Drone-Jacking: The Perils and Possibilities

Nick Gibbons, cyber security expert and partner at BLM, considers the potential perils that may come with the use of drone technology, and the legal protection that will be necessary to prevent drone-jacking and hacking.

Typically, when the conversation moves to drone-jacking, people immediately envisage a Hollywood-style breach of national security, before Will Smith steps in to save the day.

However, attacks to this technology are very real risks for businesses utilising drones for more ‘everyday’ purposes, such as e-commerce giants handling drone deliveries, or companies gathering surveillance for insurance claims.

These aren’t far-off, futuristic scenarios either. We are currently seeing increasing interest and investment in drone technology for a range of purposes, with Amazon last month announcing an expansion to its R&D team in Cambridge; this will see 400 technology specialists get to work on fine-tuning delivery drones on behalf of the e-tailer. Despite claims that such deliveries are ‘pipe dreams’, there is a growing market for commercial drone technology, and with this comes a growing risk of drone-jacking.

Last November, a report from Intel’s McAfee Labs predicted that cybercriminals will likely soon turn their focus to targeting drones, particularly those used for law enforcement, filming and deliveries. Drones without adequate security in place are left vulnerable to hacks, with the report speculating that 2017 will see an increasing availability of pre-packaged software and toolkits for hacking via the dark web.

In these cases, hacking of the drone itself or its supporting software may result in either physical misuse or data breaches. Hacking for the physical diversion of a drone carries the potential for personal injury or property damage, or actual theft of the drone or indeed the item it was carrying.

Theft of data is another real risk, particularly if the drone contains personal or sensitive information, whether customer data included for delivery purposes or even footage collected via an attached camera.

The loss of data via drone-jacking then leaves businesses and authorities with a myriad of privacy concerns. In recent years, there have been a raft of data breaches resulting in an invasion of privacy for customers of companies including TalkTalk and Camelot.

These attacks are becoming evermore sophisticated and wide-reaching; recently, we saw the extensive damage that hackers can unleash with the WannaCry cyber attack bringing organisations across the globe to a standstill.

If these attacks are targeted to drones, drone-jacking could leave businesses and their customers equally exposed with regards to personal and commercial data.

Although the use of drones is already, to an extent, covered by a range of laws and regulations including the Data Protection Act and the law of confidence, greater focus and more specific and targeted legislation is necessary, as are effective insurance products for organisations that opt to use drones. This is especially important with the European Commission predicting full integration of drones into European airspace by 2028.

The Government’s recent Vehicle Technology and Aviation Bill notably did not include provisions for drones, though a consultation on the safe use of the technology did occur in March 2017. Whether this will be a priority in the new Parliament remains to be seen, though the Queen’s Speech did discuss legislation to ensure the UK as a leader in new industries and technologies.

Currently, a combination of existing insurance policies are required to cover the risks associated with drone technology. As the risk of electronic theft of sensitive data rises, the market for these specialised policies grows. In the case of drone-jacking, it would be wise for a business to consider cyber risk policies that are available for first and third parties. These policies provide protection against business interruption, reputational risks, notification expenses and the payment of compensation to individuals affected by security or privacy breaches.

Whilst a business or organisation may find investing in drone technology an attractive proposition, an incidence of drone-jacking would be incredibly costly. It is critical that companies consider the security breaches drone-jacking could leave them open to, and invest in the appropriate protection, for when Will Smith is not available.

Nick Gibbons

nick.gibbons@blmlaw.com

020 7638 281

About BLM

• BLM is the UK and Ireland’s leading insurance and risk law firm. With a turnover of over £100million, we advise insurers, Lloyd’s syndicates, MGAs, brokers, corporate policyholders, professional indemnifiers and other market organisations.
• With more than 200 partners and 1600 staff, BLM is instructed on a broad spectrum of legal issues and acts for customers in key sectors such as construction and property, corporate risks, healthcare, insurance and indemnity, leisure, public sector, retail, technology, media and telecoms, transport and the London Market.

·         BLM has 13 offices across the UK and Ireland in Belfast, Birmingham, Bristol, Cardiff, Dublin, Edinburgh, Glasgow, Leeds, Liverpool, London, Derry, Manchester and Southampton.

• BLM presently advises 12 of the top 15 insurance companies. We aim to be the firm of choice for customers seeking concise advice, stellar service, value for money and long term partnership.
• The firm was formed from the combination of two leading practices, Berrymans Lace Mawer and HBM Sayers, in May 2014.

·         On 1 December 2014 BLM combined with leading Northern Ireland based risk and insurance law firm Campbell Fitzpatrick Solicitors (CFS).

·         On 10 March 2015 BLM relocated its London operations to a central flagship office at Plantation Place in EC3.