How to Adapt Your Security Solutions for Drone Threats
Drones pose a greater security risk than most think. Integrators can help organizations adapt procedures and arm themselves with the latest detection technologies.
Perimeter security faces a new foe — drones. Security systems are the result of investment in risk assessments, system design, integration and testing and training. Yet, $500 in electronic parts and some clever assembly will build a drone that flies over every secured perimeter.
Drones already pose significant threats, and both frequency and severity point to increasing risk. While media outlets tend to discuss the very low risk of an explosive payload, sensitive industrial and other facilities are at risk every day from drones watching, listening and trying to penetrate digital assets.
Drones are not just the new threat of the day — they represent cause to evaluate all aspects of perimeter security. We’re going to delve into three interrelated aspects to adapting to this new threat, which security providers and their end customers must be aware of:
- Legal and regulatory obstacles to formulating response protocols for unauthorized drone overflight
- New software and sensors that integrate with existing perimeter security systems are needed to detect, track and identify drones in restricted airspace
- More subtle, yet perhaps the most challenging — adjusting processes and procedures to a much broader spectrum of “intruders.”
Legal and Regulatory Constraints
There are two important considerations relative to response protocols for unauthorized drones. First, the definition of “aircraft” has no size limitations. Large or small, manned or unmanned, a flying machine is considered an aircraft by the FAA.
Just as there is no authority to interfere with a plane that flies over a restricted facility, there is no authority to act against a drone. If action is taken, the law is on the side of the drone operator, as defined in Title 18 of United States Code 32.
Second, even nonkinetic actions against a drone, such as interfering with operator-drone communications or sending new commands, are illegal. The FCC, under the Communications Act of 1934, prohibits interference with the electronic signal of equipment.
Essentially, the consequences for hacking a drone are no different than for hacking a computer or phone. The FAA Reauthorization Act of 2018 identified two federal agencies — the Department of Homeland Security (DHS) and Department of Justice (DOJ) — to more aggressively interdict drones through kinetic or nonkinetic means.
These and other agencies are evaluating and defining “no fly” zones around military and critical infrastructure facilities and considering new policies that will enforce broad electronic identification requirements on the drone industry and empower high risk facilities with interdiction capabilities.
Security organizations can’t sit and do nothing until all laws and regulations align, though. Now is the time for systems integrators and their clients to prepare. Assessment of drone risk requires a new set of questions and “what if ” sessions.
Data sharpens the assessment, which means the first step is evaluating and integrating sensors to detect, track and identify drones in your airspace.
There are complexities unique to drones to consider when drafting security policies for drone overflight, and security professionals and customers alike must start wrestling with them.
Assessing the Drone Threat Risk
Each end-user facility or complex will have its own risk assessment criteria, but the baseline assessment framework should hold consistent across any property being protected.
Consider the following threat scenarios individually and in combination, and ask: How would this impact your conversation on drone risk?
- Personnel threat — location subject to high volume of drone flights with risk to those operating outdoors
- Optical drone threat — uses advanced optics to visually record activity
- Acoustic drone threat — uses directional acoustics to record sounds
- Cyber drone threat — quietly crosses perimeter, lands inconspicuously, gains network access
- Payload drone threat — locations with high smuggling/contraband risk, in or out
- Weaponized drone threat 1 — locations with high risk operations (energy, chemical, water, etc.)
- Weaponized drone threat 2 — locations at risk of drones carrying payload targeting people or facilities
For businesses conducting product development away from prying eyes, the optical threat may require extending the airborne sensor perimeter beyond the physical ground perimeter.
For secure locations located in and around towns and cities, the volume and/or frequency of drone overflight makes vigilance challenging; continuous response to nonthreatening incursion can have the same affect as false positives, building human response behaviors contrary to system design.
Drone risk assessment exercises for commercial facilities have few historical references or market comparatives, but the risk is clearly building.
Evaluating risk begins with building data histograms of drone overflight, which requires adding detection and tracking capabilities to perimeter security systems.
Drone Detection Technologies
There are many counter-drone “systems” on the market, but most installations will integrate new detection and tracking sensors into existing VMS-based security systems. There is no single sensor or software that, alone, will be the answer.
Successful deployments will layer different sensors. Drones can be defined as either cooperative or noncooperative. Cooperative drones are unmodified by the owner, using the radio communications frequency and identification settings as defined by the manufacturer.
Noncooperative drones are either modified to communicate in spectrum not defined for drone operation and therefore unable to be detected by RF sensors or avoids radio communication altogether by flying predefined routes or by optical waypoint. Noncooperative drones also include homemade aircraft, which are neither complicated nor costly to build.
The following software platforms and sensor technologies should be evaluated for detecting drones in the airspace:
Geo-fencing: Many manufacturers are building electronic boundaries into drone operating software. These geographically defined fences would not allow a drone to be flown into a predefined area, such as near an airport or military base. These restrictions can be defeated with software.
UAS Traffic Management (UTM): Regulatory authorities in many countries are defining a traffic management system for drone operation, which has been maturing across tests and deployments. UTM will create a data structure for drone airspace traffic information. This data might be a useful addition for security operations centers with consistent drone operations nearby.
Remote ID: Though not formally adopted, it is highly likely that regulatory agencies will require all commercial and consumer drones to broadcast a unique identification code. Coupled with required drone registration, this provides a tool for law enforcement to identify drone operators and define the data for UTM.
Radio Frequency (RF): Nearly all purchased drones use radio communication in one of the designated frequency bands. This communication can be detected by RF sensors and can identify a specific drone and operator and, in many cases, the operator’s location. Areas with dense WiFi will impair sensor performance, though, such as found at stadiums and urban environments. A single RF sensor deployment is among the least expensive methods to quantify the drone overflight problem.
Acoustic: A passive sensor listening for drone sounds, its performance can be compromised by nearby ambient noise. Best for very quiet and remote locations, if used at all.
Optical: High definition pan/tilt/zoom (PTZ) EO/IR cameras can be trained by other sensors to a specific set of airspace coordinates to identify objects of interest, but otherwise the small size and high speed of drones renders general purpose security cameras useless for primary detection. PTZ cameras are an essential second layer in the counter-drone sensor array. The security system will need to support sensor-to-sensor communication, so data from first layer sensors can direct second layer PTZ cameras.
Radar: This sensor was created to detect and track aircraft and works in all weather conditions and environments. Radar is the best detection and tracking layer, as the coordinates provided in radar data are ideal for cueing optical sensors to gain positive ID of the aircraft. Radar can also be used to extend or augment ground perimeters, as it can detect humans and vehicles at long distance. Radar data is admissible in legal proceedings against offending drone operators.
Drones: Drones with sensors patrolling a perimeter while streaming data back to operations centers can be excellent situational awareness tools. The same sensors and software noted here, however, can also be purchased and used to detect and track security drone flights by those with criminal intent, which can mitigate the effectiveness of security drone flights.
The preferable configuration uses radar as the primary airspace detection layer, integrated into the VMS system, cueing PTZ cameras to create a robust detection, tracking, and identification airspace surveillance system.
Ground security perimeters are designed to minimize inadvertent approaches, resulting in response protocols assuming most perimeter violations are intentional. But the vast majority of drone instances are harmless yet frequent and unstoppable.
The challenge will be tailoring response protocols (see below). The only available recourse for unauthorized drone overflight is to contact local law enforcement.
In reality, prosecution of innocuous if bothersome drone overflight seldom happens. If the operator can be known, a policy of community outreach and communication is usually sufficient to change operator behavior.
Drones operated with criminal intent are more worrisome. The threats outlined show drones can pose significant dangers to businesses and the wider community and should be a strategic focus for every organization’s security operations.
The Spectrum of Drone Operation
How can security providers and their customers know what level of risk a drone poses? That can be difficult to deduce, but these graphs offer insights into certain aspects to be considered.
Figure 1 defines a spectrum for considering drone operator types and profiles. Unlike the ground plane where intent can be determined by several system and human factors, the range of drone operators without illicit intent obscures and covers for those seeking to spy or cause harm.
A human or vehicle advancing on a highly secure perimeter is infrequent and the intention can be deduced from course and speed. It’s nearly impossible to determine whether a drone with a camera is crossing a perimeter intentionally or carelessly. And is it really carrying a camera and only a camera?
Figure 2 defines the risk of noncooperative aircraft from this operator spectrum, noting that the presence of a noncooperative drone does not necessarily imply criminal or malicious intent. It could simply be a hobbyist with the skills to build a drone at home.
Response protocols for drone overflight must consider the range of potential drone operators for ongoing training, so that innocuous perimeter violations do not lull security into a sense of complacency.
Leo McCloskey is Vice President of Marketing for Echodyne.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!