We recently had the opportunity to speak with Matthias Gronstedt, the CEO of HHLA Sky, an organisation founded by Hamburg Harbour Logistics AG (HHLA) in 2018. Matthias explained that he became the founder after being tasked with finding a commercially viable drone solution for industrial applications. After researching the industry, he realised that this type of solution didn't exist at the level required for organisations working in and around critical infrastructure, including adherence to strict corporate guidelines and requirements such as cybersecurity. This surprised him, as global digitisation efforts have changed the way many industries operate in industrial areas, particularly with the introduction of the Internet of Things (IoT) pushing more to understand how parts of the digital value chain can fail and cause data leaks as well as damage. Cyber threats are also more prevalent than ever, and it's no longer a question of if an organisation will fall victim to one, but when that threat will turn into a successful cyber attack and how much damage will be caused. While the drone industry is still very young, it hasn't yet experienced the full consequences of a cyber-attack due to inadequate cybersecurity precautions, which could lead to catastrophic consequences for the industry in the event of a major breach. While sectors such as healthcare, law enforcement and critical infrastructure have been reluctant to adopt drone technology due to cybersecurity concerns, certain drone organisations, such as HHLA Sky, have successfully developed and implemented drones in a variety of industries.
Cyber-attacks can occur from anywhere in the world (regardless of the location of the organisation or hacker), and it's up to law enforcement in the perpetrator's country of origin to provide an appropriate response when these attacks occur. This dynamic can create a number of difficulties for companies or organisations attempting to take legal action against the perpetrators of cyber-attacks, especially given the differences between police forces and geopolitical situations. It's also important to note that cyber-attacks often originate from outside the country of the targeted organisation, which is why cyber-security strategies and preventing these attacks in the first place are proving more successful than taking legal action after an attack has occurred.
To avoid a situation where an organisation finds itself legally powerless against a cyber criminal and to ensure that customers feel safe using your services and understand that the likelihood of this type of cyber attack happening is incredibly unlikely, it's important that an organisation maintains good cyber hygiene practices. Cyber hygiene encompasses all the regular actions that users take to maintain the integrity of their systems and improve online security. Best practice routines include protecting personal identities and sensitive information from potential misuse or damage. Consistent system maintenance is also essential to support optimal system and software functionality, enabling early detection and prevention of threats.
In addition, in a digital environment surrounded by a variety of cyber criminals, viruses and malicious software, establishing reliable and consistent cyber hygiene practices is essential to secure and effectively combat potential threats. This involves numerous elements within an organisation, ranging from hardware (computers and phones) to software and online applications, all of which require consistent maintenance. Regular updates and maintenance can mitigate common problems such as misplaced data or loss, security breaches, outdated software and outdated security systems, ensuring thorough protection and smooth operations.
Matthias also told us that HHLA Sky is very aware of the importance of cybersecurity, and what it means when organisations don't start developing solutions with cybersecurity in mind from day one. Many organisations in the drone industry work quickly to get solutions out the door as quickly as possible, avoiding cybersecurity measures until they start meeting with customers. It's only when their solution is brought to the security or IT department that they realise they've made a mistake, as cybersecurity is a key element of successfully integrating drone operations into existing systems and software.
Indeed, these procedures require significant time and additional effort from team members and other stakeholders who interact with the system, given the important role they play in the value chain. It's, therefore, important to cultivate a culture that values cybersecurity practices throughout the ecosystem. Any activity that involves the transfer of digital data must be carefully managed and communicated. These measures can include things like training employees to only use secure Wi-Fi networks and to choose private networks through their mobile hotspot when travelling rather than using the free Wi-Fi networks on trains, buses or planes. Using encrypted channels is also very important and should be standard practice in organisations that take cybersecurity seriously. At HHLA Sky, their processes can span multiple organisations and many different people, so they recognise the growing importance of training as the number of participants increases and the exchange of information becomes more exposed to potential vulnerabilities. This may be why a recent PwC study found that nearly 45% of security and IT professionals expect ransomware attacks to increase by 2023, which could wreak havoc on organisations as their digital communication channels become increasingly vulnerable to hackers. The task of securing these digital value chains then falls to the organisation's cybersecurity department, which is responsible for protecting digital networks from those with malicious intent.
The IEC 62443 is a globally recognised certification for industrial cyber security standards. It was originally developed for industrial automation and control systems (IACS), but has expanded over time to cover areas such as energy, supply chain management, distribution and transportation. This certification encompasses rigorous standards that strengthen these systems against potential threats.
Matthias explained that they ultimately decided to pursue this certification after speaking with several customers concerned about current cybersecurity efforts — many of which focused on the role of the drone operator and potential IT system integration. Most organisations will also require any technology provider to meet with their internal IT and security departments to ensure their security requirements are met before discussing system integration with their enterprise resource planning (ERP) systems. This is due to the risk they are taking with any new technology added to the overall system and its potential to cause a system breach.
While numerous drone organisations have previously neglected cybersecurity, their customers typically place a high value on secure systems, which is evident when an organisation considers integrating drones into its operations. Upon discovering the lack of strong security measures in the hardware or software, these organisations typically look for alternative drone service providers that can provide such security or conclude that the drone industry is not mature enough to integrate into existing systems. This situation leads to general dissatisfaction and damages the overall image of the drone organisations that do care.
Consider a hypothetical situation in a large city where police forces use drone technology for everyday tasks such as monitoring potentially dangerous situations and improving overall security. Suppose a cyber-attack occurs and the drone's video stream is intercepted, providing misleading information to the police and possibly creating additional danger beyond what would have been present without the drone's involvement. Furthermore, if news of such a drone hijacking were to become public, it would cast a negative light on the entire industry, raising doubts about the feasibility of safe drone use and undermining overall public acceptance.
Certifications such as IEC 62443 not only increase public confidence in the integration of new drone technologies, but also guide organisations towards a development path that emphasises cybersecurity from the outset.
HHLA Sky is a German high-tech company focused on developing advanced drone solutions for Industry 4.0. The company has created a platform for centrally and simultaneously controlling drone fleets in different locations around the world, enabling fleet planning, scheduling, flight and data preparation. The HHLA Sky drone system is designed for operations in critical infrastructure and supports the simultaneous operation of over 100 autonomous drones beyond the visual line of sight (BVLOS).
HHLA Sky has participated in various projects, including the automation of container logistics hinterland processes through the IHATEC initiative, which aims to speed up container rail handling. HHLA subsidiaries contribute their expertise in process automation and logistics, with HHLA Sky implementing the control and monitoring of mobile robots via its Integrated Control Center.
Other projects that HHLA Sky is involved in include U-space for Germany (LUV) and Efficiently Organising Drone Traffic (UDVeo). In the LUV project, the company is working with a consortium to develop solutions and recommendations for implementing the U-space regulation of the European Union. HHLA Sky contributes its expertise in process automation, mobile robot management and as a drone operator in critical infrastructure.
In the UDVeo project, HHLA Sky partners with other organisations to develop a comprehensive legal-technical concept for managing drone traffic. The goal is to establish an agency that coordinates automated drone traffic, integrating drone traffic into air traffic and the regular transport business.
Matthias Gronstedt is an accomplished technical sales and business development professional with a special focus on industrial automation, client-server architecture and networking. As CEO of HHLA Sky GmbH, he focuses on innovative business expansion strategies using 3D technology and advanced mobility solutions.
Prior to this, he was the managing director of Friede Bauzentrum GmbH, where he modernised business processes, introduced e-commerce and created a virtual reality sales system. He also spent more than two decades at Siemens, where he developed deep expertise in networks, software and industrial controls and held international leadership positions. Known for his consultative sales approach and technical sales skills, Matthias is a credible leader who is valued by customers and colleagues alike.
Sign up for the DroneTalks newsletter to get all the updates!
An Expert's Guide to Drone Terminology: Glossary of Drone Concepts and AcronymsGet your free digital copy