A newly released report from the University of Canberra has warned that critical infrastructure sectors are increasingly vulnerable to cyber threats enabled by drones.
The independent study in Australia, developed in partnership with Cisco, Innovation Central Canberra (ICC) and Australian tech company DroneShield highlights the growing risk as drones become ever more advanced, affordable, and widely available.
Researchers warn that the rapid evolution of drone technology now poses a significant danger to the security and resilience of essential services. Once viewed as tools for logistics and surveillance, drones have swiftly evolved into tools for warfare and are capable of launching cyber-attacks.
“Drones have fundamentally altered the nature of warfare, yet their implications for cyber security remain underappreciated,” said Professor Frank den Hartog, Cisco Research Chair in Critical Infrastructure at the University of Canberra.
With the cyber threat environment rapidly changing, the report frames both a challenge and an opportunity for the drone and cyber security industries to take proactive action. The authors urge industry leaders and policymakers to anticipate emerging threats and bolster defences before malicious actors exploit these new vulnerabilities.
Professor den Hartog commented, “This is both a concern and an opportunity for drone and cyber industries to anticipate threats before they materialise.”
Limited awareness and detection capabilities
The research team, comprising Professor den Hartog and ICC students, conducted a detailed review of the cyber threat environment posed by drones, interviewing critical infrastructure operators and analysing existing security measures.
The findings reveal a worrying trend: while no domestic cyber incidents involving drones have been recorded to date, detection capabilities remain minimal, government guidance is limited, and drone usage is on the rise. This combination, researchers warn, leaves critical infrastructure increasingly exposed to sophisticated attacks already being trialled overseas.
“Our research shows a clear gap between current awareness and emerging threats,” Professor den Hartog said. “Industries across the board must recognise that drones are no longer an emerging technology. They are here, they are capable, and malicious actors are experimenting with drone-borne cyber techniques internationally.”
Growing threat landscape
Globally, drones are being used in ways that extend far beyond traditional surveillance. Malicious operators can now equip drones with devices designed to exploit vulnerabilities in wireless networks, intercept data, or even deliver small payloads targeting physical or digital systems.
The researchers warn, the combination of increasing drone capability, coupled with limited industry preparedness, is creating a widening vulnerability. They predict that over the next five years, critical infrastructure operators will need to reassess the likelihood and relevance of drone-enabled cyber threats as the technology continues to evolve.
“Operators must periodically and critically review how drones are being used within their operations, assess the cybersecurity implications, and explore strategies to integrate drone risks into existing security and resilience programs,” Professor den Hartog said.
Urgent call for action
The report stresses the importance of integrating counter-drone technologies into critical infrastructure security frameworks. “These steps are essential for creating a proactive security posture rather than a reactive one,” Professor den Hartog noted. “Critical infrastructure must not only adopt new technologies but understand the security ramifications of these technologies before incidents occur.”
Implications for Policy and Industry
The findings also have significant implications for government policy and industry standards. With minimal guidance currently available, researchers say there is a pressing need for national frameworks to support risk assessment, reporting, and mitigation of drone-enabled cyber threats. We previously revealed that over £3 billion is lost annually in the UK alone due to cyber attacks.
“Without clear guidance and structured reporting mechanisms, critical infrastructure remains vulnerable,” Professor den Hartog said. “A coordinated approach is needed that includes regulators, operators, and technology developers to ensure the nation is resilient against these emerging threats.”
“The next five years will be pivotal,” Professor den Hartog concluded. “Operators who proactively integrate drone risk management into their security frameworks will be better positioned to prevent disruptions, safeguard data, and protect essential services. Those who don’t may face challenges that are difficult to anticipate and mitigate.”
RELATED STORIES
Netscout: Cyber risks to infrastructure will continue to escalate
Chinese cyberattacks on Taiwan’s critical networks hit 2.6m a day in 2025, report finds
ITW Asia 2026
ITW Asia brings together the whole connectivity and digital infrastructure industry to get business done. Join 1700+ leaders from carriers, MNOs, cloud solution providers, hyperscalers, content service providers, data centres, satellite operators, investors, regulatory authorities and more, to define the future of connectivity in Asia.
