Risk analysis of Unmanned Aerial Vehicle hijacking and methods of its detection

The Federal Aviation Administration (FAA) is in the process of integrating Unmanned Aerial Vehicles (UAVs) into the National Airspace System (NAS) through the Next Generation Air Transportation System (NextGen). A critical component of integrating UAVs into the NAS is the timely identification and mitigation of cyber attacks that could overtake control of a UAV, without the UAV operator's knowledge of a security breach. In an effort to address this risk, this paper aims to achieve two objectives: (i) identify risks of cyber attacks on a UAV and (ii) create a methodology through which UAV operators are informed of such a security breach. The results of this study are intended to support the MITRE Corporation's efforts to identify and control risks associated with UAV integration into the NAS. To achieve the first objective the Capstone team utilized established risk assessment methodologies to identify risk scenarios and filter those scenarios into a manageable list. To achieve the second objective the team developed a methodology that measures the UAV velocity through two on-board systems and any significant difference in the two measures indicates a potential security breach. The team designed and performed an experiment using car movement to simulate UAV flight and performed statistical analysis on the results of the experiment. This contributed to a framework for determining a detection threshold for an alarm system to indicate a UAV may have been hijacked. The threshold accounts for a minimum difference between the two calculations of the velocity data and the duration of time in which this difference occurs, which can be calibrated to minimize Type I (false positive) and Type II (false negative) errors. The recommendation to the MITRE Corporation will contribute to the ongoing efforts to securely integrate UAVs into the NAS.