Security Requirements of Commercial Drones for Public Authorities by Vulnerability Analysis of Applications
This work provides incremental security guidelines for public authorities in South Korea to enhance drone safety, but it is domain-specific and not broadly applicable across all of ML/AI.
The paper addresses the lack of security requirements for drones used by public authorities by analyzing vulnerabilities in commercial drone applications from four manufacturers, proposing minimum security requirements to mitigate these issues.
Due to the ability to overcome the geospatial limitations and to the possibility to converge the various information communication technologies, the application domains and the market size of drones are increasing internationally. Public authorities in South Korean are investing for the domestic drone industry and the technological advancement as a power of innovation and growth of the country. They are also increasing the utilization of drones for various purposes. The South Korean government ensures the security of IT equipment introduced to the public authorities by enforcing policies such as security compatibility verification and CCTV security certification. Considering the increase of the needs of drones and the possible security effects to the organization operating them, the government needs to develop the security requirements during introducing drones, but there are no such requirements yet. In this paper, we inspect the vulnerabilities of drones by analyzing the applications of commercial drones made by 4 manufacturers. We also propose the minimum security requirements to resolve the vulnerabilities. We expect our work contributes to the security improvements of drones operated in public authorities.