Loading presentation...
Prezi is an interactive zooming presentation

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Drone Threat Landscape

Department13 Drone Threat Landscape by Kevin Finisterre
by

Kevin Finisterre

on 3 May 2017

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Drone Threat Landscape

Drone
DREAM
Simplistic Threat Model







Rate the drone threat using a simplistic & subjective methodology to classify potential drone risk! DREAM is in essence the Microsoft DREAD (minus D model, plus a subjective Mitigation value) Each RC model, or drone is graded in all of the following categories:

Damage Potential - What type of negative impact does the presence of the drone have on the environment? Consider payload ability, battery life, stability, GPS assistance, waypointing, and 'capability' generally speaking.

Reproducibility - How easy is it to create a drone or RC craft capable of said threat? Be mindful of the level of effort it would take to obtain, or build a craft of this type.

Exploitability - What skill or resources are needed to create a negative impact using this particular drone? Can anyone do this alone, do they need a team, does it require some level of aerospace understanding coupled with targeted skills (IED)?

Affected area or persons - How many people, or what type of visually, or physically sensitive area will be impacted. Will this cause a minor annoyance, injury or death? IF so are we talking individual harm, or mass casualty, somewhere in between?

Mitigation value - Subjective value assigned as an organization specific wild card. Modifier for specific threat management. This can include stake holder commentary, outside intel, or any other influencing mechanism for assigning value.

Category elements and weighting will differ depending on your environment as well as the “business logic” that you use to interpret the value of your assets vs potential threats. You will need to go through your own exercise with the appropriate staff to come up with a variation of the above weighted matrix. Your matrices should be specific to your environments. A threat matrix for an airport for example would look very different from a matrix for a Forward Operating Base in your theater of choice for example. Mitigation value is meant to be a flexible override metric to help with the subjective nature of "threat".
I'm not your friend... I may tell you
things that are hard to hear.
“You can't just release SCADA exploits!”
"If you outlaw SCADA exploits, only outlaws will have SCADA exploits"
Circa 2008
After dropping Citect 0day
What does a "drone threat' look like?
Gradient of Threats
Subjective Gradients of Response!
David Kovar
Drone Threat Landscape & Forensic Approaches
S4x17
IF this worries you...
you should have a plan!
That awkward moment when someone asks, "Tell me more about yourself" and you're like:
VERY Subjective example, created on the fly for this talk, specifically for conversation:

Damage potential
0 - No impact, 1 - Minor annoyance, 3 - Minor injuries possible, 5 - Communications Disruption, 6 - Surveillance on sensitive area, 7 - Contraband delivery, 9 - Artillery spotting, 10 - Serious injury or death (IED delivery)

Reproducibility
0 - Group 1 or 2 DoD equivalent (RQ11, ScanEagle etc.), 4 - DIY drone & IED capability, 5 - heavily modified COTS drone & IED capability. 8 - DIY RC with heavy customization & autopilot knowhow, 10 - COTS drone & zero modification

Exploitability
0 - Involves military CONOPS and mil-spec equipment, 3 - Requires multiple skilled pilots & expert level IED experience, 5 - Requires multiple skilled pilots or operators, 7 - amateur pilot+builder with knowledge of payload & aerodynamic concepts, 8 - novice FPV pilot, 9 amateur pilot, 10 - an unskilled pilot with malicious intent can easily accomplish this task

Affected area or persons
0 - No one is really impacted by the presence of the drone or RC craft, 1 - Some people are annoyed, 2 - Private property aerial trespass, 3 - single person injuries expected, 4 - Sensitive area will be photographed, 5 - several people at risk of injury, 7 - several people at risk of death, 9 - Artillery “spotting” & ‘fire discipline’ (correction of missed mortar rounds), 10 - Immediate Death (IED attached).

Mitigation value
0 - No one cares about the presence of this drone or RC craft, 1 - generic need to keep ‘toy’ novelty ‘nano’ drones out of my environment, 4 - generic need to prevent COTS prosumer camera & FPV or autopilot drones out of my environment, 5 - drone has payload characteristics that make it a weapons ‘capable’ platform. 7 - My boss says this drone worries him, 9 - DHS has warned me about this platform, 10 - Drone has been seen ‘in-theater’ maliciously deployed.
Mitigation Value
OH GOD, WHO
AM I!?!?
http://www.digitalmunition.com/donut-model.psd
http://www.digitalmunition.com/donut-model.png
http://www.digitalmunition.com/DreamSheet.xlsx
http://www.digitalmunition.com/DreamSheet.numbers
http://www.digitalmunition.com/ThreatModel.pages
http://www.digitalmunition.com/ThreatModel.pdf
http://www.digitalmunition.com/pyramid-model.psd
http://www.digitalmunition.com/pyramid-model.png
http://www.digitalmunition.com/DREAMRiskfactors.jpg
Department 13
Drone Mitigation

Use of Force Continuum
Department 13 Drone Use of Force Model
Risk Perception Categories
Full transcript