From Drone Life:

Gary Corn (Colonel, USA Ret.), former Staff Judge Advocate of U.S. Cyber Command, Director of the Tech, Law & Security Program at American University’s Washington College of Law, a Senior Fellow at R Street Institute, and CEO of Jus Novis Consulting LLC, notes that responding to drone swarm threats, even for the Department of Defense (DOD) remains a challenge. The DOD only recently published a counter sUAV strategy, and was successful in getting legislation passed in 2019 that gives the military the domestic authority to use a range of defensive measures, up to and including force, to defend specified personnel and installations. According to Corn, All of these capabilities and authorities are nascent and evolving. The equation is even more complex in the case of swarms where the response decision-cycle is much more compressed and the consequences of delay can be exacerbated.”

Drone swarms also can magnify cybersecurity issues in any mission due to potential hardware and software vulnerabilities. The Solar Winds hack, which exploited vulnerabilities in an IT monitoring and management platform resulted in undetected and unauthorized access to thousands of networks and systems through routine, trusted software updates. It highlights vulnerabilities inherent in supply chains that adversaries can easily access. Technologies imported from, or that contain components imported from manufacturers located or incorporated in adversary foreign states, remain a concern. According to Corn, In the case of small drones, the vast majority of which are manufactured in China, the risks of the Chinese government having access to the devices, the controlling software, and the data flows generated by them is more than theoretical. The issue of regulating, and in some instances banning, Chinese drones has become part of a broader discussion about safe technologies. There are definite cybersecurity risks that come with these capabilities which add an extra layer of complexity to the already difficult challenge of collecting and aggregating data, even for business purposes.”