Using Chinese-made components in Indian drones supplied by the private sector to the army has raised critical national security concerns. The recent hacking incidents at the Line of Control (LoC) and the Line of Actual Control (LAC) underscore the vulnerabilities of using foreign-manufactured parts in sensitive military equipment.
Such cyber intrusions compromise military operations and highlight supply chain vulnerabilities in the defence sector. In response, the Indian government scrapped three contracts worth Rs 230 crore to procure 400 logistics drones for the army. The need is not to be reactive but to take pre-emptive stringent measures.
Military’s Drone Focus and Hacking Vulnerabilities
Indian military’s focus on unmanned aerial vehicles (UAVs) and autonomous systems is set to intensify in 2025, with the launch of advanced drone platforms for reconnaissance, surveillance, logistics and strike missions. The Defence Minister’s statement on January 2, 2025, highlighted the push for indigenous kamikaze drones, swarm drones, and combat UAVs as part of defence modernisation to prepare for future wars. Collaboration with private industry and startups will be the key to accelerating innovation in this domain.
India has introduced market-leading regulations and policy interventions addressing both – the demand side (through drone policy) and the supply side (through PLI and import bans). Yet, a gap exists between policy and outcomes leading to critical vulnerabilities being exploited by the infusion of Chinese components.
It raises questions about cybersecurity and supply chain issues in case of wartime, highlighting the urgent need for a truly self-reliant and indigenous drone ecosystem. The voids of technology and indigenous content mapping have come to the fore, fortunately in peacetime employment. This requires stringent mechanisms and mitigation measures to mitigate this vulnerability without putting a break on this critical capability.
China’s Dominance in Drone Market
China leads the global drone industry, with Chinese firms controlling up to 90% of the commercial drone market. The Chinese company DJI alone holds a 70% market share, according to research from the Centre for Strategic and International Studies (CSIS). Given Beijing’s 2017 intelligence law, which mandates Chinese companies to share data with the government, this presents a grave risk to nations using Chinese technology in military applications.
China leads the global drone industry, controlling up to 90% of the commercial drone market. The Chinese company DJI alone holds a 70% market share. Given Beijing’s 2017 intelligence law, which mandates Chinese companies to share data with the government, this presents a grave risk to nations using Chinese technology in military applications
Vulnerabilities and Mitigation Measures
Many UAV manufacturers use open-source or imported firmware without proper cybersecurity vetting, creating vulnerabilities that adversaries can exploit. Since most UAVs operate on widely known frequency bands and standardised protocols, they are highly susceptible to jamming, spoofing, and remote hijacking.
Unverified Firmware: A major risk stems from unverified firmware, which may contain embedded exploits or backdoors enabling unauthorised access. Attackers can exploit telemetry interception to manipulate real-time drone behaviour or extract mission-critical data. UAVs using off-the-shelf radio communication modules often lack robust encryption and authentication, making them vulnerable to hijacking and signal interference.
Communication Architecture: In military operations, predictable communication architectures allow adversaries to deploy electronic warfare tactics. Weakly secured data links enable GPS spoofing attacks, misdirecting drones from their intended targets. Software vulnerabilities in autopilot systems, if not rigorously tested, can allow adversaries to inject malicious code, potentially disabling UAVs mid-flight or redirecting them toward hostile zones.
Hardware Security: Hardware security is another critical concern. Imported components like processors, navigation modules, and power systems may contain hidden vulnerabilities or Hardware Trojans — malicious modifications embedded during manufacturing — that create backdoors for unauthorised control. Commercially available microcontrollers and sensors without rigorous security audits increase the risk of physical tampering and supply chain infiltration.
Electronic Speed Controllers (ESCs) and Flight Control Units: Malicious actors can exploit ESCs and flight control units to disrupt drone performance. Altering power delivery can cause mid-flight failures, while voltage regulation attacks may introduce system failures under specific conditions. Embedded unauthorised logic within integrated circuits can enable hidden functionalities like unauthorised telemetry transmission or remote disabling.
Mitigation Measures: India must develop indigenous UAV systems to mitigate these threats. Securely engineered flight control systems, encryption-based communication protocols, and AI-driven anomaly detection can significantly reduce cybersecurity risks. Implementing dynamic frequency hopping, robust encryption, and hardware security modules (HSMs) will enhance drone resilience against cyber threats and electronic warfare.
India must develop indigenous UAV systems. Securely engineered flight control, encryption-based communication, and AI-driven anomaly detection can significantly reduce cybersecurity risks. Dynamic frequency hopping, robust encryption, and hardware security modules will enhance drone resilience against cyber threats and electronic warfare
Policy Measures to Secure Indian Drones
The Indian defence establishment must adopt a multi-pronged approach, focusing on technological mapping, indigenous content and supply chain management, to address the security threats from foreign parts in military drones.
Strengthening Domestic Supply Chains: The government ought to provide incentives to Indian startups and well-established companies to produce locally-made drone parts, such as processors, communication modules, and navigation systems. Policy support, grants, and tax breaks should be used to encourage defence-related private sector businesses and startups to create top-notch alternatives to components sourced from China. By reinforcing domestic supply chains, we can lessen our dependence on foreign technologies and minimise the cybersecurity risks tied to imported hardware.
Enforcing Strict Compliance and Certification: The Ministry of Defence (MoD) should mandate stringent verification of the origin of drone components before procurement. All military drones must undergo rigorous security testing to detect and eliminate potential malware or embedded backdoors. A centralised regulatory body should oversee compliance, ensuring UAVs meet cybersecurity and operational integrity standards.
Enhancing Cybersecurity Protocols: Developing robust encryption mechanisms is essential to prevent unauthorised access to drone communication and control systems. AI-driven anomaly detection systems should be implemented to identify and neutralise hacking attempts in real-time. Additionally, a dedicated cybersecurity division within the armed forces should focus on counter-drone cyber warfare to enhance national security.
Investing in Indigenous R&D: Increasing government funding in drone technology research and development through initiatives like the Defence Research and Development Organisation (DRDO) will accelerate innovation. Encouraging collaboration between defence startups, academic institutions, and the private sector will further advance indigenous UAV technology.
ARKin Labs: Case Study for Ethics of Indigenous Capability
ARKin Labs, a startup, has tackled key UAV security challenges by focusing on three core areas: developing an indigenous flight control system (FCS), strengthening UAV firmware security, and creating a Swarm-in-a-Box solution for autonomous drone deployment.
ARKin Labs, capable of providing secure UAV flight control systems for defence applications, has tackled key UAV security challenges by focusing on three core areas: developing an indigenous flight control system (FCS), strengthening UAV firmware security, and creating a Swarm-in-a-Box solution for autonomous drone deployment
A major achievement is the development of a fully indigenous FCS, free from Chinese components, ensuring complete cybersecurity and operational autonomy. Designed and manufactured in India, it eliminates supply chain risks and integrates custom firmware compliant with defence cybersecurity standards. This positions ARKin Labs among the few Indian companies capable of providing secure UAV flight control systems for defence applications.
Many Indian UAV manufacturers rely on open-source or imported firmware, exposing drones to cyber threats. ARKin Labs addresses this vulnerability by offering secure firmware solutions, enhancing resilience against hacking attempts and electronic warfare. Secure communication networks protect against electronic warfare threats, ensuring reliable command and control.
Through these initiatives, ARKin Labs strengthens India’s defence autonomy, eliminating adversary components, enhancing UAV security, and enabling advanced autonomous deployment, aligning with India’s vision for self-reliance in defence technology.
Need for a Self-Reliant Future
The scrapping of drone contracts due to cybersecurity concerns signals India’s commitment to eliminating foreign vulnerabilities from its military hardware. However, immediate action is necessary to bridge the gap between demand and indigenous supply.
By fostering domestic innovation, enforcing strict cybersecurity norms, and supporting home grown firms like ARKin Labs, India can emerge as a global hub for secure and advanced UAV technology. The road ahead demands strategic investments, regulatory vigilance, and a strong focus on indigenous capability-building to ensure the security and sovereignty of India’s defence infrastructure.
The author, a PVSM, AVSM, VSM has had an illustrious career spanning nearly four decades. A distinguished Armoured Corps officer, he has served in various prestigious staff and command appointments including Commander Independent Armoured Brigade, ADG PP, GOC Armoured Division and GOC Strike 1. The officer retired as DG Mechanised Forces in December 2017 during which he was the architect to initiate process for reintroduction of Light Tank and Chairman on the study on C5ISR for Indian Army. Subsequently he was Consultant MoD/OFB from 2018 to 2020. He is also a reputed defence analyst, a motivational speaker and prolific writer on matters of military, defence technology and national security. The views expressed are personal and do not necessarily carry the views of Raksha Anirveda
