Press Release

For Immediate Release

Contact: Liza Cordeiro

Senior Advisor Marketing

202.650.4456 | cordeirol@cna.org

CNA Earns Top Spot in National UAS Competition

Friday, April 22, 2022

Arlington, VA

CNA has won a national award for securing unmanned aircraft systems (UAS) from cybersecurity threats. This week, the National Institute of Standards and Technology announced that CNA won all three stages of the First Responder UAS Triple Challenge 3.3: Shields Up! Securing Public Safety UAS Navigation and Control Challenge. The purpose of the Shields Up Challenge is to explore and advance the cybersecurity of UAS technology to support first responders in their missions.

"This challenge was a spectacular opportunity for us to show ingenuity and cybersecurity skills to solve threats and vulnerabilities associated with UAS," said Halleh Seyson, Vice President of CNA's Enterprise Systems Data Analysis division. "I am so proud of our team who brilliantly drew attention to a subtle but extremely important cybersecurity threat, developed the concept, prototyped the solution, and conducted an impressively seamless live presentation regardless of numerous hurdles they faced!"

All UAS must maintain controlled flight and successful navigation in order to complete their missions. A UAS that is hijacked by a malicious attacker not only jeopardizes public safety missions but also compromises expensive life-saving equipment. Challenge 3.3 focused on the navigation and control aspects of a UAS, with the submissions required to illustrate an attack that compromised either the navigation or control of a UAS flight.

CNA's submission focused on protecting state and local first responders as they deploy UAS for law enforcement, firefighting, or other emergency services. The mission that CNA addressed was a scenario involving a UAS in pursuit of an armed individual who had fled a crime scene. The team worked to identify critical vulnerabilities resulting from poor cybersecurity practices that could allow hackers to infiltrate and exploit the systems. Many UAS systems are sold out of the box with several default settings that must be updated by the end user. If such settings remain unchanged, hackers can easily compromise the UAS due to the public nature of these settings. The team's attack and countermeasure systems highlight this fact and illustrate that a malicious attacker can take control using seemingly benign default settings.

CNA partnered with RIIS, a software company that develops mobile applications for drones. CNA has been invited by NIST to present the winning solution during a public safety broadband stakeholder meeting in San Diego in June.

For more information contact Liza Cordeiro at cordeirol@cna.org or 202-650-4456 or visit https://www.cna.org/centers/ipr/dma/ to learn more about CNA's UAS work.