Pelorus on Why Low-Cost Drones Are a High-Impact Security Risk

For years, India’s security conversation has focused on physical perimeters and digital networks. But a third layer is quietly expanding overhead. With nearly 30,000 registered drones now operating across use cases ranging from agriculture and infrastructure surveys to weddings and videography, aerial space is rapidly becoming the newest and least regulated attack surface.

Global conflicts have already shown how inexpensive civilian drones can be repurposed with devastating consequences. In India, the challenge is amplified by dense urban environments, fragmented enforcement, and the blurred lines between civilian and restricted airspace.

Founded in the aftermath of the 26/11 Mumbai attacks, Pelorus Technologies was built to address precisely this gap, strengthening India’s internal security using indigenous capabilities across AI, digital forensics, and surveillance. From early deployments with the Indian Navy to working with more than 50 law enforcement agencies today, the company has seen firsthand how aerial threats are evolving faster than traditional security models.

In this conversation with CiOL, Kaushal Bheda, Director, Pelorus Technologies, explains why drone threats demand a fundamentally different security mindset, one that treats uncertainty as risk and resilience as non-negotiable.

You describe aerial threats as a fast-emerging national security vector. Technically, what are the core detection challenges with low-cost civilian drones (RF fingerprinting, visual tracking, and multisensor fusion), and how do you balance detection sensitivity with false-positive rates in dense urban environments where benign drone activity is common?

When we are protecting critical assets, sensitive locations, or high-profile individuals, there is no room for uncertainty. In restricted or no-fly zones, any drone activity must be treated as a potential threat. The assumption that most drones are benign does not apply here; these areas prohibit drone operations entirely. Adversaries today can easily deploy off-the-shelf commercial drones, modified platforms, or more sophisticated systems with payloads.

At the moment of detection, it is impossible to reliably assess intent. Because of this ambiguity and the potentially severe consequences, counter-drone systems are built to prioritise early, high-sensitivity detection and rapid response. In high-consequence environments, sensitivity levels are deliberately elevated to minimise the risk of missing even a single hostile drone.

Pelorus combines real-time interception capabilities with digital forensics. How do you architect systems that support immediate threat mitigation while preserving chain-of-custody and forensic integrity for subsequent legal or investigative use, especially when countermeasures may physically destroy evidence?

This requires a multi-pronged, resilient investigative approach. We cannot depend on a single source of evidence or assume that physical or digital artefacts will remain intact. Adversaries often attempt to destroy physical evidence, erase digital traces, or tamper with indicators immediately after an incident. However, even when primary evidence is removed, activity inevitably leaves footprints across multiple layers. These include sensor data, system logs, network and IP-level artefacts, access records, timing patterns, and operational actions. Efforts to wipe one layer typically generate traces in another.

Investigations, therefore, are never conducted from a single vantage point. It is a continuous cat-and-mouse process, built on correlating independent data sources to reconstruct events, validate sequences, and establish accountability even when direct evidence is intentionally eliminated.

AI models for threat detection often require large, labelled datasets from real incidents. Given the sensitivity and scarcity of such data, how do you collect, curate and validate training data without compromising operational secrecy or biasing models toward specific threat profiles?

These systems are typically deployed on-premises, within the customer’s own infrastructure. Any training, fine-tuning, or validation that involves customer data remains entirely inside their environment and never leaves their control. Operational secrecy is preserved by training models locally using the customer’s data, internal policies, and real threat conditions. No sensitive incident information is centralised, pooled, or shared outside the customer’s secured environment.

Interoperability with existing defence, police and civilian airspace management systems is critical. What integration standards, data-sharing protocols or APIs are necessary for coordinated detection, no-fly enforcement and civilian safety, and where are current gaps in India’s drone governance ecosystem?

We do not define our own operational rules. We follow the rules, policies, and legal frameworks of the end user. The solution is configured and supplied based on what the deploying agency or organisation is authorised to enforce.If the end user defines a no-fly zone, that no-fly zone is enforced. Systems are designed to support detection, alerting, and response in line with those requirements.

⁠⁠Counter-drone measures can have collateral effects (communications disruption, privacy intrusions, or harm to bystanders). What ethical, legal and risk-mitigation frameworks should agencies adopt before deploying interception technologies at scale, and how do you design technical safeguards to minimise unintended harm?

Collateral effects depend on the operating environment and the counter-drone measures used. In border or remote areas, communications disruption may already be present from both sides, so additional impact can be limited. In urban or civilian areas, stricter controls are required. Safeguards are built into both policy and technology. These include geographic constraints, controlled power levels, time-bound activation, and explicit operator authorisation. Measures are selected based on risk, surroundings, and consequence.

As Pelorus expands into enterprise sectors (finance, healthcare, critical infrastructure), what does an enterprise threat model for aerial risks look like, and what organisational changes from incident playbooks to procurement and insurance should CISOs and boards prioritise to operationalise aerial cybersecurity?

Large private enterprises and critical infrastructure operators now function as essential national assets. Their services across finance, energy, telecom, transport, and digital platforms are tightly linked to economic stability and public continuity. Any disruption can trigger wide-scale operational and economic impact, which is why they increasingly require the same level of protection and resilience as government facilities. Given the intensity of threats from both cybercriminal and state-backed actors, these organisations must maintain national-grade security standards and coordinate closely with government agencies to ensure uninterrupted operations.