An Open Letter to the UAS Community on Data Security

by Dave Culler | CEO & Co-Founder at HAZON Solutions

HAZON Solutions collects critical information for our customers through the use of unmanned systems. Like you, we recognized from day one that data security is of the upmost importance to our customers and to the entire commercial unmanned ecosystem. Due to the recent article

Due to the recent article released several days ago, HAZON has fielded a number of calls regarding the potential for the “unrequested” transfer of flight data gathered during the flight of DJI aircraft. What was not discussed was the procedures that can be implemented to help prevent the inadvertent transfer of data. As one of the leaders in the sUAS space, we happily offer up our internally developed best practices as a potential solution to help maintain control of your drone telemetry and sensor data.

Our goal is for these best practices will offer users and organizations a few techniques that will help mitigate the potential unwanted transfer of data. We continue to lean on our internal cyber security team to test and refine our procedures in coordination with industry partners. We look forward to open conversation on this topic and eagerly invite everyone who wishes to collaborate on this topic to join our conversation.

HAZON Solutions remains committed to advancing the entire unmanned industry. To that end we have made the HAZON Drone Management System™ free for any user who wishes to log flights, manage a program and benefit from a professional grade drone management software. Notably, DMS™ is 100% disconnected from automated data transfer and in no way relies on log files transmitted via (or adjacent to) the internet for its functionality.

Recommended data security measures:

• Aircraft, controllers and mobile devices should be isolated from connection to the internet to the absolute maximum extent possible. There may be instances when this will not be 100% possible – namely firmware updates
• When flying with a mobile device attached to a controller (or GCS) – always
maintain AIRPLANE MODE, where possible enable PARENTAL CONTROLS that prevent
cellular or Wi-Fi data connection.
• Mobile devices used for flight operations should not be used for any other activity, should not have cellular data connectivity and should be prevented from ever connecting to Wi-Fi
• Personal or business phones should never be used for flight operations

  • When flight operations apps require updating
    • Delete all flight related apps completely from the device
    • Factory reset the entire mobile device (effectively deleting all data)
    • Re-sign in to the mobile device – confirm flight apps no longer available
    • Only then, connect to Wi-Fi and download the appropriate app
    • Sign into apps – confirm updated version is installed
    • Set AIRPLANE MODE AND enable PARENTAL CONTROL
  • Controller (GCS) Firmware Update
    • When a controller must be updated via an app first update the app via the procedures
    above
    • Once the user has confirmed the mobile device is isolated from the internet, then update the controller
  • Aircraft Firmware Update
    • Fortunately, this occurs far less often that APP updates
    • We recommend updating aircraft firmware via a microSD card inserted into an attached X3 camera
  • This of course only works for select aircraft that feature the X3 as an option we continue to investigate ways to update other aircraft
    • Where a direct connection to a computer is required we recommend isolating that
    computer from the internet prior installing updated firmware
  • We have not conducted an exhaustive test of all DJI products – it is likely this will not work for every aircraft DJI makes, we will continue to investigate procedures for other aircraft

HAZON looks forward to advancing the dialogue and discussions with the goal of enhancing
data security for the entire UAS industry.

HAZON Solutions
CEO
David A. Culler Jr. CAPT USN (ret)