Vigilant Aerospace Systems CEO Kraettli L. Epperson served as an expert panelist in MITRE’s XPONENTIAL 2026 workshop, “Cyber Trust: Securing Command and Control and Operational Technology as Drones & AAM Move In.” The session examined cybersecurity risks for uncrewed aircraft systems (UAS), Advanced Air Mobility (AAM), command and control, and the digital infrastructure supporting emerging aviation operations.
Epperson joined Scott Paul of MITRE, who moderated the session; Jeff Beyer of Thales; and David Keely of the Oklahoma Cyber Innovation Institute. MITRE hosted the session as part of XPONENTIAL’s technical programming on autonomy, uncrewed systems, and emerging aviation infrastructure. With 9,000 attendees from 60 countries, XPONENTIAL is the largest and most influential event showcasing autonomous systems technology in the world.
Cyber Trust for Networked Aviation Systems
Epperson’s comments focused on the cybersecurity implications of networked airspace infrastructure. Vigilant Aerospace’s FlightHorizon system connects sensors, aircraft data, ground infrastructure, and software services to support airspace awareness and detect-and-avoid functions.
As UAS operations scale, operators increasingly rely on connected infrastructure beyond the aircraft itself. This can include radars, ADS-B In receivers, remote data services, command centers, cellular and satellite communications, cloud hosting services, and third-party UAS manufacturers and components.
For UAS digital infrastructure, the key risk areas include mission planning, maintenance and update systems, enterprise and backend fleet services, system availability, and identity and trust. These areas are especially important for beyond visual line of sight (BVLOS) operations and future automated airspace services, where aircraft, operators, sensors, networks, and software services must exchange trusted information in real time for the air traffic to remain safe and coordinated. According to Epperson, with increasing numbers of long-range autonomous flights, dependence on interconnected systems is expected to increase dramatically over the next 5 years.
Epperson discussed how future UAS and AAM operations will require trusted data, trusted systems, and trusted identities across the network. This includes the infrastructure needed for proposed Federal Aviation Administration (FAA) Part 108 and Part 146 frameworks and automated data service provider (ADSP) services.
UAS Component and Infrastructure Cyber Risk Areas
The workshop also addressed attacks against UAS components and supporting systems. These included attacks on supply chain and manufacturers, firmware corruption, command injection, man-in-the-middle attacks, telemetry and data-link attacks, ground control system compromise, sensor and payload manipulation, and backend fleet service compromise.
Sensor and payload manipulation was one focus area. These attacks can involve fake sensor inputs, disrupted video, or manipulated payload data. The risk is false situational awareness that influences operator decisions, obscures critical data or impacts autonomous system behavior.
Telemetry and data-link attacks were another focus. These attacks can include packet injection, replay of prior broadcasts to trick autonomous systems, denial of service attacks on networks or servers, or attempts to alter what the operator sees. The workshop emphasized the need to preserve trusted aircraft status and operator awareness.
Common mitigations discussed included using encryption, VPNs, secure authentication, tokenization, message integrity checks, mutual authentication, anti-replay controls, traffic monitoring, rate limiting, redundant telemetry paths, input validation, operator alerts, and isolation of non-critical systems from flight-critical systems.
For backend and cloud-connected services, the discussion included IT and operational technology segmentation, zero-trust access, secure application programming interfaces (APIs), logging, cloud hardening, warm backups, incident response planning, and secrets management.
The Expert Speakers
Scott Paul of MITRE moderated the workshop and guided discussion across the major cyber risk areas affecting UAS and AAM systems.
Jeff Beyer of Thales USA contributed the perspective of a major aerospace, defense, and digital systems provider. His discussion areas included backend systems, identity and trust, denial of service, and cyber resilience.
David Keely represented the Oklahoma Cyber Innovation Institute, an organization focused on cybersecurity research, workforce development, and technology commercialization. His comments included hardware and drone hardware risks, command and control risks, signals hijacking, supply chain vulnerabilities, ground control system risks and related areas.
Kraettli Epperson represented Vigilant Aerospace Systems and discussed airspace management and UAS safety infrastructure perspective. His comments emphasized how secure digital infrastructure are necessary for scalable BVLOS and AAM flight operations.
About AUVSI XPONENTIAL
Hosted by the Association for Uncrewed Vehicle Systems International (AUVSI), the annual XPONENTIAL conference and expo brings together industry leaders, global innovators, end-users, and defense officials to showcase new technologies and shape industry standards for autonomous systems worldwide. The event attracts 8,000 to 9,000 attendees from more than 20 industries and 60 countries. The XPO Hall features 600 companies showcasing the latest advancements in drones, robotics, AI, and ground/maritime autonomous vehicles.
About MITRE
MITRE is a not-for-profit organization that works in the public interest on national technical challenges. The organization operates federally funded research and development centers and provides systems engineering, technical analysis, and research support to government sponsors.
MITRE works across areas including aviation, cybersecurity, defense, transportation, artificial intelligence, and critical infrastructure. Its role includes convening government, industry, and academic stakeholders to address complex public-interest technology challenges.
About Thales
Thales is a global technology company serving aerospace, defense, security, digital identity, and transportation markets. In the United States, Thales supports aviation, national defense, cybersecurity, identity protection, and critical infrastructure customers through technology products, systems, and services.
About Oklahoma Cyber Innovation Institute
The Oklahoma Cyber Innovation Institute (OCII) is based at The University of Tulsa and focuses on cybersecurity resilience, workforce development, applied research, and commercialization. OCII supports cyber education, industry partnerships, small business cybersecurity services, and technology development intended to strengthen Oklahoma’s cybersecurity ecosystem.
Vigilant Aerospace is the leading developer of multi-sensor detect-and-avoid and airspace management software for uncrewed aircraft systems (UAS or drones). The company’s product, FlightHorizon, is based on two NASA patents and uses data from multiple sources to display a real-time picture of the air traffic around a UAS and to provide automatic avoidance maneuvers to prevent collisions. The software is designed to meet industry technical standards, to provide automatic safety and to allow UAS to safely fly beyond the sight of the pilot. The software has won multiple industry awards and the company has had contracts and users at NASA, the FAA, the U.S. Department of Defense and with a variety of drone development programs. Visit our website at www.VigilantAerospace.com