> series: sector_under_the_microscope —— part: 12/12 —— domain: subsea —— platform: auv<span class="cursor-blink">_</span>_
Submersible drones and autonomous underwater vehicles (AUVs) are no longer niche military assets. They inspect subsea pipelines and cables for energy companies, conduct hydrographic surveys for port authorities, monitor marine environments for research institutions, support aquaculture operations, and provide hull inspection services for the maritime industry. As commercial adoption accelerates, so does the attack surface — and the underwater domain introduces physical constraints that make many conventional security assumptions invalid.
This final article in our Sector Under the Microscope series examines the emerging cyber security threat landscape for submersible platforms — where RF signals do not penetrate, GPS does not function, and the vehicle operates autonomously for extended periods in an environment that is inherently difficult to monitor or defend.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping CallThe underwater environment negates several assumptions that aerial and terrestrial security relies upon. Radio frequency signals — the basis of Wi-Fi, cellular, GPS, and most drone command links — attenuate rapidly in water and are effectively unusable beyond a few centimetres. This means underwater vehicles must use entirely different communications, navigation, and control mechanisms — each with their own security implications.
| Constraint | Aerial UAV | Submersible UAV |
|---|---|---|
| Communications | RF-based (2.4 GHz, 5.8 GHz, 900 MHz). Real-time command and telemetry. High bandwidth for video. | Acoustic-based (typically 10–100 kHz). Extremely low bandwidth (hundreds of bits per second). High latency. Vulnerable to environmental noise and interception. |
| Navigation | GPS-based (GNSS). Continuous, real-time positioning. Vulnerable to spoofing but widely available. | GPS denied. Relies on inertial navigation (INS), Doppler velocity logs (DVL), acoustic positioning systems (USBL/LBL), and dead reckoning. Drift accumulates over time. |
| Control model | Typically tethered to operator via RF link. Real-time piloting or waypoint-following with continuous oversight. | Predominantly autonomous. Pre-programmed missions with minimal real-time operator input. Vehicle makes independent decisions based on onboard logic. |
| Recovery | Can be recalled via command link. Emergency procedures include return-to-home. | Recovery depends on vehicle surfacing or returning to a docking station. A compromised vehicle that cannot surface may be lost entirely. |
| Physical access | Operates in open airspace — visible and physically accessible during flight. | Operates in an opaque, inaccessible medium. Physical interception during a mission is extremely difficult — but the vehicle is vulnerable during launch, recovery, and surface transit. |
The attack surface for submersible drones spans pre-mission, mission, and post-mission phases — each presenting distinct vulnerabilities that reflect the unique constraints of the underwater operating environment.
| Sector | Submersible Use Case | Primary Risk |
|---|---|---|
| Oil and Gas | Pipeline inspection, subsea infrastructure monitoring, wellhead inspection, environmental compliance surveys. | Manipulation of pipeline inspection data — concealing defects or fabricating issues. Navigation compromise directing vehicle into subsea infrastructure. Data exfiltration revealing infrastructure layout and condition. |
| Telecommunications | Subsea cable inspection and route survey. Cable landing site assessment. | Intelligence gathering on subsea cable routes — critical national infrastructure. Survey data revealing cable burial depth, condition, and repair history. Cable routes have significant strategic intelligence value. |
| Ports and Maritime | Hull inspection, harbour survey, underwater security patrol, salvage assessment. | Compromised hull inspection reports — concealing damage or contraband attachments. Navigation spoofing of harbour survey vehicles. Interception of security patrol data revealing underwater detection gaps. |
| Defence and Security | Mine countermeasures, harbour protection, underwater reconnaissance, submarine infrastructure inspection. | Nation-state targeting of military AUV operations. Mission file tampering affecting mine clearance accuracy. Intelligence gathering on underwater defence capabilities and patrol patterns. |
| Marine Science and Aquaculture | Environmental monitoring, seabed mapping, fish farm inspection, marine protected area surveillance. | Data manipulation affecting environmental compliance assessments. Survey data revealing commercially sensitive seabed resource information. Vehicle theft for technology intelligence. |
Our submersible drone security assessment methodology extends the principles of our UAV penetration testing service into the underwater domain — adapting for the unique constraints of acoustic communications, GPS-denied navigation, and autonomous operation. The assessment covers the full lifecycle: mission planning workstation, firmware and onboard software, communications security (both acoustic subsea and RF surface), docking station and data download infrastructure, and integration with corporate networks.
Increasingly, organisations deploy both aerial and submersible platforms — offshore energy companies using aerial drones for topside inspection and AUVs for subsea surveys, port authorities using aerial drones for perimeter monitoring and submersible vehicles for hull inspection, and defence organisations operating multi-domain autonomous systems. The security challenge is not just securing each platform individually but securing the infrastructure that connects them — the ground stations, cloud platforms, data repositories, and corporate networks that serve as the common denominator.
This is where our combined capability comes together: UAV penetration testing for platform-specific vulnerabilities, airspace security for aerial domain detection, wireless and spectrum security for the RF layer, and infrastructure penetration testing for the ground infrastructure that connects it all. For continuous monitoring of the entire technology estate, SOC in a Box provides 24/7 detection across both conventional IT and the operational technology that supports autonomous platform operations.
Over twelve articles, we have examined the cyber threat landscape across every major sector we serve — from law firms to the defence supply chain, from schools to submersible drones. The technologies differ, the regulations vary, and the threat actors change — but the principle is constant: the organisations that understand their specific threat model, test their defences proactively, and monitor their environment continuously are the ones that withstand attack.
Whichever sector you operate in — and whichever domain your operations span — the starting point is the same. Understand what you are protecting. Understand who is trying to take it. Test whether your defences work. And monitor for the moment they do not.
Hedgehog Security operates one of the UK's most comprehensive UAV and autonomous platform security practices — covering <a href="/penetration-testing/uav-drone">aerial and submersible penetration testing</a>, <a href="/airspace-security">airspace security</a>, <a href="/wireless-spectrum-security">wireless and spectrum analysis</a>, and <a href="/penetration-testing/infrastructure">infrastructure testing</a> for the ground systems that connect them. Our <a href="/blog/from-the-hacker-desk-drone-hijack-construction">From the Hacker Desk drone series</a> demonstrates what we find when we test.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call