Securing the skies is not just a matter of protecting our airspace, but safeguarding the future of drone technology. Effective cybersecurity frameworks are essential to unlocking the full potential of drones, enabling innovation, and ensuring public safety. In this episode, we sit down with Bronwyn Morgan, CEO of Xeo Air, drone pilot, FAA Safety Team representative, and cybersecurity expert. Bronwyn discusses cybersecurity and cyber risks in the drone industry. She discusses the most dangerous risks to watch out for and effective frameworks for cybersecurity. As the CEO of Xeo Air, Bronwyn offers a distinct outlook on the issues encountered by the drone industry and explains how her company is overcoming those obstacles. She talks about Xeo Air’s latest tech and developments, including their AI-based drone services, data analytics, and autonomous mission management platform. She also discusses the future of cybersecurity in the drone industry and inspection space, exploring the exciting possibilities and potential challenges that lie ahead. Join us as we explore cutting-edge drone technology and cybersecurity.
Watch the episode here
Listen to the podcast here
Securing The Skies: Exploring Cybersecurity In The Drone Industry With Bronwyn Morgan
We have an amazing guest in this episode. She’s the CEO of Xeo Air, a drone pilot, an FAA Safety Team representative, and a podcast host of her own. Welcome, Bronwyn Morgan. Thank you for joining us.
Thank you so much for having me. What an incredible name for a show. It’s going to be very fun.
We’re going to lead right into the question and get you started. If cyber risk was a pizza with cybersecurity frameworks being the crust, what’s the riskiest topping you’ve seen, and what topping would you equate that to?
I have heard of peanut butter. That’s a lot of risk-taking with a lot of things blended in. I would say that equates to a perfect analogy with cybersecurity because there are always things coming from the left that you didn’t expect. That can cause an incredible disruption and some significant security risks. It’s like you didn’t see that coming, and that’s how things that are on the other side of security work. You never see them coming.
I’ve seen peanut butter on burgers but never on a pizza. That is something new and something for our audience to give a shot, but keep your cybersecurity out of that one. That is a unique one. Thanks for sharing that one. That’s great.
You win the award for the most unexpected topping.
It’s so bizarre. Somebody else suggested that, and I was like, “No.” I’m a pretty standard girl. Give me my pepperoni, and I’m good to go.
I’ll have to look for that and see if I can find that somewhere. Bronwyn, tell us, in your role as CEO, what keeps you up at night?
It’s everything. It is autonomy, battery life and fuel cells, cybersecurity, weather and communication tools for better data transfer and raising money. All these things are keeping me up at night.
Probably the weight of the drones and how long they can stay in the air and all the other pieces that are there. You’ve got a number of things that are moving. I can see that.
Especially the weight factor and anything that flies in the air. I’d expect that if I was in your industry, that’s for sure.
It depends on what the payload is. You need a bigger bird to carry more things on board to do a better inspection or observation. It’s a challenge. We’ve got to go bigger. To go bigger, you need bigger batteries or electric, and then that means more costs. There’s a lot to consider in our space.
Tell us a little bit about the space that you’re in. We’re talking drones and you talked to us a little bit about the cybersecurity of those, but tell us a little bit about the problem that you’ve seen in the industry.
This is a growing industry, still extremely young. People have been expecting a lot more out of it than what the regulators and the equipment will allow us to do yet. We are waiting on things such as beyond visual line of sight to be consistently available to us, which means that we have to get better at Detect and Avoid systems. All of this starts to add up. Back to the point you were making, it is about time aloft, “How long can we stay up? How far can we go?” That’s going to drive everything from drone delivery. I’m in the inspection and mapping space myself here at Xeo but that impacts us as well.
If I’ve got somebody on site like a pilot doing an inspection, I like to stay up as long as possible because that means that this person doesn’t have to bring the bird back down and change out batteries. I can go further if I’m doing a cluster or array of assets to inspect. As we get into autonomy, which is huge and everybody’s chomping at the bit, there’s a lot that we’ve got to demonstrate and prove when it comes to safety. That also goes back to batteries and fuel cells. I can go far but if I don’t have a battery, I’m going to fall out of the sky. There are quite a few things that we’re all looking forward to seeing develop and grow as we evolve.
Tell us a little bit about what your company does and how you’ve solved that solution.
We certainly haven’t solved it yet but we are an outsourced AI-based drone services data analytics and autonomous mission management platform. I call it the Uber of the drone industry. We allow customers in our target verticals to be able to come into our platform and build a mission. We fly it and do the data processing and data analytics through deep learning and machine learning. We provide them with that data back.
We’re focused on infrastructure, the critical infrastructure sector, civil infrastructure, catastrophic response, and climate and environmental observation. We’re also building out our autonomous assets so that if the time comes along, we’re ready. We’re building our drone and also drone towers. We’re behind the controllers but as pilots, we start to move away from the controllers and fly autonomously.
What exactly are you mapping? You mentioned some civil items. How would that work? Tell me a little bit more about that.
On the inspection side, we’re telecom, utilities, energy, which would be wind and solar and then civil, purchase highways, roadways, dams, and waterways. Most of that work is inspection but we could be doing a mapping project for one of those customers as they’re doing an installation of new equipment and doing an analysis of their current assets inventory.
Also, if we’re doing catastrophic response, we could map an area, whether it is pre or post-wildfire, pre or post-hurricane. If we’re doing climate or environment, there’s a variety of different potential executions from glacial to the forest to coastal and farming. It does depend on what the customer needs and how we can provide them data back analysis so they can better assess the health and/or the conditions of their particular assets.
It sounds like we’re doing a lot of waiting for some of these items for the FAA to agree and some of the autonomy and batteries. What’s your prediction on that? How do you think that’s going to go? When will I start to be able to take my drone from my house to the grocery store and back?
Each of those things has its timeline. We’re out doing inspections every day. We’ve got the pilot out there with the drone so we’re still able to conduct business. When it comes to some of those things that you mentioned, we’re ways away. There are a lot of tests underway beyond visual line sights all over the country with different organizations and entities testing that. Also, different fuel cells, hydrogen-based drones or fuel for drones. Companies are working on extended battery life as well as electric with the eVTOLs. All of this work is going on. By the time we get to the end of 2025 or so, we should start to see more applications beyond the visual line of sight.
Also, from a battery perspective or a fuel cell perspective, we’re going to continue to see that grow and grow. It is about physics and access to all the components that are needed. It will continue to evolve. If you’re going to be flying to the grocery store, you need to have your Part 107. Be careful about flying over people. Make sure there’s someone on the other end that will be able to put your Snickers bar on your drone and send it back. That requires a lot of elements to come into play. Be careful.
I often think of the common applications of drones. The first thing that comes to mind of the average person when you say drones is they think, “Delivery.” There are other applications because I’ve seen them. What do you think was the least surprising application in the use of a drone? Knowing that you operate this option as an outsource option, I imagine you’ve seen plenty of requests so what are some of the ones that maybe we haven’t thought of?
We’re just starting to scratch the surface here. People are doing all kinds of transport planning around drones for delivery especially. We’re not in the delivery business but as we get to larger drones and urban air mobility or advanced air mobility, we’re going to see these drones being used for emergency medical response. I don’t know if it’s so unusual but it certainly is an asset and that’s the work that Matternet has been doing with UPS in delivering medical supplies and equipment in South Carolina. What a great use of drones and we’re going to see that continue to grow with organs being flown across a certain geography.
Also, equipment for first responders. It could be a defibrillator or other certain equipment that’s needed right on site before you even get taken to a hospital that can be used to save your life. As we think about the whole idea of rural environments where access to medical needs is limited, it’s dwindling, being able to send supplies and equipment and other very necessary medical elements to those areas will be a game changer.
As we think about the whole idea of rural environments where access to medical needs is limited and dwindling, being able to send supplies and equipment and other very necessary medical elements to those areas will be a game changer.
That’s one thing that’s exciting but can you imagine a heart flying through the air to beat the traffic so that it can save your life? Those are the kinds of things that I get most excited about. The second one is what NASA’s been doing on the moon with their little drone/heli drone and being able to do mapping and assessing of Mars. All of that is incredible. As we go further in, drones are going to be everywhere all over the Earth and probably other planets as well. A lot of off-planet work as well.
I’ve seen that tattoo with the heart with the wings. I’m just kidding.
That’s what it’s going to be. Eyes, hearts, livers and kidneys. It’s a sky full of organs flying around. What a blessing that is.
That’s amazing. I have now but prior to this, I had not thought of such an application. It’s still delivery of something. That’s why the only applications I can think of off the top of my head are surveil and delivery.
An inspection, as we do. Also, agriculture and entertainment. I don’t know what movie is shot without using drones. It’s all the cinematography and usual applications on the civilian side. You have military use, which is a whole different use case. The use cases will build and then eventually, your ambulance may come down as a large drone, pop you in, and then send you off to the nearest medical center. You don’t have to worry about the big heavy helicopter trying to find a space to land. They’ll pop you into a big ambulance drone and take you off.
In prep for this call, we’ve had quite a few calls with folks that specialize. Some become something drone-related. We even have a few clients that are DoD subcontractors. I decided that right before this call, I was going to look to see when did drones first start showing up. Generally, you’re going to see it on the television screen first and foremost in the news. I did a little homework and there’s a Wikipedia site for a list of films featuring drones. The technical person isn’t going to say, “I bet you it was Star Trek.” It’s that creative mind of the Star Trek series.
What’s interesting is there is a site that even exists where they feature drones. It’s representative of where the market is because there are tons. You can google it to find it. There are tons of applications that they talk about in the movies. Whether or not they come to fruition or not, that was the impetus for my question on other applications. You do see generally unique applications that we’ve met somebody that was in construction like drones flying through before you do a demo building. It’s great to see those varying applications. I am astounded by the concept of using drones and the medical delivery of organs. That’s an amazing application. That can make a huge difference. Thanks for sharing.
If you’re in a hospital, you’re in an emergency and you’re desperately waiting for an organ. Every second counts for the organ and you. Being able to speed that up and get it to you safely and on time means everything.
You’re doing those inspections. What’s the biggest safety thing that you’ve found by doing these automated or drone inspections of these infrastructures? Has there been anything that’s been a standout of, “I’m glad we found that?”
I would say yes. I think about it more on the catastrophe side where we’ve been called to inspect a dam or a roadway that’s falling apart which has incredible implications of, “Do we need to evacuate immediately because this dam is about to go?” It’s not about to go yet but in the next week, you’re probably going to have some serious degradation. Those kinds of things push you because you’re already in an environment that’s very precarious. As we’re driving down a road, we’ve been lucky enough to have law enforcement escorts because they know the area to say, “This is okay. This is still a road but you don’t want to get into fast-moving water.” Now you’ve got a problem as a pilot.
The other one also in that same space, on the climate and the catastrophe side, is beach erosion. It can mean everything for a community if they’ve got a very thriving beachfront area. All of that has significant implications because that means that in the next 3 months, 1 year to 5 years, what was beachfront may have to be moved. That has business, private, residential, and massive implications. If you’re doing a tower, you might see some loose wires where there’s been a lightning strike or a wind turbine. That’s fairly routine but you get into some of these more anomalous categories where you’re not sure what you’re going to see.
If you’re doing a glacier, you might see a fissure that no one knew was there. That means this thing could break off in the next month or a couple of days and have a significant impact on that region. Using drones and aerial sensors is going to save us in a lot of instances. It provides so much more safety for the individuals that are having to do that work versus trying to use some of the more conventional tools. It’s massive and we have seen some very interesting dynamics as a result of that.
I live in Sacramento so the example of an inspection of a dam resonates with me. There’s a large dam here called the Oroville Dam that had some issues. It was 2018 when we had a lot of water come through and the spillway failed on that dam. It’s not as memorable because that was a long time ago. Even in the inspection, essentially those are the power companies and their lines running through the forests in the summer. A tree falls, hits the power line and then you got a big wildfire in your hands.
There are lots of applications out there. Our natural go-to is what about the risks associated with the safety and security side are hand in hand. Safety and the drone dropping from the air, whatever the situation may be, I’m sure you know more about that than we do. We’re always very concerned about what you do to keep out the bad guys in your operation. That’s probably what keeps you up at night.
It’s a challenge for everything autonomous, from cars to drones and robots. This is a significant threat to our industry and how we operate. There are a couple of places where this comes into play. It’s your data once you gather it and keep it safe on your servers. You want to keep that safe so nobody jumps in to get it. You’ve got the safety of your assets, drones, towers, cars, robots or whatever the case may be. All of that presents significant threats because, to your point, if it falls into the hands of the bad guys, then the very thing that you were doing with the equipment can be used against you.
That causes us in these spaces to have to budget for the best cybersecurity that we can buy. On a start-up, that can be pretty daunting but we have to have it. The other piece is there are certain security standards, especially if you’re doing work for the government. Having to be compliant with FedRAMP, which is a protocol for how data is gathered and stored for government projects is a big piece of what you have to consider. As you’re gathering data, it’s in the data transfer to make sure no one interrupts that to then steal that data and interrupt your flow of data. Once you get it to your server, keep it safe.
If you’re pushing it out to any other tools or work that you’re doing, any other APIs that you have integrated, make sure that that stays safe if it’s going to a third party. You got to most likely bring it back and then the customer has to gather it. You’re pushing data out or they’re pulling it out. There are so many places in the supply chain where you have to be concerned about keeping this all secure. There are some good hackers out there and it is a concern. How do we keep all of this safe? Whether you’re driving your autonomous electric vehicle down the road or if it’s sitting in your driveway, someone starts it, backs out and takes it on a joy ride of hell.
It’s the same thing with your drone. Some of the data, especially that we collect in the areas that we focus on, is very sensitive. This data has to be very secure because it can provide real blueprints to infrastructure that belongs only to that customer. You have to be extra vigilant in how you’re managing this, making sure that you’re checking your platforms and doing routine audits almost daily to make sure that there’s no disruption. We’ve been hacked into our platform so we had to go back and rebuild it.
Thankfully, none of our data was impacted because it was sitting on a server. Sometimes people are doing front-end stuff to be mean. That part you can rebuild is a web-facing website or public-facing platform. When you start getting back into behind-the-scenes stuff where things are operating on their own or you’ve got an AI model operating to run things and also where your data is stored, you’re playing with fire. You got to make sure that you’ve got all the right pieces in place.
I can see that you understand the mindset that a lot more security professionals share. Compromise is a matter of when but making sure that where your sensitive data lives and how critical it is, is where you’re making most of your investments. There are some good hackers. I would argue that hackers are almost like organized crime bosses. They’re after some reward.
It’s usually your money or ransom. If it’s an enemy, they want the data itself. They don’t care about the money. They want to know the layout for whatever it is that you may have access to. They’re like, “Give me Social Security numbers.” You think about all these different major companies that have been hacked. They’ve got big deep pockets so they can afford great cybersecurity and full teams. They’ve been hacked. Your consumer data, credit cards and all your information is out on the dark web. That’s daunting.
The perception is a hacker is a guy in a hoodie who has evolved into not only a thief but also a digital arsonist, as we would like to say. Where’s the cyber fire department that we call when we need that help? Ultimately, that industry is trying to address that problem and insurance companies and those sorts of things through cyber liability insurance. Even large companies can be compromised. You have to prepare for when. You’re right on the money in terms of the idea of where’s this data. Even DoD and their initiative for what essentially is classified, they call it the CMMC for subcontractors and the standards that they have to meet.
Thank you so much. It’s great to hear that you understand that. As an operator, you have to have a good understanding that there’s no such thing as 100% secure. How far do you go? An answer often is your customer will tell you, “This is what we need you to do to do business in our industry.” You can’t count on them alone. You also have to take your initiative and be aware. It’s nice to hear that you were aware.
This is a big deal for us. In some of the conversations that we’re having, this is critical to make sure that we’re dotting our I’s and crossing our T’s. When you’ve got so many different fences that can be jumped, you’ve got to make sure that each of those is as secure and reinforced as possible. It’s like someone breaking into your house. It’s such a horrible feeling if you’re invaded. It’s not just your stuff but you get other people’s stuff and all the man-hours that went into it. At the end of the day, we’re a drone company because we’ll be making assets but we are a data company. Everything that we have is to gather data and we use drones as a way to gather them.
At the end of the day, we’re all data companies and if anybody’s confused by that, they need to think again and ensure that they’re utilizing the highest level of security. It could be something as simple as you got your drone in your car in the trunk. If someone pops your trunk or steals your car, now they’ve got data. It might not be anything as sophisticated as someone coming through a digital pathway. They could come into your home or car. We all have to be very vigilant when it comes to how we think about managing data.
This is a civilian operation and you’ve got a lot of independent contractors that are working. It’s not just about using that drone. It is about how you manage the entire process because the flip side of that is the liability. Just because you’re a single operator does not mean that you’re not liable and people will not come after you. Our pilots have to be insured. We’re insured but be careful how you are handling data because you will suffer the consequences if you did not practice the right due diligence in your operations.
[bctt tweet=”Just because you’re a single operator does not mean that you’re not liable and people will not come after you.” via=”no”]
That’s a great point about everything. Pretty much in all data companies, it’s a matter of how that data is used. Thank you for that. Where can we find you or more information about the industry and some of the things that you’re doing?
I’m always on LinkedIn so people can find me and the company there. I’ll be at AUVSI in Denver. I’ll be in four different locations hosting a panel and doing my podcast. I got a couple of different things going on there. I usually attend AUVSI every year. People can often find me on LinkedIn and on our Twitter pages where if I’m doing my podcast, someone else’s show or involved in something, it’s always posted. As a company, we are at XeoAir.com. Twitter is @AirXeo. Instagram is @XeoAir. I’m findable but if you’re coming to AUVSI, that’s great. I got a couple of other places I’ll probably be popping in and out of that we’re planning. That’s where you can find me.
Going back to the interesting thing, what excites you about the future of where things are headed? We’ve talked a little bit about some of these things but is there anything in particular that you’d want to share with our audience and us about the future?
This is going to get so exciting. I’m excited about what we, in the inspection and mapping space, will be able to do with the beyond visual line sight and being able to autonomously inspect assets from a command and control center, surveil and provide security for customers’ assets to try to prevent or catch bad actors. This is from somewhere else. This is where the star trek stuff comes into play.
Being able to talk to people through the drone is super exciting. I also think if you borrow that over to the law enforcement side, it provides a level of safety and security and a lot more accuracy in being able to inspect where the bad guys are, whether they’re in a mall, house, building or wherever that may be. Gather information so that the right resources can be deployed at that moment.
I have another company called Airversity, which is professional drone pilot training. We’re focused on commercial, corporate and law enforcement. We’ve got a couple of different projects that are coming up and classes also. We have a geospatial class coming up to teach drone operators about geospatial data. How do you take your photogrammetry and turn that into geospatial data? What does that mean?
That doesn’t even get into flying cars and cargo. This is all going to be incredible. I think about when I can go out for a rideshare and then take a flying taxi to the airport and get me there so much faster and then back home or to the mall or the golf course. This is where things are going to get fun. This is the time for The Jetsons. I’m hoping that in my lifetime, I’ll be able to experience some of that.
In the meantime, I have a request. Please do not do a radar camera for law enforcement that follows the people here in San Diego as they drive because they already drive 80 or 90 miles an hour. Radar cameras that would follow us would be terrible.
People were very timid when I was there. I didn’t see anything too crazy. What a great place to have speed. If you’re going to speed, might as well do it in San Diego.
Talk something a little bit more about yourself then. How did you come up with this idea? Where’d you come from to get here? Let’s start there.
Everybody heard me talk about this and to some people, it wasn’t a surprise. Coming out of high school, I wanted to be a fighter pilot. Women couldn’t fly fighters. I was like, “I’m going to the Air Force Academy.” The idea of that took on a different cast and that was if I got into fighter pilot school but I was like, “If I can’t go fast, whatever.’” I went to college at the University of Illinois. The plan was to get a degree in Aerospace Engineering, work at JPL, apply for NASA and do some fun stuff like that. I didn’t do that. I did go to the University of Illinois but wound up leaving there and working for two major corporate companies and consumer products.
I always found myself in a role in innovation or R&D. I always love things that were outside of the box and innovative. I’ve done a variety of things since then. I worked at the university level and entrepreneurship and innovation. Also, I became an innovation consultant and worked and did stuff all over the world in different capacities. When drones came up as a civilian commercial opportunity, I was like, “This is my chance.” I got the FAA Part 107 and then used my business experience to determine the business model here. Here I am a couple of years later, running these two companies with the vision for what the future’s going to look like for us around autonomy, equipment and services. Also, always wanting to go outside the box.
Since I was an only child, my dad was prodding me on the boy stuff. “Let’s go look at airplanes, trains, ships and stuff.” I’ve got a lot of good conversation but boring conversation for cocktail parties unless it’s with nerds. That’s cool. I still love trains, double-hull ships and the big Supramax cargo ships. I’ll read about that and super nerdy stuff. I find it fascinating. Where we’re going with artificial intelligence and robotics is exciting. It’s scary at the same time. What we’re seeing with ChatGPT 4 coming out is we were talking about hacking.
Our hackers may not be human. Talk about the ability to go around any firewall. These things can write whatever they need to get in. I don’t know that they’ll be seeking ransom. If so, where would it go? We need to think hard about what we’re turning on here. It was Elon Musk who said that we’re opening the door to the devil. From what we’ve been seeing, we’ve got a lot to consider because once we start, I don’t think we can go back.
Let me ask you this. If you go back in time and give your younger self some advice, what would that advice be?
Go harder on math. I had a bad experience in the fourth grade with the longhand division and a teacher. It spooked me. Even though I went on to take more advanced math, it always stuck in my head like, “Can I do this? This is going to be hard.” As you start getting to advanced physics and differential equations, while it’s certainly not longhand division, it puts something in your head.
We have to be very careful how we talk to children about what they’re doing and how they’re learning and make sure that we address how they learn and reach them there. I’d say go harder. Push past the fear and try the things that you may not think will get you down the right path. I’m also a big believer in destiny. Even though your route may be circuitous, you’ll get there. You’re awesome a little bit more. I say that every day.
When they started adding letters into the math equations, that’s when I had a problem.
In this new math, I watch it sometimes on videos. I’ve learned some stuff but sometimes, I’m like, “How did you get there?” It’s an interesting journey.
That’s very close to mine. Mine was to go faster in math. I always struggled. I had the old seasoning degrees attitude as well on the math side but what I learned is I had to take a calculus class. I always had an opinion of myself. I’m good at it but only if I go fast. I got more points available when I took that course in Calculus. I took it in a six-week compressed course. I’m better when it goes fast is what I learned.
Is that a kinesthetic learner where I have to touch it? If I can see an equation, write it out and then I do a comparative to something else that I already know and do this like apples to apple thing, then I’m like, “I got it now.” A straight lecture is not for everybody. We need to change our learning style because not everybody learns that way and they could be genius. They just have a different way of how they capture data and process it. We continue with this Plutonian methodology. A lot of people are washing over but when you stop, they’re like, “Here we go.” It comes rapid pace. It’s wonderful.
Bronwyn, we appreciate your time on this. We love learning more about the drones, the infrastructure, and the climate change pieces that you’re trying to track with your drones. There’s going to be an exciting future for both you and your company and how you’re moving these forward. Thank you very much.
Thank you very much. I’m so glad to be here.
To our audience, thanks for reading. If you’ve learned something or laughed and you want to take a flight of your own, please tell someone about this show and share it with everybody. That’s it. This has been another great episode with Bronwyn as our guest. See you next time.
About Bronwyn Morgan
Chief Executive Officer at Xeo Air and Airversity
Leading third entrepreneurial venture and developing new UAV platforms and solutions at Xeo Air, MOUV and Airversity .
Classically trained in innovation practices, commercializing latent tech IP, sales management, UAV capabilities, international business development, consumer/brand marketing, new venture development, startups, advanced technology, trend identification and client management. FAA Safety Representative, FAA Drone Pro and FAA Certified sUAS Pilot, working with global aviation/aerospace firms.
Worked for global consumer goods leaders: Coca Cola and Procter & Gamble, and leadership roles in tech and entertainment. Head consultant at Subkulture Innovation.
*Created and lead high level alliances domestically and globally in various verticals.