For years, cybersecurity has largely been viewed as a problem confined to the digital world. A compromised email account, stolen financial data, or a ransomware attack typically remained within the boundaries of cyberspace.

That distinction is disappearing.
The recent BAT-BMS incident should not be viewed simply as another software vulnerability. It is a reminder that weaknesses in digital systems increasingly have physical consequences. As more critical infrastructure, industrial equipment, transportation networks, and autonomous platforms become software-defined, cybersecurity is no longer just about protecting information. It is about protecting real-world assets and, in many cases, human lives.
This shift deserves far more attention than it currently receives.
Modern engineering has transformed almost every machine into a connected computing platform. Cars receive over-the-air updates. Manufacturing plants rely on interconnected control systems. Power infrastructure is remotely monitored. Drones execute autonomous missions based on onboard software, sensors, communication links, and distributed computing architectures.
Every additional layer of intelligence also expands the attack surface.
The discussion, therefore, needs to evolve beyond whether systems can be hacked. Given enough motivation and time, almost any digital system can be targeted. The more important question is whether security has been embedded into the architecture from the very beginning or simply added later as another feature.
{{/usCountry}}The discussion, therefore, needs to evolve beyond whether systems can be hacked. Given enough motivation and time, almost any digital system can be targeted. The more important question is whether security has been embedded into the architecture from the very beginning or simply added later as another feature.
{{/usCountry}}Unfortunately, many organisations continue to approach cybersecurity as a compliance exercise. Security audits are conducted towards the end of development. Encryption is added before deployment. Software patches become the primary defence strategy after products enter service.
That approach may have been acceptable for traditional IT systems. It becomes significantly riskier when the software controls machines operating in the physical world.
Autonomous platforms present a fundamentally different challenge because they combine sensing, computation, communication, navigation, and control into a single ecosystem. Compromising any one of these elements may affect the integrity of the entire mission.
This is particularly relevant as drones increasingly find applications in defence, disaster response, logistics, critical infrastructure inspection, agriculture, and public safety.
Unlike consumer electronics, these systems often operate beyond direct human supervision. They make decisions in dynamic environments, interact with other autonomous systems, and carry out tasks where reliability cannot be optional.
In such scenarios, cybersecurity is inseparable from operational safety.
The global drone industry has understandably invested enormous effort into improving endurance, payload capacity, navigation accuracy, and autonomous capabilities. Security, however, has often struggled to keep pace with these innovations.
That imbalance must change.
As countries around the world accelerate investments in unmanned systems, the conversation should not be limited to those who can build drones faster or at lower cost. It should also include who can build systems that remain trustworthy even when operating in hostile environments where cyber threats are expected rather than exceptional.
Security cannot depend solely on encrypted communication links or periodic software updates. It must extend to hardware design, computing architecture, command and control systems, firmware integrity, secure communications, component authentication, and resilience against attempts to manipulate onboard decision-making.
These principles become especially important when autonomous platforms support national security or critical infrastructure.
India today has an opportunity that relatively few countries have enjoyed.
As domestic companies build indigenous autonomous technologies from the ground up, security does not have to be inherited from legacy architectures designed for very different operating environments. We have the opportunity to make cybersecurity a design principle rather than a corrective measure.
That requires moving beyond procurement checklists and compliance certifications. Buyers, developers, and policymakers should begin evaluating autonomous systems not only on endurance, payload, or performance metrics, but also on their cyber resilience under real operational conditions.
The next generation of autonomous technologies will increasingly operate in contested environments where electronic warfare, spoofing, communication disruption, and cyber intrusion are part of the battlefield - not exceptions to it.
The systems that succeed will not necessarily be those with the longest flight times or the most sophisticated sensors. They will be the ones that continue to perform reliably even when someone is actively trying to compromise them.
The BAT-BMS incident is unlikely to be the last example of software vulnerabilities affecting physical systems. If anything, it offers an opportunity to reconsider how we define engineering excellence in an increasingly autonomous world.
The future of autonomous systems will ultimately depend on one quality above all else: trust. And trust is not built after deployment. It is engineered from day one.
(The views expressed are personal)
This article is authored by Venkatesh Sai, founder and technical director, Zuppa Geo Navigation Technologies.