| dc.description.abstract | Worldwide, the professional use of Remotely Piloted Aircraft System (RPAS) or "drone" is
already a reality in activities such as infrastructure inspections, topographical surveys,
agriculture, surveillance, and even delivery of goods. However, these operations are still
quite limited by several factors such as intricate regulation, technological limitations, safety
concerns, and public acceptance. It is expected that more complex operations as BVLOS
(Beyond Visual Line-Of-Sight) flights over urban environments will soon become routine,
and consequently enabling several business opportunities that are only dreamed today:
from package delivery to transport of people. Nevertheless, to become a reality, countless
problems will shortly need solutions, for example, the integration of drones into airspace
(in a safe and scalable way), harmonization of rules, development of standards, certification
criteria, and issues related to cybersecurity. Recently, some Civil Aviation Authorities have
expressed concerns about the cybersecurity of drones and possible impacts on their safety;
however, due to factors such as the absence of rules, unusual technology, knowledge
gaps, etc., there is a natural difficulty for both manufacturers and aviation authority in
comprehending how to deal with cybersecurity issues. This work proposes studying the
cybersecurity of RPAS in the professional context, evaluating items such as the RPAS
concept of operations (ConOps), safety goals, vulnerabilities, cyber-attacks, and
mitigations. Finally, we propose a cybersecurity risk assessment process called CARA
(Cybersecurity Assessment for RPAS Airworthiness) which was evaluated in two stages:
first through a survey with specialists in RPAS, aeronautical certification engineers,
manufacturers, and consulting companies aiming to evaluate its structure and identify
improvement points; second, three study cases were carried out with Brazilian companies
in order to evaluate its application in real drones. | |
