DeepSec 2018 Talk: Drones, the New Threat from the Sky – Dom (D#FU5E) Brack
I will talk about drones (not military ones). Drone risks and countermeasures. Drones have become an inherent risk not just for critical infrastructure, but also public events (sports, concerts) and privacy. I will speak about the exclusive risk catalogue I have developed for a small highly specialised start-up called DroneGuard. The catalogue contains over 140 detailed drone related risks. From payload of drones (explosives, chemical etc.) to cyber risks like Signal Hacking & Disruption (WiFi, GSM, Bluetooth, RFID, etc.). Since Deepsec is a more technically oriented event I will highlight the risk management frame work, my experience with our personal payload drone and the cyberrisks. This talk will help you if you have to protect critical infrastructure from a physical perspective, or if you have to protect yourself or your company from privacy implications.
Please tell us the top 5 facts about your talk.
- Fact 1: You will learn everything feasible about drones, in order to enable you to assess the threat for your particular field of work, might that be cyber, critical infrastructure, datacenter operation, public service, etc.
- Fact 2: The presented DroneGuard risk catalogue contains over 140 risks; and I am sure you haven’t seen them all. Your knowledge about drone risks will be greatly expanded.
- Fact 3: You will learn that drone detection is not drone defence. You will hear about market leaders in drone detection and what type of detection/ defence possibilities exist, and can be used legally if you are not police or military.
- Fact 4: Learn how to handle captured/ landed drones, and how to pick them up without slicing yourself like a cucumber. I’ll show you what drone blade injuries look like.
- Fact 5: See how easy it is to release payload and drop it on a selected target.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
About a year ago we were approached by the government to develop new topics of future emerging risks. Since we are working in the strategic/ methodical field of cybersecurity, handling cyber and also physical risks (like IoT and autonomous vehicles etc.) we started this project about drones. Drones where also used in combination with our infrastructure (telco) and we have been involved in PoCs for hospital transport. Working on the topic of drones (UAVs, RPAS) we soon figured out that there was no structure to it. It’s mostly driven by innovation but without considering the risks that come with it. This is why we started our DroneGuard risk catalogue. The catalogue has subsequently been used in discussions with critical infrastructure operators, event organizers and local police forces as well as large private sector companies. We figured out there is a huge gap between the perception of the risk of drones and the reality. Our catalogue contains around 140 risks of drones. Some of them seem farfetched, like theft and robbery for instance, but just recently we have learned about the theft of a statue from a VIP property by using a drone. This shows how the fast progress of risks related to drones; cybercriminals just started to learn about the capabilities drones have to offer.
Why do you think this is an important topic?
Because it poses a deep security risk for particular situations. Defence capabilities need to be planed accordingly and the risks for each situation assessed. The private sector and the public sector need to include drone risks in their risk framework. There also have been the first ransomware cases putting the public in danger. A drink water supply for a small city has been threatened to be poisoned by a drone using chemical agents.
Is there something you want everybody to know – some good advice for our readers maybe?
Come to my talk… about drones of course 😊. For sure you will learn many new things about drones and the risks they can pose. You might also learn how you can extend your business to assess drone risks. After all a drone is just a flying IoT device – with all its implications.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
Swarm attacks, crime scene destruction as-a-service and emerging terrorist threats (drones are even cheaper than cars, tricks etc.).
Dominique C. Brack is a recognized expert in information security, including identity theft, social media exposure, data breach, cyber security, human manipulation and online reputation management. He is a highly qualified, top-performing professional with outstanding experience and achievements within key IT security, risk and project management roles, confirming expertise in delivering innovative, customer-responsive projects and services in highly sensitive environments on an international scale. Mr. Brack is accessible, real, professional, and provides topical, timely and cutting edge information. Dominique’s direct and to-the-point tone of voice can be counted on to capture attention, and – most importantly – inspire and empower action.