The Low Observable Tactical Unmanned Air System (LOTUS) project is a €9.7 million initiative to create a Europe-wide, cyber-resilient unmanned aircraft with a stealth design. Funded by the European Commission (EC) through the European Defence Industrial Development Programme (EDIDP), the aim is that it will contribute to the competitiveness and growth of the European Union’s (EU’s) defence capabilities. Uniquely, it is being designed in the EU and made with mainly European parts.

RHEA System B.V. is part of the LOTUS consortium that is developing this next generation of tactical remotely piloted aircraft systems (RPAS). The 4-year project covers the design, production of prototypes and testing.

Lotus logo

Our role

RHEA is leading the cybersecurity-related activities and supporting the system engineering phases for both the avionics and ground station design by applying our concurrent design expertise, combining both to ensure ‘security by design’ from the start of the project.


LOTUS project start: December 2020
Duration: 45 months
Scheduled completion: 2024


The Hellenic (Greek) Ministry of Defence is the main stakeholder in this European Union ‘technology demonstrator’ project and is supported by the Cypriot, Spanish and Dutch Ministries of Defence.


LOTUS aims to produce an all-European, low-observable, airworthy and interoperable tactical RPAS targeted at intelligence, surveillance and reconnaissance (ISR) missions, with high survivability and advanced autonomy. Not only should it be stealthy and cyber secure, and provide near real-time information, it also needs to interoperate with several partner systems, be able to take off from official airports and all elements need to be retrievable.

The development will include:

  • A ‘mothership’ tactical RPAS equipped with ISR sensors, designed for low observability and high endurance, and able to protect itself against enemy threats
  • A system (swarm) of up to four tube-launched, foldable-wing drones, deployable from the mothership, to execute complex ISR missions while the mothership remains at a safe distance
  • On-board sensor data processing capabilities for target detection, recognition, identification and classification
  • A ground station.

Security by design

A cyber-resilient aircraft requires the highest level of cybersecurity to be built into the system, ensuring the data sent and received is protected.

The return on investment of incorporating the analysis of security requirements as early as possible in the development lifecycle of any system is well recognized, as the relative costs of making changes in any project increase significantly further through the lifecycle.

example image of a drone

The LOTUS project therefore aimed to incorporate a cybersecurity strategy from the early stages of the project. For this reason, we included several cyber risk analyses in the project plan. However, to apply the principle of ‘security by design’, the project went further and included the security assessment in the early design cycles, merging it with the concurrent design methodology to develop a process that enabled a full-scale cybersecurity evaluation early in the project. Our team:

  • Identified a risk methodology to use
  • Defined the scope of the risk analysis
  • Identified ‘attack trees’ that could affect the security of the RPAS and from those we selected the ones that were relevant for cybersecurity
  • Followed the design cycles and iteratively evaluated the risks against the identified threats
  • Finalised the risk assessment when the design was completed.

Applying security-aware concurrent design

Concurrent design is a method RHEA uses to accelerate the early stages of complex engineering projects. By bringing together key stakeholders, it is possible to develop an integrated, consistent design based on shared understanding and rigorous design decisions.

To include security considerations as part of the early-stage design process, the RHEA team modelled the threats using the MEHARI approach – a European, open source risk assessment methodology compatible with ISO 27001. This was used to assess three main categories of vulnerabilities:

  • Organizational/procedural
  • By design
  • Technological or related to implementation.

RHEA’s experts used our COMET™ software to model the system and its components as part of the concurrent design work. Then later in the process, our SACDP software was used to create a complete overview of cyber risks and identify critical security controls needed to harness and harden the aircraft.

A full description of the steps involved and the outcomes can be found in the report ‘LOTUS: Security Aware Concurrent Design’.


Using this combined approach, RHEA provided an overview of the security risks with a high level of detail that had significant advantages compared with a regular cybersecurity assessment:

  • High level of completeness
  • Awareness of security risks by all stakeholders
  • Full traceability, with clear links between airworthiness requirements, design components and cybersecurity risks
  • Identification of trade-offs, with the ability to identify the impact of design changes on security measures, and vice versa.

Next steps

The LOTUS project is scheduled for completion in 2024. RHEA Group will be involved in two more tasks in the next phases of the project:

  • Cybersecurity resilience testing of the ground station
  • Cybersecurity resilience testing of the navigation system.

Find out more

Read more about the LOTUS project, the approach and the outcomes in our report ‘LOTUS: Security Aware Concurrent Design’.

European Union flag This project has received funding from the European Union’s European Defence Industrial Development Programme under Grant Agreement EDIDP-ISR-TRPAS-2019-030