Unifly, in cooperation with Nexova, announces the successful completion of SecureUTM 2 Phase I under the European Space Agency’s (ESA) NAVISP programme. The project establishes a certification-aligned, risk-driven cybersecurity foundation for secure, resilient and scalable Unmanned Traffic Management (UTM) and U-space services across Europe.
As drone operations grow in complexity and cross-border interoperability, cybersecurity is becoming essential for operational continuity and public trust. SecureUTM 2 embeds cybersecurity engineering into the core architecture of UTM systems, aligning with European U-space regulations, Common Criteria methodology and ENISA risk frameworks. Security is treated as a foundational design principle rather than a late-stage compliance requirement.
Strengthened UTM Security Baseline
Building on SecureUTM 1, SecureUTM 2 Phase I significantly expanded the cybersecurity baseline for UTM systems. Key outcomes include:
Refinement of a harmonised Protection Profile (PP) for UTM
Development of an updated Security Target (ST) for the Unifly platform
Structured risk assessment and certification-aligned gap analysis
Definition of a secure architectural baseline addressing real-world U-space complexity
Setup of a PoC Testbed
Risk-Based Engineering Roadmap
A control-by-control gap assessment translated cybersecurity requirements into a prioritised implementation roadmap. Focus areas include:
PNT source authentication and plausibility checks
Enhanced session integrity and transport protection
Denial-of-Service resilience
Device-level authentication and auditing
Secure storage and encryption
This structured approach supports operational deployment and future EU cybersecurity certification readiness.
Validated Mitigations for GNSS and PNT Threats
SecureUTM 2 phase I placed strong emphasis on GNSS jamming and spoofing risks increasingly observed in drone operations. Practical, layered mitigations were validated through a dedicated U-space proof-of-concept testbed with Hardware-in-the-Loop UAV simulations.
Validated measures include:
On-board GNSS jamming detection
Fleet-level interference inference
Trajectory plausibility and conformance monitoring
OSNMA-based message verification
Structured anomaly logging and alerting
The testbed enables repeatable attack simulation, KPI-based evaluation and regulator-ready evidence generation.
Foundation for Phase II and European Deployment
Phase I also delivered a structured U-space testbed blueprint, verification methodologies and digital twin foundations to support continued validation, operator training and continuous cybersecurity testing.
SecureUTM 2 directly supports Belgium’s U-space deployment strategy and strengthens its position in secure drone integration.
Phase II will focus on implementing prioritised controls, expanding validation capabilities and further aligning with EU certification frameworks.
About Unifly
Unifly is a technology company rooted in aviation, dedicated to enabling autonomous aviation by advancing the safety and efficiency of UAS Traffic Management. The Unifly platform connects authorities, drone operators and stakeholders to digitise and automate airspace management, supporting the safe integration of next-generation aircraft. Through Unifly Consulting, the company combines UAS Traffic Management with thorough regulatory and safety expertise, offering SORA assessments, regulatory guidance and operational strategy, creating a comprehensive end-to-end solution that powers the future of autonomous aviation worldwide.