NEW DELHI: Amid persistent concerns over Chinese-origin components in military drones, the defence ministry on Thursday unveiled a draft drone security framework mandating stringent testing and “secure-by-design” systems.
Prepared by the Army Design Bureau (ADB), the framework has sought feedback by April 8, after which the final version will be incorporated into the upcoming Defence Acquisition Procedure (DAP) 2026.
The New Indian Express had reported last week that the framework was set for imminent release and that parallel stringent checks were already underway to weed out vulnerable components.
Concerns over Chinese components in UAVs deployed by the military are not new. In 2024, an Army UAV operating near the northern borders was reportedly hijacked by Pakistan, with the vulnerability traced to a Chinese-made autopilot system used for navigation.
The framework to purge foreign parts applies to all “low, slow and small” drones, including nano, micro and small UAVs and lays down a comprehensive mechanism for testing security vulnerabilities across their lifecycle.
The draft flags “potential avenues of compromise” in drones, particularly those involving foreign components, and calls for procurement of systems that are secure at the design stage itself.
“The ideal solution lies in procurement of drones that follow secure-by-design principles,” the document states, stressing that vulnerabilities must be addressed at the design, development and manufacturing stages.
It outlines multiple vulnerabilities that could be exploited by adversaries, including interception of communication links, GPS jamming and spoofing, control hijacking, malware insertion and data exfiltration.
“Each point of connection is a potential target that could be exploited,” the framework reads, warning that unencrypted links, compromised firmware and weak navigation systems can enable hostile takeover or disruption of operations.
It also warns that drones and their connected systems can enable “data collection and transmission” of sensitive information, including mission plans, flight paths and surveillance data, potentially exposing critical infrastructure.
A key focus of the framework is identifying critical drone components that could be compromised, including flight controllers, communication systems, navigation units (GPS/INS), sensors and ground control software.
While outlining an “ideal solution” of complete indigenisation and foolproof supply chain verification, the document acknowledges existing gaps, noting that domestic capabilities in areas such as microchips, sensors and communication hardware “will take time to mature and deliver.”
As an interim measure, it mandates compulsory testing and certification of critical electronic components through government or government-approved agencies.
“Testing and certification of critical electronic equipment is required to be implemented,” it states, adding that these checks will include hardware validation as well as software vulnerability and penetration testing.
It also embeds security checks across the procurement lifecycle, from the request for information (RFI) stage to trials and final induction.
Accordingly, vendors will be required to disclose sourcing details, share software and hardware bills of materials and accept intrusive assessments such as tear-down, destructive and penetration testing.
Flagging supply chain vulnerabilities, it notes that “foolproof supply chain traceability is not possible” due to complex sourcing practices, rerouting and counterfeit components.
Importantly, the framework prescribes strict penalties, warning that firms found “fabricating/falsifying” details of critical components are liable to be suspended or debarred.
It also calls for continuous post-induction monitoring, including regular firmware updates, vulnerability management programmes and periodic audits to detect anomalies or unauthorised access.
Evolved through wide-ranging consultations, the document is set to become the baseline for securing more advanced unmanned systems as India scales up its drone capabilities.