|
| Phase | Subphase | Overview | Participants |
|
| Plan | - | This is the phase in which the planner and the developers of the manufacturer plan their product. They formulate their product’s concept, for example, the scope of user, how to use the services of their product in the field. They also summarize and determine the required specifications of the product which includes functional and nonfunctional items. They evaluate the entire cost of the product throughout its entire life cycle at this phase, and decide on both the safety level and “the security level” of the product in addition to the safety of the product. It is important for the requirement definitions to include the security requirements and not to include the vulnerabilities. | Supplier staff |
|
| Development | Product design | This is the phase in which the developers of the drone’s manufacture and the parts maker design the hardware and the software based on the requirement definitions of the plan phase, where they implement and manufacture the | Supplier staff |
| | Manufacturing | product. It is necessary at this phase that “the requirement definitions are correctly implemented in the product,” “the vulnerabilities shall not be included in the product,” and “the vulnerabilities, if included must be detected before the shipment of the product.” | Supplier staff |
|
| Operation | Shipping | This is the phase in which the user buys the drone through the agency of the manufacture (or rents the drone through a | Carrier staff |
| | Registration | rental lease company), and flies it. For example, the user operates the drone, collects various information such as video images, Also when a user buys the second-hand drone through a second-hand broker, it is necessary for the broker to consider both what should be kept ongoing (e.g., the latest security patch of the firmware) and what must be erased in advance (e.g., the personal information of the previous owner) of the accumulated | Agency staff
Second-hand broker
Rental lease company’s staff |
| | Regular use, operation | information. In the case of a rental lease, it is also necessary for the user to check if all recorded video images and private information are erased. And it is also necessary for the agency staff to let the user know of the vulnerabilities | User
Outsider |
| | Maintenance | if some are found after the shipment. | Agency staff User |
|
| Disposal | - | This is the phase in which the user sells or discards the product to replace it or if it breaks down. There are two cases to let go the product, one is the case that the owner sells the product to other user through the second-hand broker, the other is the case that the user makes it scrapped. Anyway, it is necessary some procedures (in-person inspection, issuing evidence, etc.) that the user can confirm that all confidential data, for example, the private information and the authentication information, are erased. | User
Dismantler
Second-hand broker |
|
