Three keys to successfully beginning internal discussions about UAS technology integration
One of the first steps in getting your enterprise UAS program off the ground is meeting with your corporate IT team and stakeholders to assess the potential security challenges this new technology could pose to your organization. I recently gave a talk at the Energy Drone & Robotic Virtual Summer Summit about drone data security (watch in video above) and wanted to share a few of the key takeaways.
1. Classify the Types of Data You Will Be Collecting
It is key to familiarize your corporate IT team and stakeholders with the different types of data your UAS program will be collecting.
First, drones are continuously collecting metadata called telemetry data. Telemetry data provides in-depth information about where the drone is and can be correlated with the airspace around it. This data could be a possible liability to your organization in the context of airspace compliance but also in regards to competitive advantages. For example, if your business is looking for natural resources in yet-unclaimed areas, you wouldn’t want to share your location data.
The second type of data being collected by your drone is sensor data or the picture/video data. In the energy sector, this could be photos or videos of assets like a flare stack, a certain type of machine, or a piece of important infrastructure. This is vital decision-making data that will be viewed internally but also poses potential risks as well if the machinery is of a highly proprietary nature.
Lastly, is the interactive live stream data drones collect. While this data can be extremely valuable, it poses a serious security risk if not thoughtfully handled. When an organization has an incident occur, they may want to live stream into the emergency operations center, but a common mistake is using a live-streaming platform that does not have security commensurate with the highly-sensitive data you are streaming.
2. Determine Which Types of Data Pose the Highest Security Risks
Establishing the levels of risk each type of data may pose to your organization is a critical next step.
While a security breach of your telemetry data could be used for competitive analysis, ultimately, the same information could be gathered by a person driving by and taking a picture on their phone of your drone inspecting a cellular tower or flare stack at a certain location and time. Which poses the question, does data that can be collected from other sources require the same level of data security and oversight as say a picture taken of a proprietary piece of equipment?
When analyzing your types of data and corresponding risk profiles, I recommend creating a spreadsheet or matrix document outlining the types of data, the implications that data has, and the types of oversight it might come under.
3. Secure Your Data in Storage, Transit, and Sharing
When any type of data is in transit or at rest, it should be encrypted. My advice on encryption is never to write your own security and only use NSA-approved encryption algorithms. This will ensure your organization is protected by the highest level of security which has been through extensive oversight and auditing to make sure it is a working, secure algorithm.
I hope these takeaways will assist you in beginning the conversation about securely integrating UAS technology in your organization. For more information on Aloft’s platform and security, please visit www.aloft.ai/security/.