A Survey of Security Challenges and Solutions for UAS Traffic Management (UTM) and small Unmanned Aerial Systems (sUAS)
Iman Sharifi, Mahyar Ghazanfari, Abenezer Taye, Peng Wei, Maheed H. Ahmed, Hyeong Tae Kim, Mahsa Ghasemi, Vijay Gupta, Noah Dahle, Robert Canady, Abel Diaz Gonzalez, Austin Coursey, Bryce Bjorkman, Cailani Lemieux-Mack, Bryan C. Ward, Xenofon Koutsoukos, Gautam Biswas, Heber Herencia-Zapana, Saqib Hasan, Isaac Amundson, Filippos Fotiadis, Ufuk Topcu, Junchi Lu, Qi Alfred Chen, Nischal Aryal, Amer Ibrahim, Abdul Karim Ras, Amir Shirkhodaie
TL;DR
The security of small UAS under UTM is challenged by limited onboard resources and decentralized data flows. This system-oriented survey maps cyber threats to CNS, sensing, and software layers, reviewing traditional and lightweight defenses and building a unified taxonomy. It catalogs attack vectors, defense mechanisms, and cross-layer interaction risks, highlighting open challenges in Remote ID privacy, cloud data trust, and secure OTA/update processes. The work provides guidance for secure, scalable integration of sUAS into future UTM environments and informs standardization and defense research. It emphasizes the need for lightweight, interoperable security solutions and real-world testbeds to enable BVLOS operations with trustworthy UTM systems.
Abstract
The rapid growth of small Unmanned Aerial Systems (sUAS) for civil and commercial missions has intensified concerns about their resilience to cyber-security threats. Operating within the emerging UAS Traffic Management (UTM) framework, these lightweight and highly networked platforms depend on secure communication, navigation, and surveillance (CNS) subsystems that are vulnerable to spoofing, jamming, hijacking, and data manipulation. While prior reviews of UAS security addressed these challenges at a conceptual level, a detailed, system-oriented analysis for resource-constrained sUAS remains lacking. This paper presents a comprehensive survey of cyber-security vulnerabilities and defenses tailored to the sUAS and UTM ecosystem. We organize existing research across the full cyber-physical stack, encompassing CNS, data links, sensing and perception, UTM cloud access, and software integrity layers, and classify attack vectors according to their technical targets and operational impacts. Correspondingly, we review defense mechanisms ranging from classical encryption and authentication to adaptive intrusion detection, lightweight cryptography, and secure firmware management. By mapping threats to mitigation strategies and evaluating their scalability and practical effectiveness, this work establishes a unified taxonomy and identifies open challenges for achieving safe, secure, and scalable sUAS operations within future UTM environments.
