Australia’s Drone Cyber Blind Spot: Zero Recorded Incidents, Rising Hidden Risks

The University of Canberra says researchers at Innovation Central Canberra worked with DroneShield on an independent report looking at drone enabled cyber risks to Australian critical infrastructure. The report found no recorded domestic cyber incidents using drones to date, but warned that limited drone detection capability, low awareness, minimal government guidance, and rising drone use are creating vulnerabilities and a gap in reporting.

That combination matters because “no recorded incidents” can reflect a genuine absence of cases, but it can also reflect a lack of detection, a lack of monitoring, or unclear pathways for reporting when something suspicious happens. The UC summary explicitly frames it as a reporting gap alongside capability and guidance gaps.

Why This Is Showing Up Now

Australia’s national drone policy work has increasingly treated drones as both an opportunity and a risk. The Australian Government’s drone security policy describes a “by design” approach that covers physical and cyber risks and notes work underway on policies, processes and regulations to strengthen agency access to counter drone capabilities and better coordination.

Separately, the Government’s Coordinated Drone Detection initiative points out that rapid advances in off the shelf drone technology are reducing the resources and expertise needed for sophisticated drone operations, and that this raises physical, cyber security and safety risks for government, business and the community.

Why Drones Change the Cyber Threat Model

Drone enabled cyber activity is not just “a drone with a camera”. In real terms, drones can be used as mobile platforms to:

• get close to facilities without needing physical access

• carry sensors that map wireless environments

• support short burst interactions with nearby systems

AI matters on both sides of this problem:

• Cheaper autonomy and smarter payloads lower the skill barrier for complex operations (the Government explicitly highlights off the shelf capability increases as a risk driver).

• Detection and identification increasingly rely on AI because the volume of signals, device types and flight behaviours is hard to triage manually. For example, DroneShield describes its RFAI capability as using AI and machine learning for RF based drone detection and identification, with ongoing updates to its drone libraries. This is the vendor’s description, not an independent performance assessment, but it shows how AI is being positioned as part of counter drone tooling.

UC’s report summary also flags “limited drone detection capabilities” as part of the vulnerability picture, which is where AI assisted detection and correlation tools are often presented as the practical path to scale.

Why Enforcement is Hard in Practice

1. Authority and lawful use of counter drone tools

Counter drone action often involves sensitive capabilities, including RF disruption, and that raises legal and governance issues. The Australian Government notes that ACMA made the Radiocommunications (Exemption – Remotely Piloted Aircraft Disruption) Determination 2022, supporting Australian police access to counter drone equipment that would otherwise be unlawful under the Radiocommunications Act 1992.

2. Knowing who is flying what, and where

Remote identification is widely treated as a building block for accountability. The Australian Government describes Remote Identification as enabling authorised users to remotely obtain a drone’s identity and location, notes a discussion paper released in July 2023, and links the work to the Aviation White Paper commitment to develop Remote ID and uncrewed traffic management.

3. Fragmented non-safety rules and “where can I fly” complexity

Compliance is not only about aviation safety rules. The Drone Rule Digitisation project is aimed at making non safety drone rules easier to understand and integrate, including via a local drone rules map and open data access designed to support digital flight planning tools.

4. Operator planning and incident readiness

Regulation also shows up in operational obligations. CASA’s materials for ReOC holders include emergency response planning guidance and templates, with the template page showing an update on 21 January 2026.

How This Compares Internationally

In the United States, CISA published cybersecurity best practices for operating commercial UAS that treat drone ecosystems as part of an organisation’s IT environment, recommending standard controls such as keeping UAS devices off the enterprise network during key tasks, using firewalls and up to date antivirus, securing software and firmware installs, and using strong encrypted links for communications.

That kind of guidance is relevant to UC’s point about “minimal government guidance” contributing to vulnerability, because it illustrates what a more prescriptive baseline can look like.

What Changed after the UC Report

On 29 January 2026, Australia’s Defence Ministers site published a release saying the Government is updating Defence settings for counter drone threats, including establishing an industry panel to advise on counter small uncrewed aerial systems services and noting the Defence Amendment (Counter UXS Measures) Regulations 2025 have been enacted to strengthen Defence authority to detect and respond to threatening drones in support of law enforcement.

This is Defence focused, but it is part of the wider regulatory story: governments are actively adjusting the boundaries of who can detect, attribute, and respond to drone threats, and under what safeguards.

Bottom Line

UC’s headline finding is not “there is no problem”. It is “there are no recorded domestic cases yet, but the conditions for missed detection and under reporting exist”.

For critical infrastructure operators and the broader public, the practical regulatory challenge is joining the dots across identity, detection, lawful enforcement powers, and usable guidance, while AI increasingly shapes both drone capability and counter drone detection workflows.

License This Article