were presented with suggested aircraft
reconfigurations to restore operations,
such as resetting a waypoint or switching from GPS-based navigation to less
accurate—but more trusted—inertial
navigation.
While the pilots found attack
detection to be useful, some of
their reactions differed from what
was anticipated when designing the
experiments. For example, one pilot
indicated that the system’s response
to an attack was not enough to deter
him from terminating the operation
because of concerns about residual
elements of the attack that had not
yet occurred. Another pilot suggested
that real-time access to a cybersecurity
expert would greatly reduce worries
about making decisions with insuf-
ficient knowledge. A third pilot raised
concerns about the possibility of the
monitoring system being the target
of attack, potentially causing the pilot
to make counterproductive decisions.
These results highlighted the importance of operator training for addressing rare, unpredictable cyber attack
situations that require confident decision making. Researchers have begun
to understand and address this important issue better.
The System-Aware cybersecurity con-
cept developed at UVA is pertinent to
a wide range of computer-controlled
systems, such as UAVs, cars, radars,
turbines and weapon systems. System-
Aware implementations involve con-
necting the dedicated cybersecurity
monitoring system, known as Senti-
nel, to the system being protected. The
Sentinel monitor is designed to collect
information to detect illogical behav-
iors that can be categorized as likely
cyber attacks. The low-power, small-
footprint prototype electronics package
implemented for the UAV flight evalu-
ations consisted of sensors, micropro-
cessors and communication devices.
This technology collected and analyzed
data to detect potential cyber attacks,
and it disseminated the results.
For example, if the Sentinel observed
a change in waypoint occurring within
the navigation subsystem but no message from the pilot directing this
change, the monitor could conclude
that a cyber attack was underway.
Similarly, if a camera-pointing command was received onboard the aircraft and the Sentinel observed that the
command differed from the camera’s
response, it could deduce that a cyber
attack was the likely cause.
Although system restoration can be
automated, operators themselves still
may want to respond to an attack to
sustain operations. For this capability,
planners can create specially protected
locations for storing critical flight
information, and the Sentinel can
draw on that information to restore a
waypoint or camera direction. With
critical aircraft subsystems, in particu-
lar, the operational community gains
confidence when pilots are involved in
initiating these commands.
Recognizing that different systems
require their own unique solutions, the
System-Aware concept includes reus-
able design patterns for monitoring and
restoration. For example, monitoring
for unfounded parameter changes that
significantly affect system performance
is a reusable response to a broad set of
potential cyber attacks designed to make
such changes.
Parameters in a radar surveillance
system determine the system’s perfor-
mance regarding false and missed
detections. Criteria for automated
An unmanned aerial vehicle (UAV) pilot sits at the
controls during flight tests evaluating cybersecurity.
New approaches are being studied to ensure
cybersecurity for links to and systems onboard UAVs.