How Chinese components in Indian drones pose a national security threat – Firstpost

India’s presence of Chinese components in Indian drones for military operations has raised critical security concerns. The recent hacking of Indian drones along the Line of Control (LoC) and the Line of Actual Control (LAC) has highlighted the vulnerability of using foreign-made components in critical military hardware. Consequently, the Indian government has cancelled three contracts totalling Rs 230 crore for the purchase of 400 drones for the military.

China leads the global drone industry, dominating up to 90 per cent of the commercial market, with DJI, a Chinese firm, reportedly owning a whopping 70 per cent market share. Considering Beijing’s 2017 intelligence law that mandates Chinese businesses to hand over data to the government, this raises serious concerns for countries using Chinese technology in military equipment.

The Indian military’s growing reliance on drones for intelligence, surveillance, reconnaissance (ISR), kamikaze missions, and logistics has exposed it to potential cyber threats. While drones have become essential in modern warfare, dependence on foreign technology, especially from China, creates weaknesses that could be exploited. The imperative is for a proactive and preemptive approach to curb this vulnerability in all military systems.

Technology Vulnerabilities in Drones with Chinese Parts

Many unmanned aerial vehicles (UAV)/drone manufacturers deploy open-source or imported firmware without conducting proper cybersecurity vetting. This creates vulnerabilities that can be exploited to manipulate drones. Since most drones operate on known RF frequency bands and standardised communication protocols, they are increasingly susceptible to jamming, spoofing, cyberattacks, and remote hijacking.

One major risk stems from the reuse of unverified firmware, which may contain embedded exploits or backdoors that enable unauthorised access. These vulnerabilities can be exploited through telemetry interception, allowing attackers to manipulate real-time drone behaviour or extract mission-critical data. Furthermore, UAVs using off-the-shelf radio communication modules are at high risk of signal interference and hijacking attempts, as these components often lack robust encryption and authentication mechanisms.

In military operations, reliance on predictable communication architectures makes it easier for adversaries to deploy advanced electronic warfare measures. By exploiting weakly secured data links, attackers can execute GPS spoofing attacks, misdirecting drones from their intended targets. Additionally, software vulnerabilities in autopilot systems, if not rigorously tested, may allow adversaries to inject malicious code capable of disabling UAVs mid-flight or redirecting them toward hostile zones.

Another critical aspect of UAV security is hardware exploitation. Many imported drone components, such as processors, navigation modules, and power distribution units, may contain hidden vulnerabilities that adversaries can exploit. Hardware Trojans—malicious modifications embedded at the manufacturing stage—can create backdoors allowing unauthorised control of UAVs. Additionally, reliance on commercially available microcontrollers and sensors, without rigorous security audits, increases the risk of physical tampering and supply chain infiltration.

Malicious actors can exploit vulnerabilities in electronic speed controllers (ESCs) and flight control units to manipulate drone performance. For example, altering power delivery mechanisms can cause drones to fail mid-flight or operate unpredictably. Similarly, attackers can leverage vulnerabilities in voltage regulation systems to introduce failures under specific conditions. By embedding unauthorised logic within integrated circuits, adversaries can activate hidden functionalities, including unauthorised telemetry transmission or remote disabling.

To mitigate these risks, a fundamental shift toward indigenously designed hardware solutions is necessary. By moving toward domestically engineered UAV systems, India can exercise greater control over component selection, ensuring security and reliability while eliminating risks posed by foreign supply chains. This transition allows for better oversight of embedded firmware, preventing the introduction of hidden vulnerabilities or compromised software.

Indigenous development of flight control systems, secure navigation modules, and power management units ensures that every critical component is vetted against cyber threats. Additionally, designing custom encryption-based communication protocols prevents adversaries from easily intercepting telemetry and control signals. With greater control over hardware origins, the risk of supply chain attacks and embedded exploits can be significantly reduced.

This includes adopting dynamic frequency hopping, robust encryption algorithms, hardware security modules (HSMs) for critical components, and AI-driven anomaly detection to detect and neutralise cyber threats in real-time.

The Way Ahead

The India Drone Market is projected to grow from $654 million in 2024 to $1,437 million by 2029, growing at a compound annual growth rate (CAGR) of 17.0 per cent during the forecast period. An EY-FICCI report indicates that the defence drone industry market potential will see a growth from Rs 38,300 crore in 2025 to Rs 1,01,100 crore in 2030, with a level of indigenisation rising from the present 40 per cent to 60 per cent. India has introduced market-leading regulations and policy interventions addressing both the demand side (through drone policy) and the supply side (through PLI and import bans). Yet a gap exists between policy and outcomes, which have resulted in hacking.

To obviate vulnerabilities and capitalise on this opportunity, India must focus on the undermentioned.

Structured Road Map: Develop a structured roadmap for indigenous drone production. The need is to encourage genuine startups. The challenge is in the sea of defence procurement: the big fish swallow up the small promising lot. Young startups like ARKin Labs, who have developed a fully indigenous flight control system (FCS) that operates without Chinese components, should be encouraged through policy support, grants, and tax incentives to develop high-quality indigenous alternatives to Chinese components.

Strengthening Domestic Supply Chains: The government should incentivise Indian startups and established firms to manufacture indigenous drone components, including processors, communication modules, and navigation systems.

Indigenous Content and Technology Mapping: Establish defence procurement norms that require a minimum of 75 per cent indigenous content in drones. This must be clearly defined and verified in terms of indigenous content (cost, subassemblies, design, and raw material) by an independent verification agency, including IPR holding (both foreground and background). Technology mapping is another area where indigenous R&D and technologies are ascertained.

Enforcing Strict Compliance and Certification: The Ministry of Defence (MoD) should mandate stringent verification of the origin of drone components before procurement. All military drones should undergo rigorous security testing to detect and eliminate potential malware or embedded backdoors. A centralised regulatory body should oversee compliance to ensure that drones meet cybersecurity and operational integrity standards.

Enhancing Cybersecurity Protocols: The need is to develop robust encryption mechanisms to prevent unauthorised access to drone communication and control systems. Implementing AI-driven anomaly detection systems can identify and neutralise hacking attempts in real time. The armed forces must focus on counter-drone cyber warfare.

Investing in Indigenous R&D: Increasing government funding in research and development for drone technology through initiatives like the Defence Research and Development Organisation (DRDO). Encouraging collaboration between defence startups, academic institutions, and the private sector to accelerate indigenous UAV technology development.

Conclusion

The Indian military’s focus on UAVs and autonomous systems is set to intensify in 2025, with the launch of advanced drone platforms for reconnaissance, surveillance, and strike missions. The Defence Minister’s recent statement on January 2, 2025, highlighted the push for indigenous kamikaze drones, swarm drones, and combat UAVs as part of defence modernisation in preparing for future wars. Collaboration with private industry and startups will be the key to accelerating innovation in this domain.

However, India’s reliance on imported drone components, particularly from adversary nations, poses serious cybersecurity risks, supply chain vulnerabilities, and operational vulnerabilities. The government’s decision to cancel contracts involving foreign components further underscored the necessity of developing a fully indigenous unmanned aerial systems (UAS) ecosystem. The challenge is twofold: first, to develop high-performance drone technologies that meet defence requirements without relying on foreign components, and second, to support Indian drone manufacturers in securing their firmware, avionics, and communication systems against cyber threats.

By fostering domestic innovation, enforcing strict cybersecurity norms, and supporting homegrown firms like ARKin Labs, India can emerge as a global hub for secure and advanced UAS technology. The road ahead demands strategic investments, regulatory vigilance, and a strong focus on indigenous capability-building to ensure the security and sovereignty of India’s defence infrastructure.

The author is former Director General, Mechanised Forces. Views expressed in the above piece are personal and solely those of the author. They do not necessarily reflect Firstpost’s views.