NASA's UTM-ISSA architecture has 3 layers where the Monitor-Assess-Mitigate (MAM) components of ISSA are situated: at the UAS level (vehicle system functions), at the Ground Control Station (GCS) level (GCS functions), and at the Supplemental Data Service Provider (SDSP) level (SDS services). We modify this by adding an extra intermediate layer at the UAS Service Supplier (USS) level (USS functions). The aim of the proposed effort is to develop and demonstrate a strategic cybersecurity framework for this UTM-ISSA architecture. While there are many risk factors that impact ISSA, we focus on risks that emanate from cybersecurity threats from a variety of players.
For the monitor portion, we propose an approach to aggregate a variety of cybersecurity-relevant data sources at various levels of the UTM-ISSA. Designing the information schema for these data elements is part of the proposed effort. We divide the Assess portion into two: Assess-1 and Assess-2. The Assess-1 portion involves a signature-based misuse detection for cybersecurity threats followed (sequentially) by a deep learning based anomaly detection module. The Assess-2 takes as input the anomalous patterns from Assess-1 and provides strategic labels: Who?, What?, Why?, How? and When? based on a deep learning multi-label classifier. The Mitigate component uses an attack tree for devising strategic countermeasures and a game theory module for devising tactical countermeasures corresponding to each strategy at each level of the UTM-ISSA.
We propose to demonstrate the feasibility of the proposed approach using an illustrative cyber-terrorist scenario that features a coordinated cybersecurity attack on multiple UAS.
NASA's UTM-ISSA program is the first anticipated tech transfer target and application. NASA's UAM program is the next anticipated application. NASA has many other programs, such as the Mars Rover and Counter-UAS, that will benefit from the strategic cybersecurity framework developed in this research.
The Department of Homeland Security (DHS) and the Department of Defense (DoD) have many cybersecurity, counter-UAS and counter-swarm programs that will benefit from the proposed framework. In the private security, many drone/UAS as well as USS vendors are likely targets for commercialization.