China, the End-Pipe-Cloud Dossier: Systemic Vulnerabilities, Critical Dependency, and the Geopolitical Imperative of Autonomy in National LAIN

The Low-Altitude Economy (LAE) is recognized as a strategic pillar in China, qualifying as a key representative of "new quality productive forces" and a vital engine for achieving the national goal of technological self-reliance and self-improvement. This rapid expansion, encompassing the movement of drones and eVTOL aircraft, relies on the critical infrastructure known as the Low-Altitude Aerial Intelligent Network (LAIN). The China Industrial Internet Research Institute (Cryptographic Application Research Center, Ministry of Industry and Information Technology) has produced an analysis that classifies LAIN vulnerabilities as a direct threat to national and public security, particularly in light of risks stemming from critical dependence on imported technologies and the potential for exploitation in geopolitical rivalry. The detailed analysis of End-Pipe-Cloud risks reveals a complex threat matrix spanning the entire value chain, from physical hardware tampering at the terminal level and sensor deception, to radio link vulnerabilities and the leakage of strategic data from the Cloud.This makes the imperative of mitigating foreign risks and overcoming technological "bottlenecks" an absolute priority for Beijing.

Economic Foundation and Critical Infrastructure Status

The security risk analysis for the Low-Altitude Aerial Intelligent Network (LAIN) was developed by the China Industrial Internet Research Institute (Cryptographic Application Research Center, Ministry of Industry and Information Technology), lending its conclusions high institutional weight within the context of Chinese industrial and security policy.

The low-altitude economy has been recognized as a strategic emerging sector at the national level, included in the government work report for two consecutive years, with a focus reiterated in March 2025 on the necessity to "promote the healthy and safe development" of this sector. LAIN has been identified as the crucial infrastructure needed for the large-scale implementation of the low-altitude economy and for accelerating the development of new quality productive forces in China.

LAIN is defined as a complex Cyber-Physical System (CPS) that uses low-altitude aircraft (drones, eVTOLs) as core nodes. It relies on a highly reliable, low-latency, wide-coverage communication network, and integrates key elements like ground control units and Communication, Navigation, and Surveillance (CNS) systems to achieve integrated "air-ground-cloud" operations. Its core functions include real-time monitoring, precise positioning, efficient planning, and secure management of low-altitude air traffic.

With the rapid increase in the density and complexity of flight activities, LAIN has surpassed the role of a mere auxiliary technical system. It has evolved into a critical infrastructure fundamental to supporting the economic, safe, and efficient operation of low-altitude airspace.This evolution makes its security and stability an inescapable prerequisite for national development.

The Strategic Risk Vector and National Security

The inherently open, connected, and intelligent nature of the low-altitude network makes it an attractive and vulnerable target for cyberattacks. Threats range from cyberattacks and data breaches to signal interference and illegal intrusions.

System security failure, which could manifest through communication link hijacking or cloud platform compromise, is capable of causing flight control malfunctions and aircraft accidents.¹ The risk is elevated to the highest level of state concern: the consequences not only lead to operational losses and jeopardize the safety of ground personnel and critical facilities but can also directly threaten public safety and even national security. This concern is intrinsically linked to Chinese strategic goals.

The low-altitude economy, as a vital engine for promoting high-quality economic development and achieving the national goal of technological self-reliance and self-improvement, must confront significant structural vulnerabilities. China faces a substantial dependence on imports for critical technologies, such as aero-engines (with dependence reaching 67.08%), and exhibits low localization rates for precision components. These deficits in the supply chain are perceived as clear vulnerabilities that could be exploited in a context of geopolitical rivalry, making the analysis and mitigation of foreign risks an absolute strategic imperative for LAIN security.

In a geopolitical context where technological superiority and control over digital infrastructure are essential, the in-depth analysis of LAIN security challenges and the resulting proposal for countermeasures represent not just a theoretical exercise, but a requirement of "urgent practical importance" to ensure the secure, stable, and sustainable development of the low-altitude economy.

Functional Architecture: The "End-Pipe-Cloud" Framework

The typical LAIN architecture, essential for analyzing risk propagation, is structured across three layers that enable digital, networked, and intelligent management.

• Perception and Control Layer (Terminal - End): This is the physical and operational layer. It includes all low-altitude aircraft (drones and eVTOLs) and their on-board systems, including the flight control system, navigation modules, mission payloads, and communication modules. It forms the physical foundation responsible for executing missions and collecting environmental data.

• Network and Transmission Layer (Pipe): This acts as the data transmission link, utilizing advanced wireless technologies such as 5G/5G-A and satellite communications. Its function is to create a stable and reliable link between the Terminal and the Cloud for transmitting control commands and telemetry data, and it is critical for ensuring the system's real-time performance and reliability.

• Supervision and Service Layer (Cloud): Defined as the network's "brain" and "command center." It refers to the management service platform residing in the cloud. Its main functions include drone identification, flight plan approval, dynamic airspace management, real-time flight path monitoring, data storage and analysis, and industry application services. Its compromise directly impacts the order and stability of the entire low-altitude transport system.

Strategic Vulnerabilities: The "End-Pipe-Cloud" Risk Matrix

The risk analysis reveals a complex matrix of vulnerabilities that spans the entire LAIN architecture.

Perception and Control Layer (End): Terminal Risks

The security risks at the terminal level for low-altitude aircraft, typical of a Cyber-Physical System, are categorized into four critical sub-levels: hardware, firmware, system software, and perception/control.

Hardware Level Risks: Supply Chain Vulnerability

Hardware is the physical foundation of system trust, and risks stem from physical tampering and supply chain vulnerabilities.

• Physical Tampering and Lack of Integrity Verification: If the core hardware components of drones (such as microcontrollers and sensors) lack unique identifiers (based on PUF) or integrity verification mechanisms using secure chips, the system is defenseless against physical tampering, component replacement, or the installation of malicious logic. Attackers can directly damage or modify circuits through physical contact, fundamentally undermining higher-level security protections.

• Supply Chain and Hidden Trojan Risks: A strategic risk involves the malicious implantation of hardware Trojans or backdoors in critical components during the chip design, production, or assembly phases. These "latent" threats are designed to bypass traditional software protection systems and can be remotely activated under specific conditions, leading to information leakage or loss of operational control. The difficulty in tracing the origin of such attacks suggests the possibility of long-term sabotage or espionage by sophisticated actors.

Firmware Level Risks: Operating System Hijacking

Firmware acts as the bridge between hardware and software, and its vulnerabilities can disrupt the system's chain of trust.

• Insecure Boot and Bypass: Many devices, particularly low-cost or open-source solutions, do not implement a complete, reliable boot chain. If the bootloader fails to rigorously verify the digital signatures of the subsequently loaded flight control code or operating system, attackers can use physical debugging interfaces (JTAG, SWD) to flash malicious firmware, achieving persistent control and system hijacking.

• Update and Rollback Vulnerabilities: The lack of reliable signature verification during updates allows the injection of malicious code via falsified packages. The absence of a rollback prevention mechanism also allows attackers to downgrade the firmware to older versions with known vulnerabilities, which they can then exploit to launch attacks.

• Reverse Engineering and Credential Leakage: Developers often embed hard-coded passwords, API keys, or sensitive server addresses in the firmware for debugging convenience. By reverse engineering the firmware, attackers can easily obtain these credentials and use them to launch coordinated attacks against communication links or cloud platforms.

System Software Level Risks

This layer consists of the RTOS, middleware, and on-board applications, with a strong reliance on third-party components.

• Memory Security Vulnerabilities: Vulnerabilities such as buffer overflow and integer overflow in on-board software (e.g., image processing modules) are critical entry points. Attackers can exploit these vulnerabilities by crafting targeted network packets or data files, allowing for arbitrary code execution and complete control over the aircraft.

• Third-Party Software Dependencies: Extensive reliance on open-source libraries and third-party software introduces the risk of known or unknown vulnerabilities. If a high-risk vulnerability is discovered in an upstream component of the supply chain, the entire aircraft ecosystem is exposed to the risk of systemic attack.

Perception and Control Level Risks: Deception Attacks

These risks directly target the sensors and flight control algorithms.

• Navigation System Deception (GPS Spoofing): This attack involves transmitting falsified, higher-power GPS signals to overpower authentic satellite signals. The drone's navigation module thus receives incorrect information about position, speed, and time, causing deviation from the planned trajectory, illegal entry into restricted zones, or execution of incorrect return or landing maneuvers.

• Sensor Interference and Deception: Attackers can use intense lights or lasers to "blind" cameras, or specific electromagnetic waves to interfere with radar or ultrasonic sensors. This leads to the loss of environmental awareness and the ability to avoid obstacles. Additionally, attackers can inject falsified sensor data to mislead the flight control system.

• Algorithmic Tampering (Algorithm Poisoning): If attackers gain access, they can tamper with vital parameters in flight control algorithms (such as PID or Kalman Filter) or security databases (like geofence settings or return altitude). The direct injection of malicious data into the algorithm can cause abnormal flight attitudes, system instability, or loss of control and eventual crash.

Network and Transmission Layer (Pipe): The Radio Link Vulnerability

This layer is exposed to risks arising from the open nature of communication links, subdivided into the core link and cluster communication.

Core Link Communication Security Risks

The wireless channel between the aircraft and the ground station/cloud is a primary target for interception and hijacking.

• Weak Encryption and Plaintext Transmission: The use of weak encryption algorithms or the transmission of critical commands in plaintext makes data vulnerable to wireless sniffing. Sensitive information such as flight control commands and flight status can be easily obtained by attackers.

• Lack of Bidirectional Authentication: The absence of mutual authentication between the control unit and the aircraft enables man-in-the-middle attacks and impersonation, allowing the injection of false commands.

• Insecure Protocols: Communication protocols lacking effective integrity checks and anti-replay mechanisms allow attackers to alter commands or replay old commands, causing the execution of unexpected actions.

• Frequency Band Interference and Congestion: In open and congested frequency bands, attackers can use high-power signals (jamming) to block or interfere with communication. This can lead to link interruption, loss of contact with the drone, or unwanted activation of emergency flight behaviors.

Ad-hoc Cluster Communication Risks (Swarm Risk)

Aircraft operating in clusters use mobile and decentralized ad-hoc networks for collaboration, exposing the architecture to specific threats, particularly severe in high-value scenarios.

• Access and Identity Risks: In dynamic decentralized networks, the lack of bidirectional authentication and trusted credentials allows attackers to impersonate nodes, steal sensitive information (like mission planning), and send false commands. This can induce drones to break formation or deviate from the route, disrupting collaboration.

• Transmission and Data Risks (DoS, Black Hole): Attackers can use attacks such as Denial of Service, route deception, black hole attacks, and wireless interference or data tampering to deplete bandwidth, forge paths, or alter data. Consequences include cluster communication interruption, formation instability, obstacle avoidance failure, and potential collision risks. Furthermore, the tampering or delay of data received by the ground station compromises the accuracy of command decisions in critical missions (e.g., emergency rescue).

• Collaborative Control and Swarm Intelligence Algorithm Risks: By injecting false data (e.g., locations or obstacles) into the collective intelligence algorithms, attackers can induce swarms to make systematic errors. This can cause the group to collectively deviate from the route or illegally enter restricted zones. The report emphasizes that this scenario severely threatens flight safety, with particularly serious consequences in sensitive scenarios like military or border operations.

Supervision and Service Layer (Cloud): The Strategic Data Hub

As the low-altitude economy transitions towards service-oriented operations, the Cloud platform manages a massive amount of sensitive data (flight paths, commands, user information) and becomes a high-value target for network attacks.

Identity Authentication and Access Control Risks

The authentication module is the first line of defense for ensuring legal access and operations.

• Identity Forgery and Illegal Access: Weak authentication mechanisms (e.g., lack of bidirectional certificates or use of weak passwords) allow attackers to forge the identity of operators or drones to register and execute unauthorized missions, creating disorder in the airspace.

• Confused Permission Management: The irrational assignment of permissions or the presence of access vulnerabilities can allow low-privileged users to access critical functions (such as modifying geofence rules or approving flight plans), leading to a loss of management control.

• Missing API Authentication: If open API interfaces lack strict controls (access tokens, rate limiting, identity constraints), they can be abused for massive data collection or malicious scanning attacks.

Data Security and Privacy Leakage Risks

The Cloud platform stores and manages sensitive and strategic data.

• Unencrypted Data Storage: Sensitive data such as flight paths, telemetry, and high-definition images are often stored in plaintext. In the event of a platform breach, attackers can directly steal large volumes of geographical information, infrastructure mapping, and personal user data. The leakage of trajectory and surveillance data transforms the Cloud into a target of high-level strategic intelligence.

• Loss in Transmission: The lack of end-to-end encryption in data exchange between the Cloud, ground stations, and third-party systems exposes data to interception by man-in-the-middle attacks.

• Third-Party Risks: The necessity of connecting to third-party services to support industry applications introduces a risk of leakage. Without robust data desensitization mechanisms, access audits, and binding security agreements, data may be illegally retained or resold.

System Availability and Business Continuity Risks

The open nature of Cloud services exposes the platform to risks that can cause operational paralysis.

• DDoS Attacks: Attacks involving a high volume of requests can overload the Cloud entry point, slowing down or disrupting services. This results in large-scale failure of key functionalities, such as real-time monitoring and flight plan submission, potentially causing paralysis of low-altitude air traffic management.

• Critical Function Tampering: Exploiting system vulnerabilities or compromised administrator credentials, attackers can alter vital configurations, such as geofence rules or airspace configurations, inducing drones to violate restricted areas or generate route conflicts.

• Lack of Disaster Recovery: The absence of regular backups and emergency recovery plans exposes historical data to permanent loss in case of ransomware attacks or physical damage. This compromises the capacity for forensic analysis of incidents and regulatory compliance.

Platform Vulnerability and Software Supply Chain Risks

Vulnerabilities can reside in the platform's proprietary code or the external components it depends on.

• Proprietary Software Vulnerabilities: The presence of unpatched high-risk vulnerabilities (such as Remote Code Execution or SQL Injection) in the Cloud's operating system, middleware, or application components can be exploited to gain system-level control.

• Software Supply Chain Attacks: If third-party components, development tools, or operating systems that the platform relies on are compromised, seemingly "legitimate" update packages can contain backdoors. These backdoors facilitate long-term infiltration and lateral penetration within the system.

The Three Systemic Bottlenecks: Regulation, Technology, and Human Resources

Beyond the direct technical risks, the MIIT analysis identifies three systemic challenges that inhibit the effective construction of a comprehensive security system for LAIN.

Regulatory Lag and Institutional Fragmentation

The security framework for low-altitude airspace in China is still under construction, with regulations and standards failing to keep pace with rapid technological evolution.

• Lack of Specific Regulations: Although fundamental cybersecurity and data security regulations exist, specific administrative or departmental regulations for LAIN network and data security are missing. Current regulations primarily focus on flight safety and equipment management but fail to systematically define security responsibilities, data classification and grading, and cross-border data flow along the complex "End-Pipe-Cloud" architecture.

• Inconsistent Technical Standards: Current network and data security standards are fragmented, dispersed across regulatory documents from various entities. These standards lack coordination, are often only recommendations, and lack binding force. A system of mandatory technical specifications covering the entire security chain, including communication protocol authentication, encryption, and data desensitization, has not been formed, hindering large-scale development.

• Absence of Inter-Departmental Coordination: LAIN security involves multiple departments, including industry (MIIT), civil aviation, public security, and cyberspace. The lack of a unified coordination mechanism and clear division of responsibilities leads to "siloed" enforcement and standard formulation. Ambiguity over rights and responsibilities in cross-border or emergency response scenarios restricts the effectiveness of integrated security governance.

Insufficient Security Technology Innovation (The Bottleneck)

Innovation in low-altitude security is lacking, particularly concerning technological autonomy.

• Critical Foreign Dependence (The Bottleneck): China faces "bottleneck" (卡脖子) issues in key areas, including high-performance aviation-grade chips, highly reliable flight control operating systems, and industrial simulation software.¹ The extensive adoption of foreign products in these strategic domains introduces the possibility that hidden backdoors or unknown vulnerabilities could be implanted and remotely activated. This risk raises a high level of concern, as remote activation could lead to data leakage or the loss of control over entire fleets, reinforcing China's imperative to achieve technological autonomy (自主可控).

• Insufficient Research for Advanced Defense: Security research is often superficial, lacking indigenous tools for automated and large-scale firmware vulnerability analysis and extraction. Effective defenses against deep threats like signature bypass and bootloader tampering (End risk) are missing. Furthermore, studies on anti-interference and anti-deception (anti-spoofing) for navigation in complex electromagnetic environments are insufficient, and emerging technologies like post-quantum cryptography or network inherent security have yet to yield practical solutions.

• Lack of Defense Against AI and Coordinated Attacks: The existing defense system is unprepared to recognize and block advanced AI-based threats, such as visual deception or sensor poisoning. Mature mechanisms for detecting and responding to complex attack modalities, such as coordinated drone swarm attacks or algorithmic poisoning of the cluster (Pipe risk), do not exist.

Structural Shortage of Specialized Personnel

The shortage of talent represents a significant limitation for LAIN security development.

• Extreme Scarcity of Composite Talent: LAIN security requires highly interdisciplinary skills that intersect aeronautical engineering, communication technology, artificial intelligence, and cybersecurity. The reserve of personnel with a cross-domain knowledge system and practical capabilities in these areas is extremely scarce, constituting a key "bottleneck" that limits sector expansion.

• Training Disconnect: Traditional university educational models are segregated, with aeronautical schools focusing on aerodynamics and flight control, and computer schools focusing on software and network. There is a lack of programs that closely integrate these fields, particularly in the practical areas needed by the industry, such as embedded firmware security, embedded system security, and radio frequency security.

• Difficulty Retaining High-Level Experts: The cybersecurity sector itself is highly competitive and characterized by high personnel mobility. LAIN security, being an emerging and technologically intense cross-domain, faces even greater challenges in attracting and retaining top experts, requiring competitive compensation policies and a favorable research environment for innovation.

Strategic Conclusions: The Need for an Integrated Systemic Approach

The Low-Altitude Aerial Intelligent Network (LAIN) is critical infrastructure for the Chinese low-altitude economy. Its intelligent and interconnected development via the "End-Pipe-Cloud" architecture introduces a complex chain of risks that, if exploited, can jeopardize public and national security. Vulnerability extends from hardware tampering and algorithmic poisoning at the terminal level, to signal interference and swarm attacks at the network level, up to the leakage of strategic data (trajectories, images) at the cloud level.

To address this challenge, the China Industrial Internet Research Institute document emphasizes the need for a systemic approach that integrates development and security (joint development) and focuses on overcoming structural limitations in regulatory, technological, and human capital domains.

The Three Strategic Action Vectors (MIIT)

To ensure that this engine can operate in a stable and sustainable manner for new qualitative productive forces, the China Industrial Internet Research Institute proposes measures in the following three strategic areas:

1. Strengthen the Regulatory and Institutional Framework.China should accelerate the creation of specialized (administrative/sectoral) regulations for network and data security LAIN, clearly defining responsibilities and standards for data classification and cross-border flow. At the same time, it is necessary to build a unified and mandatory system of technical standards and establish a permanent interdepartmental coordination mechanism (involving MIIT, Aviation, Public Security, and Cyberspace) to ensure integrated and cohesive governance.

2. Achieve Technological Autonomy (自主可控). National resources must be focused on overcoming bottlenecks in key technologies, such as high-performance aerospace-grade chips, reliable flight control operating systems, and industrial simulation software, in order to raise the intrinsic level of security in the sector at source. Research must be stepped up to develop indigenous solutions for lightweight encryption, anti-spoofing navigation, and defense against advanced AI-based attacks (such as algorithmic poisoning and coordinated swarm attacks).

3. Develop a Specialized Workforce:Beijing should create innovative training models that deeply integrate aeronautical engineering, communications, artificial intelligence, and cybersecurity, bridging the gap between traditional academic training and the practical needs of the industry. 1 Targeted incentives and collaboration between academia and industry are key to attracting and retaining the composite experts needed to build and operate an effective defense-in-depth system across the entire End-Pipe-Cloud chain.