Public security threats and controls with IoT
Hi Hitesh, drones are indeed used to support sensitive services such as surveillance, search and rescue operation, or medical delivery. They are considered indeed IoT devices since they are formed by a piece of Hardware and Software and are equipped more often with sensors, GPS, Camera, Audio interface and of course they have a wireless communication to the ground control station or a remote control.
So like any IoT device, security threats could arrive from one of the following 4 domains (1- the IoT device itself (HW & SW) through physical or software attacks, 2- the communication/network (MiTM, sniffing, etc.), 3- the server collecting and analyzing the data (if applicable) and 4- the Application/remote control).
So the security controls or countermeasures must be implemented on all the levels to reduce the risks of a successful attack. As mentionned by Shahram above, a Trusted platform module could help in mitigating some Physical and Software attacks on the Software/Firmware side of the Drone, implementing a secure channel (integrity and confidentiality) could mitigate some attacks on the network, etc.
But as you can see these are still generic controls and you should understand that there is no one-size-fits-all solution which means vulnerabilities could be very specific to the protocols (e.g. MVLink), OS, Software, Crypto Library, etc. used and therefore a dedicated security risk analysis is the first thing to start with.
We, at Red Alert labs generate (to our customers) what we call a "Security Profile" including product type specific security controls adapted to the operational environment - An efficient way to avoid spending effort on a detailed security risk analysis.
I hope this helps !