Air, Cyber, IUS Exclusive, Military

A Good Day for the Blues?

By Dawn M.K. Zoldi (Colonel, USAF, Retired)
In a cybersecure environment, Draganfly’s Medical Response Drone’s payload box can transport up to 35 lbs. of temperature-sensitive medical supplies.

UAS Cybersecurity is Critical to the Modern Battlefield.

Uncrewed aircraft systems have helped stave off Russia’s invasion of Ukraine despite Russia’s five to one advantage in regular military manpower and at least 10-fold advantage in conventional airpower. At the same time, UAS remain vulnerable to foreign cyber interference. The U.S. Department of Defense already has, in part, addressed this problem through the Blue UAS program, which it defines as a “holistic and continuous approach to rapidly prototyping and scaling capable and secure commercial UAS technology for the Department of Defense.” Given the importance of UAS technology in today’s fight, perhaps it’s time for all of us to sing the “Blues.”

Working with Mriya Aid and Second Front UA, Volatus Aerospace has shipped 30 thermal imaging ISR drones to Ukraine.

SINGING PRAISE

In modern warfare, UAS easily provide access to air power previously reserved for large military forces. Increasingly, combatants employ commercial off-the-shelf (COTS) UAS. Even small UAS (sUAS) can provide the warfighter with an asymmetric advantage.

In the current Ukraine-Russia conflict, sUAS use has ranged from tank-column destruction, to providing valuable intelligence, surveillance and reconnaissance (ISR) information and safer logistical support, to rapidly delivering medical and humanitarian battlefield assistance.

A flurry of private UAS donations have been sent to the Ukrainian Ministry of Defence and its territorial forces. Perhaps most notably, AeroVironment donated more than 100 Quantix Recon UAS, accompanied by trainers [see the “Up Close With…” Wahid Nawabi of AeroVironment Q&A elsewhere in this Ukraine package].

Other companies with deep DOD roots have joined in with donations. Quantum-Systems GmBH, whose Vector 2in1 VTOL reconnaissance UAV remains a favorite among U.S. forces, originally donated three of its Trinity fixed-wing VTOL mapping UAS. According to Dave Sharpin, a U.S. Air Force veteran who is now CEO of the Munich company’s new U.S. subsidiary, Quantum-Systems Inc., “Ukrainian forces are already using Trinity for tactical mapping, mission planning, battle damage assessment and collecting evidence of war crimes. Now we are sending our Vector, a swappable fixed-wing-to-quad copter configuration. I hope this will be a game-changer for our Ukrainian partners. We stand with Ukraine.”

Several commercial UAS companies have also joined forces with nonprofits to make a difference. Volatus Aerospace, a global drone technology and aircraft management company, is working with Mriya Aid and Second Front UA. It has shipped 30 thermal imaging drones to Ukraine “with more to follow,” said Glen Lynch, Volatus’ CEO. “We are proud to support allied forces globally. ISR drones provide accurate real-time intelligence while reducing risk to the people who have chosen to serve, and as recent videos have highlighted, civilians are at significant risk. I hope that our drones will save lives.”

Commercial drone solutions and systems developer Draganfly partnered with Coldchain Delivery Systems to successfully deploy its first Medical Response Drone to Revived Soldiers Ukraine (RSU). Equipped with Draganfly’s temperature-managed Medical Response Payload Box, the drone can transport up to 35 pounds of temperature-sensitive medical supplies, such as blood, pharmaceuticals, insulin, medicines, vaccines, water and wound care kits. Draganfly plans to provide at least 10 North American-made Medical Response and Search and Rescue Drones to RSU for use in Ukraine.

“To save lives, high-tech solutions like Draganfly’s Medical Response Drone are crucial,” said Iryna Vashchuk Discipio, president of RSU. “Donations, training deliveries and help from philanthropic partners like DroneAid will help us effectively scale up our humanitarian aid operations in Ukraine.”

Until recently, even Chinese COTS UAS, specifically those made by Da Jiang Innovations (DJI), featured prominently in the mix. Ukraine spent $6.8 million of privately donated money on, among other things, more than 2,000 Chinese quadcopters.

And then troubling reports of potential third-party manipulation joined allegations of remote intrusions from China.

Vehicles from Inspired Flight were included in the second Blue UAS cybersecurity group.

OFF-KEY?

Ukraine leadership claimed China had preferentially disabled the UAS’ AeroScope functionalities to allow Russia to target its forces but blind its own forces from seeing the enemy. Videos on social media also seemingly indicated China had triggered geofencing features to preclude Ukrainian-purchased DJI UAS from taking off.

DJI strenuously denied all of these claims and ultimately pulled its business from both Russia and Ukraine. However, this does not preclude private parties from sending DJI UAS to the front.

Whether China engaged in foreign interference through its UAS, the fact it could do so should raise eyebrows.

At least with regard to geofencing, even the commercial UAS pilot crowd has grumbled about DJI’s ability to ground their UAS. Jamar Williams, CEO of San Diego-based PromoDrone, a startup that makes drones that display banner advertisements, recalled his frustration when, even indoors, his team could not fly a planned demonstration in Las Vegas earlier this year. “The FAA had put a TFR [temporary flight restriction] over The Strip for a state funeral. We were inside, in an enclosed theater. FAA rules don’t apply indoors, but DJI locked off GPS and some flight systems on our drones anyway. It kept us from demonstrating our tech live to thousands of global leaders.” A soldier can’t afford such a risk.

These are not the first concerns about DJI’s cyber-vulnerabilities. Studies showed Chinese software development kit (SDK) interfaces could collect private user identifiable information and correlate it down to the user level. DJI’s Terms of Use Agreement explicitly allows user data to be shared with the Chinese Government. Even a Booz Allen Hamilton (BAH) study of U.S. government-specific DJI UAS, touted by DJI as a win, concluded information-access vulnerabilities existed but found “no evidence that any actual data has been passed back based on these vulnerabilities.”

The eBee-Tac from SenseFly has made it onto the Defense Information Unit’s cybersecurity “Cleared List”.

THE BIRTH OF THE BLUES

In 2020, Congress forbade the DOD from operating or procuring UAS and any related services and equipment from China. This prohibition, codified in Section 848 of the Fiscal Year ‘20 National Defense Authorization Act (NDAA), energized the DOD’s Defense Innovation Unit (DIU) to create the Blue UAS program. The initiative’s goal: to rapidly onboard commercially available, cybersecure and legally-compliant prototyped UAS and components.

The Section 848 directive originally aligned with the U.S. Army’s ongoing Short Range Reconnaissance (SRR) effort. An official Program of Record (POR), SRR aimed to equip soldiers with a rapidly deployable military grade sUAS solution to conduct reconnaissance and surveillance (R&S).

Five companies’ UAS originally made the SRR short list: the FLIR ION M440, Parrot ANAFI-USA-Gov/mil, Skydio XD2, Teal Golden Eagle and Vantage Robotics. They ultimately worked with DIU to meet the Section 848 cybersecurity and legal requirements for placement on a General Services Agency (GSA) “blue” list as a pre-approved procurement option. And so “Blue” was born.

In 2021, based on the success of the original program and its offshoot, the Blue Framework (for cleared parts), DIU initiated Blue UAS, version 2.0. Ultimately, it selected 11 companies and 14 of their combined UAS. Among others, the second Blue UAS group included the SenseFly eBee TAC, Inspired Flight IF750 and IF1200, Wingtra One, Easy Aerial SAMS, Skydio X2D Color and Freefly AltaX.

According to the Defense Innovation Unit, UAS vetted by the Blue UAS On-Ramp effort “do not” [emphasis theirs] require a continuous exception to DOD policy renewal, reducing the administrative burden on end users.” The program is not “an exclusive path for government validation of UAS; however, it is built with the intention of being the most efficient method available for commercial systems.”

“FOR OUR NEXT NUMBER…”

Despite progress on advancing cybersecure UAS for the warfighter, much work remains. Many of the Blue 2.0 selectees remain in the process of obtaining necessary administrative approvals. Of the 11 companies selected for Blue 2.0, currently the eBee Tac by senseFly, an AgEagle company, AltaX by Freefly Systems, WingtraOne by Wingtra and Spirit by Ascent Aerosystems have successfully made it onto the “Cleared List.”

The DOD has also still not created a common standard for rapid COTS UAS vendor onboarding. Nor has DIU revealed a timeline for a Blue UAS 3.0 Commercial Solutions Opening (CSO) and Area of Interest (AOI) request. Industry rumors have it that DIU will push out a call for Blue 3.0 “soon.”

Given the importance of UAS on the battlefield, maybe there should be a greater sense of urgency to ensure all qualified UAS receive the now-coveted Blue UAS designation.

Perhaps more importantly, Congress should direct—and fund—sufficient support so a robust program can ensure that any UAS that could deploy with our forces and those of our allies and partners rapidly pass muster for cybersecurity, privacy and operational requirements.

In the meantime, companies that otherwise meet the Section 848 and DOD security and legal criteria wait in the wings… but fly for Ukraine. 

Related Articles