This year’s Global Mobile Awards, of which I judge the Enterprise Innovation category, will be full of innovative uses of drone technology. These devices have the potential to provide valuable services in a range of industrial scenarios, but the inherent dangers they pose are now becoming apparent.
Many in the security industry have been warning about the risk from drones for years. The issue has been brought into stark relief, however, by the chaos at Gatwick Airport caused by the misuse of drones on the runway. This is not the first time Gatwick has been targeted, with rogue drones shutting down the airport in July 2017. It’s also by no means the first airport to be targeted.
The frequency of such incidents is also increasing, with 6 reported in the UK in 2014 and 93 in 2017.
This major incident is a sharp reminder that as cutting-edge technologies such as industrial drones are brought to market, there is an obligation on both governments (by regulating and legislating) and enterprises (by implementing security-aware and risk prevention strategies) to manage emerging risks.
Drones can be stolen, hijacked or misused by employees and third-parties, with potentially fatal consequences. They could be used by criminals and terrorists for a range of crimes, including bringing down aircraft, carrying explosives and spying. The risk could be as simple, but as potentially fatal, as dropping out of the sky on someone’s head as a result of loss of power, system failure, collisions and frequency interference. Such incidents are not simply theoretical – they have already occurred.
Enterprises should have to register drones in the same way we make them register other dangerous technologies – such as lasers and sources of radiation. The UK is intending to mandate this from November 2019 (some would say this is too little, too late). The fine for non-compliance (£1,000), however, does not seem sufficient for the type of damage these devices can cause, although the penalty for not following the new (July 2018) restrictions on drone usage (flying below 400 feet, and not within a kilometre of an airfield) are more severe – £2,500 fines and up to 5 years in jail.
Drones need to be stored securely, as we do with shotguns. And they need to be identifiable so that if they are misused we can trace where they came from and take action. There should also be an obligation to report any missing drones (in a timely fashion) to the authorities. UK proposals to reduce drone risk also include the requirement for drone users to register flights via a Flight Information and Notification System (FINS).
Enterprises are responsible for any tool they operate – drones included – and therefore need to consider how they secure drones, just as they do any other end point device. The enterprise’s risk if a hacker takes control of them and uses them for malicious acts is considerable. Having appropriate insurance for both the drone and its pilot is becoming essential. But the reputational damage from not securing your drones is potentially even greater than any financial liability.
Despite the tougher-sounding regulations being introduced for drones, they are of no use if they are not enforced, and it is unclear how the authorities intend to enforce them. Intercepting the rogue drone at Gatwick proved difficult.
B2B service providers need to be mindful of these developments for two main reasons:
- the opportunities afforded to them to utilise drones within their own business – eg to inspect radio towers, for line-of-sight testing and for disaster recovery purposes after storms etc
- the utilisation of drones by their enterprise customers and the opportunities this provides – including drone procurement services, data processing, data delivery, connectivity, cybersecurity, professional services and applications (such as drone traffic management systems and realtime reporting and analytics).