Cybersecurity risk assessment for BVLOS RPAS

Detalhes bibliográficos
Ano de defesa: 2022
Autor(a) principal: Alexandre, Rui Carlos Josino [UNIFESP]
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: eng
Instituição de defesa: Universidade Federal de São Paulo
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Link de acesso: https://repositorio.unifesp.br/handle/11600/65713
Resumo: Worldwide, the professional use of Remotely Piloted Aircraft System (RPAS) or "drone" is already a reality in activities such as infrastructure inspections, topographical surveys, agriculture, surveillance, and even delivery of goods. However, these operations are still quite limited by several factors such as intricate regulation, technological limitations, safety concerns, and public acceptance. It is expected that more complex operations as BVLOS (Beyond Visual Line-Of-Sight) flights over urban environments will soon become routine, and consequently enabling several business opportunities that are only dreamed today: from package delivery to transport of people. Nevertheless, to become a reality, countless problems will shortly need solutions, for example, the integration of drones into airspace (in a safe and scalable way), harmonization of rules, development of standards, certification criteria, and issues related to cybersecurity. Recently, some Civil Aviation Authorities have expressed concerns about the cybersecurity of drones and possible impacts on their safety; however, due to factors such as the absence of rules, unusual technology, knowledge gaps, etc., there is a natural difficulty for both manufacturers and aviation authority in comprehending how to deal with cybersecurity issues. This work proposes studying the cybersecurity of RPAS in the professional context, evaluating items such as the RPAS concept of operations (ConOps), safety goals, vulnerabilities, cyber-attacks, and mitigations. Finally, we propose a cybersecurity risk assessment process called CARA (Cybersecurity Assessment for RPAS Airworthiness) which was evaluated in two stages: first through a survey with specialists in RPAS, aeronautical certification engineers, manufacturers, and consulting companies aiming to evaluate its structure and identify improvement points; second, three study cases were carried out with Brazilian companies in order to evaluate its application in real drones.