Cybersecurity Risk Management Process for Unmanned Aerial Systems (UAS) at the Strategic Level - Increasing Use of Commercial Off-the-Shelf (COTS), Joint Risk Analysis Methodology (JRAM) Process

This report has been professionally converted for accurate flowing-text e-book format reproduction. In the last decade, the integration of unmanned aerial systems (UAS) into military operations has grown substantially. UAS have significantly contributed to U.S. military tactical, operational and strategic operations. Recently, the U.S. military has made increasing use of commercial off-the-shelf (COTS) UAS, yet none of the U.S. military services have a defined cybersecurity risk management process for COTS UAS. These systems have been susceptible to cyber attacks, leading to the May 2018 ban on the use of these systems across the Department of Defense (DoD). This research effort has developed a multi-echelon cybersecurity risk assessment process for the DoD. The proposed process would enable strategic, operational and tactical commanders to assess and communicate cybersecurity risks associated with COTS UAS. The process combined four steps from the Joint Risk Analysis Methodology (JRAM) framework and seven steps from a strategic risk business management process. This process would allow commanders to have an enhanced awareness of cybersecurity risks associated with COTS UAS operations, improved current cyber threat assessments, and tailored action plans for their areas of responsibility. The proposed process would help units and agencies across the DoD to resume their use, test and purchase of COTS UASs without the need for the current centralized waiver process.

This compilation includes a reproduction of the 2019 Worldwide Threat Assessment of the U.S. Intelligence Community.

Dettagli