The Uncrewed Aircraft Systems (UAS) Portfolio of the National Institute of Standards and Technology (NIST) Public Safety Communications Research (PSCR) Division is leading a project to improve the overall level of Cybersecurity and Artificial Intelligence (AI) Risk Management within the UAS ecosystem to inform and support Public Safety UAS programs. This project leverages two newly published tools: The NIST AI Risk Management Framework (AI RMF), released in January 2023, and the NIST Cybersecurity Framework version 2.0 (CSF 2.0), in draft for public comment at time of writing and to be released in early 2024.
On the 7th and 8th of February 2024, the UAS Portfolio hosted the Workshop on Cybersecurity and Artificial Intelligence (AI) Risk Management (CSAIRM) for UAS in Public Safety at the Montgomery County Fire & Rescue Training Academy in Gaithersburg, Maryland, USA. This workshop brought together a wide spectrum of stakeholders, including public safety end users, management, academia, and developers, with the following three main goals:
Many thanks to everyone who spoke at and participated in the workshop, and particularly thanks to the Montgomery County Fire & Rescue Training Academy staff for hosting us!
Over the coming weeks and months, we will be publishing various resources relating to the workshop. This includes the meeting minutes, recordings, slides, and summary documents. The event page will continue to be updated with these resources as they are published. Contact us via psprizes [at] nist.gov (psprizes[at]nist[dot]gov) to be notified when new content is uploaded.
One of the main outcomes of the workshop event was the formulation of an initial “Top-10” list of questions that public safety management personnel, such as fire and police chiefs, could ask their vendors, IT staff, and other people in their UAS ecosystem to better understand their CSAIRM posture.
Below, we present the draft Top-10 list from the workshop. This has been lightly edited with topic areas from attendee ideas and consolidated with salient points raised during the workshop. It is not intended to be a complete list, nor is it final or relevant to all organizations or industries. Rather, it is intended to be a list of questions that may be useful starting points for discussion. It will be refined, added to, and tailored to different sectors, with additional commentary and guidance issued, in the future.
As we move forward with the UAS CSAIRM working group, we welcome the involvement of all stakeholders! Please send an email to psprizes [at] nist.gov (psprizes[at]nist[dot]gov) to be kept informed, and to offer suggestions, comments, and assistance for this topic area. We are particularly interested in opportunities to collaborate with partner organizations who are also looking to develop policies and guidance in this space and where efforts may be dual-purposed.
UAS, also called aerial drones or Remotely Piloted Aircraft Systems (RPAS), are seeing widespread adoption across public safety, in particular, and broader society more generally. Such technologies will revolutionize the way that public safety prevents, mitigates, and responds to emergency incidents in a way that reduces response times, protects first responders, and improves outcomes for society.
In general, UAS for current and upcoming public safety applications rely on two major technological developments: Artificial Intelligence (AI) and increasing levels of connectivity. However, the rapid pace of development has outstripped society’s ability to fully understand and manage the unique, novel risks associated with these technologies. As a result, the ad-hoc patchwork of organizational and local risk management policies vary immensely. Often the result is that these technologies are being used without full visibility or attention to the risks incurred by public safety personnel and the general public. In other cases, adoption is slowed or limited due to uncertainty, despite the risks being manageable, depriving public safety personnel and the community of capabilities that could improve their safety and well-being.
The goal of this project is to leverage the AI RMF and CSF 2.0 to fill this information vacuum and provide all stakeholders, from the “boots on the ground” personnel to the incident commander, from the mayor to the congressperson, from the emergency dispatcher to the medical professional, and from the manufacturers to the researchers, with the tools to manage cybersecurity and AI risks associated with integrating UAS into public safety operations, alongside the other risks that they manage on a daily basis.
UAS are used in a wide variety of public safety applications. This initial project scope covers UAS for public safety applications that satisfy criteria including:
Examples of applications and UAS characteristics that are not covered in this initial project include the following:
It is anticipated that this project will initially focus on producing influential materials for a variety of audiences. These audiences may overlap, and it is possible that some guidance may simultaneously address multiple groups: