India has made it compulsory for military drone suppliers to pass a strict 20-point security test to prevent hidden foreign, especially Chinese, hardware risks. The move follows concerns that some “Made in India” drones may carry unsafe components. The framework checks both hardware and software vulnerabilities, including hacking and GPS spoofing.
New Delhi: The Ministry of Defence has unveiled a comprehensive security vulnerability testing framework for drones procured by Indian armed forces, making it mandatory for vendors to clear a 20-point evaluation before their systems can advance through the defence acquisition pipeline.
The move directly addresses a growing concern in the Indian defence establishment -- drones carrying “Made in India” labels while housing hardware or firmware of Chinese origin, effectively functioning as Trojan horses within the armed forces' inventory.
Last year, an Indian drone operating near the eastern sector of the border with China veered into Chinese-controlled territory.
Related Articles
As per the report, the China’s PLA took control of the UAV, operated it briefly, and then returned it. The drone is believed to be of Israeli origin with an encrypted data link -- yet the PLA still managed to seize control, raising serious questions about existing encryption measures.
Finalized in consultation with all three service headquarters and key government stakeholders, the framework targets seven principal threat vectors -- interception of communication links between drones and ground control stations, GPS jamming and spoofing, control hijacking via compromised firmware, data exfiltration, internet-connected data egress, malicious firmware updates pushed by foreign entities, and expanded data collection through networked peripherals.
Also Read: Land Ports Left Behind: The Infrastructure Gap Costing Bangladesh Its Trade Advantage
The 20-Test Regime
Vendors will have to clear ten hardware validation checks and ten software penetration tests.
Hardware tests cover integrated circuit analysis, tamper resistance, secure boot verification, PCB layer inspection, inter-board communication encryption, and design traceability.
Software tests examine cryptographic key uniqueness, operating system memory protections, trusted execution environment integrity, TLS data transit security, firmware pinning, and anti-rollback verification, among others.
Eight components are designated critical -- the electronic speed controller, flight controller, FC firmware, transmission unit, INS/GPS module, sensors, ground data terminal, and ground control station software.
The framework currently applies to all low, slow, and small (LSS) drone categories -- nano, micro, and small platforms such as quadcopters and hexacopters and is explicitly positioned as a precursor to a broader regime covering MALE and HALE platforms.
Also Read: Supreme Court Grants Full Pension To Women SSC Officers Denied Permanent Commission
Testing and Compliance
Testing must be conducted by NABL-accredited or internationally recognised laboratories within India.
The Quality Council of India is currently the only agency capable of running the full test matrix; the Directorate General of Quality Assurance is separately establishing a dedicated facility at Secunderabad.
Vendors who falsify component documentation face immediate suspension or debarment.
The Department of Defence Production will maintain a centralised database of validated vendors, with cleared models exempt from repeat testing unless modifications are made.
The framework acknowledges that domestic chip-level manufacturing remains a long-term goal.
Notably, MeITy's CHIMS software -- previously used to verify hardware bills of materials was discontinued in November 2024, leaving supply chain traceability as an unresolved gap.
