The pace of innovation and level of investment in electric and autonomous vehicles is well known, with global car makers this year investing over US$90 billion (€80.7 billion). These vehicles will become a key part of our daily lives, as they replace traditional fossil fuelled transport, and help accelerate the move towards a fossil-free future.
A less well-known innovation, according to Andy Bridden, an Internet of Things (IoT) expert at PA Consulting, is Urban Air Mobility (UAM) which recognises the need to use our city airspace in the future to generate more transport capacity such as in the 1982 film Blade Runner.
A practical example of urban air mobility is the Electric-powered Vertical Take-Off and Landing aircraft (eVTOL). These aircraft are typically autonomous and can be thought of as a passenger carrying drone, flying taxi or next generation helicopter. This may seem like science-fiction, but the first commercial products are expected to launch in 2020-21, with their adoption predicted to grow from 2023 onwards.
eVTOLs are gaining large investments from organisations such as NASA, Uber, Daimler AG and Boeing with the value of the wider aerial mobility market, including passenger and cargo transportation, expected to reach $1.5 trillion (€1.3 billion) by 2040.
Reputational crash is possible
Amazon and other logistics organisations are already trialling drones for autonomous delivery of packages. In the rush to lead the marketplace, drone security could be one of first victims with cost being the dominant driver. Once a vulnerability is found, an entire drone fleet could be grounded, impacting the delivery network along with associated reputational damage.
With eVTOLs the impact of any guidance system malfunction or cyber-attack is significant. A key vulnerability for eVTOLs is their widespread use of software defined functionality for autonomous flight control. This means that they need extensive technical security measures to be put in place to avoid an eVTOL being hacked by cyber criminals, both from the ground, and in the air.
The attack surface for an eVTOL is extensive and includes the potential ability to clone the digital identity of the aircraft, jam GPS signals used for positioning or to introduce malware within the manufacturer’s software engineering centre. These types of attack can be relatively easy to undertake but can have a significant impact on any aircraft in-flight, potentially resulting in an uncontrolled descent and crash landing.
A cyber security framework for UAM
The EASA’s (EU Aviation Safety Agency) current consultation on the special condition for VTOL focusses on control systems, flight safety and system resilience in the event of failure. The consultation also covers protection from high intensity radiated fields (HIRF) which could be used to disrupt the operation of a VTOL.
The formation of regulation, governance and a strategy for cyber security in UAM is in a nascent stage at best. To address cyber security risks, a strong collaboration of all the key players in UAM is required as well as learning from the approaches taken in other sectors.
There needs to be a recognition that both software issues and cyber attacks will occur, meaning that a robust set of detection, anomaly and patching systems and processes will be needed.
eVTOL companies, the emergency services and regulators need to be prepared so that they can respond and rapidly recover from any incident. This requires a co-ordinated approach to incident management and response; being able to quickly diagnose the cause of the issue will restore public trust.
AI-driven threat detection
There are some important steps which can help build a good foundation for cyber security for UAM. A multi-organisational and multi-disciplinary approach will generate cyber threat and risk modelling by regulators, operators and manufacturers.
A regulatory framework will also be needed, underpinned by both the existing and new standards, which recognises the key role cyber security plays in building public trust of UAM. Consideration should also be given to AI-driven anomaly, rogue and threat detection systems at a national level.
It is critical for organisations looking to use UAM as part of their business operations to establish a secure-by-design approach from procurement through to operations. The adoption will require several processes to be put in place including updates to security management systems, risk assessments, revised incident management and training for all personal involved.
Overcoming these challenges will require a concerted effort by global manufacturers and regulators, to ensure the risks are addressed within the diminishing timescales. This focus will deliver safe and reliable urban air mobility with all the exciting benefits it promises.
Andy Bridden is an Internet of Things expert at PA Consulting