Е-Публикации
Технически университет - София

Abstract: Copyright Published by Elsevier B.V.The increasing integration of unmanned aircraft systems (drones) into the civil airspace, particularly within the specific category regulated by the SORA (Specific Operations Risk Assessment) framework, raises concerns about cyber resilience. Despite the introduction of the optional Cyber Safety Extension by EASA (European Aviation Safety Agency), compliance may not fully address the spectrum of evolving cyber threats. This paper explores the hypothesis of a regulatory illusion of security, where operators meet all formal requirements yet remain vulnerable to attacks such as GPS spoofing, data-link hijacking, and malware injection. Focusing on Specific Assurance and Integrity Level (SAIL) I–III operations, the study applies a structured gap analysis across one representative scenario, evaluating alignment with five key resilience criteria. Findings confirm that SORA compliance does not guarantee effective cyber defense, particularly in the absence of dynamic threat adaptation and system-level safeguards. The paper concludes with actionable recommendations to enhance cyber resilience and close the identified gaps between regulation and real-world risk in drone operations.

References

1. Abdalla, A.S., et al., 2021. Security Threats and Cellular Network Procedures for Unmanned Aircraft Systems.arXiv:2111.13172
2. Abdulrazak, C., 2024. Cybersecurity Threat Analysis And Attack Simulations For Unmanned Aerial Vehicle Networks. arXiv
3. Aghazadeh Ardebili, A., Lezzi, M., Pourmadadkar, M., 2024. Risk Assessment for Cyber Resilience of Critical Infrastructures: Methods, Governance, Standards. Applied Sciences 14(24), 11807. https://doi.org/10.3390/app142411807.
4. Allouch, A., Koubaa, A., Khalgui, M., Abbes, T., 2019. Qualitative and Quantitative Risk Analysis and Safety Assessment of Unmanned Aerial Vehicles Missions Over the Internet. arXiv:1904.09432v1.
5. Amorim, A., Taylor, M., Kann, T., et al., 2025. UAV Resilience Against Stealthy Attacks. arXiv:2503.17298v2 [cs.CR].
6. Annarelli, A., Palombi, G., 2021. Digitalization Capabilities for Sustainable Cyber Resilience: A Conceptual Framework. Sustainability 13(23), 13065. https://doi.org/10.3390/su132313065.
7. Ashraf, S.N., Manickam, S., Zia, S.S., et al., 2023. IoT empowered smart cybersecurity framework for intrusion detection in internet of drones. Scientific Reports 13(1), 18422. https://doi.org/10.1038/s41598-023-45065-8.
8. Badshah, A., Abbas, G., Waqas, M., et al., 2024. USAF-IoD: Ultralightweight and Secure Authenticated Key Agreement Framework for Internet of Drones Environment. IEEE Transactions on Vehicular Technology 73(8), 10963–10976.
9. Bieber, P., Delmas, K., Pizziol, S., Prosvirnova, T., Seguin, C., 2025. A Generic Approach for Safety Assessment of Medium-Risk Drones. Engineering Proceedings 90, 41. https://doi.org/10.3390/engproc2025090041.
10. Bodeau, D.J., et al., 2018. Cyber Resiliency Metrics, Measures of Effectiveness, and Scoring: Enabling Systems Engineers and Program Managers to Select the Most Useful Assessment Methods. The MITRE Corporation, Report No. PRS-18-2579
11. Bouhamed, O., et al., 2021. Lightweight IDS For UAV Networks: A Periodic Deep Reinforcement Learning-based Approach. In: IFIP/IEEE International Symposium on Integrated Network Management (IM) 2021.
12. Cadet, X., Boboila, S., Koh, E., et al., 2025. Quantitative Resilience Modeling for Autonomous Cyber Defense. arXiv:2503.02780.
13. Chiaradonna, S., Jevtić, P., Lanchier, N., 2024. Cyber Risk Loss Distribution for Various Scale Drone Delivery Systems.
14. Coherent Market Insights, n.d. Delivery Drones Market Size and Trends. Available at: [Accessed 10 Mar. 2025].
15. Dang, Y., Benzaïd, C., Yang, B., Taleb, T., Shen, Y., 2022. Deep-Ensemble-Learning-Based GPS Spoofing Detection for Cellular-Connected UAVs. IEEE Internet of Things Journal 9(24), 25068–25080. https://doi.org/10.1109/JIOT.2022.3210476.
16. Dasgupta, S., Ahmed, A., Rahman, M., et al., 2024. Unveiling the Stealthy Threat: Analyzing Slow Drift GPS Spoofing Attacks for Autonomous Vehicles in Urban Environments and Enabling the Resilience. .
17. Denney, E., Pai, G., Johnson, M., 2018. Towards a rigorous basis for Specific Operations Risk Assessment of UAS. NASA Technical Report, NASA Ames Research Center, Moffett Field, CA. NASA/TP–2018–219887.
18. Ding, G., et al., 2022. Routing with Privacy for Drone Package Delivery Systems. arXiv.2203.04406.
19. ENISA (European Union Agency for Cybersecurity), 2022. Cyber Threat Landscape Methodology, July.
20. European Union Aviation Safety Agency, 2024. Easy Access Rules for Unmanned Aircraft Systems, July.
21. Fakhraian, E., Semanjski, I., Semanjski, S., et al., 2023. Towards Safe and Efficient Unmanned Aircraft System Operations. Drones 7(7), 478. https://doi.org/10.3390/drones7070478.
22. German Federal Office for Information Security (BSI), 2019. Overview of Drone-Based Cyber Threats and Aspects of Defence
23. Hassija, V., Chamola, V., Agrawal, A., Goyal, A., Luong, N.C., Niyato, D., Yu, F.R., Guizani, M., 2021. Fast, Reliable, and Secure Drone Communication: A Comprehensive Survey. arXiv preprint arXiv:2105.01347, May.
24. He, Q., Yu, H., Liang, D., Yang, X., 2024. Enhancing Pure Inertial Navigation Accuracy through a Redundant High-Precision Accelerometer-Based Method Utilizing Neural Networks. Sensors 24(8), 2566. https://doi.org/10.3390/s24082566.
25. JARUS, 2024a. JARUS guidelines on SORA Cyber Safety Extension. JAR-DEL-SRM-SORA-Cyb-2.5, May 13.
26. JARUS, 2024b. JARUS guidelines on Specific Operations Risk Assessment (SORA) Main Body. JAR-DEL-SRM-SORA-MB-2.5
27. Krasuski, K., Wierzbicki, D., 2021. Application of the SBAS/EGNOS Corrections in UAV Positioning. doi: 10.3390/en14030739
28. Maqbool, A., Slimane, J.B., Khediri, N., Ammar, et al., 2024. Proactive cyber defense and forensic investigation techniques for drone operation: A holistic approach. Journal of Theoretical and Applied Information Technology 102(18), –.
29. Marchetti, E., Waheed, T., Calabrò, A., 2024. Cybersecurity Testing in Drones Domain: A Systematic Literature Review. IEEE Access. .
30. Marotta, A., Madnick, S., 2021. Convergence and Divergence of Regulatory Compliance and Cybersecurity. Issues in Information Systems 22(1), 10–50.
31. Mykytyn, P., Brzozowski, M., Dyka, Z., Langendoerfer, P., 2023. GPS-Spoofing Attack Detection Mechanism for UAV Swarms. In: Proceedings of the 12th Mediterranean Conference on Embedded Computing (MECO).
32. Nassi, B., Bitton, R., Masuoka, et al., 2021. SoK: Security and Privacy in the Age of Commercial Drones. In: Proc. 2021 IEEE Symposium on Security and Privacy, SP 2021.
33. Nayfeh, M., 2023. Artificial Intelligence-Based GPS Spoofing Detection and Implementation with Applications to Unmanned Aerial Vehicles. M.S. thesis, Department of Electrical and Computer Engineering, Purdue University.
34. Newsworthy.ai, 2025. New Study Reveals Cybersecurity Vulnerabilities in Drone Delivery Networks. Available at: [Accessed 5 Jan. 2025].
35. Ntizikira, E., Lei, W., Alblehai, F., Saleem, K., Lodhi, M.A., 2023. Secure and Privacy-Preserving Intrusion Detection and Prevention in the Internet of Unmanned Aerial Vehicles. Sensors 23(19), 8077. https://doi.org/10.3390/s23198077.
36. Office of Cyber and Infrastructure Analysis (OCIA), 2018. DHS Infrastructure Security Note: Unmanned Aircraft Systems Cybersecurity Risks. Available at: [Accessed 6 Feb. 2025].
37. Ouadah, M., Merazka, F., 2024. Securing UAV Communication: Authentication and Integrity. arXiv.2410.09085.
38. Quintanilla García, N., Vera Vélez, N., Alcaraz Martínez, P., et al., 2021. A Quickly Deployed and UAS Based Logistics Network for Delivery of Critical Medical Goods during Healthcare System Stress Periods: A Real Use Case in Valencia (Spain). Drones 5(1), 13. https://doi.org/10.3390/drones5010013.
39. Shafik, W., Matinkhah, S.M., Shokoor, F., 2023. Cybersecurity in Unmanned Aerial Vehicles: A Review. International Journal on Smart Sensing and Intelligent Systems 16(1), Article No. ijssis-2023-0012. .
40. Shafique, A., Mehmood, A., Elhadef, M., 2017. Survey of Security Protocols and Vulnerabilities in Unmanned Aerial Vehicles. IEEE Access, 9, 46927–46948.
41. Sharma, R., Shankar, L., Seam, M.B.S., Dey, S., 2025. A Comprehensive Review of Cyber Security in Unmanned Aerial Vehicles (UAVs). IOSR Journal of Computer Engineering 27(2), 25–34.
42. Sihag, V., Choudhary, G., Choudhary, P., Dragoni, N., 2023. Cyber4Drone: A Systematic Review of Cyber Security and Forensics in Next-Generation Drones. Drones 7(7), 430.
43. Stelzer, P., Schermann, R., Warmer, F., et al., 2022. Towards Safety Methods for Unmanned Aerial Systems to Achieve Fail-Safe or Fail-Operational Behaviour. In: SENSORDEVICES 2022 – The 13th International Conference on Sensor Device Technologies and Applications, Lisbon, Portugal, Oct. 16–20. pp. 43–50. ISBN: 978-1-68558-006-3.
44. Sung, Y.-H., Park, S.-J., Kim, D.-Y., Kim, S., 2022. GPS Spoofing Detection Method for Small UAVs Using 1D Convolution Neural Network. Sensors 22(23), 9412. https://doi.org/10.3390/s22239412.
45. Tan, I., Minn, W., Poskitt, C.M., Shar, L.K., Jiang, L., 2025. Runtime Anomaly Detection for Drones: An Integrated Rule-Mining and Unsupervised-Learning Approach. arXiv:2505.01947
46. Thaw, D.B., 2014. The Efficacy of Cybersecurity Regulation. Georgia State University Law Review 30(2)
47. Um, I., Park, S., Kim, H.T., Kim, H., 2020. Configuring RTK-GPS Architecture for System Redundancy in Multi-Drone Operations. IEEE Access 8, 76228–76242. https://doi.org/10.1109/ACCESS.2020.2989276.
48. Vierhauser, M., Meixner, K., Biffl, S., 2024. Scenario Based Field Testing of Drone Missions. arXiv:2407.08359v2 [cs.SE].
49. Zhang, K., Papadimitratos, P., 2019. Secure Multi-constellation GNSS Receivers with Clustering-based Solution Separation Algorithm. In 2019 IEEE Aerospace Conference, Big Sky, MT, USA, Mar. 2019, pp. 1–9.
50. Zhu, Q., 2024. Foundations of Cyber Resilience: The Confluence of Game, Control, and Learning Theories. arXiv:2404.01205.

Issue