The energy industry is conservative when it comes to cyber security, and although the ROI of drone usage is overwhelmingly acknowledged in the industry, there are still many concerns around managing data of critical infrastructure.
Measure and AES have worked together to provide a data security methodology for their drone program which spans 10 countries and includes more than 100 licensed pilots. Grant Furick, Director of Digital Products at Measure and Adam Brown, Asset Management at AES got together to share lessons learned during an Edison Electric Institute (EEI) members-only webinar on August 13.
Here’s a recap of some of the best practices shared.
Data security involves more than behind-the-scenes technology, it also includes the data collection process. While being on the front lines with linemen, technicians, and work crews, we found that drone pilots are the crucial first line of defense with data security as they are collectors of the data. For pilots, we’ve identified these best practices for data collection:
Train pilots on CEII/CIP.
Training will make pilots aware if a facility or structure falls under critical infrastructure. Regular training will give pilots a comprehensive understanding of what types of data are subject to NERC/FERC regulations, which have established rules on physical and cybersecurity for critical energy infrastructure. It’s a good idea to train all staff on data security and related regulations that may work with drone imagery.
Fly in Airplane or Local Data mode.
Airplane mode disconnects your device from the internet so you can properly collect and handle sensitive data prior to reconnecting to the internet. Local Data Mode, as pertains to DJI, prevents communication with any DJI-hosted servers. If you do require internet access on your device while collecting drone imagery, it is best to utilize VPN software on your device that routes and prevents or at least limits communication to the internet via your corporate network.
Given we’re recommending you capture data offline, we’ve allowed for maps to be cached for offline use in Measure Ground Control.
Delete the flight application and any memory cache post-flight.
Delete your flight app is good practice after every flight. You should also clear SD cards after data has been uploaded; some even go so far as to reset their device to factory defaults and triple wipe or destroy the SD card after use. Once you are sure all traces of data are removed from your device, it is safe to connect it back to the internet and reinstall your mobile flight application.
Avoid the following during the data collection process:
a. Don’t store or process imagery of high voltage trans lines or substation to plant imagery in non-FedRamp approved systems.
b. Don’t snap a pic with your cell phone and text message it to your colleague or post it online.
For data processing, it is best to avoid 3rd party cloud processing. With Ground Control, we keep all data and servers in the AWS US – East region. However, we do occasionally have customers that need to keep data in Europe, and we can provision the system to work according to local regulations.
For data visualization, we use ESRI ArcGIS as our primary map and visualization tool. Whatever you use should be an on-premise GIS solution or should be FedRamp approved.
When using on-premise data security, ensure your network is secure. Typical corporate IT networking procedures should be in place, including proper firewalls, encryption, and VPN. As a general rule, we follow standards that are used by the government. If it’s good enough for the feds, it’s good enough for us.
File name is also important from a security perspective. We tackle this with a principle called “security by obscurity.” When dealing with circuits above 250kw, you should use code names to refer to those assets.
Although it is never possible to achieve 100% security, implementing layers of security at every step in the process greatly reduces risk to a manageable level.
“At AES, we know that we are on the forefront of adopting drones and we are also laser focused on ensuring that we protect our sensitive data” Brown explains. “Data management is a critical piece of any drone program and through our partnership with Measure, we are confident that we are protecting our data every step of the way.”
If you have questions about data security in drone operations, or if you are looking for a secure software solution for your drone program, get in touch.