Cyber risks

Drone technology (like any internet-connected device) is susceptible to cyber threats, with potential commercial, consumer and data privacy implications for manufacturers, owners/operators, entities that engage drone operators, data controllers and processors, individuals whose personal data is collected, and governments. Given this, aviation, consumer protection and data protection regulators/policymakers must consider cybersecurity risk as being a fundamental pillar of their remit. The industry must also take proactive ownership of cyber-risk mitigation.

It will be highlighted that like most technologies, drones are inherently vulnerable to cyber attack due to their dependency on communications signals and connectivity to operate. The discussion in the following seeks to highlight various cyber risks specifically relevant to drone technology, by using case studies to demonstrate the ways in which drone system and application vulnerabilities can be exploited. It then draws upon the various aviation and IT/data laws in key jurisdictions to highlight the gaps in most legal frameworks when it comes to addressing cyber risk. Finally, Australia is used as a case study to examine how data privacy, consumer protection and Internet of Things (IoT) frameworks can be used as a roadmap to navigate cybersecurity risk and implement best practice requirements.