
A key consideration in responding to a cyber attack is whether the incident reaches the level of an ‘armed attack'. Participants in a CCDCOE ‘Locked Shields' exercise (pictured). (NATO CCDCOE)
Unmanned aerial vehicles (UAVs) have rapidly evolved from niche surveillance platforms to central components of modern warfare. Their rise has been driven by advances in propulsion, miniaturised sensors, and data connectivity, as well as by their ability to remove human pilots from high-risk environments. Yet as UAVs transform battlefields across the globe, they create a minefield of cyber vulnerabilities.
Weak or compromised communications links, insecure supply chains, and inadequate firmware (software used to control some or all functions of a device's hardware) protections expose UAVs to hijacking, malware infections, and data exploitation. These risks have prompted defence agencies and the private sector alike to redouble their focus on securing both hardware and software, especially as conflicts such as the one in Ukraine demonstrate the extraordinary impact of large-scale drone deployments.
Although earlier conflicts in Syria, Iraq, and Nagorno-Karabakh hinted at how commercial UAVs could be adapted for tactical advantage, the Ukraine conflict has underscored how quickly civilian quadcopters can be repurposed at scale for missions such as artillery spotting, reconnaissance, and improvised bombing. The low cost and rapid availability of these small UAVs make them attractive, but the rudimentary security features available in most consumer models are a serious limitation. More sophisticated military UAVs such as the American MQ-9 Reaper and the Turkish Bayraktar TB2 generally have stronger security architectures, including robust encryption and secure datalinks. However, even these systems can be vulnerable if their firmware updates, ground stations, or supply chains are compromised.
Looking to read the full article?
Gain unlimited access to Janes news and more...