This study addresses the vulnerability of communications, navigation, and surveillance (CNS) subsystems in small unmanned aircraft systems (sUAS) to cyber threats—such as spoofing, jamming, and data tampering—under resource-constrained conditions, which jeopardize the safety of unmanned traffic management (UTM) ecosystems. The work systematically catalogs security vulnerabilities across the entire sUAS-UTM stack, spanning CNS, datalinks, perception layers, cloud interfaces, and software integrity. It proposes a unified threat and defense taxonomy tailored for resource-limited platforms, structurally mapping attack vectors and countermeasures according to technical objectives and operational impacts. By integrating lightweight cryptography, adaptive intrusion detection, and secure firmware management, the paper evaluates the scalability and practical efficacy of these mechanisms, thereby addressing gaps in existing surveys regarding systematicity and deployability, and identifying key open challenges for achieving secure, reliable, and scalable sUAS operations.

The rapid growth of small Unmanned Aerial Systems (sUAS) for civil and commercial missions has intensified concerns about their resilience to cyber-security threats. Operating within the emerging UAS Traffic Management (UTM) framework, these lightweight and highly networked platforms depend on secure communication, navigation, and surveillance (CNS) subsystems that are vulnerable to spoofing, jamming, hijacking, and data manipulation. While prior reviews of UAS security addressed these challenges at a conceptual level, a detailed, system-oriented analysis for resource-constrained sUAS remains lacking. This paper presents a comprehensive survey of cyber-security vulnerabilities and defenses tailored to the sUAS and UTM ecosystem. We organize existing research across the full cyber-physical stack, encompassing CNS, data links, sensing and perception, UTM cloud access, and software integrity layers, and classify attack vectors according to their technical targets and operational impacts. Correspondingly, we review defense mechanisms ranging from classical encryption and authentication to adaptive intrusion detection, lightweight cryptography, and secure firmware management. By mapping threats to mitigation strategies and evaluating their scalability and practical effectiveness, this work establishes a unified taxonomy and identifies open challenges for achieving safe, secure, and scalable sUAS operations within future UTM environments.