Drone incidents are on the rise. Recent high-profile events have started to show the potential damage and threat that drones can pose to governments, commercial organisations and through targeting individuals. This is not unexpected. Security experts have long been talking about the threats and disruption they can cause through accidental or criminal activity. This poses a challenging problem as there are no simple solutions that can solve, prevent or negate the threat. The release of the UK Counter Unmanned Aircraft Strategy this week is a step in the right direction. However, more must be done across government and industry to address the problem. In the following article WA considers how government and commercial organisations should respond to the growing disruption and impact that drones can cause.
The Evolving Threat
Since the beginning of 2019 there have been a number of high-profile drone attacks that have targeted critical infrastructure. There are also numerous examples of drones being used by organised criminal entities for surveillance purposes, attack delivery and transportation of illicit materials. The graphic documents some of the most widely reported incidents over the last three years and highlights both the threat and disruption caused by drones.
Two high profile events in 2019 have changed how the security industry talks about counter drones: the incident at Gatwick Airport at the beginning of the year that caused around 1,000 flight cancellations and affected nearly 150,000 passengers; and the targeted attack on the Abqaiq and Khurais oil facilities in Saudi Arabia that disrupted over half of the country’s oil production in September.
Both resulted in serious financial consequences, disruption and threat to life. The Gatwick incident reportedly cost airlines in the region of £50 million , Gatwick Airport around £1.4 million, whilst Sussex police spent over £700,000 on the operational response and subsequent investigation. The attack in Saudi Arabia prevented 5.7 million of crude barrels being produced, caused oil prices to increase, and it is reported that full operational capacity will not be restored until November. Both prompted government intervention and investment of more advanced counter drone technology. They also served as a stark warning to all other operators of critical infrastructure that they could also be targeted.
Whilst these were clearly well planned and targeted attacks, the vast majority of drone incidents remain accidental and originate from users who do not realise they are breaking the law or operating drones in restricted areas. Most drone users comply with legislation and operate them in a responsible way. The increasing use in industries such as aerial filming, surveying, search and rescue as well as the consumer recreational market will see significant growth in the number of drones over the next five years. The increasing numbers and availability of more advanced systems will drive potential threats to organisations and infrastructure, both through intended criminal activity and accidental misuse.
Unsurprisingly, media reported incidents are those that target critical infrastructure or pose national security issues. Less reported are the more innovative ways that criminals are using the new technology against corporations. Examples include:
Reconnaissance missions: usually a criminal, foreign or terrorist organisations planning a large-scale attack will take 6-8 reconnaissance missions to plan and coordinate it. Traditionally this has had to be carried out in person and has increased the risk of being caught or spotted. Use of drones reduces this risk and helps bypass counter surveillance measures.
Corporate espionage: Deploying drones to survey sites or gather information on operations, presentations, intellectual property or other corporate information
Attacks on IT and Wi-Fi Networks: Drones that can fly into a Wi-Fi range with technology on board that can connect to a corporate network, manipulate Wi-Fi or run attacks on the IT system are growing. As more organisations move to digital operations that rely on Wi-Fi over wired connectivity, drones with jamming systems become an increasing threat.
These evolving threats have been the catalyst required for government and organisations to review their threat assessments, security plans and response to drone incidents.
Addressing the Issue
Providing a solution is complicated. There are several legislative, technical, policy and cost challenges that must be considered.
Firstly, legislation needs to be refreshed to match the existing threat. This is challenging as it remains illegal in many countries for people or organisations to shoot down any aircraft except for the police and military. Whilst there are many reasons why these laws are sensible and proportionate, more regulations and legislative guidelines need to be developed to give greater clarity on how to address the drone threat.
Policy is another area that needs further development across the world. Countries are beginning to engage more seriously with the issue. In October 2019 the UK government released the Counter-Unmanned Aircraft Strategy. The government is the first to provide such clear guidance. The strategy outlines four main objectives[1].
1. developing a comprehensive understanding of the evolving risks posed by the malicious and illegal use of drones
2. taking a ‘full spectrum’ approach to deter, detect and disrupt the misuse of drones
3. building strong relationships with industry to ensure their products meet the highest security standards
4. empowering the police and other operational responders through access to counter-drone capabilities and effective legislation, training and guidance.
The implementation of this strategy is significant. They are the first government to take this approach, and through the Centre for Protection of National Infrastructure (CPNI) provide a set of standards that helps inform the counter drone industry. Other countries are closely monitoring how successful their approach is, and where appropriate, beginning to follow suit.
Critically the strategy acknowledges that there is no technological ‘silver bullet’ for the problems that drones can cause. It goes on to outline commitment to develop regulation, legislation and standards to work closely with the counter drone industry to help implement more measures and capabilities that can increase protection and improve the response to illegal drone activity.
Counter drone technology has developed in response to the threat, but issues remain with deployment and success in an operational environment. The Counter drone industry has seen significant growth over the last year and is already a crowded and complex market space. The Centre for the Study of the Drone at Bard College report that there are already over 235 C-UAS products from 155 manufacturers on the market and this is growing. This can create confusion for end users and buyers as suppliers rush to promote different products and services which results in information overload and buyer confusion.
The market can be broken down into two main capabilities: detection and interception.
Solutions that help to identify, monitor and detect include acoustic, radar, elector-optical, video and infrared technology. In addition, Geofencing creates a virtual barrier to prevent consumer drones flying in restricted airspace. This is implemented by most large drone manufacturers but can be disabled.
When it comes to interception and eliminating the threats there are more complicated issues to address. The table lists the systems that are available on the market and the challenges that they face. For example, RF Jamming can be effective but requires line of sight of the drone, may cause wider disruption RF channels, could lead to collateral damage when it falls from airspace and has legal implications.
Despite these challenges, there are industry solutions that help protect a range of sites and operations. High profile events have deployed counter drone systems, from NFL Superbowl, to World Economic Forum Events, to daily use at critical sites.
Whilst government and critical sites have budgets to invest in more comprehensive counter drone systems, commercial and corporate entities do not always have the level of resources they need to address the threat. However, there are practical steps that organisations can take to help prepare and better protect their operations, people and property. Drones provide a similar risk level to traditional threats but use a different method and operating environment that has previously not been a priority for security operators. However, they should be treated in a similar way, and to address the issue, security managers should follow a similar risk assessment and security operational procedure. The following outlines a suggested approach:
Preparation – Understanding their vulnerabilities and threat levels is critical
In its simplest form, security is about problem solving. It is incredibly difficult to solve or prevent a problem if you don’t fully understand what that problem is, or the impact that the problem may have. In many cases the drone threat has not been fully investigated and organisations have usually reacted to the threat following incursions or incidents, rather than being proactive.
Organizations must complete a threat assessment that provides full situational awareness of the size, scale and risk of the drone threat to their operations. This can be done by assessing the frequency and timing of incursions and the model of the drone that is being used.
Dedrone, a counter UAS organisation puts this approach at the core of their engagements with clients. They provide solutions that detect and identify drones in lower airspace. They are focused on providing security teams with a clear picture of how drones are affecting organisations and then working towards building plans to remediate threats and protect the organisation moving forward.
Once organisations understand the threat level to their organisation, then steps can be taken to manage the risk.
This does not always involve huge investment and complex technology. It could involve some simple passive counter measures such as shutting blinds, changing routines, picking closed locations for meetings with sensitive conversations or presentations.
If the organisation needs to implement more comprehensive counter drone defence then they should consider what they are trying to achieve – detection, elimination, interception or an end to end solution. When going through this process there are some key considerations
Key Considerations:
Choosing the right solutions for your operating environment and threat level – ensure that the technology chosen can solve the problem and is effective in your operating environment.
Creating a clear and realistic budget that allows investment in proven technology.
Planning for scalability – the threat will evolve, and organisations will need a solution that can grow with it.
Mapping the solution to your standard operational procedures - making sure that it is integrated with the security operations including video surveillance, control rooms and security officers. Ensure that simple measures are encouraged. For example, in initial training it is rare that security guards are told to look up and check the sky.
Ensuring value for money – make sure that the solution is cost effective and can demonstrate a solid return on investment.
Engaging stakeholders – the problem will not simply be solved by technology. Relevant stakeholders across the organisation need to be educated on the threat levels, procedures and what to do in the event of a drone incident. This should be incorporated into the Business Continuity and Crisis Management plans.
Westlands Advisory is happy to provide more information to organisations that need advice on how to better protect against drone threats. Please feel free to get in contact via the following email:
Info@westlandsadvisory.com or contact
Anthony Leather directly Anthony.leather@westlandsadvisory.com
[1] Counter-Unmanned Aircraft Strategy, October 2019, https://www.gov.uk/government/publications/uk-counter-unmanned-aircraft-strategy