Since our inception, Skydio has been unwavering in our commitment to the security of our products and our customer’s data. As the largest U.S. drone manufacturer, we recognize our responsibility to uphold these aspects as foundational elements of our products and services. The United States Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, recently released a Cybersecurity Guidance report, outlining their UAS Cybersecurity Recommendations. We commend them for this work and are proud to say that our long-standing dedication to security fully aligns with the recommendations put forth in the document.
Secure-by-Design: A Foundational Principle
At Skydio, security isn’t an afterthought; it’s a primary design principle. From the early stages of our product development, we have integrated robust security measures to safeguard against external threats. This approach ensures the confidentiality, integrity, and availability of data – a stance that mirrors the secure-by-design recommendation by the FBI and CISA. For Skydio X10 we implemented industry-leading Secure Boot features that ensure that only code signed by Skydio can run on our X10 product.
Proactive Development and Regular Updates
Our proactive stance on security is evident in our approach to software development and updates. We have always prioritized identifying and mitigating vulnerabilities early in the development process. Skydio undergoes at least one third-party penetration test a year on both our drones and cloud and quickly remediates any serious vulnerabilities. Regular firmware updates that include security improvements are a testament to our commitment to keeping our systems secure against emerging threats.
Advanced Encryption for Data Security
Understanding the criticality of data security, Skydio drones utilize strong encryption mechanisms for data in transit and at rest. Our use of AES-256 bit encryption in our X10 drone and through Skydio Connect SL ensures that data transmitted between the drone and the controller is securely encrypted, thus maintaining data integrity and privacy. Additionally, our use of TLS 1.2/1.3 using non-weak ciphers to encrypt all information between our products and Skydio Cloud as well as utilizing AES-256 for storing customer data at rest meets the security requirements of our most advanced cloud customers.
Network Segmentation and Zero Trust Architecture
Adhering to the principles of network segmentation and the Zero Trust framework, Skydio drones are designed to minimize the impact of any cyberattack on UAS systems. This architecture of continuous verification and authentication significantly reduces unauthorized access and limits the attack surface of our products.
Supply Chain Integrity and Transparency
From the outset, we have been mindful of our supply chain's security, ensuring that components are sourced from manufacturers adhering to stringent security policies. This practice aligns with the guidance’s emphasis on understanding the origins of UAS components and their security standards. It also ensures that the Skydio X2 and X10 products are NDAA compliant.
Continuous Security Training and Awareness
Recognizing the human aspect of cybersecurity, Skydio has always invested in regular IT security education and training. This ensures that our team is equipped to identify, mitigate, and effectively respond to emerging cybersecurity threats.
External Audits
Skydio undergoes several external audits every year by leading third-party assessment organizations for both ISO27001:2022 and SoC2 Type II. These audits provide a comprehensive review of Skydio’s information security measures ensuring they consistently meet the trust services criteria relevant to security and privacy in addition to adherence to international best practices in information security management. These ongoing verifications provide confidence to our customers and partners that Skydio is committed to high standards of data protection and operational reliability.
Conclusion
Skydio’s unwavering commitment to cybersecurity and data security since our founding has always aligned with the highest standards, including those recommended by the FBI and CISA. We continue to evolve these strategies to meet the ever-changing landscape of digital security, ensuring that our products are not only innovative but also secure and trustworthy. At Skydio, we take the responsibility of providing secure, reliable, and advanced UAS technology very seriously, ensuring that our products are a beacon of trust in the industry.
Jeff Horne, as the Head of Security at Skydio, leads the company's efforts in ensuring that its UAS solutions meet the highest cybersecurity standards.
