Typically, when the conversation moves to the subject of drone-jacking, people immediately envisage a Hollywood-style breach of national security - probably in or around the White House - before Will Smith leaps in to save the day.
However, attacks on this technology represent very real risks for the growing number of businesses using drones for more ‘everyday' purposes, such as engineers surveying buildings and infrastructure, ecommerce giants sending deliveries by drone, or companies gathering surveillance for insurance claims.
These aren't far-off, futuristic scenarios either.
2017 will see an increase in availability, via the dark web, of pre-packaged software and toolkits for hacking drones
As a law firm, we are currently seeing increasing interest and investment in drone technology for a range of purposes. Indeed, just last month, online retail giant Amazon announced an expansion to its research and development team in Cambridge.
This will see 400 technology specialists get to work on fine-tuning the technology behind delivery drones. Despite claims that such deliveries are ‘pipe dreams', there is a growing market for commercial drone technology, and with this comes a growing risk of drone-jacking.
Cyber criminals targeting drones
Last November, a report from security software company McAfee predicted that cybercriminals will soon turn their attention to targeting drones, particularly those used for law enforcement, filming and deliveries.
Drones without adequate security in place will be vulnerable to hacks, as well as physical attacks. The McAfee report speculates that 2017 will see an increase in availability, via the dark web, of pre-packaged software and toolkits for hacking drones.
In these cases, hacking of the drone itself or its supporting software may result in either physical misuse or data breaches. Hacking for the physical diversion of a drone carries the potential for personal injury or property damage, or actual theft of the drone or indeed the item it was carrying.
The loss of data via drone-jacking... leaves businesses and authorities with many privacy concerns - especially with the EU's General Data Protection Regulation coming in to force in May 2018
Theft of data is another real risk, particularly if the drone contains personal or sensitive information, whether customer data included for delivery purposes or even footage collected via an attached camera.
The loss of data via drone-jacking then leaves businesses and authorities with many privacy concerns - especially with the EU's General Data Protection Regulation (GDPR) coming in to force in May 2018.
If cyber attacks start targeting drones, drone-jacking could leave businesses and their customers equally exposed with regards to personal and commercial data
In recent years, there have been a raft of data breaches resulting in an invasion of privacy for customers of companies, including TalkTalk and Camelot, and breaches of the GDPR could entail fines of up to four per cent of a company's global turnover.
These attacks are becoming ever-more sophisticated and wide-reaching; recently, we saw the extensive damage that hackers can unleash with the WannaCry cyber attack bringing organisations across the globe to a standstill.
If cyber attacks start targeting drones, drone-jacking could leave businesses and their customers equally exposed with regards to personal and commercial data, and the prospect of big fines levied by the Information Commissioner's Office.
Drones and data protection
Although the use of drones is already, to an extent, covered by a range of laws and regulations, including the Data Protection Act and the law of confidence, greater focus and more specific and targeted legislation is necessary, as are effective insurance products for organisations that use drones. This is especially important with the European Commission predicting full integration of drones into European airspace by 2028.
The government's recent Vehicle Technology and Aviation Bill notably did not include provisions for drones, although a consultation on the safe use of the technology did occur in March 2017. Whether this will be a priority following the upcoming election remains to be seen.
Currently, a combination of existing insurance policies are required to cover the risks associated with drone technology. As the risk of electronic theft of sensitive data rises, the market for these specialised policies grows.
In the case of drone-jacking, it would be wise for a business to consider cyber risk policies that are available for first and third parties. These policies provide protection against business interruption, reputational risks, notification expenses and the payment of compensation to individuals affected by security or privacy breaches.
While a business or organisation may find investing in drone technology an attractive proposition, an outbreak of drone-jacking could be incredibly costly. It is critical that companies consider the security breaches drone-jacking could leave them open to, and invest in the appropriate protection, for when Will Smith is not available.
Nick Gibbons is a cyber security expert and partner at law firm BLM
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal