best practice drone data

DAVID WALTERS
Following on from my recent article about “Drone Data Security“, I thought I’d share some Pre Flight and Post Mission procedures that may be of help when considering your customers data security requirements. These are based on my experiences of UAS operations and best practice handling of client data over the years.

Client

  • Ask your clients about their data control policy
  • Send copies of all pre flight planning, and media/data release forms in advance of carrying out the task for approval

Operator

  • Ensure you have a data management/protection policy in place.
  • Does the UAS for this task meet the above client data security requirements.
  • Are the tasked team working to the latest procedures and requirements?
  • Do you process locally or do you process in the cloud

Hardware

  • Understand where your data is being stored on the UAS
  • Identify if your system is a closed or open system (Closed – No Live Internet Connection / Open – Connected to the Internet)
  • Utilise specifically assigned tablets if needed and not personal devices

Example of controls you can put in place

Pre Flight

Keep client mission requirements secure. This data in itself could relate to valuable & sensitive infrastructure details.

Fig 1.1 Screenshot from CQNet Flight Safety Management System App

Ensure you have your data protection policy implemented, which all operators can follow and implemented as such they can be kept up to date when operating in the field

As part of your operational pre flight checks, the data protection procedures should be included. This will also fall in line with your Media Release form etc

Fig 1.2 Flight Checklists for DJI Inspire 1 on CQNet

drone data protection

When utilising checklists, ensure checklists are recorded for each flight and that procedures are followed

Fig 1.3 Completed checklist on CQNet

drone data protection

Clients might ask for a copy post flight of all recorded checks, to ensure you as a supplier are adhering to your procedures.

Here are some of the key examples on a DJI Inspire

With the device being in aeroplane mode and the user not being logged in to the DJI Go App, the App will not be able to sync flight log data to DJI and also transmit any unauthorised data, if you have those concerns.

Post Flight

  • Ensure the data from the payload is stored securely, and in some cases backed up to a secondary device.
  • Format the memory card prior to the next flight. The last thing you want is to have a fly away with sensitive data on board
  • Once the mission set is complete, download the mission log files, and then delete them from the UAS & smart device.

Data Post Processing

When processing clients data, depending on the mission type you have some additional parameters to consider. Do you process locally or do you process in the cloud? Again this will be dictated by the client’s requirements.

The mission I completed, now needs to be converted into photogrammetry.

I could process it locally utilising a local software license from Pix4D or Agisoft etc (Local would be selected for the most sensitive of jobs) or I could process it in the cloud, utilising several apps such as Drone DeployPix4d and maps made easy to name a few.

  1. Will my client allow me to send my data to a 3rd Party to process?
  2. Does the data processing centre have to be regionalised, to the client or where the data was captured?
  3. Will I have to submit flight log data?

Most clients will not allow data to leave the country of origin

Talk with your software suppliers, ask the questions you need to reassure your client you have done everything you can to ensure the security and safety of that data. They will be more than happy to discuss the details with you.

In Summary

  • Request client data management requirements
  • Implement own data protection policies
  • Understand UAS Data Storage
  • Utilise specific hardware assigned to the UAS.
  • Ensure the data that’s captured is handled as per your policies
  • Local vs Cloud, select the option that best fits the client’s requirements
  • Ensure cloud provider allows you to meet data protection needs

 


From the DroneSec team…

This was an update to David Walters original post here: published on LinkedIn here.

Who is Consortiq?

Consortiq has established partnerships with several leading OEM hardware providers, who can ensure the right system is provided to meet client’s requirements. They transform businesses through drone training, consultancy, aerial filming, hardware & software. Partnering the right hardware, with the right software can enhance and ensure safety, compliance and successful flight. They make it easy for organisations to put drones in the sky.

Get in touch with David.

If you enjoyed this article and would like to get in touch with David, please contact him via LinkedInConsortiq or email at: [email protected]

Join the discussion: