Humanities Homework Help
MHE 509 TUI Drones and Privacy Vulnerability Discussion
Discussion Requirements
A substantive comment should be approximately 300 words or more for each response (A total of 5 responses).
Read the initial comments posted by your classmates and reflect upon them.
Before writing your comments:
- Review the Discussion grading rubric to see what is expected for an excellent discussion, in order to earn full credit.
- Review some resources to help you synthesize, such as the following:
Sullivan, J. (2011). Strategies for Synthesis Writing. Retrieved from http://www.findingdulcinea.com/features/edu/Strategies-for-Synthesis-Writing.html
NOTE: You are required to cite sources and include a reference list for the second post if it is simply your opinion. However, if your opinion is based on facts (as it should be), it is good practice to strengthen your position by citing sources.
Be sure to meet all of the criteria in the rubric, as noted in the instructions above.
Third post for each module discussion:
Read the initial and secondary comments posted by your classmates and reflect upon them.
Directly respond to at least one classmate in a way that extends meaningful discussions, adds new information, and/or offers alternative perspectives.
MY POST
Classmates and Professor,
Drones and Vulnerability Analysis
The use of drones has constantly risen over the past years due to their resilience. Drones can be used for different purposes: capturing images, surveillance, real-time video, transport of goods, and live stream. However, drones have come under a lot of scrutinies as they are not being used exclusively for the right reasons. Still, some individuals leverage this technology for hideous objectives. Drones are easy to manage and can be compromised to accomplish various attacks on unsuspecting individuals.
On the other hand, drones have many security susceptibilities that make them susceptible to hackers and hijackers. Therefore, drones’ vulnerability assessment needs to expound more on identifying and quantifying hazards that can affect the drawn systems, whether natural or derived from human interference. This is because the frequency and probability of UAV attacks are high and can have devastating and fatal effects.
For the vulnerability assessment study of drones to achieve its desired results, they should introduce new objectives. The first object should be to review the incidents to and from drones and the existing measures to counter these attacks. Another fundamental goal is to investigate the emerging risks presented by drones in cyber-attacks and efforts to reduce these attacks. The assessment should also focus on analyzing the exploitation of drone vulnerabilities on smart devices such as phones and tablets. Another objective should be to review the use of Unmanned Aerial vehicles (UAV) in different domains such as civilian, military, terrorism, and other additional purposes (Dolan & Thompson II, 2013). Another objective should be to assess the existing and emerging challenges that arise due to the concerns of safety, security and privacy while using drones or UAVs.
Despite the vulnerabilities, security, and privacy concerns presented by drones, we cannot deny the many benefits the technology has brought to society. The use of the technology is rising, and it is estimated that over ten thousand drones will be used commercially in the next five years (Yaacoub et al., 2020). The objectives presented above are geared towards developing a comprehensive plan to guide drone technology’s safety by identifying effective mitigating drones’ vulnerability and security measures. The goals will allow key stakeholders to adopt and develop new techniques and technologies to enhance drone attacks’ detection and protection. Besides, reviewing the current solutions and countermeasures used in the technology’s mitigation efforts will help identify the existing gaps in UIV technology. This information is crucial if we are to find lasting solutions to reducing drone vulnerability.
Pedro
References
Dolan, A., & Thompson II, R. (2013). Integration of Drones into Domestic Airspace: Selected Legal Issues. Fas.org. Retrieved 15 April 2021, from https://fas.org/sgp/crs/natsec/R42940.pdf
Yaacoub, J., Noura, H., Salman, O., & Chehab, A. (2020). Security analysis of drones systems: Attacks, limitations, and recommendations. Internet of Things, 11, 100218. https://doi.org/10.1016/j.iot.2020.100218
RESPONSE 1
As a follow-up to your posting do you feel that there should be some type of controls / licensing required before drones are used?
RESPONSE 2
Class and Professor,
In terms of vulnerability analysis, I believe that the basic objective of; decrease the physical vulnerability of the systems components needs to be addressed and revised. The increase of cyber threat and social media prevalence escalates the potential for cyber social engineering attacks. While normal social engineering attacks were mainly physical encounters, the increase of internet accessibility and use has transitioned these attacks towards a cyber realm. A report “Key Internet Statistics to know in 2021” by Broadband search shows a current world population of 7.8 billion and of that, 4.93 billion people have access and use the internet frequently. In less than half a decade (2000 to 2020) the usage of internet increased by 1,266%. The increase of social media by an organization’s employee increases the Vulnerability in Risk equation through Threat x Vulnerability x Consequences. In an example, from the perspective of a hacker if one wanted to locate potential victims, one may compile a search through one of the many social media applications for places of employment. Filtering through the results, pinpoint critical employees and apply one of the many social engineering tactics to exploit sensitive information from. While the user had no idea inputting their place of employment and duty title had any repercussions.
A business can implement policies of no social media applications that can trace back to the organization. While some of the employees may not mind the ban of social media, majority would agree that it would not be realistic or practical mitigation strategy. A large demographic workforce has been raised on the Internet and its social media networks and now have developed an expectation for constant access to information. A mitigation effort that may have positive effects are training scenarios that are more tailored to the impacts social engineering attacks to the organization. Rather than simply checking a box and completing the training, ensure the information is retained and utilized in daily functions of its employees.
Roderick
REFERENCE:
Broadband Search. (2021). Key Internet Statistics to Know in 2021. Retrieved 20 April 2021, from https://www.broadbandsearch.net/blog/internet-stat…
John Lenkart. (2011). The Vulnerability of Social Networking Media and the Insider Threat. Retrieved 20 April 2021, from https://www.hsdl.org/?view&did=691499
RESPONSE 3
Classmates and Professor,
Drones have become one of the primary capabilities of United States (U.S.) homeland defense due to the ability to capture nearly autonomous surveillance. Drones have the ability to capture images or sound, then send it directly to an operations center for assessment. They also have the ability to fly without human manipulation – automated flight control. These two capabilities pose a vulnerability – they both require connection to a cyber network. Depending on what the drone is being used for, hackers could potentially infiltrate a cyber network and gain control of the done or intercept information being sent from the drone to an operations center. An effective vulnerability assessment must be conducted periodically to ensure assets are adequately protected against potential threats.
According to the Natural Disaster Mitigation in Drinking Water and Sewage System Guidelines for Vulnerability Analysis (p. 9-10, 1998), vulnerability analysis meets these basic objectives: Identification of hazards, Estimation of potential damage, Mitigation of hazards, Identification of measures and procedures for emergency plans, and evaluation of mitigation and emergency plans.
Due to the increased threat of cyber attacks on drones, the basic objective that I believe needs revision is the identification of hazards. The cyber-world is growing tremendously, thus threats to cyber networks need to be constantly assessed. “To understand mitigation options, DHS will need to monitor technological development…” (Best, et. al., 2020). The threats associated with drones connected to cyber networks are changing each day, therefore an assessment should address what Best, et. al. (2020) calls the STRIDE taxonomy – six areas of threats that need to be assessed: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Revising this basic objective of hazard identification will reveal updated methods of handling emerging threats.
For adaptation to the continuously changing cyberspace, organizations assessing drone-related cyber threats should evaluate their plans and procedures periodically. This can be completed through internal assessments, drills, and exercises. Through these evaluations, the areas of cyber threats and social media prevalence will be tested. For example, during an exercise, plans and procedures are tested along with a demonstration of social media management. This is a controlled environment where the organization is able to see if their plans for mitigation and response are adequate; this is also a great time to see simulated social media prevalence issues (hackers releasing confidential information to the public) and how/if their response addressed the threats.
Jason
References
Best, K. L., Schmid, J., Tierney, S., Awan, J., Beyene, N. M., Holliday, M. A., Khan, R., & Lee, K. (2020). How to Analyze the Cyber Threat from Drones. RAND Corporation. https://www.rand.org/content/dam/rand/pubs/research_reports/RR2900/RR2972/RAND_RR2972.pdf
Natural Disaster Mitigation in Drinking Water and Sewerage Systems Guidelines for Vulnerability Analysis. (1998). Pan American Health Organization. https://www.eird.org/isdr-biblio/PDF/Natural%20disaster%20mitigation%20in%20drinking.pdf
RESPONSE 4
Hello class!
Drones are a big problem in regards to privacy. They are also an issue because they provide an attack surface for hackers to gain unauthorized access to something that doesn’t belong to them. So, why do hackers do what they do? According to Mehta (2020), there are seven motivators that make them want to hack: Achieving Financial Gains, Carrying Out Political Agendas, Performing Corporate Espionage, Proving a Point (Hacktivist), Taking Personal Revenge, Causing Harm for Personal Enjoyment, and Mitigating Cyber Threats. Not all actions are malicious in nature and can be use for good, like testing out a businesses’ firewall or antivirus software to check for proper function.
I think the objective “evaluation of the effectiveness of the mitigation and emergency plans, and implementation of training activities” is the one that could benefit the most from being revised. I firmly believe that when a team is well trained and the proper procedures for mitigating vulnerabilities are in place, then the identification of vulnerabilities will become second nature. I work in the cyber field where vulnerability identification on the Air Force network is a daily routine for me. To do this, I must adhere to directives handed down to me from United States Cyber Command (USCYBERCOM) and Defense Information Systems Agency (DISA) to identify vulnerabilities and threats to the DODIN (Department of Defense Information Network) that they maintain. In order to identify network vulnerabilities, it takes months to years of training, however, I still learn something new every day. The point I am trying to make a connection to, is the fact that training won’t solve the issue but it will help when it comes to learning how to carry out plans, like Standard Operating Procedures, to stop a drone from unauthorized activity.
People posting pictures on social media from their drones, without their consent, is an invasion of privacy. To reinforce this, and as stated by Dolan & Thompson II (2013), “some argue that drone surveillance poses a significant threat to the privacy of American citizens.” I think there needs to be the addition of testing procedures for vulnerability analysis. In the cyber world, and as I mentioned in the first paragraph, this process called a penetration test to identify any weaknesses. Same thing could apply here. Testing out the measures or plans to provide insight on any weakness.
Tack
References:
Dolan, A. M., & Thompson II, R. M. (2013, April 04). Integration of Drones into Domestic Airspace: Selected Legal Issues. Retrieved April 27, 2021, from Congressional Research Service: https://fas.org/sgp/crs/natsec/R42940.pdf
Mehta, M. (2020, December 31). Hacker Motivation: Why Do Hackers Hack? Retrieved April 26, 2021, from Sectigo: https://sectigostore.com/blog/hacker-motivation-why-do-hackers-hack/#:~:text=White%20hat%20hackers%2C%20or%20ethical%20hackers%2C%20hack%20to%20protect%20websites,who%20want%20to%20cause%20harm.&text=Find%20and%20fix%20vulnerabilities%20in,that%20detects%
RESPONSE 5
Classmates and Professor,
Which measures need to be updated? All and yet none of them. Due to how open our society is becoming and information becoming so prevalent, any attacker deciding to devote themselves to an attack is going to be able to both plan out a critical strike that can be accomplished with overwhelming force capable of ensuring the attack is able to go on relatively unmolested. Not only that, the response plans by their nature have to be distributed to many agencies or outright distributed to the public to ensure that all the players in the response can be coordinated. This means an attacker (one who takes the time to do proper recon before their attack) has perfect information to ensure that their attack is successful and can tailor the plan to exploit the flaws expressed in the stated response plan. Edward Snowden leaked the full text of the National Planning scenarios from 2004, which is a handy cheat sheet for any adversary trying to figure out what they should focus on to bring us to our knees(Public Intelligence, 2013). We’ve given the bad guys the answers to the test thought up by the best minds in America on how badly can we mess up our country…
So why haven’t we seen supervillain level disasters be executed yet? Probably the intelligence agencies have a massive part of it, but also because any lone wolf attacker able to be able to pull off that kind of attack isn’t mentally unstable to actually go through with it. Those that are mentally unstable enough to attempt it will fail because their technical skills aren’t up to snuff and have a technical failure; look at the case of Dhiren Barot where he had the idea of making a bomb and blowing up radioactive source inside it to make a home-grown dirty bomb (Sturcke, 2006). Except even his Al-Qaeda given explosives training wasn’t able to be remembered months afterward and he made a series of duds. On top of that, he bought close to a thousand fire alarms to harvest the Americium-241 which was the only radioisotope that he could get in any sort of quantity. But if he was smart, he would have known that each fire alarm is only going to have .29 microgram of radioactive material. Which means that the 900+ fire alarms only have 261 micrograms, or .261 milligrams. For comparison for Americans that don’t instinctively know how big that is, your average Tylenol pill has 500 milligrams of medicine… So imagine cutting up a pill 1500 times to get that rough estimate on the harmful material we’re talking about (which also ignores that most of your pills contain mostly inert filler material that just acts as a vehicle to make your body absorb it, but we’ve already established that the amount we are talking about is small).
So we need to have a paradigm shift in what we prepare against. We don’t need to worry about some super terrorist plot or an adversary attempting to undermine us; those people will be caught by the intelligence agencies. Corner cases like the Anders Behring Breivik who were able to exploit governmental oversight rules to enable their cultivating materials to perform a terror plot and who are also able to enact said plan are going to be rare (Seierstad, 2019).
We need to create plans to mitigate human stupidity. Evil people exist and are attempting do bad things at certain select times. But stupid people are ever present and always doing stupid things. Go onto Google and do a casual search of ‘Florida Man’. It’s a meme because there are funny stories like “Florida Man Charged with assault with deadly weapon after throwing Alligator through Wendy’s Drive through”(McClusky, 2016) but the reason isn’t because Florida is any stupider than other states, but because Florida has a law that requires all charging documents be public domain. So journalists are just given the arrest reports of all counties in Florida and can datamine the most salacious items for instant clicks.
Trying to stop social media enabling open-source data collection, or mitigating cyber attacks are laudable goals that are impossible to enforce without draconian anti-free speech laws or national mandates on cyber security that will be promptly ignored. How many people use the same ‘secure’ website password on every site? Completely ignoring the fact that the moment any of the sites they use it for are hacked, it means that their ‘secure’ password is now available to anyone with access to the Darkweb and cryptocurrency to buy bundles of login info.
We should instead focus on the mitigation of problems that come up when people mistakenly act against their own interest. COVID Anti-maskers, flat earth deniers, moon landing deniers and the like may be the more famous groups that are attempting to undermine a collective good through sheer unbridled adherence to false narratives, but there are also the normal everyday Americans that make casual missteps that have massive consequences.
We have the tools in place to stop terrorists trying to shoot us in the back. We need to focus on how we stop ourselves from shooting our own foot off.
Brett
References:
Public Intelligence. (2013). National Planning Scenarios – Public Intelligence. https://info.publicintelligence.net/national_planning_scenarios.pdf.
Seierstad, A. (2019, March 18). The Anatomy of White Terror. The New York Times. https://www.nytimes.com/2019/03/18/opinion/new-zealand-tarrant-white-supremacist-terror.html.
Sturcke, J. (2006, November 7). Man gets life sentence for terror plot. https://www.theguardian.com/world/2006/nov/07/terrorism.uk.
McCluskey, M. (2016, February 9). Florida Man Throws Alligator Into Wendy’s Drive-Thru Window. Time. https://time.com/4214021/florida-man-throws-alligator-into-wendys-drive-thru-window/.
_____________________________________________________________________________________________________
Module 2 – Background
THE MILITARY PARTNERSHIPS
Required Reading
Dolan, A. M. and Thompson, R. M. (2013). Integration of drones into domestic airspace: Selected legal issues. Congressional Research Service. Retrieved from https://fas.org/sgp/crs/natsec/R42940.pdf
Read pp. 3-11.
FEMA IS-75: Military Resources in Emergency Management (2011). FEMA. Retrieved from https://training.fema.gov/emiweb/is/is75/student%2…
Read “Integration of Military Resources in Accordance with NIMS and NRF” pp. SM III-8 to SM III-21
The Posse Comitatus Act—fact sheet (2019, September 23), Section 1385 of Title 18, United States Code (USC). U.S. Northern Command. Retrieved from https://www.northcom.mil/Newsroom/Fact-Sheets/Arti…
2018 National Preparedness Report (2018). FEMA.gov. https://www.fema.gov/media-library-data/1541781185…/
Required Websites
American Red Cross: Terrorism Preparedness: http://www.redcross.org/get-help/prepare-for-emerg…
NORAD and U.S. Northern Command Posture Statement:
http://www.northcom.mil/Portals/28/Documents/2014%…
United States Northern Command. http://www.northcom.mil/