RIIS LLC in partnership with CNA Corporation received a one-year award to improve UAS security by enhancing their current Brute Force Default Identification-Automated Prevention (BFDI-AP) prototype to a production‐ready prototype that incorporates additional telemetry equipment used by public safety operators and allows modularity for future updates and equipment. They seek to achieve this through user testing in the field and iteration of the prototype with George Mason University Department of Police and Public Safety. Following the demonstration project, they plan to document their findings and widely distribute technical outputs to the public safety community.
Godfrey Nolan, President of RIIS LLC, *
Riley Dove, Hardware Engineer, Principal Investigator, RIIS LLC*
Steven Habicht, Director, CNA*
Addam Jordan, Chief Scientist, CNA*
Adam Monsalve, Research Analyst, CNA*
Rebekah Yang, Research Analyst, CNA*
Stephen Reedy, Software Engineer, RIIS LLC*
George Mason University Department of Police and Public Safety, public safety partner*
* Team involved in 2021-2022 Demonstration Project
Team CNA Corporation and RIIS LLC
CNA/RIIS identified several key vulnerabilities in default network and security settings often overlooked and left unchanged in common UAS systems, which can be exploited by hackers, leading to loss of control of the UAS by the operator. To address these critical vulnerabilities, they developed an attack system to exploit default settings in these UAS components (namely the onboard telemetry radios and the ground control station) and a corresponding countermeasure system to prevent such vulnerabilities from being compromised. The countermeasure system consists of a series of automated scripts that identify the UAS is using unchanged default settings, then update the factory settings to protect against the vulnerability, and send an email to the UAS operator to inform them of the modified settings. This practical yet elegant solution addresses key cybersecurity vulnerabilities that can be readily implemented by public safety organizations at low cost and easily scaled to different UAS models.
The CNA-RIIS UAS Defense Team is comprised of RIIS, a small business that specializes in mobile and artificial intelligence (AI)/machine learning (ML) applications for unmanned aircraft systems (UAS), and CNA, a non-profit research and analysis organization that has experience supporting government use of UAS and emerging technologies. We have successfully teamed together to develop an award-winning solution to demonstrate and address UAS cybersecurity vulnerabilities for public safety entities.
Riley Dove is a UAV engineer and our chief pilot for the CNA-RIIS team. Riley has expertise working with many different types of UAS including hybrid VTOLs, heavy lift multirotors, tethered systems, and GPS-denied multirotors. With his experience as a test pilot for multiple drone companies, Riley has over 2000 flight hours on various airframes and environments. Riley graduated from Gonzaga University with a degree in Entrepreneurship and Innovation.
Steven Habicht serves as the Director of the Center for Enterprise Systems Modernization within CNA’s Institute for Public Research (IPR). He has extensive experience working with government, non-profit, and private sector clients providing various forms of project management and system engineering support, including data management and modeling support, system design and requirements analysis, enterprise architecture, and business process analysis and improvement. As Center Director, he focuses on leveraging emerging technologies to enhance the delivery of public services.
Addam Jordan serves as the Chief Scientist of the Center for Enterprise Systems Modernization within CNA’s Institute for Public Research (IPR). He has over 15 years of experience in applying air traffic control, UAS, and systems engineering subject matter expertise to support the FAA in developing modernization concepts for the national airspace system (NAS). As an experienced Air Traffic Controller, systems engineer, and enterprise architect, he brings together the operational and technical expertise needed to deliver creative solutions.
Jeff Kitson is Senior Penetration Tester with RIIS LLC. His primary expertise is in mobile application, and IoT device penetration testing. He previously presented at the Defcon 24 IoT village, and RootCon X. As part of the CNA/RIIS team he identified new and existing vulnerabilities affecting common first responder UAS products and developed the attacks and remediations used in the challenge. His spare time is spent outdoors or building custom cameras with antique components.
Adam Monsalve is a systems engineer at CNA who specializes in cybersecurity and uncrewed aircraft systems (UAS). Adam supports the UAS Traffic Management (UTM) project within the FAA, focused on the cybersecurity needs of this forthcoming ecosystem. Adam helped develop the concept and coordinate across the CNA-RIIS team partnership for the UAS Triple Challenge. He graduated with his Ph D from the University of Florida in materials science and engineering where he specialized in magnetic nanomaterials research.
Godfrey Nolan is the President of RIIS LLC, a mobile development company based in Troy, MI that specializes in drone development. Godfrey is also the author of Decompiling Android, Decompiling Java, Bulletproof Android, Android Best Practices, Agile Android and Agile iOS. He is also an adjunct professor at University of Detroit Mercy and Lawrence Tech University.
Caitlin Windland is a systems engineer with CNA and has over eleven years of experience in the aviation industry as a pilot and supporting project management and systems engineering projects. Caitlin currently supports enterprise systems modernization projects by providing analytical support for the development and implementation of enterprise systems. Caitlin graduated with a Master of Science in Aeronautics from Embry Riddle Aeronautical University.
Rebekah Yang is a systems engineer at CNA and served as a supporting engineer for the team. For the past 5 years, Rebekah has supported the Federal Aviation Administration in research and planning for the integration of future emerging technologies, including uncrewed aircraft systems traffic management and artificial intelligence applications. She also provides data analysis, visualization, and modeling expertise to various federal, state, and local government entities.