# Drone Command-and-Control PQC

**Source**: https://quantumsequrity.com/blog/drone-command-pqc
**Category**: Industry & Use Cases

---

[← Back to Blog](../../blog.html) Industry & Use Cases

# Drone Command-and-Control PQC

11 min read

A drone in flight depends on a command-and-control link that delivers operator commands to the aircraft and returns telemetry, video, and sensor data to the ground station. For consumer and commercial drones the link is typically a proprietary radio with light cryptographic protection. For military drones the link is a sophisticated SATCOM, line-of-sight radio, or relay system protected by classified cryptographic equipment. Across the spectrum, identification and authentication are growing concerns: ASTM F3411 Remote ID requires drones to broadcast identification information for accountability, and unauthorized drone activity has become a regular feature of news cycles from airport disruptions to military operations. Quantum computers will eventually break the classical cryptography that today protects drone C2 links, identity broadcasts, and ground-control systems. This article walks through ASTM F3411 Remote ID, the MAVLink open-source autopilot protocol, NATO STANAG 4586 for unmanned vehicle interoperability, and how to think about PQC migration across consumer, commercial, and military drone systems.

## Why Drone Cryptography Spans Many Different Profiles

The drone industry is not one industry. A consumer DJI quadcopter, a commercial photogrammetry platform, a public safety surveillance drone, a long-endurance military reconnaissance aircraft, and an experimental urban air mobility vehicle have radically different cryptographic profiles. The constraints on each profile are different, and the appropriate PQC migration approach varies accordingly.

Consumer drones use proprietary radio protocols (DJI Lightbridge, OcuSync, and successors) with vendor-implemented cryptographic protection. Commercial drones often use the same protocols or open-source alternatives like MAVLink with TLS or SSH-style encryption. Public safety and tactical military drones use dedicated radios with FIPS-validated or classified cryptography. Strategic military drones use SATCOM and complex cryptographic equipment.

Each profile faces the same eventual quantum threat, but the migration paths and timelines differ. For broader background see [What Is Post-Quantum Cryptography](what-is-post-quantum-cryptography.html) and [Harvest Now, Decrypt Later](harvest-now-decrypt-later.html).

## ASTM F3411 Remote ID

ASTM F3411 specifies the format and broadcast requirements for Remote ID, a system that allows law enforcement, regulators, and authorized parties to identify drones in flight. The FAA's Remote ID rule (14 CFR Part 89), which went into effect for production drones in 2022 and for operations in 2023, requires most drones flown in U.S. airspace to broadcast Remote ID information. Other jurisdictions including the EU under EASA have parallel requirements.

Remote ID broadcasts include the drone's serial number or session ID, position, altitude, velocity, time, and operator location (in some configurations). The broadcast is over Wi-Fi or Bluetooth, with cryptographic signatures available in the standard but not yet widely deployed. As Remote ID matures, signed broadcasts will become more common to enable receivers to verify authenticity and reject spoofed messages.

For PQC, the Remote ID signature path needs migration to post-quantum signatures. The size constraints are tight: Wi-Fi beacon frames and Bluetooth advertisements have limited payload, and ML-DSA signatures are kilobytes rather than the tens of bytes available. Profile work is needed to fit PQC into Remote ID, possibly through compressed signatures, certificate offloading to a network service, or multi-message signature schemes.

For broader regulatory context see [PQC for Government and Defense](pqc-government-defense.html) and the [NIST FIPS Guide](nist-fips-guide.html).

## MAVLink and Open Source Autopilots

MAVLink is the dominant open-source protocol for drone command and control. The protocol is used by ArduPilot, PX4, and many commercial drone platforms. MAVLink defines message formats for telemetry, commands, and configuration. The protocol itself is binary and unauthenticated by default; security is layered on through encrypted transport (typically TLS over TCP for ground control station to companion computer, or proprietary RF protocols).

MAVLink 2.0 added optional message signing using HMAC-SHA-256, which provides integrity protection for individual messages. The signing key is shared between ground station and vehicle, derived from a passphrase. This is symmetric authentication, which is not directly broken by quantum but does benefit from longer keys (HMAC-SHA-256 is fine; Grover's algorithm halves the effective security to 128 bits, which is still strong).

The asymmetric cryptography in the MAVLink ecosystem lives in the supporting infrastructure: TLS for ground station communications, certificate-based authentication for fleet management platforms, and the cloud services that increasingly support drone operations. PQC migration in this layer follows standard enterprise IT migration practices. ArduPilot and PX4 communities are tracking PQC developments and will incorporate hybrid post-quantum support as upstream libraries (OpenSSL, mbedTLS) ship it.

## NATO STANAG 4586 and Military Interoperability

NATO STANAG 4586 specifies the interfaces between military unmanned aerial vehicles and their ground control stations, with the goal of enabling interoperability across NATO member states' UAV systems. The standard defines several Levels of Interoperability (LOI 1 through 5) corresponding to different degrees of cross-system control.

Cryptographic protections in STANAG 4586 environments use NSA-approved or NATO-approved cryptographic equipment. The migration to post-quantum is part of the broader military cryptographic migration aligned with NSA's CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) timeline. CNSA 2.0 specifies the post-quantum algorithms approved for national security systems and includes deployment milestones through the 2030s.

Military drone PQC migration is therefore on the CNSA 2.0 timeline. Major drone platforms procured by the U.S. Department of Defense and NATO partners need to plan for cryptographic refresh aligned with these milestones. Existing platforms will receive PQC capability through cryptographic equipment upgrades and software updates over the coming decade.

## Consumer Drone Cryptography and the Spectrum of Adversaries

Consumer drones face a different threat profile than military drones. The primary adversary is not a state actor but a hobbyist or small-scale criminal trying to defeat geofencing, jam control links, or hijack drones. Vendor cryptographic protections are usually sufficient for these adversaries.

However, consumer drones are increasingly used in commercial and quasi-tactical contexts. DJI, Parrot, Skydio, and other consumer-grade platforms are flown by police departments, search and rescue organizations, journalists, and inspection contractors. The data captured by these drones, including aerial imagery, infrastructure inspection records, and incident response footage, has cryptographic sensitivity that warrants forward-looking encryption posture.

Vendors are aware of the trajectory. DJI has published security white papers describing their cryptographic implementation. Skydio has emphasized encryption in their enterprise positioning. PQC migration for consumer drone platforms will follow vendor product roadmaps over the coming years.

For migration construction see [Hybrid Encryption](hybrid-encryption.html).

## Commercial Drone Operations and BVLOS

Beyond visual line of sight (BVLOS) drone operations are expanding under FAA waivers and increasingly through formal rulemaking. BVLOS operations require more sophisticated communication architectures including SATCOM relay, cellular link, and ground network backhaul. Each of these has cryptographic touchpoints that need PQC migration alongside the broader enterprise IT migration.

The FAA's Part 108 (BVLOS) rulemaking, expected in the late 2020s, will likely include cybersecurity considerations that touch on cryptographic posture. Commercial drone operators planning long-term BVLOS programs should align their cryptographic refresh with broader sector migration timelines.

For sector context see [PQC for Critical Infrastructure Grid](pqc-critical-infrastructure-grid.html).

## Drone Imagery and Long-Term Sensitivity

Drone-captured imagery has variable sensitivity windows. A real estate aerial photo loses commercial value within months. A construction site progress image is sensitive across the construction period. Pipeline and utility infrastructure inspection imagery may be sensitive across the asset's operational life of decades. Public safety and military reconnaissance imagery can be sensitive for years to permanent.

The encryption posture for drone imagery storage should match the sensitivity window. For long-sensitivity imagery, hybrid post-quantum encryption at rest and AES-256 symmetric protection are appropriate. For short-sensitivity imagery the bar is lower but still benefits from forward-looking encryption.

The cloud platforms where drone imagery is increasingly stored (DJI Cloud, Skydio Cloud, AWS Snowball, Microsoft Azure for IoT) are migrating to PQC on broader cloud infrastructure timelines. Drone operators using these platforms will inherit the cloud provider's PQC migration. Operators with on-premises imagery storage should plan their own PQC migration aligned with NIST IR 8547.

## Counter-UAS Systems and Identification

Counter-UAS (C-UAS) systems detect, identify, and in some cases neutralize unauthorized drones. Detection uses radar, RF analysis, and acoustic sensing. Identification leverages Remote ID broadcasts where available. PQC implications for C-UAS are primarily on the verification side: when Remote ID broadcasts include cryptographic signatures, C-UAS systems need to verify those signatures to distinguish authentic broadcasts from spoofed ones.

For PQC, C-UAS verification capability needs to support post-quantum signatures alongside classical signatures during the migration window. The C-UAS vendor base is largely defense-aligned and will follow CNSA 2.0 timelines for military C-UAS, with civilian C-UAS following commercial migration timelines.

## Practical Migration Approach

A practical migration approach for drone operations starts with the ground side and works toward the airborne system. Step one is the operator's enterprise IT, fleet management platforms, and cloud storage. Move to hybrid PQC on standard enterprise IT timelines. Step two is the ground-control-station to vehicle link, which depends on the platform vendor's cryptographic implementation and roadmap. Vendor-specific timelines apply.

Step three is the airborne system itself. The avionics, autopilot, and onboard cryptographic processing follow vendor product cycles. PQC capability arrives through firmware updates and through hardware refresh. For military platforms, the CNSA 2.0 timeline drives the migration. For commercial platforms, vendor commercial roadmaps drive it.

The operator's procurement specifications should require PQC migration commitments from drone platform vendors during contract renewals. Operators should also be coordinating with cellular service providers for cellular-connected drones, with SATCOM providers for satellite-connected drones, and with cloud service providers for cloud-stored data. The full ecosystem migration is a 5 to 15 year program depending on the operational profile.

## UTM and Network Identification

Unmanned Aircraft System Traffic Management (UTM) is the framework for coordinating drone operations in shared airspace, particularly at low altitudes where traditional air traffic control does not operate. The FAA's UTM Concept of Operations and the international ICAO UTM Framework establish the architecture. Network Remote ID, which complements broadcast Remote ID, transmits drone identification through cellular or other network connectivity to UTM service suppliers.

PQC implications for UTM are around the network protocols connecting drones, UTM service suppliers, and authorized authorities. These protocols use standard internet protocols including TLS and various REST APIs, with cryptographic authentication of participants. Migration to hybrid post-quantum TLS in UTM aligns with broader internet PQC migration. UTM service suppliers should include PQC commitments in their architecture documentation and in their service level agreements with operators.

## Frequently Asked Questions

### Does the FAA require post-quantum cryptography for drones?
Not by name as of 2026. The FAA's Remote ID rule (14 CFR Part 89) does not specifically require post-quantum signatures. The FAA's broader cybersecurity posture is evolving and may eventually address PQC through specific guidance.

### What is the biggest drone PQC challenge?
Fitting post-quantum signatures into bandwidth-constrained channels including Remote ID broadcasts and tactical RF links. ML-DSA signatures are kilobytes versus tens of bytes for ECDSA, and the constrained envelopes need profile work to accommodate PQC.

### Are military drones on a faster PQC migration timeline?
Yes. Military drone cryptographic migration follows the NSA CNSA 2.0 timeline, which establishes deployment milestones through the 2030s. Commercial and consumer drones follow vendor commercial roadmaps, which are slower but accelerating.

### What about MAVLink-based open-source drone projects?
ArduPilot, PX4, and the broader MAVLink ecosystem will incorporate PQC as upstream libraries (OpenSSL, mbedTLS) ship hybrid post-quantum support. The ground-control-station to vehicle TLS and SSH layers are where PQC will arrive first.

### Should drone operators worry about quantum-era decryption of imagery?
For imagery with long sensitivity windows including infrastructure inspection, public safety, and military reconnaissance, yes. Captured imagery encrypted today with classical cryptography could be decrypted in a future quantum era. Long-sensitivity imagery storage should use hybrid post-quantum encryption.

## Sources

- FAA. "14 CFR Part 89: Remote Identification of Unmanned Aircraft." faa.gov.
- ASTM. "F3411-22: Standard Specification for Remote ID and Tracking." astm.org.
- NATO. "STANAG 4586: Standard Interfaces of UAV Control System (UCS) for NATO UAV Interoperability." nato.int.
- NSA. "CNSA 2.0 Cybersecurity Advisory." nsa.gov.
- NIST. "FIPS 204: Module-Lattice-Based Digital Signature." nist.gov.
- NIST. "NIST IR 8547: Transition to Post-Quantum Cryptography Standards." nist.gov.
- ICAO. "Doc 10019: Manual on Remotely Piloted Aircraft Systems (RPAS)." icao.int.

## Related Articles

- [What Is Post-Quantum Cryptography](what-is-post-quantum-cryptography.html)
- [Harvest Now, Decrypt Later](harvest-now-decrypt-later.html)
- [PQC for Government and Defense](pqc-government-defense.html)
- [PQC for Critical Infrastructure Grid](pqc-critical-infrastructure-grid.html)
- [Hybrid Encryption](hybrid-encryption.html)

---

### Protect Your Data Before Q-Day Arrives

QNSQY's NIST-standardized post-quantum encryption protects files against both current and quantum-era threats.

[Try QNSQY](../../pricing.html)
