RADIOELECTRONIC AND COMPUTER SYSTEMS

The subject of this study is the proactive cybersecurity analysis process of Unmanned Aerial Systems (UAS). The goal of this study is to reduce cybersecurity risks in UAS operations by developing a proactive analysis method that combines systematic risk identification with empirical validation in a controlled environment. The objectives of the study are: (a) to justify the usefulness of proactive cybersecurity analysis for UAS, (b) to develop a corresponding method, (c) to experimentally demonstrate the usefulness and applicability of the proposed method experimentally, and (d) to derive and assess a list of recommended countermeasures. The methods used in the study include Intrusion Modes and Effects Criticality Analysis (IMECA) and penetration testing. The results of the study are as follows: (a) a staged method for proactive UAS cybersecurity analysis was developed, combining a priori assessment, controlled reproduction of selected intrusion scenarios, and a posteriori refinement of risk estimates; (b) a block diagram of proactive UAS cybersecurity analysis was developed to formalize the vulnerability identification and assessment process; (c) a SITL platform deployed on a workstation running Kali Linux was used for reconnaissance, vulnerability and misconfiguration scanning, and intrusion mode simulation; (d) preliminary identified intrusion modes were experimentally confirmed, which led to the discovery of 35 additional intrusion modes linked to a common initial access vulnerability in the Wi-Fi protocol, four of which fell into the unacceptable risk zone; (e) a priori and a posteriori IMECA tables and criticality matrices were constructed; and (f) recommended countermeasures were derived and assessed. The conclusions of the study are as follows: (a) the proposed method enables systematic identification of intrusion modes and empirical refinement of probability, severity, and risk estimates; (b) the scientific novelty lies in integrating the IMECA method with a priori prediction and a posteriori refinement based on observations from UAS penetration testing procedures; (c) the developed block diagram proved useful for formalizing vulnerability detection and minimizing uncertainty in risk assessment; (d) the proposed method’s usefulness and applicability were demonstrated on the SITL platform; and (e) no intrusion mode remains in the unacceptable risk zone following the potential implementation of the recommended countermeasures; three Wi-Fi-dependent modes retain a residual risk whose complete elimination requires an architectural rather than a configuration-level decision.

Unmanned Aerial Systems; cybersecurity; IMECA; penetration testing; vulnerabilities; intrusion modes

Jeler, E. G. Military and civilian applications of UAV systems. Proceedings of the International Scientific Conference "Strategies XXI". The Complex and Dynamic Nature of the Security Environment, Bucharest, Romania, Carol I National Defence University Publishing House, 2019, vol. 1, pp. 379-386.

Brown, H. The drone revolution: Lessons from Ukraine. Riga, Latvian Institute of International Affairs, 2025. Available at: https://liia.lv/en/publications/the-drone-revolution-lessons-from-ukraine-1476 (accessed February 11, 2026).

Slusher, M. N. Lessons from the Ukraine conflict: modern warfare in the age of autonomy, information, and resilience. Washington, DC, Center for Strategic and International Studies (CSIS), 2025. Available at: https://www.csis.org/analysis/lessons-ukraine-conflict-modern-warfare-age-autonomy-information-and-resilience (accessed February 11, 2026).

Cook, D. The innovation of consumer drones on the battlefield: a trip around the world. Special Operations Association of America, 2025. Available at: https://soaa.org/consumer-drones-battlefield (accessed February 11, 2026).

Millynia, D. E., Risdhianto, A., Duarte, E. P., & Almubaroq, H. Z. Operational security in modern warfare: lessons from the Ukraine-Russia conflict. Formosa Journal of Multidisciplinary Research (FJMR), 2025, vol. 4, no. 4, pp. 1975-1990.

Momoh, Z. & Malumfashi, A. L. The strategic deployment of unmanned aerial vehicles in contemporary armed conflicts: a comparative study of the Russia-Ukraine and Israel-Gaza conflicts. Kashere Journal of Politics and International Relations, 2025, vol. 3, no. 4, pp. 202–213.

Ariante, G. & Del Core, G. Unmanned aircraft systems (UASs): current state, emerging technologies, and future trends. Drones, 2025, vol. 9, no. 1, article no. 59. DOI: 10.3390/drones9010059.

Yerden, A. U., Senol, S., Kara, M. & Dilibal, S. xT-STRIDE threat model for unmanned air vehicle security. International Journal of Information Security, 2025, vol. 24, article no. 169. DOI: 10.1007/s10207-025-01082-4.

Sharma, D. D. Cybersecurity issues in UAV control and network system: a systematic review. In: Amine, A. (ed.) Cybersecurity - current trends and future prospects. London, IntechOpen, 2024. DOI: 10.5772/intechopen.114175.

Branco, B., Silva, J. S. & Correia, M. D3S: a drone security scoring system. Information, 2024, vol. 15, no. 12, article no. 811. DOI: 10.3390/info15120811.

Torianyk, V., Kharchenko, V. & Zemlianko, H. IMECA based assessment of Internet of Drones systems cyber security considering radio frequency vulnerabilities. Proceedings of the 2nd International Workshop on Intelligent Information Technologies and Systems of Information Security (IntelITSIS’2021), Khmelnytskyi, Ukraine, CEUR-WS.org, 2021, vol. 2853, pp. 460–470.

Zemlianko, G., & Kharchenko, V. IMECA analysis of cybersecurity for multi-functional UAV fleets under combined attacks: basic models and countermeasure choice. Measuring and Computing Devices in Technological Processes, 2023, no. 4, pp. 225-233. DOI: 10.31891/2219-9365-2023-76-30.

Veerappan, C. S., Keong, P. L. K., Balachandran, V., & Fadilah, M. S. B. M. DRAT: A penetration testing framework for drones. Proceedings of the 2021 IEEE 16th Conference on Industrial Electronics and Applications (ICIEA), Chengdu, China, IEEE, 2021, pp. 498-503. DOI: 10.1109/ICIEA51954.2021.9516363.

Malik, S. Security of unmanned aerial vehicle systems through advanced penetration testing. TechRxiv, 2024. DOI: 10.36227/techrxiv.172296783.30458380/v1.

Devine, T. R., Cunningham, D. J., Hasselman, T. J. K., Hudson, A. A., Roland, A. M., Scott, J. A., Thompson, G. W., Yokum, L. G., & Zekonis, P. F. INDRA: A drone penetration testing platform for cybersecurity education. In: Arabnia, H. R., Deligiannidis, L., Amirian, S., Ghareh Mohammadi, F., & Shenavarmasouleh, F. (eds) Foundations of Computer Science and Frontiers in Education: Computer Science and Computer Engineering. CSCE 2024. Communications in Computer and Information Science, vol. 2261, Cham, Springer, pp. 235-251, 2025. DOI: 10.1007/978-3-031-85930-4_22.

Dimmig, C. A., Silano, G., McGuire, K., Gabellieri, C., Hönig, W., Moore, J., & Kobilarov, M. Survey of simulators for aerial robots: an overview and in-depth systematic comparisons [survey]. IEEE Robotics & Automation Magazine, 2025, vol. 32, no. 2, pp. 153-166. DOI: 10.1109/MRA.2024.3433171.

Aleks, N. Damn Vulnerable Drone (DVD). Available at: https://github.com/nicholasaleks/Damn-Vulnerable-Drone (accessed February 11, 2026).

National Institute of Standards and Technology. Security and Privacy Controls for Information Systems and Organizations. Available at: https://csrc.nist.gov/publications/sp800 (accessed February 11, 2026).

ISO/IEC 27002:2022. Information security, cybersecurity and privacy protection — Information security controls. Geneva, ISO/IEC Publ., 2022. 154 p.

Dronecode Project. MAVLink Guide. Available at: https://mavlink.io/en/guide/ (accessed February 11, 2026).

ArduPilot Dev Team. ArduPilot Dev Guide. Available at: https://ardupilot.org/dev/docs/ (accessed February 11, 2026).

OWASP. Application Security Verification Standard (ASVS). Available at: https://owasp.org/www-project-application-security-verification-standard/ (accessed February 11, 2026).

Abakumov, A., Kharchenko, V., & Popov, P. A hybrid cybersecurity assessment framework for unmanned aircraft vehicles based on IMECA and penetration testing. Proceedings of the 2025 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Naples, Italy, IEEE, 2025, pp. 7-14. DOI: 10.1109/DSN-W65791.2025.00032.

Babeshko, I., Illiashenko, O., Kharchenko, V., & Leontiev, K. Towards Trustworthy Safety Assessment by Providing Expert and Tool-Based XMECA Techniques. Mathematics, 2022, vol. 10, no. 13, article no. 2297. DOI: 10.3390/math10132297.

Ivasiuk, O., Kharchenko, V., & Zemlianko, H. From Security Informed Safety to Safety Informed Security: Methodology and Case for PLC-based I&C Assessment. International Journal of Computing, 2025, vol. 24, no. 3, pp. 603-610. DOI: 10.47839/ijc.24.3.4199.

Bloomfield, R. E., Bishop, P. G., Butler, E., & Stroud, R. Security-Informed Safety: Supporting Stakeholders with Codes of Practice. Computer, 2018, vol. 51, no. 8, pp. 60-65. DOI: 10.1109/MC.2018.3191260.

Popov, P. Dynamic Safety Assessment of Autonomous Vehicle Based on Multivariate Bayesian Inference (DyAVSA). Journal of Reliable Intelligent Environments, 2025, vol. 11, no. 3, article no. 14. DOI: 10.1007/s40860-025-00252-4.

Puliyski, A., & Serbezov, V. Approaches to cybersecurity in UAS in the SORA process: a systematic literature review of standards, probabilistic models, and AI integration. Engineering Proceedings, 2026, vol. 121, no. 1, article no. 17. DOI: 10.3390/engproc2025121017.

Yang, Z., Zhang, Y., Zeng, J., Yang, Y., Jia, Y., Song, H., Lv, T., Sun, Q., & An, J. AI-driven safety and security for UAVs: from machine learning to large language models. Drones, 2025, vol. 9, no. 6, article no. 392. DOI: 10.3390/drones9060392.

Sun, Q., Zeng, J., Dai, L., Hu, Y., & Tian, L. XAI-based framework for protocol anomaly classification and identification to 6G NTNs with drones. Drones, 2025, vol. 9, no. 5, article no. 324. DOI: 10.3390/drones9050324.