Approaches to Cybersecurity in UAS in the SORA Process: A Systematic Literature Review of Standards, Probabilistic Models, and AI Integration ^†

Abstract

The present literature review identifies substantial research and applied potential in the combined utilization of internationally recognized information security standards, Bayesian networks, and AI-based assistants to enhance cyber resilience in Unmanned Aerial Systems (UAS) operations within the specific category defined by the SORA (Specific Operations Risk Assessment) methodology. The analysis reveals that while the existing literature individually addresses key components such as ISO/IEC 27001, NIST SP 800-53, MITRE ATT&CK, Bayesian models, and AI techniques, integrated methodologies that unify these elements into a comprehensive and operationally applicable framework are lacking. Particularly underrepresented is the connection to the Cyber Safety Extension of SORA, as well as the synergistic application of quantitative analysis and automation through intelligent systems. The review concludes that a systematic effort is required to develop a holistic framework that reflects the dynamic regulatory demands, operational environments, and contemporary threats facing drone technologies.

1. Introduction

With the rapid proliferation of Unmanned Aerial Systems (UAS) across civilian, industrial, and governmental domains, ensuring their cybersecurity and operational safety has emerged as a strategic imperative. Operations in the Specific Category—particularly those involving BVLOS flights or conducted in urban or shared airspace—present substantial challenges that demand complex and adaptive mitigation strategies. Despite the availability of internationally recognized information security frameworks such as ISO/IEC 27001 [1], NIST SP 800-53 [2], CIS Controls (management frameworks), together with MITRE ATT&CK (a knowledge base of adversarial tactics, techniques, and procedures), current literature lacks a unified approach that integrates these practices with quantitative modeling via Bayesian networks (BN, also referred to in some works as Bayesian belief networks or Bayesian probabilistic networks) and automation through AI-based tools, aligned with the Cyber Safety Extension of the SORA methodology.

This literature review explores the potential for such integration, focusing on drone operations under the Specific Category framework outlined in the JARUS-developed SORA methodology [3]. In addition to the core structure of SORA, which categorizes operational risk through Specific Assurance and Integrity Levels (SAIL), particular attention is given to the non-mandatory Cyber Safety Extension [4], which provides structured guidance for addressing cybersecurity threats in UAS operations. The need for a harmonized approach is further underscored by recent updates from SORA version 2.0 to 2.5 and the anticipated development of a new air risk model in version 3.0 [5].

This review also examines the role of AI-based assistants in automated threat modeling, real-time decision support, simulation, and risk assessment. Through an interdisciplinary analysis, this study aims to outline a conceptual framework for deploying an adaptive, proactive, and regulation-compliant risk management model suited to the evolving operational and regulatory environment of UAS in civil airspace.

2. Research Methodology

2.1. Research Question

How can the combined application of international cybersecurity frameworks (ISO/IEC 27001, NIST SP 800-53, CIS Controls, and MITRE ATT&CK), BN, and AI-based assistants support the development of an effective and adaptive model to enhance cyber resilience and safety in drone systems, in alignment with the Cyber Safety Extension under SORA for Specific Category operations?

2.2. Review Objective

The objective of this literature review is to identify, classify, and analyze academic and applied research exploring the integration of established cybersecurity frameworks, probabilistic modeling, and intelligent assistant systems. The goal is to develop a predictive, dynamic, and regulatory-compatible risk management model for drone operations. The review seeks to define a conceptual architecture for the practical implementation of such models, while analyzing their synergies, limitations, and future potential for secure and sustainable UAS integration into civil airspace.

2.3. Scope and Time Frame

A systematic search strategy was employed to identify relevant literature published between January 2015 and June 2025. The scope included academic articles, technical reports, official standards, regulatory documents, and industry white papers related to cybersecurity in UAS, with specific attention to the application of the SORA methodology and its Cyber Safety Extension.

2.4. Data Sources

The following databases and repositories were searched: IEEE Xplore, ScienceDirect, arXiv, ResearchGate, and MDPI. Additionally, publications from official bodies (NIST, JARUS, EASA, CISA) and corporate sources (e.g., drone technology providers and cybersecurity platforms) were considered to capture applied and regulatory perspectives.

2.5. Inclusion Criteria

Literature was included based on the following criteria:

• Explicit references to the Cyber Safety Extension to SORA, including its application or critique;
• Relevance to the application of international cybersecurity frameworks (ISO/IEC 27001, NIST SP 800-53, CIS Controls, MITRE ATT&CK) within UAS;
• Use of BN for modeling cyber risks or resilience in aviation or Cyber–Physical Systems (CPS) environments;
• Proposals of architectures or AI-based solutions for supporting cybersecurity processes in drone systems;
• Accessibility (full-text or sufficient abstract) to allow methodological and conceptual extraction.

2.6. Exclusion Criteria

The following types of sources were excluded:

• Works unrelated to drone operations or risk assessment;
• Hardware-only studies lacking a cybersecurity focus;
• Publications without author, date, or institutional context;
• Purely promotional or descriptive texts without analytical content;
• Duplicate entries, unless offering distinct contributions in terms of data, scope, or findings.

2.7. Search Methodology Objectives

This structured methodology was designed to ensure transparency, rigor, and reproducibility of the review process. It also aims to support the development of a conceptually coherent and practically applicable integrated model for enhancing cyber resilience in Specific Category drone operations, in alignment with regulatory and operational demands.

To ensure transparency and reproducibility, a structured search strategy was employed across major academic databases (IEEE Xplore, ScienceDirect, MDPI, arXiv, ResearchGate) as well as official institutional repositories (e.g., JARUS, NIST, EASA, CISA).

Representative Boolean strings combined terms relating to UAS/drone operations, information security frameworks, and probabilistic/AI-based modeling. For example, one of the applied queries was (“UAS” OR “drone” OR “unmanned aerial systems”) AND (“cybersecurity” OR “information security”) AND (“Bayesian” OR “probabilistic” OR “AI”).

The search yielded a broad set of records, which were gradually filtered through three stages:

• Deduplication—removal of repeated entries across databases.
• Title/abstract screening—exclusion of works unrelated to UAS or lacking a cybersecurity perspective.
• Full-text eligibility check—application of inclusion/exclusion criteria (e.g., focus on standards, probabilistic methods, or AI integration).

This process resulted in a final selection of 40+ sources, which were analyzed thematically.

3. Analysis and Systematization of the Literature

The analysis of the selected literature was structured around five principal thematic domains, each aligned with the core components of the research question:

(1)

Cyber Safety Extension in SORA-based UAS risk assessments;

(2)

The application of internationally recognized information security standards and frameworks to UAS;

(3)

The utilization of BN for risk modeling and assessment;

(4)

Approaches for cybersecurity management processes and integration of AI-based assistants;

(5)

Multi-domain contributions to cyber resilience research.

Each thematic axis is examined with respect to its methodological approaches, operational implications, and relevance to enhancing the cyber resilience and safety of drone systems operating in the Specific Category.

3.1. Cyber Safety Extension in SORA-Based UAS Risk Assessments

3.1.1. Analytical Overview of Key Publications

“A Cybersecurity Risk Framework for Unmanned Aircraft Systems Under Specific Category” [6] proposes a cybersecurity framework for UAS operating within the “specific category,” which requires risk assessment based on SORA methodology. The framework includes the identification of cyber threats, risk evaluation in accordance with SORA principles, and the definition of cybersecurity objectives for UAS. It aims to assist both operators and regulatory authorities in evaluating and managing cybersecurity risks associated with complex drone operations.

“PROCESS AND PRODUCT IMPLICATIONS WHILE TRANSITING FROM SORA 2.0 TO SORA 2.5: A CASE STUDY” [7] examines the implications of transitioning from SORA 2.0 to SORA 2.5—a revised version of the Specific Operations Risk Assessment (SORA) methodology used for evaluating and controlling risks in UAS operations. The study aims to identify the challenges and benefits associated with implementing the updated version in both the procedural and operational aspects of SORA during this transition.

“On SORA for High-Risk UAV Operations under New EU Regulations: Perspectives for Automated Approach” [8] is a research article that examines the application of the SORA methodology to high-risk UAV (Unmanned Aerial Vehicle) operations under the new European Union regulatory framework. The article discusses challenges encountered during the preparation of SORA applications and explores opportunities for automating the assessment process, with the objective of streamlining approval procedures and enhancing operational efficiency.

“SORA Methodology for Multi-UAS Airframe Inspections in an Airport” [9] is a research article that explores the application of the SORA methodology for conducting multi-UAS airframe inspections at airports. It demonstrates how SORA can be employed to evaluate the risks associated with such operations and to define appropriate mitigation measures to ensure safety and regulatory compliance.

3.1.2. Key Findings and Identified Limitations

The publications analyzed in this section share a focus on the practical application and evolution of the SORA methodology for risk assessment in Specific Category operations involving UAS. Despite addressing important topics—such as process automation, multi-UAS risk evaluation, and version transitions within the SORA framework—all sources exhibit a limited degree of integration with key international information security standards, quantitative risk modeling methods such as BN, and the guidance provided by the Cyber Safety Extension to SORA. The lack of synergy between regulatory, probabilistic, and intelligent components restricts the applicability of these papers to the development of a comprehensive and adaptive architecture for cyber resilience in drone operations.

3.2. The Application of Internationally Recognized Information Security Standards and Frameworks to UAS

3.2.1. Analytical Overview of Key Publications

Information technology—Security techniques—Information security management systems—Requirements [1] is a document that outlines the requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS) within the context of an organization. It includes provisions for the assessment and treatment of information security risks, as well as for ensuring compliance with relevant security policies and standards.

MITRE ATT&CK Framework Adaptation in UAV Usage During Surveillance and Reconnaissance Missions [10] is a master’s thesis that investigates the adaptation of the MITRE ATT&CK framework to the use of UAVs in surveillance and reconnaissance operations. The study analyzes how the tactics, techniques, and procedures (TTPs) defined in MITRE ATT&CK can be applied to identify and mitigate cyber threats specific to UAV operations. The paper aims to provide a structured approach for understanding adversarial actions targeting UAVs.

A Critical View on CIS Controls [11] is an article that offers a critical examination of the CIS Controls v6 (2015)—a set of 20 practices designed to help organizations enhance their cybersecurity posture. Despite their widespread adoption and endorsement by influential entities, the article questions the practical viability and effectiveness of this approach. The authors critically assess the assumptions underpinning the CIS Controls and the validity of claims made in their favor, calling for more robust academic engagement with the topic.

Internet of Things Security Companion to the CIS Critical Security Controls (Version 6) [12] is a supplementary guide to version 6 of the CIS Critical Security Controls, specifically addressing their applicability to the Internet of Things (IoT). It emphasizes how the growing interconnectivity of IoT devices—including those within Industrial Control Systems (ICS) and SCADA environments—introduces new attack vectors. The document underscores the need to adapt cybersecurity measures, such as penetration testing and red team exercises, to focus on methods of gaining network access through IoT components.

“The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector” [13] is an article that explores how organizations in the IT sector can derive value from data through the effective implementation of the ISO/IEC 27001 standard for information security management. It examines the rationale behind investing in ISO 27001 and evaluates the benefits and challenges of its application in ensuring data confidentiality, availability, and integrity.

“ISO/IEC 27000, 27001 and 27002 for Information Security Management” [14] is a paper providing an overview of the international standards ISO/IEC 27000, 27001, and 27002, which are foundational to the practice of information security management. It outlines the importance of these standards as guidelines or frameworks for developing and maintaining a robust Information Security Management System, emphasizing their role in asset protection and addressing the growing spectrum of cybersecurity threats.

“The ISO/IEC 27001 Information Security Management Standard: Literature Review and Theory-Based Research Agenda” [15] is a scholarly article that presents a literature review and a theory-driven research agenda focused on the ISO/IEC 27001 standard. It consolidates existing academic work, identifies key research trajectories, and proposes directions for future studies aimed at understanding the application and impact of ISO/IEC 27001 in various organizational contexts.

“Security and Privacy Controls for Information Systems and Organizations” [2] is a document—Special Publication 800-53, Revision 5 by NIST—which provides a comprehensive catalog of security and privacy controls for information systems and organizations. It serves as a foundational guide for risk management in the domain of security, offering a structured approach to the selection, implementation, and monitoring of controls to ensure the security of federal information systems.

“Understanding Cybersecurity Frameworks and Information Security Standards—A Review and Comprehensive Overview” [16] is a document that delivers an extensive overview of cybersecurity frameworks and information security standards. It explains the critical role of these frameworks and standards in safeguarding sensitive data from loss or theft and offers an in-depth analysis of various approaches to building resilient cybersecurity architectures in the modern business environment.

“RISK DRIVEN MODELS & SECURITY FRAMEWORK FOR DRONE OPERATION IN GNSS-DENIED ENVIRONMENT” [17] is a master’s thesis that investigates risk-driven models and a security framework for drone operations, particularly focused on challenges in GNSS-denied environments. It examines various cyber threats to unmanned aerial vehicles, including spoofing, jamming, and malware injection, and proposes countermeasures such as robust authentication, encryption, and the use of alternative navigation methods like computer vision. The thesis highlights the importance of robust security frameworks to ensure operational resilience of drone missions under adverse conditions.

3.2.2. Key Findings and Identified Limitations

The publications analyzed in this section provide a solid foundation for understanding internationally recognized information security standards and frameworks, including ISO/IEC 27001, NIST SP 800-53, CIS Controls, and MITRE ATT&CK. They clarify the role of managerial, technical, and architectural controls in ensuring comprehensive cybersecurity for information systems. However, the review reveals that most sources examine these frameworks in general organizational or IT contexts without adapting them to the specific characteristics of UAS or operations within the Specific Category. Furthermore, interdisciplinary integration with quantitative risk modeling methods (e.g., Bayesian probabilistic networks), AI-based assistants for automated cybersecurity, and the specific guidance provided by the Cyber Safety Extension to the SORA methodology is lacking. Even studies focused on UAS security fail to link established standards with operational regulatory requirements. Thus, despite contributing to baseline cybersecurity, the literature offers limited guidance for proactive risk management and highlights the need for an integrated regulatory, probabilistic, and AI-driven framework.

3.3. The Utilization of Bayesian Networks for Risk Modeling and Assessment

3.3.1. Analytical Overview of Key Publications

“Risk Assessment and Resilience: Bayesian Networks in Drone Cybersecurity” [18] is a paper that explores the vulnerability of unmanned aerial systems (drones) to cyberattacks and highlights the importance of robust cybersecurity measures. It proposes the use of Bayesian networks for quantitatively analyzing the likelihood and impact of cyber incidents, thereby supporting informed decision-making for enhancing drone cybersecurity. The article also discusses the potential of Bayesian networks as a dynamic system auditing tool, improving responsiveness to evolving threats.

“Risk Assessment of UAV Cyber Range Based on Bayesian-Nash Equilibrium” [19] is a study that investigates a risk assessment method for UAV cyber ranges based on a game-theoretic model. It aims to analyze the selection of optimal cybersecurity strategies in attack-defense scenarios. The method employs an attack-defense tree model and introduces a Bayesian-Nash equilibrium for mixed strategies under incomplete information. The focus is on the mutual influence of both parties’ actions and the dynamic nature of their confrontation.

“A Tutorial on Learning with Bayesian Networks” [20] is an educational resource that provides an introduction to Bayesian networks—graphical models that encode probabilistic dependencies among variables. It explains how Bayesian networks, combined with statistical techniques, offer advantages in data analysis, including handling missing data, learning causal relationships, combining prior knowledge with data, and avoiding overfitting. The tutorial describes methods for constructing Bayesian networks from prior knowledge and summarizes Bayesian statistical methods for improving these models with data, including techniques for learning with incomplete datasets.

“A Bayesian-Network-Based Cybersecurity Adversarial Risk Analysis Framework with Numerical Examples” [21] presents a novel framework for adversarial risk analysis in cybersecurity, integrating Bayesian networks with a game-theoretic approach. The objective is to identify optimal decision-making strategies for defenders under adversarial conditions by employing a hybrid Bayesian inference mechanism instead of traditional Monte Carlo simulations to compute and select optimal strategies.

“A Bayesian Network Approach for the Interpretation of Cyber Attacks to Power Systems” [22] explores the use of Bayesian network modeling to interpret and analyze cyberattacks targeting power systems. The focus lies in enhancing the cyber resilience of digital infrastructure through the prediction of attacker behavior and planning of corresponding security measures, based on real-world threat scenarios.

“Bayesian Network Models in Cyber Security: A Systematic Review” [23] is a comprehensive review article that analyzes Bayesian networks as a modeling technique in cybersecurity. The review highlights the strengths of BNs in overcoming data limitations and identifies 17 standard BN models applied in cybersecurity, which are analyzed using eight evaluation criteria. The study reveals key usage patterns and identifies notable research gaps in the application of BNs within the cybersecurity domain.

“A Probabilistic Risk Assessment Framework for the Path Planning of Safe Task-Aware UAS Operations” [24] examines a probabilistic risk assessment (PRA) framework for trajectory planning in safe UAS operations over populated areas. The proposed framework is designed to be flexible enough to address multiple safety concerns and operational objectives by incorporating a probabilistic risk exposure map (PREM) of the operational area and a failure mode analysis of the UAS, including probability distributions for ground impact consequences.

“Achieving Cyber-Informed Engineering Through Bayesian Belief Network and Sensitivity Analysis” [25] presents a novel approach to cybersecurity risk assessment by combining Cyber-Informed Engineering (CIE) with Bayesian Belief Networks (BBNs) and sensitivity analysis. The aim is to identify and prioritize actions or attacks that may result in severe consequences for critical infrastructures. The concept is illustrated through application in a chemical plant environment.

3.3.2. Key Findings and Identified Limitations

The sources analyzed in this section demonstrate diverse applications of Bayesian networks in the field of cybersecurity, including threat assessment, cyber conflict analysis, and scenario-based risk modeling. Despite their relevance to the development of risk evaluation models, none of the reviewed studies proposes a comprehensive methodology that integrates BPNs with established international information security standards. Additionally, the Cyber Safety Extension of the SORA methodology is notably absent from these discussions. While some publications refer to automation and simulation techniques, AI-based assistants are not systematically incorporated into the proposed risk management architectures. In conclusion, although the reviewed literature offers a variety of approaches for applying Bayesian networks in cybersecurity, it remains fragmented and insufficiently aligned with the requirements that govern the contemporary use of drones under the SORA framework.

3.4. Approaches for Cybersecurity Management Processes and Integration of AI-Based Assistants

3.4.1. Analytical Overview of Key Publications

“Autonomous Aerial Drones Connecting Public Safety: Opportunities and Challenges for the Future” [26] is a document examining the growing integration of UAS into public safety operations, emphasizing their role in delivering critical communication capabilities and real-time information. It discusses the unique opportunities presented by autonomous drones, alongside challenges related to cybersecurity and AI risk management. The paper highlights the need for greater end-user awareness and the development of educational resources for manufacturers and instructors to support improved risk governance.

“IoT Empowered Smart Cybersecurity Framework for Intrusion Detection in Internet of Drones” [27] presents an intelligent IoT-supported cybersecurity framework designed for intrusion detection within the Internet of Drones (IoD). The study addresses the latest privacy and security challenges affecting drone networks and stresses the importance of establishing a secure and resilient drone communication infrastructure. The proposed framework incorporates machine learning and deep learning to ensure reliable data communication services and mitigate vulnerabilities arising from the lack of standardized cybersecurity protocols in IoT-enabled drone technologies.

“A Systematic Analysis of Enhancing Cybersecurity Using Deep Learning for Cyber–Physical Systems” [28] is a systematic review that explores the application of deep learning techniques to enhance cybersecurity in Cyber–Physical Systems. The article discusses various approaches to mitigate cyber threats within CPS, focusing on areas such as anomaly detection, intrusion detection, and secure communication. It underscores the potential of deep learning to address complex and evolving cybersecurity challenges in modern CPS environments.

“Towards Trusted and Intelligent Cyber–Physical Systems: A Security-by-Design Approach” [29] presents a framework for building trusted and intelligent CPS through a security-by-design paradigm. The proposed approach integrates blockchain and AI to enhance CPS security across the entire product lifecycle. The framework aims to overcome the limitations of existing digital twin solutions in CPS by enabling secure data dissemination and timely corrective actions, utilizing AI to learn from sensor data and anticipate security threats.

“Functionality-Preserving Adversarial Machine Learning for Robust Classification in Cybersecurity and Intrusion Detection Domains: A Survey” [30] is a survey paper examining the application of machine learning (ML) in cybersecurity, with a focus on intrusion and malware detection. The article addresses adversarial machine learning, in which attackers attempt to manipulate ML models, and explores functionality-preserving adversarial examples. It offers a comprehensive review of known attack strategies on ML models in cybersecurity and the corresponding defense mechanisms, emphasizing the need for robust ML models in critical security applications.

“How to Certify Machine Learning Based Safety-critical Systems? A Systematic Literature Review” [31] is a systematic review that explores the challenges and solutions related to the certification of machine learning-based safety-critical systems. The review discusses topics such as robustness, uncertainty, explainability, verification, safe reinforcement learning, and direct certification, identifying key research gaps and trends in the field.

“Situation Awareness for Cyber Resilience: A Review” [32] explores situational awareness as a critical component of cyber resilience. The article examines various approaches and techniques to achieve a comprehensive understanding of the cyber environment, including the use of sensor data, analytics, and visualization tools, with the aim of enhancing capabilities for detecting, responding to, and recovering from cyberattacks.

“The Implementation of Public Chatbots to Raise Awareness of Computer Crime” [33] investigates the deployment of public-facing chatbots as a means to improve awareness of computer crime. It discusses the design, development, and evaluation of chatbots that deliver cybersecurity information and guidance to the general public, aiming to enhance prevention efforts and protection against cybercrime.

“UAS Cyber Security and Safety Literature Review” [34], prepared by the FAA’s UAS Center of Excellence (ASSURE), offers a comprehensive literature review on cybersecurity and safety issues in UAS. It identifies existing research, challenges, and knowledge gaps in the field, with a focus on threat landscapes and risk mitigation strategies relevant to UAS operations.

“Enhancing UAV Security Through Zero Trust Architecture: An Advanced Deep Learning and Explainable AI Analysis” [35] examines the enhancement of UAV security through the implementation of Zero Trust Architecture (ZTA), supported by advanced deep learning techniques and explainable artificial intelligence (XAI). The article emphasizes the need for continuous authentication of all network entities and communications, and highlights the role of AI in detecting and identifying UAVs based on radio frequency signal characteristics.

“Exploring Effective Approaches to the Risk Management Framework (RMF) in the Republic of Korea: A Study” [36] is a study analyzing effective applications of the Risk Management Framework (RMF) within the context of cybersecurity in the Republic of Korea. It identifies best practices and implementation challenges across various organizations engaged in information risk management.

“Smart Cybersecurity Framework for IoT-Empowered Drones: Machine Learning Perspective” [37] investigates a smart cybersecurity framework for Internet-of-Things (IoT)-enabled drones from a machine learning perspective. The article explores the use of machine learning for anomaly detection, attack prevention, and the enhancement of overall cyber resilience in drone systems, with a particular focus on securing data and communications infrastructures.

“Security Analysis of Drone Systems: Attacks, Limitations, and Recommendations” [38] is a review article that provides a comprehensive analysis of the security posture of drone systems, detailing various attack vectors, inherent limitations, and proposed security enhancements. It addresses a wide range of threats, including jamming, spoofing, malware, and insider attacks, while discussing vulnerabilities across key components such as communication, navigation, and control subsystems. The article aims to deliver a holistic overview of the challenges facing drone security and outlines potential mitigation strategies.

“Potential Cyber Threats, Vulnerabilities, and Protections of Unmanned Vehicles” [39] is a survey that explores potential cyber risks and protective measures related to unmanned vehicles. It identifies techniques such as Global Navigation Satellite System (GNSS) spoofing, jamming, password cracking, denial-of-service (DoS) attacks, malware injection, and firmware modification as possible attack vectors. In response, the article proposes defensive measures, including multi-agent system architectures, solid-state storage, distributed programming tools, advanced encryption techniques, and the use of additional sensors combined with data comparison strategies.

“A Study on the Multi-Cyber Range Application of Mission-Based Cybersecurity Testing and Evaluation in Association with the Risk Management Framework” [40] is a study that investigates the application of multi-cyber ranges for mission-based cybersecurity testing and evaluation, particularly in relation to the Risk Management Framework. It emphasizes the importance of realistic testing environments in assessing and improving system cyber resilience. The document discusses how cyber ranges can facilitate realistic simulations of cyberattacks and defensive responses, aiding in the identification of vulnerabilities and validation of security controls.

“A Review of Cyber Security Challenges and Solutions in Unmanned Aerial Vehicles (UAVs)” [41] is a comprehensive review that examines the security vulnerabilities of UAV-based systems, categorizing them into three domains: software, hardware, and communication links. It analyzes various security protocols aimed at mitigating these risks, including advanced encryption techniques, authentication mechanisms, and intrusion detection systems that may leverage machine learning classification models. The review also provides context for how emerging technologies such as blockchain and machine learning can enhance UAV cybersecurity.

3.4.2. Key Findings and Identified Limitations

The reviewed publications in this section present a broad range of approaches to enhancing cyber resilience through the use of artificial intelligence, deep learning, and architectures such as Zero Trust and blockchain, applied to cyber–physical systems and drone networks. Several studies address critical aspects such as intrusion detection, threat assessment, situational awareness, and the certification of safety-critical systems. Despite their relevance to contemporary security paradigms, a common limitation across all sources is the absence of an integrated methodology that combines these innovations with established international standards, formalized probabilistic modeling using Bayesian networks, and compliance with the Cyber Safety Extension of the SORA methodology. This highlights the need for an interdisciplinary framework that unifies standards, probabilistic models, and intelligent assistants to support the secure and sustainable integration of unmanned systems into the civil airspace operational environment.

3.5. Multi-Domain Contributions to Cyber Resilience Research

3.5.1. Analytical Overview of Key Publications

“Autonomous Cybersecurity and AI Risk Management for Uncrewed Systems: Challenges and Opportunities Using the NIST Frameworks” [42] is a document that explores the challenges and opportunities associated with autonomous cybersecurity and AI risk management for uncrewed systems, particularly in safety-critical applications. It provides an overview of these systems and highlights how increasing connectivity and automation introduce new and elevated cybersecurity and AI-related risks. The authors propose examples of risk management controls based on the NIST Cybersecurity Framework (CSF) 2.0 and the NIST AI Risk Management Framework (AI RMF).

“MITRE ATT&CK Applications in Cybersecurity and The Way Forward” [43] synthesizes research on the application of the MITRE ATT&CK framework in cybersecurity by analyzing 417 peer-reviewed publications. It identifies frequently used adversarial tactics, techniques, and procedures (TTPs), and examines the integration of natural language processing (NLP) and machine learning (ML) with ATT&CK to enhance threat detection and response. The document also assesses the effectiveness of ATT&CK, its validation methods, and the challenges faced in sectors such as industrial control systems (ICS) and healthcare, offering future research directions.

“Implementing Bayesian Networks for Online Threat Detection” [44] is a dissertation focused on the use of AI, specifically Bayesian networks, for automated and early detection of cyber threats. It emphasizes the increasing complexity of cyberattacks and the necessity for advanced methodologies beyond conventional security measures. The research centers on designing security frameworks such as DETECT (Decision Triggering Event Composer and Tracker), which utilize pattern analysis and sequence recognition to identify attack models.

“Unmanned Aerial System Cybersecurity Risk Management Decision Matrix for Tactical Operators” [45] is a master’s thesis that addresses the lack of a comprehensive cybersecurity risk management framework for UAS, particularly for tactical operators. It proposes a cybersecurity decision matrix that integrates concepts from the NIST Risk Management Framework, CIS security controls, and other cybersecurity guidelines. The objective is to provide a clear and effective tool for assessing and managing cybersecurity risks associated with UAS operations, with a focus on ensuring operational effectiveness and reducing vulnerabilities.

3.5.2. Key Findings and Identified Limitations

Sources classified under more than one of the primary thematic categories emphasize the importance of an integrated and multidisciplinary approach to cybersecurity management in UAS. The analyzed works bridge international information security frameworks with AI risk management strategies, automated threat detection mechanisms, and conceptual models based on Bayesian networks. This thematic overlap highlights a growing synergy among managerial, analytical, and technological dimensions of cyber resilience.

However, despite the broader scope of explored concepts, most sources fail to propose fully integrated solutions that simultaneously address the operational specificity of UAS missions, the formal requirements of the SORA methodology and its Cyber Safety Extension, and the application of quantitative methods such as Bayesian networks. In many cases, the interaction between AI-based assistants and established security standards in real-world drone scenarios remains underdeveloped.

Thus, while the reviewed literature demonstrates potential for transdisciplinary advancement, it remains conceptually fragmented. This fragmentation reinforces the need for a unified framework that functionally and regulatorily connects diverse approaches to enable adaptive, resilient, and standardized cybersecurity for drone systems.

4. Findings and Conclusions

This literature review highlights the pressing need for a systematic and interdisciplinary effort to develop a holistic framework for cybersecurity risk management in specific-category UAS operations. While existing studies address key components—such as the application of international information security standards (e.g., ISO/IEC 27001, NIST SP 800-53), the use of Bayesian networks for risk modeling, and the integration of AI-based assistants for automation and decision support—there remains a lack of a unified methodology that combines these elements into an operational, adaptable, and regulation-compliant model.

This gap becomes particularly critical in light of emerging threats, the complexity of operating in shared airspace, and the need to comply with evolving regulatory requirements, including the Cyber Safety Extension to the SORA methodology. Future research should therefore aim to establish an integrated framework that combines structured risk assessment, intelligent uncertainty modeling, adaptive control mechanisms, and real-time AI-supported decision-making. Only such a comprehensive approach can ensure the resilience, security, and operational reliability of UAS in an increasingly dynamic and threat-prone environment.