Unmanned aircraft systems (UAS) have become a growing commodity on the battlefield. The recent conflicts in Ukraine and Gaza have particularly underscored their operational value and increased use in the planning, execution, and assessment of military operations and have demonstrated that these systems can significantly reduce costs and limit risk to personnel. Accordingly, the U.S. Department of War is taking actions to meet Administration-set “drone dominance” goals and has appropriated a budget estimated at $1 billion. The Department is also pushing for more commercial solutions across the Services in an effort to speed up acquisitions and provide the Warfighter with much needed technologies that provide an upper hand in modern military engagements.
The increased proliferation of commercially available drones also means, of course, an increased presence in the cyber domain, especially given the ever-increasing digital interconnectivity of systems to enable UAS warfare. The number of cyber vulnerabilities and corresponding available attack surfaces—as well as counter-UAS tools and technologies—has thus risen as well. As highlighted in a 2024 briefing by the U.S. Army’s National Ground Intelligence Center (NGIC), “UAS exploit tools are widely available, inexpensive, and require little sophistication and/or expertise” [1].
Academic research has reached similar conclusions. Peer-reviewed studies published in recent years document the increase in cyber attacks on commercial and military UAS. Many of these studies provide specific examples of attack types and insights into mitigation strategies that vendors and system owners could use to harden these technologies [2–4].
This article highlights a study performed in 2024 for the U.S. Army Transformation Decision Analysis Center to answer the question, “How can we use modeling and simulation (M&S) to examine hardening approaches to UAS that are still in the design phase of the acquisition life cycle using a mission-based impact analysis?” The M&S capabilities used for this study were developed under guidance by the Joint Aircraft Survivability Program (JASP) and the Director of Operational Test and Evaluation (DOT&E).
The primary M&S tool used for this analysis was the Cyber Operations Lethality and Effectiveness (COLE) suite of applications. As stated in the DOT&E Annual Report, COLE is “the Joint Munitions Effectiveness Manual capability for cyber vulnerability and resiliency assessments” [5]. This analysis also used the Full-Spectrum Survivability Tools (FSST), which were developed under DOT&E and highlighted in the spring 2025 issue of the Aircraft Survivability journal (ASJ) [6].
Approach
To examine potential cyber vulnerabilities that could be exploited in a UAS, we assumed the UAS to be composed of two major components: the unmanned air vehicle (UAV)—more commonly called the “drone”—and a ground segment composed of a control launch and/or command vehicle. Both elements can exist in multiple configurations. (Note that the examples used here are purely illustrative.)
The models drew on several sources, including an exemplar model-based systems engineering (MBSE) model; documentation developed for a 2022 symposium on cyber modeling tools; and the notional MQ-99 Berserker UAV, which is extensively discussed in the spring 2025 ASJ [7].
To narrow the analysis, researchers assumed a relatively constant ground-control vehicle, composed of a mission computer, databases, and communications systems. As shown in Figure 1, the ground-vehicle model included incoming communications, a controller area network bus, a launch system architecture, and a mission IT network separated from operational technology by a guard device. The mission system was composed of three workstations, a mission database, a mission computer, a cryptographic keystore, and a UAS antenna.
For the air vehicle, three progressively hardened designs were modeled (shown in Figures 2–4). The first represented a lightly modified commercial quadcopter with a MIL-STD-1553 data bus and a separate communications bus. The second added GPS, cryptographic devices, a maintenance interface, and a sensor payload, with encrypted primary bus communications. The third model represented a hardened military platform, incorporating segregated flight controls and mission payloads, an electro-optical and infrared subsystem, and synchronized encryption keys loaded from the ground vehicle.
Analysis
System Under Test Characterization
Researchers did not model specific software, firmware, or operating systems because of the use of notal systems. Instead, they relied on two COLE frameworks: the dynamic state model and the connectivity model. The state model allows users to simulate changes to a system’s condition—such as operational, degraded, or compromised—and observe cascading effects across the network. The connectivity model, informed by subject-matter expertise, evaluates how information flows between IT and operational technology components, accounting for firewall rules and architectural constraints. As shown in Figure 5, if a user selects a node (depicted in yellow) and asks COLE to show accessible systems, the connectivity model examines the type of system the node is connected to, looks for firewall configurations that may be set, and shows the user which devices may be accessible from the selected node.
COLE’s Risk Assessment application, developed with guidance from JASP, integrates these models with the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework. Users can simulate specific attack techniques, assign probabilities to each step, and calculate aggregate likelihoods across an attack path. The current implementation assumes independent steps, though future versions will incorporate Bayesian conditional modeling.
Attack Scenarios
The study examined two attack scenarios. The first modeled a supply-chain interdiction attack targeting a communications remote terminal unit. The notional payload—activated by a radio-frequency signal—scans its bus, compromises a controller, and propagates until it reaches the flight controls, where it overwhelms the endpoint. Each step was assigned a 75% probability of success.
As expected, additional architectural barriers reduced overall success rates. The modeled likelihood of a successful attack fell from 41% in the simplest UAV design to 17% in the hardened configuration, illustrating how incremental design changes can significantly improve resilience. Table 1 shows the results of the modeled attacks.
Table 1. Results of Modeled UAV Attacks
Figures 6 and 7 show the modeled attack paths and the updated state and connectivity of the UAVs during and after the successful attacks. Nodes highlighted in blue indicate they are accessible from the various compromised locations, which are shown here with the hacker icon overlay.
Mission Impact
To assess operational consequences, the study integrated COLE outputs into the Joint Capability as a Service (JCaaS) architecture and the FSST toolset. A representative mission was constructed in the Advanced Framework for System, Integration and Modeling (AFSIM), simulating an integrated air-defense-system collection task involving two expendable UAVs gathering radar and electronic support data.
In this scenario, the cyber attack targeted communications rather than flight controls. Each step of the attack was assigned a 50% likelihood of success, yielding an overall probability of 0.236. A time-based exposure model was used to represent the likelihood of activating the radio-frequency trigger (shown in Figure 8).
For this scenario, we focused the cyber attack on communications only. Therefore, the attack did not have to pivot to the flight controls and could just perform a denial-of-service on the communications device. We chose the large UAV as the target and lowered the likelihood of success to 50% for each step. This resulted in an overall likelihood of 0.236 with a corresponding 90% confidence interval, as selected in the Risk Assessment tool.
For the RF portion of the attack, we derived a simple time-based exposure model that calculated the probability that the payload was triggered (shown in Figure 9). This model assumes that if the UAV is exposed to the RF signal for some amount of time, the likelihood that the payload is triggered increases.
The results were passed to AFSIM and executed through Monte Carlo simulation (shown in Figure 9). Interestingly, as shown in Figure 10, in 20 runs the cyber attack affected mission outcomes twice, reducing detections compared with baseline scenarios.
Summary
We believe this study was successful in showing how the COLE M&S tool can be used before and during the design phase of an acquisition life cycle. Further, as designs and specific technologies are selected, we can model higher-fidelity attributes and examine specific attack paths and exploits that a cyber operator could perform if they had access to the device. By integrating the COLE results into the JCaaS architecture, we were able to show mission impact of an RF-enabled cyber attack so mitigations and preventive measures could be taken during design and deployment of the UAS to harden it against nonkinetic threats.
Specifically addressing U.S. Army interests, this work was the first time to our knowledge that the effects of a cyber attack were shown in the context of a large-scale mission. As the Army further investigates the effects of cyber attacks on large-scale conflicts involving thousands of entities (simulated systems), it is imperative to augment the current kinetic-centric M&S tools with the inputs from the “cyber” (nonkinetic) engagement.
Additionally, as a proof of concept, this work shows it is possible to perform M&S on the individual systems and influence large-scale simulations. We thus envision a future in which the probabilities derived from tools such as COLE are used on large-scale simulations that provide input to decision makers on the size and scale of formations, as well as the proper deployment locations for these systems. In short, as far as we know, this is the first instance that a cyber model was used to observe impact on a mission due to the presence of a cyber threat on the environment. Future work will look at implementing this concept into large force-on-force simulations used by the Army for training and as part of analysis of alternatives studies (e.g., One Semi-Automated Force [OneSAF]).
About the Authors
Mr. Charles Fisher is currently the Director of the Cyber and Non-Kinetic Effects directorate at Applied Research Associates, Inc. (ARA). He has more than 15 years of experience developing vulnerability and lethality models for the kinetic and nonkinetic weapons effects communities. Mr. Fisher holds a B.S. in mathematics from Fitchburg State University and an M.S. in applied mathematics from Worcester Polytechinic Institute.
Dr. Arturo Revilla is a Senior Cybersecurity Engineer at the Army’s Transformation Decision Analysis Center (TDAC). He has more than 25 years of experience leading teams evaluating cybersecurity, assessing cyber-risk, and performing threat emulation on Army tactical and enterprise systems. Dr. Revilla holds a Ph.D. in computer engineering and an M.S. and B.S. in electrical engineering from the University of Texas at El Paso.
References
- Kendra et al. “Cyber Threads to DoD UAS Operations.” Briefing, U.S. Army Intelligence and Security Command, National Ground Intelligence Center, February 2024.
- Branco, Bruno, José Silvestre Serra Silva, and Miguel Correia. “Cyber Attacks on Commercial Drones: A Review.” IEEE Access, vol. 13, 2025.
- Oracevic, Alma, and Ahmad Salman. “Unmanned Aerial Vehicles in Peril: Investigating and Addressing Cyber Threats to UAVs.” IEEE Xplore, 2024.
- Yu, Aaron, Iuliia Kolotylo, Hashim Hashim, and Abdelrahman Eltoukhy. “Electronic Warfare Cyberattacks, Countermeasures, and Modern Defensive Strategies of UAV Avionics: A Survey.” IEEE Access, vol. 13, 2025,
- Office of the Director, Operational Test & Evaluation. “ FY 2024 Annual Report.” https://www.dote.osd.mil/annualreport/, January 2025.
- Fisher, Charles, Ashley Henderson, and John Crews. “Full-Spectrum Survivability Tools.” Aircraft Survivability journal, spring 2025.Bryant, William. “Using M&S to Determine Cyber Survivability: Score Small and Let the Machines Do the Math.” Aircraft Survivability journal, spring 2025.
