tool, but with some limitations. Cameras can see sharp out to about a couple of hundred me- ter but have a very difficult time distinguis- hing birds from drones. Thermal detection has an effective range of about 100 meter for recreational UAV’s. Much like audio detection, thermal detec- tion would have had little success detecting an UAV, like most recreational UAV, don’t produce sufficient infrared radiation with respect to its background to get a usable IR-signature. Radar has proven to be the traditional mechanism for detecting flying vehicles. However, both radar and optical bases of the columns indicate the increasing business value and the coherent demands on data quality and quantity. This paragraphs describe the increasing demands on data forensics based on the business value. The model defines business value per process as part of the Marechaussee operations. The optimum for the Intell process could be the state where gathered information will lead to the identification of a thus far unknown modus operandi by adversaries. It could be beneficial to Guard and Security to future identification of an UAV born threat. For Guard & Secure this will mean a developed ability to eliminate an evolved threat. Ope- rations is satisfied if any UAV born threat is neutralized in or approaching a high risk area, e.g. an (military) airfield. Policing want to pursue an adversary in court. There for forensic sound data is mandatory. Procedu- res to guaranty the chain of custody of data collection and investigation must be applied to be successful. As indicated previously the different phases in the C-UAV chain phases contribute to several law enforcement processes. Phases detection, classify and identify contributes mostly to intelligence and Guard & Se- cure related tasks. Inflight data is mostly retrievable through carrier signals in the electromagnetic spectrum. OSI layers one [1] through four [4]. Neutralizing an UAV is of major importance for maintaining security at airfields or during events and therefor contributes to operations. It is feasible through disturbing or spoofing the com- mand and control channel or penetrating the UAV in the Cyber Electro Magnetic Actions (CEMA) [16]. The later delivers more data for forensic investigation because the UAV can be foren- sically examined. Electronic exploitation of the UAV, as part of forensic examination will be conducted after it’s grounding. Finally if a human controller of an UAV has to be brought to justice, attribution is necessarily. Penetration becomes mandatory during flight combined with forensic data analysis after it’s grounding. Investigation can’t be limited to the CEMA domain. The UAV and it’s command and control components need to be investigated in the physical domain as well. Ordinary policing methods like sear- ching for fingerprints or DNA needs to be combined with digital investigation. A major constrain in the latter phase of UAV Counter Chain Model is maintaining the ‘chain of custody’. For the prior business processes the chain of custody isn’t always a precon- dition. Absence of it doesn’t prevent from achieving business objectives for intelligen- ce, weapon technical intelligence (WTI) or operations. To determine what data could be found in an UAV it is helpful to understand the design of such a system. The UAV consist of a core physical structure, a C2 architecture, a net- work architecture reaching further than C2, for example constructors’ architecture and UAV payload. Communication between controller and UAV can utilize Wireless LAN, 3/4G and satellite radio signals. UAV Counter Chain Model Forensics The following paragraph will lay out the sequential phases of the UAV Counter Chain Model and describes the forensics based C-UAV UAV Counter Chain Model UAV communications channels
definitively prove that a particular incursion was done using a specific UAV. In other words, we may provide enough supportive evidence for criminal prosecution. We might be able based on the collected data to con- ciliate the UAV by alternative physical- or electromagnetic means. Therefore a com- bination of CEMA and physical investigative actions is needed. CEMA detection needs to be focus on gathering data and prepare for possible actions in the classification- and neutralization phase. Simultaneously in the physical realm officers need to use infor- mation gathered in the detection phase to prepare operations for actions. They could approach the operator based on intercepted GPS coordinates or/and prepare physical counter measures for neutralization. In 2017 TNO conducted R&D on a labora- tory scale where they showed the merits of the first three phases of UAV Counter Chain Model. This investigation additionally showed the value added of visualization including method and results. To detect UAV’s several tools can be used. Aircrack-ng (www.aircrackng.org) is a com- plete suite of tools to test WLAN security. The R&D setup could be used for detection. It focuses on different areas of WLAN secu- rity. TNO used it for monitoring. e.g. Packet capture and export of data to text files for further processing by third party tools. Data retrievable during detection merely consist of MAC addresses, ESSID, channel indication, encryption and authentication algorithms which is shown in the figure Aircrack-ng. It contributes to the first step in the identifi- cation process. BSSID is typically the MAC address (H/W Address) of the Wi-Fi Chipset running on a Wireless Access Point. ESSID is just the SSID or the Network Name (for Infrastructure AP networks) “HACKERS AHEAD” would be an ESSID. The UAV calls for one of these ESSID’s. In countering the are line-of-sight detection sensors, with their derived restrictions. An example is Squire (Thales and Robin Radar n.d.). It detects UAV’s up to three kilometers through utilizing the Doppler Effect caused by the rotor blades, even at low altitude. False positives do occur, be- cause it detects also detects the ‘blades of a fan’ present on other vehicles like automo- biles. It is able to classify the UAV and self corrects its results through data analyses. The value added is momentarily limited to Intelligence and operations since it delivers only indicative data, which is based upon the micro-doppler readings. It does contribute to general situational awareness and delivers input for decision making for Guard and Security. The business value could be enhanced by utilizing probability based decision suppor- ting tools combined with indicative infor- mation as input for (automated) decision making for Operations. Due to the limited reaction time needed to neutralize an UAV this might be a topic for further scientific investigation or product development. CYBER ELECTROMAGNETIC ACTIVITIES (CEMA) SECTION Detection just based on utilizing the electromagnetic layer restricts results. It is momentarily the most common method of controlling commercial UAV’s utilizing 2,4 and 5 GHz frequencies. In addition to radar the most effective way to detect UAV is by using its pertaining radio frequency (RF) activities. It has a long range, about two to five kilometers [17] and is difficult to circumvent. Unlike other methods, RF detection can do more than just identify that an UAV is nearby. Within this vector we could be able to penetrate the system using exploits (Cyber and EW) and subsequently glean important data such as GPS coor- dinates of the UAV and controller, altitude and Unique identifier of the UAV. This paper elaborates in more detail on retrievable data in the section about attribution. We may glean enough additional data to not only find the UAV but to find its opera- tor, and with the unique identifier we can Frequency Spectrum for UAV detection Aircrack-ng C-UAV 1919
data further up the OSI stack. Especially ISO layer four (4) and up. To be able to attribute TNO and other researchers investigated the UAV and it’s operational environment. To find out it’s working mechanisms, ways of communication and vulnerabilities which can lead to possible entry points and usage of (known) exploits. An operator needs to control the UAV, in this TNO experiment a widely used commercial UAV, the DJI Phantom 4 [11], one needs a controller which can be a hardware control- ler or an application on a smart device. An application which could be part of a client server construction of the vendor. By doing so the client-server infrastructure is part of the system that needs to be forensically investigated. In many cases the two control options are combined. The hardware controller is responsible for establishing the secure control channel. The application on a smart device establishes a separate connection for data exchange. This is sensor dependent. It could be used as a data channel for audio, video or photo based functionalities. Many UAV’s contains a GPS receiver for generating geo-coordinates which can be utilized through the applicati- on installed on a smart device. Thus the forensic investigation shall be focu- sed on the application layer. The Operating System. In case of the Phantom 4 Android or IOS. These OS’s utilize backups on Google or Apple data centers. In case of IOS based on the Apple ID that is used. The OS also sends captured geolocations to Google or Apple. An example of wider infrastructure that could be part of forensic investigation. The OS writes log files. These files sometimes contains usernames and passwords, hashed or plain text wise and Mail or MAC addresses. [12] and are very useful for attribution. The application could contain data like: 1. Device related data and user related data; 2. Geolocations and routes (flightpaths) 3. Photo, video and other sensor data; 4. User credentials for excessing vendor site; UAV we could impersonate the ESSID to force it to connect. Ones the connection with the UAV is established internal C2 data becomes available. By the time of writing this paper, vulnerabilities could be fixed by manufactures. Further research for identifi- cation en classification through penetration is mandatory, due to the constant evolving process of software- and vulnerability ma- nagement. Classification and Identification Establishing the connection via Snoopy-NG (application in kali Linux). It sets up an ac- cess point which forces the UAV to connect. By coupling the data captured through snoopy-ng with the reporting tool Maltego several data becomes visual. Snoopy is a server-client architecture that fills a database with captured metadata of connected clients. Maltego is the associated reporting tool. Data to be collected next to SSID and MAC addresses could be tech- nical data from UAV components, internet connections to other databases or storages which has been established by the UAV en possible C2 or sensor channels. By analyzing the data in Maltego, the UAV can be classified. The components, connec- tions and related storages are being visua- lized. The identification combined with the data from the classification could lead to its operator. This data serves Intel and operational pur- poses. Combined with other information it could lead to more holistic situational awareness or contribute to risk assessment during events or ground security at airfields. Now when an UAV is still in flight a decision has to be made based on a possible threat or risk that it could be. Neutralization In this phase the UAV needs to be stop- ped when approaching a sensitive area or deliver its payload. There are several ways to achieve this goal. This paper restrict itself to utilizing the Cyber Electromagnetic Activities (CEMA) approach. Intervention at some point at the attack surface is needed. Taking over the control channel, attacking the operating system, spoofing a different geolocation are all options. But it needs to be done in a timely manner. The time to act is short. The mean chosen must be one based on operational priorities. If the UAV needs to be neutralized because of the nature of the threat, less priority will be given to the collection of usable data for attribution. If possible the UAV needs to be kept intact for later (digital) forensics. If a UAV has an incoming velocity of 90 km/h and is 1000 m away the counter UAV phases “detection through neutralization” needs to be com- pleted under 15 seconds. Time to act is short! ([17], ref). As of time writing this paper the velocity of some commercial UAV’s reach a maximum of 200 km/h. It implicates the constant shorter time to react on a threat. The earlier time to react at a speed of 90 km/h was 15 seconds. 15 seconds *90/200 means 6,75 seconds reaction time between detection an possible neutralization. The development of these commercial UAV’s is asking for automated decision making. Attribution To attribute the control of an UAV pilot, pos- sibly adversary, we have to find and analyze Maltego Limited reaction timeframe 2020 C-UAV
2121 5. Application log files registering third party applications which the application had data exchanges with. 6. Applications may use functionalities to ease up a restart, like Application back grounding, URL Caching (HTTP request and response) at cache DB. It is noted that Credentials Functionality (Persistent Authentication) are stored in the UAV and therefore of interest to us. In march 2017 the German government did call citizens to clean there caches on smartphones to counter privacy related threats [13]. based on these application features. So the caches forms a valuable source. The user agreement of the DJI writes about data exchange between the application, ser- ver and third parties. [15] An example is the via Facebook offered functionality to publish and share photos and videos using web beacons. Using this functionality Facebook receives user related data. Data to be exchanged with SZ DJI Techno- logy Co LTD and third parties, and thus stored in the UAV or external infrastructure at data centers are: name, email addresses, telephone numbers, payment data such as account numbers, photo’s, video’s, meta- data, coo-kies, IP addresses, mobile device numbers like EMEI, type web browser, visi- ted sites and content, data and time, opens emails, operating system used, used hard- ware, geolocations. All this data is essential for attribution. Two example published on Mavic pilots showing some transmitted data between the DJI application and backend servers. [14] Discussion and conclusion To find out if and how Digital Forensics could serve as contributor in countering UAV based threats within the business processes of the Royal Marechaussee we started by identifying four steps in the UAV Counter Chain Model. By modeling the phases we were able to identify possible business value. There is always an Intell value. The value for Guard and Security is limited because of the sort time available for dis- cussion making. The possible speed of the UAV dictates the decision making and opti- onal neutralization of the UAV and therefore in some cases limits the collection of inflight data gathering, which could be used for attribution and law enforcement objectives. Neutralization can be achieved by broad band spectrum disturbance forcing the UAV to land, but rules out the option to utilize it at ear fields because of possible disruption of air traffic control. We used the UAV Counter Chain Model and the OSI stack to determine possible data sources. The first layers, physical through network layer shows data that can be rela- ted to a device and indicates other potential connections established by the UAV. It con- tributes to enhanced situational awareness for Intel processes. Through classification and identification, neutralization of the UAV is optional and is of value for Operations. Significant business value is created if data at the application layer is made retrievable. Now attribution becomes possible, thanks C-UAV
2222 Operations in Domestic Airspace: U.S. Policy and the Regulatory Landscape (CRS Report No. R44352). Washington, DC: Congressional Research Service. https://www.fas.org/sgp/crs/misc/ R44352.pdf. • Naboulsi, Zain (2015) Drone detection: What works and what doesn’t. Retrieved December 08, 2017, from https://www. helpnetsecurity.com/2015/05/28/drone- detection-what-works-and-what-doesnt/ • [11] http://www.phantom4-guide.co.uk/ phantom-4-specification/ • [12] https://blogs.uni-paderborn. de/sse/2013/05/17/privacy-threate- ned-by-logging/ • [13]https://www.bsi.bund.de/DE/Presse/ Pressemitteilungen/Presse2017/Frue- hjahrsputz_02032017.html • [14] https://mavicpilots.com/threads/ dji-mavic-privacy-backdoor.17723/ • [15] http://www.dji.com/policy • [16] United States Army (2014) Field Manual No. 3-38. Cyber Electromagnetic Activities. Retrieved December 04, 2017, from https://fas.org/irp/doddir/army/fm3- 38.pdf • [17] R&D Onderzoek TNO, Prof. dr. ir. A.P.M. Zwamborn. • [18] Ministry of Defence, July 13, 2017, NATO AJP-3.15 (B) Allied Joint Doctrine for Countering - Improvised Devices (Edition B version 1). Retrieved Decem- ber 04, 2017, from https://www.gov.uk/ government/uploads/system/uploads/ attachment_data/file/628221/ w20151102-nato_ajp_3_15_b.pdf to a vast variety of data sources that can be investigated. Especially infrastructure where the UAV maintains communications with. Data centers of manufactures, service provi- ders like Apple, Google and Facebook. So the value for Intel and Operations incre- ases drastically if data in this layer can be obtained. Prosecution through attribution, if forensic sound investigated and the chain of custody is maintained, is possible. It raises other questions of legality and therefore asking for further research. To collect data at data centers which can fall under different national bound laws makes forensic investigations complicated. Interna- tional cooperation comes to the table. In those cases we have to asks ourselves if prosecution forms the silver bullet or could disturbance of the UAV’s flight path and the inherent removal of the threat achieve our business objectives? References: • Royal Netherlands Marechaussee, (n.d.). Retrieved December 04, 2017, from https://english.defensie.nl/organisation/ marechaussee • Tony Osborne, Dec 15, 2014. Drone Came Within 20 Ft. Of Airliner At He- athrow, Retrieved December 04, 2017, from http://aviationweek.com/awin-only/ drone-came-within-20-ft-airliner-he- athrow-1 • BBC, May 23, 2017. Drone in near miss with plane near Edinburgh Airport. Retrieved December 04, 2017, from http://www.bbc.com/news/uk-scotland- edinburgh-east-fife-40019778 • CNN, Dec 12, 2011. Obama says U.S. has asked Iran to return drone aircraft. Retrieved December 04, 2017, from http://edition.cnn.com/2011/12/12/world/ meast/iran-us-drone/index.html • Marc Walker, Feb 27, 2017. ISIS using ‘unconventional’ weapons as footage shows drones dropping grenades Re- trieved December 04, 2017, from http:// www.mirror.co.uk/news/world-news/ isis-using-increasingly-unconventio- nal-weapons-9928395 • Thales, (n.d.) Squire, Retrieved Decem- ber 08, 2017, from https://www.thales- group.com/en/squire-ground-surveillan- ce-radar • Hughes, Matthew and Hess, James (2016) “An Assessment of Lone Wolves Using Explosive-Laden Consumer Drones in the United States, “Global Security and Intelligence Studies: Vol. 2: No. 1 , Article 6. Available at http://digitalcommons. apus.edu/gsis/vol2/iss1/6 • Maddox, Stephen, and David Stucken- berg. 2015. “Drones in the U.S. National Airspace System: A Safety and Security Assessment.” Harvard National Security Journal, February 24. http://harvardnsj. org/2015/02/drones-in-the-u-s-natio- nal-airspace- system-a-safety-and- se- curity-assessment/ (accessed April 28, 2016). • Elias, Bart. 2016. Unmanned Aircraft C-UAV

Recommended

Regulatory reforms for civil applications of UAVs
Regulatory reforms for civil applications of UAVsRegulatory reforms for civil applications of UAVs
Regulatory reforms for civil applications of UAVs
Sireesh Pallikonda
 
ATCAJournal.Q4.2014.Article_Li
ATCAJournal.Q4.2014.Article_LiATCAJournal.Q4.2014.Article_Li
ATCAJournal.Q4.2014.Article_LiStefan Groenendal
 
Aviation security -_chpt1
Aviation security -_chpt1Aviation security -_chpt1
Aviation security -_chpt1carlinclarke
 
Firefighting_Aerial_Devices Article copy
Firefighting_Aerial_Devices Article copyFirefighting_Aerial_Devices Article copy
Firefighting_Aerial_Devices Article copyFrank Woodward
 
Defence IQ Events Calendar 2011
Defence IQ Events Calendar 2011Defence IQ Events Calendar 2011
Defence IQ Events Calendar 2011
Sharmin Ahammad
 
New airport passenger screening technologies tate
New airport passenger screening technologies tateNew airport passenger screening technologies tate
New airport passenger screening technologies tateLeishman Associates
 
Aviation Insurance & Hull Coverage
Aviation Insurance & Hull CoverageAviation Insurance & Hull Coverage
Aviation Insurance & Hull Coverage
Verras J. Gray Entrepreneur - Specialty Broker
 
Cuddington Journal Paper
Cuddington Journal PaperCuddington Journal Paper
Cuddington Journal PaperJeff Cuddington
 

Recommended

Regulatory reforms for civil applications of UAVs
Regulatory reforms for civil applications of UAVsRegulatory reforms for civil applications of UAVs
Regulatory reforms for civil applications of UAVs
Sireesh Pallikonda
 
ATCAJournal.Q4.2014.Article_Li
ATCAJournal.Q4.2014.Article_LiATCAJournal.Q4.2014.Article_Li
ATCAJournal.Q4.2014.Article_LiStefan Groenendal
 
Aviation security -_chpt1
Aviation security -_chpt1Aviation security -_chpt1
Aviation security -_chpt1carlinclarke
 
Firefighting_Aerial_Devices Article copy
Firefighting_Aerial_Devices Article copyFirefighting_Aerial_Devices Article copy
Firefighting_Aerial_Devices Article copyFrank Woodward
 
Defence IQ Events Calendar 2011
Defence IQ Events Calendar 2011Defence IQ Events Calendar 2011
Defence IQ Events Calendar 2011
Sharmin Ahammad
 
New airport passenger screening technologies tate
New airport passenger screening technologies tateNew airport passenger screening technologies tate
New airport passenger screening technologies tateLeishman Associates
 
Aviation Insurance & Hull Coverage
Aviation Insurance & Hull CoverageAviation Insurance & Hull Coverage
Aviation Insurance & Hull Coverage
Verras J. Gray Entrepreneur - Specialty Broker
 
Cuddington Journal Paper
Cuddington Journal PaperCuddington Journal Paper
Cuddington Journal PaperJeff Cuddington
 
A Look at the Emerging Security Threats to the Aviation Industry
A Look at the Emerging Security Threats to the Aviation IndustryA Look at the Emerging Security Threats to the Aviation Industry
A Look at the Emerging Security Threats to the Aviation Industry
Dominic_White
 
General Aviation Security
General Aviation SecurityGeneral Aviation Security
General Aviation Security
ERAUWebinars
 
Airport Emergency
Airport EmergencyAirport Emergency
Airport EmergencyAmidee Azizan Stringfellow
 
62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...
62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...
62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...manz zaee
 
Weekly UAV Threat Intelligence - DroneSec Notify #42
Weekly UAV Threat Intelligence - DroneSec Notify #42Weekly UAV Threat Intelligence - DroneSec Notify #42
Weekly UAV Threat Intelligence - DroneSec Notify #42
DroneSec
 
AVIATION SECURITY PRESENTATION
AVIATION SECURITY PRESENTATIONAVIATION SECURITY PRESENTATION
AVIATION SECURITY PRESENTATIONPaul Mears Phd.
 
Low-altitude anti-drone solution
Low-altitude anti-drone solutionLow-altitude anti-drone solution
Low-altitude anti-drone solution
Raginetech
 
UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...
UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...
UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...Aman Pannu
 
Farnborough International Airshow 2018 case study
Farnborough International Airshow 2018 case studyFarnborough International Airshow 2018 case study
Farnborough International Airshow 2018 case study
❈Derek Robinson
 
Drone forensics
Drone forensics Drone forensics
Drone forensics
AdityaWibisono14
 
UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019
ChadCogan
 
UAE's C4ISR Transformation
UAE's C4ISR TransformationUAE's C4ISR Transformation
UAE's C4ISR TransformationMatthew Hedges
 
ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...
ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...
ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...
Brock Jester
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
DroneSec
 
counter drone market
counter drone marketcounter drone market
counter drone market
Defense Report
 
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market ReportsCounter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Defense Report
 
Intersec January 2008
Intersec January 2008Intersec January 2008
Intersec January 2008Matthew Walton-Knight
 
Eng 101 research paper revised final
Eng 101 research paper revised finalEng 101 research paper revised final
Eng 101 research paper revised finalbekahpars
 
Understanding the Need for Counter Unmanned Aircraft Systems
Understanding the Need for Counter Unmanned Aircraft SystemsUnderstanding the Need for Counter Unmanned Aircraft Systems
Understanding the Need for Counter Unmanned Aircraft Systems
NovoQuad
 
Annotated bib revised final
Annotated bib revised finalAnnotated bib revised final
Annotated bib revised finalbekahpars
 
Annotated bib
Annotated bibAnnotated bib
Annotated bibbekahpars
 
Annotated bib
Annotated bibAnnotated bib
Annotated bibbekahpars
 

More Related Content

What's hot

A Look at the Emerging Security Threats to the Aviation Industry
A Look at the Emerging Security Threats to the Aviation IndustryA Look at the Emerging Security Threats to the Aviation Industry
A Look at the Emerging Security Threats to the Aviation Industry
Dominic_White
 
General Aviation Security
General Aviation SecurityGeneral Aviation Security
General Aviation Security
ERAUWebinars
 
62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...
62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...
62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...manz zaee
 
Weekly UAV Threat Intelligence - DroneSec Notify #42
Weekly UAV Threat Intelligence - DroneSec Notify #42Weekly UAV Threat Intelligence - DroneSec Notify #42
Weekly UAV Threat Intelligence - DroneSec Notify #42
DroneSec
 
AVIATION SECURITY PRESENTATION
AVIATION SECURITY PRESENTATIONAVIATION SECURITY PRESENTATION
AVIATION SECURITY PRESENTATIONPaul Mears Phd.
 
Low-altitude anti-drone solution
Low-altitude anti-drone solutionLow-altitude anti-drone solution
Low-altitude anti-drone solution
Raginetech
 
UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...
UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...
UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...Aman Pannu
 
Farnborough International Airshow 2018 case study
Farnborough International Airshow 2018 case studyFarnborough International Airshow 2018 case study
Farnborough International Airshow 2018 case study
❈Derek Robinson
 
Drone forensics
Drone forensics Drone forensics
Drone forensics
AdityaWibisono14
 
UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019
ChadCogan
 
UAE's C4ISR Transformation
UAE's C4ISR TransformationUAE's C4ISR Transformation
UAE's C4ISR TransformationMatthew Hedges
 
ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...
ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...
ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...
Brock Jester
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
DroneSec
 

What's hot (14)

A Look at the Emerging Security Threats to the Aviation Industry
A Look at the Emerging Security Threats to the Aviation IndustryA Look at the Emerging Security Threats to the Aviation Industry
A Look at the Emerging Security Threats to the Aviation Industry
 
General Aviation Security
General Aviation SecurityGeneral Aviation Security
General Aviation Security
 
Airport Emergency
Airport EmergencyAirport Emergency
Airport Emergency
 
62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...
62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...
62 00 icao+doc+9137-airport+services+manual_part+7+-+airport+emergency+planni...
 
Weekly UAV Threat Intelligence - DroneSec Notify #42
Weekly UAV Threat Intelligence - DroneSec Notify #42Weekly UAV Threat Intelligence - DroneSec Notify #42
Weekly UAV Threat Intelligence - DroneSec Notify #42
 
AVIATION SECURITY PRESENTATION
AVIATION SECURITY PRESENTATIONAVIATION SECURITY PRESENTATION
AVIATION SECURITY PRESENTATION
 
Low-altitude anti-drone solution
Low-altitude anti-drone solutionLow-altitude anti-drone solution
Low-altitude anti-drone solution
 
UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...
UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...
UNMANNED VTOL SYSTEMS: An Assessment of VTOL UAS Adoption in the Defence & Se...
 
Farnborough International Airshow 2018 case study
Farnborough International Airshow 2018 case studyFarnborough International Airshow 2018 case study
Farnborough International Airshow 2018 case study
 
Drone forensics
Drone forensics Drone forensics
Drone forensics
 
UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019
 
UAE's C4ISR Transformation
UAE's C4ISR TransformationUAE's C4ISR Transformation
UAE's C4ISR Transformation
 
ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...
ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...
ACO- 11 Familiarization with Firefighter Duties Under the Airport Emergency P...
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
 

Similar to A TASK BASED information break down of COUNTERING UAV

counter drone market
counter drone marketcounter drone market
counter drone market
Defense Report
 
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market ReportsCounter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Defense Report
 
Eng 101 research paper revised final
Eng 101 research paper revised finalEng 101 research paper revised final
Eng 101 research paper revised finalbekahpars
 
Understanding the Need for Counter Unmanned Aircraft Systems
Understanding the Need for Counter Unmanned Aircraft SystemsUnderstanding the Need for Counter Unmanned Aircraft Systems
Understanding the Need for Counter Unmanned Aircraft Systems
NovoQuad
 
Annotated bib revised final
Annotated bib revised finalAnnotated bib revised final
Annotated bib revised finalbekahpars
 
Annotated bib
Annotated bibAnnotated bib
Annotated bibbekahpars
 
Annotated bib
Annotated bibAnnotated bib
Annotated bibbekahpars
 
Mohammad AlghamdiUtah State UniversityENGL-2010Safety in Avi.docx
Mohammad AlghamdiUtah State UniversityENGL-2010Safety in Avi.docxMohammad AlghamdiUtah State UniversityENGL-2010Safety in Avi.docx
Mohammad AlghamdiUtah State UniversityENGL-2010Safety in Avi.docx
gilpinleeanna
 
Drone-Proofing Critical Infrastructure with Anti-Drone Systems.pdf
Drone-Proofing Critical Infrastructure with Anti-Drone Systems.pdfDrone-Proofing Critical Infrastructure with Anti-Drone Systems.pdf
Drone-Proofing Critical Infrastructure with Anti-Drone Systems.pdf
NovoQuad
 
The Role of Anti-Drone Systems in Ensuring Public Safety
The Role of Anti-Drone Systems in Ensuring Public SafetyThe Role of Anti-Drone Systems in Ensuring Public Safety
The Role of Anti-Drone Systems in Ensuring Public Safety
NovoQuad
 
Defense against Drones- Understand Challenges and Solutions.pdf
Defense against Drones- Understand Challenges and Solutions.pdfDefense against Drones- Understand Challenges and Solutions.pdf
Defense against Drones- Understand Challenges and Solutions.pdf
NovoQuad
 
Securing National Events with Anti-Drone Technology
Securing National Events with Anti-Drone TechnologySecuring National Events with Anti-Drone Technology
Securing National Events with Anti-Drone Technology
NovoQuad
 
From Tracker to Jammer - Navigating Drone Defense
From Tracker to Jammer - Navigating Drone DefenseFrom Tracker to Jammer - Navigating Drone Defense
From Tracker to Jammer - Navigating Drone Defense
NovoQuad
 
Establishments that Need Drone Safety More than Ever
Establishments that Need Drone Safety More than EverEstablishments that Need Drone Safety More than Ever
Establishments that Need Drone Safety More than Ever
NovoQuad
 
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
DroneSec
 
Hitting the target
Hitting the targetHitting the target
Hitting the target
Andy Varoshiotis
 

Similar to A TASK BASED information break down of COUNTERING UAV (20)

counter drone market
counter drone marketcounter drone market
counter drone market
 
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market ReportsCounter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
 
Intersec January 2008
Intersec January 2008Intersec January 2008
Intersec January 2008
 
Eng 101 research paper revised final
Eng 101 research paper revised finalEng 101 research paper revised final
Eng 101 research paper revised final
 
Understanding the Need for Counter Unmanned Aircraft Systems
Understanding the Need for Counter Unmanned Aircraft SystemsUnderstanding the Need for Counter Unmanned Aircraft Systems
Understanding the Need for Counter Unmanned Aircraft Systems
 
Annotated bib revised final
Annotated bib revised finalAnnotated bib revised final
Annotated bib revised final
 
Annotated bib
Annotated bibAnnotated bib
Annotated bib
 
Annotated bib
Annotated bibAnnotated bib
Annotated bib
 
Mohammad AlghamdiUtah State UniversityENGL-2010Safety in Avi.docx
Mohammad AlghamdiUtah State UniversityENGL-2010Safety in Avi.docxMohammad AlghamdiUtah State UniversityENGL-2010Safety in Avi.docx
Mohammad AlghamdiUtah State UniversityENGL-2010Safety in Avi.docx
 
403 8
403 8403 8
403 8
 
Drone-Proofing Critical Infrastructure with Anti-Drone Systems.pdf
Drone-Proofing Critical Infrastructure with Anti-Drone Systems.pdfDrone-Proofing Critical Infrastructure with Anti-Drone Systems.pdf
Drone-Proofing Critical Infrastructure with Anti-Drone Systems.pdf
 
Thesis
ThesisThesis
Thesis
 
The Role of Anti-Drone Systems in Ensuring Public Safety
The Role of Anti-Drone Systems in Ensuring Public SafetyThe Role of Anti-Drone Systems in Ensuring Public Safety
The Role of Anti-Drone Systems in Ensuring Public Safety
 
Defense against Drones- Understand Challenges and Solutions.pdf
Defense against Drones- Understand Challenges and Solutions.pdfDefense against Drones- Understand Challenges and Solutions.pdf
Defense against Drones- Understand Challenges and Solutions.pdf
 
Securing National Events with Anti-Drone Technology
Securing National Events with Anti-Drone TechnologySecuring National Events with Anti-Drone Technology
Securing National Events with Anti-Drone Technology
 
Airline security new
Airline security newAirline security new
Airline security new
 
From Tracker to Jammer - Navigating Drone Defense
From Tracker to Jammer - Navigating Drone DefenseFrom Tracker to Jammer - Navigating Drone Defense
From Tracker to Jammer - Navigating Drone Defense
 
Establishments that Need Drone Safety More than Ever
Establishments that Need Drone Safety More than EverEstablishments that Need Drone Safety More than Ever
Establishments that Need Drone Safety More than Ever
 
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
 
Hitting the target
Hitting the targetHitting the target
Hitting the target
 

Recently uploaded

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

A TASK BASED information break down of COUNTERING UAV

  • 1. BIJDRAGE: ing E. Hofte CISSP CEH CIH en dr. Ir. A.P.M. Zwamborn - Royal Netherlands Marechaussee dr. A.J. Hoogstrate - Netherlands Defense Academy ABSTRACT THE RAPID SPREAD AND GROWING USE OF UNMANNED AERIAL VEHICLES (UAV) BY INDIVIDUALS, THE PRIVATE SECTOR AND TERRORISTS HAS GIVEN WAY TO NUMEROUS DEVELOPING SECURITY CONCERNS. THIS ARTICLE ANALYSES HOW GOVERNMENT, REGULATORS, SECURITY SERVICES, LAW ENFORCEMENT CAN ADDRESS SOME OF THESE CONCERNS. COUNTERING THESE SECURITY THREATS IS COMPLEX AS THE THREATS HAVE TO BE COUNTERED AT DIFFERENT TECHNOLOGICAL LEVELS AND INTENDED USE SUCH AS TERRORIST, CRIMINAL, MILITARY, INTELLIGENCE, SAFETY ETC. TO ENABLE ANALYSIS A FRAMEWORK IS INTRODUCED TO CLASSIFY THE TASKS COMMONLY ASSOCIATED WITH ADDRESSING SECURITY THREATS: INTELLIGENCE, GUARD AND SECURE, OPERATIONS AND LAW ENFORCEMENT. USING THIS FRAMEWORK A BREAKDOWN OF THE INFOR- MATION NECESSARY TO PERFORM THE DIFFERENT TASKS IS INTRODUCED. WE ANALYSED WHAT INFORMATI- ON NEEDS TO BE GATHERED TO ENABLE THE DEVELOPMENT AND EXECUTION OF COUNTER MEASURES ASSO- CIATED WITH THE DIFFERENT TASKS. SPECIAL ATTENTION IS PAID TO HOW DIGITAL FORENSICS ON UAV’S COULD CONTRIBUTE TO THE TASKS OF INTELLIGENCE, GUARD AND SECURE, OPERATIONS AND LAW ENFORCEMENT. KEYWORDS UAV, CHAIN, DRONE, FORENSIC, DIGITAL FORENSICS, EXPLOITATION, MARECHAUSSEE C-UAV 1515
  • 2. Introduction Nowadays there is an increasing use of Unmanned Aerial Vehicles (UAV). Privately owned or used by military and law enfor- cement. There have been various incidents and threats through mis- or abuse of UAV. On July 22 2014 an unmanned air vehicle came within 20 ft. of colliding with an Airbus A320 airliner as it made its final approach into London Heathrow airport. Detailing the incident on July 22 this year, investi- gators from the U.K. Airprox Board, which examines the causes behind air proximity incidents in British air space, said the inci- dent posed a serious risk of collision (Tony Osborne, 2014). May 23 2017, a drone has been involved in a near-miss with a plane making a descent into Edinburgh Airport (BBC, May 23, 2017). Apart from these civil originating incidents there are incidents that are military born. In 2011 a UAV was hijacked by Iranian forces. President Barack Obama said that the United States has asked Iran to return a U.S. drone aircraft that Iran claims it recently brought down in Iranian territory (CNN, 2011). And then there is a development that ISIS is using drones as an ‘increasingly unconventional’ weapon, to drop grenades on army forces (Walker, 2017). This kind of threat can easily be transfer- red into home territory as experiences, developments and success-stories by our adversaries increase in time. For less than $1,600, anyone can acquire a ready, GPS-enabled and camera- equip- ped consumer drone that can carry a small amount of weight. IS introduced terrorists to new and innovative capabilities in executing attacks, particularly the ability to bypass traditional security measures such as fences and gain unprecedented access to a vul- nerable target. Lone wolves in the United States break the mold of global terrorism, motivated by anti- governmental ideologies more than reli- gious or other principles. Innovators among these lone wolves may use consumer dro- nes to target a number of long-term static, temporary static or mobile targets in the coming years. Consumer drones currently on the market offer a diversity of capabilities, of which payload, maximum range and maximum speed are most important. In general these consumer drones can carry up to 1.0 kg of a substance, significantly limiting the destruc- tive capacity of an explosive-laden drone; even so, a precision attack can render de- vastating effects against a vulnerable target. Currently, commercially available drones capable of more payload weight are beco- ming available with lesser budget. Conse- quently its availability to adversaries is, to our opinion, just a matter of time. It should be noted that lone wolves are expected to use traditional arms and bombs in attacks rather than explosive-laden consumer drones due to a much higher probability of inflicting more casualties and causing more damage. So in the short term the UAV born threat will more likely be an individual who acciden- tally crashes into an airplane, rather than a lone wolf with malicious intention (Hughes and Hess, 2016). At least for now. Military Engineer Troops use services offered by civil organizations for GIS and surveying critical infrastructure 1616 C-UAV
  • 3. 1717 The doctrine describes the way one can counter IED’s. Understanding the threat and gather intelligence to create operational awareness. The organization needs to be prepared in case of an attack. She must be able to attack the operational (organiza- tional) network and must understand the technical and operational nature of the IED system in order to become abtle to succes- fully engage such a threat. All components form several attack surfaces. Interventions at multiple components or combinatins are possible. The combination of knowledge, skills and means provide the ability to protect. This research will describes the technical way that leads to situational awareness and understanding of countering UAV’s, lear- ning from the approach model for C-IED. The UAV Counter Chain Model consists of four counter phases. 1. Detection; 2. Classification and Identification; 3. Neutralization; 4. Attribution; The business processes are being visua- lized as columns. The height of the yellow Countering UAV attacks How can an UAV born threat or abuse be countered? Countering these threats in the Netherlands is a shared responsibility of dif- ferent organizations. The Royal Netherlands Marechaussee (Royal Netherlands Mare- chaussee, (n.d.)) is one of them. It watches the security of state in the Netherlands and beyond. It is deployed globally to places of strategic importance. From the Royal pala- ces to the external borders of Europe. From airports in the Netherlands to war theatres and crisis areas around the world. The Marechaussee has 3 main tasks: 1. Border police case; 2. Guard and secure; 3. International and military police tasks. The Marechaussee performs these tasks for the Ministry of Justice and Security. While delivering these tasks it faces more and more new digital- or digitalized threats. The misuse or abuse of UAV is one of them. Besides the Marechaussee several other organizations have to deal with this threat as well, The National Police, the security services as well as the military. Countering the threat is for each of these organizations differs from an operational point of view as they all have slightly different tasks and therefore different priorities, operational constraints and consequently business ob- jectives. However, the available techniques for detection, identification and engaging a possible threat are equal. We therefore describe what the business objectives dictate as to countering UAV’s. Is intelligence gathering the objective or do we need to stop its flight to prevent a possible attack or disaster? In an ultimately case we have to take the human control- ler of the UAV to court. Several primary processes could all benefit from countering UAV. Intelligence, Operations and Policing, the latter is the law enforcement task. The business value is mainly dependent on the kind, the quantity and quality of data that is retrievable out of the UAV, its command and control or sensing components. Insight in data creates understanding in how we could counter UAV born threats and its value to the primary processes of the Marechaussee and the other governmental organizations. The different business objectives in coun- tering a UAV born threat require different amounts of data and consequently informati- on. We introduce a model that measures the amount of data and relates it to the business objective. From an operational point of view it should be noted that positive identification of the UAV is paramount. Otherwise it could be that an officer is mistakenly tracking an air van of a vehicle. In this respect, one could think of utilizing white/black listing to reduce the time to recognize a UAV in flight. The first step is to model a UAV Counter Chain Model. Developing the model Prior to establishing a model we studied the lessons learned from countering Improvi- sed Explosive Devises (C-IED) formalized through the Allied Joint Doctrine for Counte- ring - Improvised Devices. NATO AJP-3.15 (Ministry of Defense, 2017). C-UAV Different COTS and MOTS systems to counter- act UAV are available in the market, this is an example of SteelRock Technologies NATO AJP-3.15 An UAV with a C-IED capability
  • 4. 1818 upon commercial available UAV’s mentio- ned in the threat model of Matthew Hughes & James Hess (Hughes and Hess, 2016). To further structure our approach we divide the exploitation fields into an electromagne- tic section, representing OSI layers 1-2 and the cyber section, representing OSI layers 3-7. We follow a similar approach as in elec- tronic warfare, the Cyber Electro Magnetic Actions (CEMA) [16]. ELECTROMAGNETIC SECTION Electromagnetic detection delivers every UAV visible in the range of a detector. Radar is an effective methods to detect and track aerial threats. It is able to distinguish small UAV’s from birds using precision radar, but this defense mechanism encounters unique challenges when applied to consumer UAV. (Maddox et al., 2015) It’s challenge is to reduce false positives. Furthermore, operators may fly at low altitudes, below 30 meter (derived from 100 feet, Elias, 2016), to capitalize on inter-visibility lines created by surrounding terrain, e.g. trees or buil- ding blocks to block line-of-sight required for radar detection (Elias, 2016). What is a possible better way to detect an UAV? Detection There are several ways to detect an UAV. [10] Audio detection does NOT work in urban environments. Most microphones only cover well at 8 to 15 meter so, mainly due to the ambient noise in the area. Video detection is a useful tool, but with some limitations. Cameras can see sharp out to about a couple of hundred me- ter but have a very difficult time distinguis- hing birds from drones. Thermal detection has an effective range of about 100 meter for recreational UAV’s. Much like audio detection, thermal detec- tion would have had little success detecting an UAV, like most recreational UAV, don’t produce sufficient infrared radiation with respect to its background to get a usable IR-signature. Radar has proven to be the traditional mechanism for detecting flying vehicles. However, both radar and optical bases of the columns indicate the increasing business value and the coherent demands on data quality and quantity. This paragraphs describe the increasing demands on data forensics based on the business value. The model defines business value per process as part of the Marechaussee operations. The optimum for the Intell process could be the state where gathered information will lead to the identification of a thus far unknown modus operandi by adversaries. It could be beneficial to Guard and Security to future identification of an UAV born threat. For Guard & Secure this will mean a developed ability to eliminate an evolved threat. Ope- rations is satisfied if any UAV born threat is neutralized in or approaching a high risk area, e.g. an (military) airfield. Policing want to pursue an adversary in court. There for forensic sound data is mandatory. Procedu- res to guaranty the chain of custody of data collection and investigation must be applied to be successful. As indicated previously the different phases in the C-UAV chain phases contribute to several law enforcement processes. Phases detection, classify and identify contributes mostly to intelligence and Guard & Se- cure related tasks. Inflight data is mostly retrievable through carrier signals in the electromagnetic spectrum. OSI layers one [1] through four [4]. Neutralizing an UAV is of major importance for maintaining security at airfields or during events and therefor contributes to operations. It is feasible through disturbing or spoofing the com- mand and control channel or penetrating the UAV in the Cyber Electro Magnetic Actions (CEMA) [16]. The later delivers more data for forensic investigation because the UAV can be foren- sically examined. Electronic exploitation of the UAV, as part of forensic examination will be conducted after it’s grounding. Finally if a human controller of an UAV has to be brought to justice, attribution is necessarily. Penetration becomes mandatory during flight combined with forensic data analysis after it’s grounding. Investigation can’t be limited to the CEMA domain. The UAV and it’s command and control components need to be investigated in the physical domain as well. Ordinary policing methods like sear- ching for fingerprints or DNA needs to be combined with digital investigation. A major constrain in the latter phase of UAV Counter Chain Model is maintaining the ‘chain of custody’. For the prior business processes the chain of custody isn’t always a precon- dition. Absence of it doesn’t prevent from achieving business objectives for intelligen- ce, weapon technical intelligence (WTI) or operations. To determine what data could be found in an UAV it is helpful to understand the design of such a system. The UAV consist of a core physical structure, a C2 architecture, a net- work architecture reaching further than C2, for example constructors’ architecture and UAV payload. Communication between controller and UAV can utilize Wireless LAN, 3/4G and satellite radio signals. UAV Counter Chain Model Forensics The following paragraph will lay out the sequential phases of the UAV Counter Chain Model and describes the forensics based C-UAV UAV Counter Chain Model UAV communications channels
  • 5. definitively prove that a particular incursion was done using a specific UAV. In other words, we may provide enough supportive evidence for criminal prosecution. We might be able based on the collected data to con- ciliate the UAV by alternative physical- or electromagnetic means. Therefore a com- bination of CEMA and physical investigative actions is needed. CEMA detection needs to be focus on gathering data and prepare for possible actions in the classification- and neutralization phase. Simultaneously in the physical realm officers need to use infor- mation gathered in the detection phase to prepare operations for actions. They could approach the operator based on intercepted GPS coordinates or/and prepare physical counter measures for neutralization. In 2017 TNO conducted R&D on a labora- tory scale where they showed the merits of the first three phases of UAV Counter Chain Model. This investigation additionally showed the value added of visualization including method and results. To detect UAV’s several tools can be used. Aircrack-ng (www.aircrackng.org) is a com- plete suite of tools to test WLAN security. The R&D setup could be used for detection. It focuses on different areas of WLAN secu- rity. TNO used it for monitoring. e.g. Packet capture and export of data to text files for further processing by third party tools. Data retrievable during detection merely consist of MAC addresses, ESSID, channel indication, encryption and authentication algorithms which is shown in the figure Aircrack-ng. It contributes to the first step in the identifi- cation process. BSSID is typically the MAC address (H/W Address) of the Wi-Fi Chipset running on a Wireless Access Point. ESSID is just the SSID or the Network Name (for Infrastructure AP networks) “HACKERS AHEAD” would be an ESSID. The UAV calls for one of these ESSID’s. In countering the are line-of-sight detection sensors, with their derived restrictions. An example is Squire (Thales and Robin Radar n.d.). It detects UAV’s up to three kilometers through utilizing the Doppler Effect caused by the rotor blades, even at low altitude. False positives do occur, be- cause it detects also detects the ‘blades of a fan’ present on other vehicles like automo- biles. It is able to classify the UAV and self corrects its results through data analyses. The value added is momentarily limited to Intelligence and operations since it delivers only indicative data, which is based upon the micro-doppler readings. It does contribute to general situational awareness and delivers input for decision making for Guard and Security. The business value could be enhanced by utilizing probability based decision suppor- ting tools combined with indicative infor- mation as input for (automated) decision making for Operations. Due to the limited reaction time needed to neutralize an UAV this might be a topic for further scientific investigation or product development. CYBER ELECTROMAGNETIC ACTIVITIES (CEMA) SECTION Detection just based on utilizing the electromagnetic layer restricts results. It is momentarily the most common method of controlling commercial UAV’s utilizing 2,4 and 5 GHz frequencies. In addition to radar the most effective way to detect UAV is by using its pertaining radio frequency (RF) activities. It has a long range, about two to five kilometers [17] and is difficult to circumvent. Unlike other methods, RF detection can do more than just identify that an UAV is nearby. Within this vector we could be able to penetrate the system using exploits (Cyber and EW) and subsequently glean important data such as GPS coor- dinates of the UAV and controller, altitude and Unique identifier of the UAV. This paper elaborates in more detail on retrievable data in the section about attribution. We may glean enough additional data to not only find the UAV but to find its opera- tor, and with the unique identifier we can Frequency Spectrum for UAV detection Aircrack-ng C-UAV 1919
  • 6. data further up the OSI stack. Especially ISO layer four (4) and up. To be able to attribute TNO and other researchers investigated the UAV and it’s operational environment. To find out it’s working mechanisms, ways of communication and vulnerabilities which can lead to possible entry points and usage of (known) exploits. An operator needs to control the UAV, in this TNO experiment a widely used commercial UAV, the DJI Phantom 4 [11], one needs a controller which can be a hardware control- ler or an application on a smart device. An application which could be part of a client server construction of the vendor. By doing so the client-server infrastructure is part of the system that needs to be forensically investigated. In many cases the two control options are combined. The hardware controller is responsible for establishing the secure control channel. The application on a smart device establishes a separate connection for data exchange. This is sensor dependent. It could be used as a data channel for audio, video or photo based functionalities. Many UAV’s contains a GPS receiver for generating geo-coordinates which can be utilized through the applicati- on installed on a smart device. Thus the forensic investigation shall be focu- sed on the application layer. The Operating System. In case of the Phantom 4 Android or IOS. These OS’s utilize backups on Google or Apple data centers. In case of IOS based on the Apple ID that is used. The OS also sends captured geolocations to Google or Apple. An example of wider infrastructure that could be part of forensic investigation. The OS writes log files. These files sometimes contains usernames and passwords, hashed or plain text wise and Mail or MAC addresses. [12] and are very useful for attribution. The application could contain data like: 1. Device related data and user related data; 2. Geolocations and routes (flightpaths) 3. Photo, video and other sensor data; 4. User credentials for excessing vendor site; UAV we could impersonate the ESSID to force it to connect. Ones the connection with the UAV is established internal C2 data becomes available. By the time of writing this paper, vulnerabilities could be fixed by manufactures. Further research for identifi- cation en classification through penetration is mandatory, due to the constant evolving process of software- and vulnerability ma- nagement. Classification and Identification Establishing the connection via Snoopy-NG (application in kali Linux). It sets up an ac- cess point which forces the UAV to connect. By coupling the data captured through snoopy-ng with the reporting tool Maltego several data becomes visual. Snoopy is a server-client architecture that fills a database with captured metadata of connected clients. Maltego is the associated reporting tool. Data to be collected next to SSID and MAC addresses could be tech- nical data from UAV components, internet connections to other databases or storages which has been established by the UAV en possible C2 or sensor channels. By analyzing the data in Maltego, the UAV can be classified. The components, connec- tions and related storages are being visua- lized. The identification combined with the data from the classification could lead to its operator. This data serves Intel and operational pur- poses. Combined with other information it could lead to more holistic situational awareness or contribute to risk assessment during events or ground security at airfields. Now when an UAV is still in flight a decision has to be made based on a possible threat or risk that it could be. Neutralization In this phase the UAV needs to be stop- ped when approaching a sensitive area or deliver its payload. There are several ways to achieve this goal. This paper restrict itself to utilizing the Cyber Electromagnetic Activities (CEMA) approach. Intervention at some point at the attack surface is needed. Taking over the control channel, attacking the operating system, spoofing a different geolocation are all options. But it needs to be done in a timely manner. The time to act is short. The mean chosen must be one based on operational priorities. If the UAV needs to be neutralized because of the nature of the threat, less priority will be given to the collection of usable data for attribution. If possible the UAV needs to be kept intact for later (digital) forensics. If a UAV has an incoming velocity of 90 km/h and is 1000 m away the counter UAV phases “detection through neutralization” needs to be com- pleted under 15 seconds. Time to act is short! ([17], ref). As of time writing this paper the velocity of some commercial UAV’s reach a maximum of 200 km/h. It implicates the constant shorter time to react on a threat. The earlier time to react at a speed of 90 km/h was 15 seconds. 15 seconds *90/200 means 6,75 seconds reaction time between detection an possible neutralization. The development of these commercial UAV’s is asking for automated decision making. Attribution To attribute the control of an UAV pilot, pos- sibly adversary, we have to find and analyze Maltego Limited reaction timeframe 2020 C-UAV
  • 7. 2121 5. Application log files registering third party applications which the application had data exchanges with. 6. Applications may use functionalities to ease up a restart, like Application back grounding, URL Caching (HTTP request and response) at cache DB. It is noted that Credentials Functionality (Persistent Authentication) are stored in the UAV and therefore of interest to us. In march 2017 the German government did call citizens to clean there caches on smartphones to counter privacy related threats [13]. based on these application features. So the caches forms a valuable source. The user agreement of the DJI writes about data exchange between the application, ser- ver and third parties. [15] An example is the via Facebook offered functionality to publish and share photos and videos using web beacons. Using this functionality Facebook receives user related data. Data to be exchanged with SZ DJI Techno- logy Co LTD and third parties, and thus stored in the UAV or external infrastructure at data centers are: name, email addresses, telephone numbers, payment data such as account numbers, photo’s, video’s, meta- data, coo-kies, IP addresses, mobile device numbers like EMEI, type web browser, visi- ted sites and content, data and time, opens emails, operating system used, used hard- ware, geolocations. All this data is essential for attribution. Two example published on Mavic pilots showing some transmitted data between the DJI application and backend servers. [14] Discussion and conclusion To find out if and how Digital Forensics could serve as contributor in countering UAV based threats within the business processes of the Royal Marechaussee we started by identifying four steps in the UAV Counter Chain Model. By modeling the phases we were able to identify possible business value. There is always an Intell value. The value for Guard and Security is limited because of the sort time available for dis- cussion making. The possible speed of the UAV dictates the decision making and opti- onal neutralization of the UAV and therefore in some cases limits the collection of inflight data gathering, which could be used for attribution and law enforcement objectives. Neutralization can be achieved by broad band spectrum disturbance forcing the UAV to land, but rules out the option to utilize it at ear fields because of possible disruption of air traffic control. We used the UAV Counter Chain Model and the OSI stack to determine possible data sources. The first layers, physical through network layer shows data that can be rela- ted to a device and indicates other potential connections established by the UAV. It con- tributes to enhanced situational awareness for Intel processes. Through classification and identification, neutralization of the UAV is optional and is of value for Operations. Significant business value is created if data at the application layer is made retrievable. Now attribution becomes possible, thanks C-UAV
  • 8. 2222 Operations in Domestic Airspace: U.S. Policy and the Regulatory Landscape (CRS Report No. R44352). Washington, DC: Congressional Research Service. https://www.fas.org/sgp/crs/misc/ R44352.pdf. • Naboulsi, Zain (2015) Drone detection: What works and what doesn’t. Retrieved December 08, 2017, from https://www. helpnetsecurity.com/2015/05/28/drone- detection-what-works-and-what-doesnt/ • [11] http://www.phantom4-guide.co.uk/ phantom-4-specification/ • [12] https://blogs.uni-paderborn. de/sse/2013/05/17/privacy-threate- ned-by-logging/ • [13]https://www.bsi.bund.de/DE/Presse/ Pressemitteilungen/Presse2017/Frue- hjahrsputz_02032017.html • [14] https://mavicpilots.com/threads/ dji-mavic-privacy-backdoor.17723/ • [15] http://www.dji.com/policy • [16] United States Army (2014) Field Manual No. 3-38. Cyber Electromagnetic Activities. Retrieved December 04, 2017, from https://fas.org/irp/doddir/army/fm3- 38.pdf • [17] R&D Onderzoek TNO, Prof. dr. ir. A.P.M. Zwamborn. • [18] Ministry of Defence, July 13, 2017, NATO AJP-3.15 (B) Allied Joint Doctrine for Countering - Improvised Devices (Edition B version 1). Retrieved Decem- ber 04, 2017, from https://www.gov.uk/ government/uploads/system/uploads/ attachment_data/file/628221/ w20151102-nato_ajp_3_15_b.pdf to a vast variety of data sources that can be investigated. Especially infrastructure where the UAV maintains communications with. Data centers of manufactures, service provi- ders like Apple, Google and Facebook. So the value for Intel and Operations incre- ases drastically if data in this layer can be obtained. Prosecution through attribution, if forensic sound investigated and the chain of custody is maintained, is possible. It raises other questions of legality and therefore asking for further research. To collect data at data centers which can fall under different national bound laws makes forensic investigations complicated. Interna- tional cooperation comes to the table. In those cases we have to asks ourselves if prosecution forms the silver bullet or could disturbance of the UAV’s flight path and the inherent removal of the threat achieve our business objectives? References: • Royal Netherlands Marechaussee, (n.d.). Retrieved December 04, 2017, from https://english.defensie.nl/organisation/ marechaussee • Tony Osborne, Dec 15, 2014. Drone Came Within 20 Ft. Of Airliner At He- athrow, Retrieved December 04, 2017, from http://aviationweek.com/awin-only/ drone-came-within-20-ft-airliner-he- athrow-1 • BBC, May 23, 2017. Drone in near miss with plane near Edinburgh Airport. Retrieved December 04, 2017, from http://www.bbc.com/news/uk-scotland- edinburgh-east-fife-40019778 • CNN, Dec 12, 2011. Obama says U.S. has asked Iran to return drone aircraft. Retrieved December 04, 2017, from http://edition.cnn.com/2011/12/12/world/ meast/iran-us-drone/index.html • Marc Walker, Feb 27, 2017. ISIS using ‘unconventional’ weapons as footage shows drones dropping grenades Re- trieved December 04, 2017, from http:// www.mirror.co.uk/news/world-news/ isis-using-increasingly-unconventio- nal-weapons-9928395 • Thales, (n.d.) Squire, Retrieved Decem- ber 08, 2017, from https://www.thales- group.com/en/squire-ground-surveillan- ce-radar • Hughes, Matthew and Hess, James (2016) “An Assessment of Lone Wolves Using Explosive-Laden Consumer Drones in the United States, “Global Security and Intelligence Studies: Vol. 2: No. 1 , Article 6. Available at http://digitalcommons. apus.edu/gsis/vol2/iss1/6 • Maddox, Stephen, and David Stucken- berg. 2015. “Drones in the U.S. National Airspace System: A Safety and Security Assessment.” Harvard National Security Journal, February 24. http://harvardnsj. org/2015/02/drones-in-the-u-s-natio- nal-airspace- system-a-safety-and- se- curity-assessment/ (accessed April 28, 2016). • Elias, Bart. 2016. Unmanned Aircraft C-UAV