Drone testing for a government agency

Challenge: Ensuring drone security and safety in hazardous environments

A government agency needed a reliable way to access areas too dangerous for humans, such as toxic spill sites and unstable structures. They chose to deploy a DJI Matrice M30 Thermal drone for these operations.
Before launch, the agency had major concerns around data security, operational safety, and tamper resistance. They needed to confirm the drone’s telemetry and video data couldn’t be accessed by unauthorised parties, that it would remain safe if it lost connectivity mid-flight, and that it couldn’t be manipulated by attackers.
Testing was also limited by available equipment – only one £10,000 drone was provided – so every test had to be carefully sequenced to avoid damage.

Approach: Exploratory drone penetration testing with a flexible methodology

We treated the engagement as an unconventional penetration test, viewing the drone as a complex IoT system with multiple sensors and communication pathways.
Instead of following a fixed compliance checklist, the team ran exploratory, scenario-based tests to simulate realistic attack situations. This flexible approach allowed testing to focus on the agency’s specific security concerns while maintaining safety for the single available drone.
The assessment also considered the broader regulatory landscape, acknowledging that drones exist in a grey area between IoT and aviation regulations.

Results: Strengthened security and confidence for safe drone deployment

Resillion’s testing identified key security insights and provided actionable recommendations to enhance the drone’s protection against data breaches, tampering, and connectivity failures.
The flexible, scenario-driven approach gave the agency greater confidence in deploying the DJI Matrice M30 Thermal safely in hazardous environments while demonstrating the value of adaptive testing beyond traditional compliance frameworks.

Why Resillion: Trusted experts in drone cyber security and risk assurance

The agency chose Resillion for our proven expertise in cyber security, UAV testing and risk mitigation in high-stakes environments. Our team combines deep technical knowledge with a strong understanding of regulatory frameworks and emerging threats to deliver targeted, practical results.
Through transparent communication, detailed documentation, and proactive collaboration, we built the client’s trust and ensured the success of the engagement – helping them deploy their drone technology with confidence and security.

Client feedback: Valuing flexibility and real-world insight

The client preferred an exploratory security assessment over a formal compliance audit. By focusing on realistic attack scenarios instead of certification requirements, the team delivered a more targeted and practical evaluation of potential vulnerabilities. The client appreciated the flexibility of the approach and its focus on real-world risk.