IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
With an increasing number of drone-based threat events to critical infrastructure taking place, Mary-Lou Smulders, Dedrone, provides a five-step programme for organisations to make their facilities more resilient to potential attack.
Although drones have countless legitimate uses, bad actors are increasingly using them to damage physical infrastructure, or as a means to breach cyber defences, prompting the FBI and DHS to categorise drones as among the top national security threats.
Without drone intelligence to determine airspace activity, critical infrastructure security teams are powerless against these drone threats. Counter-drone technology is an essential tool that addresses this hybrid threat landscape, and provides drone activity analytics, enabling security teams to secure and defend assets. Organisations should not wait for a crisis to occur, but rather, take proactive steps to avert a crisis and then use any future incident as an opportunity to showcase the strength of their security capabilities.
Building resilience against drone threats through airspace security intelligence
Private and public sector organisations can act today to understand security gaps in their airspace and then close them. Data collection with smart airspace security technology can begin immediately and without disruption to existing operations. Counter-drone technology is easily integrated into existing security infrastructure and can be installed at a critical infrastructure site in as little as 15 minutes.
The first step is to build airspace intelligence and create activity data sets and consequent analyses. Baseline assessments will quantify and define current drone activity including, the number of drones in the airspace, the types of drones, flight times, take-off areas and pilot locations. From there, organisations are able to identify the most vulnerable areas to protect.
Organisations then leverage this airspace security data to implement the following five best practices, as recommended by the U.S. DHS.
Step 1: Identify Priority Protected Areas
What are the most sensitive areas of your facility?
Drones provide a birds-eye view of a protected site, allowing the operator to locate vulnerabilities in security systems and exploit blind spots. By identifying airspace “zones” by level of operational disruption and severity, security teams can then determine the kinds of alerting and response protocols needed by zone, as well as response times.
Airspace security systems provide “reach-in-time” analytics during a live incursion, measuring the speed of the drone flight against the location of critical airspace.
Step 2:Build a Threat Profile with Airspace Security Intelligence
How significant is the drone threat at this facility?
How many drones are in your airspace? What times of day are they flying, for how long, and what kinds of drones are they? Where are they coming from and going to? Where are their pilots located?
Airspace security analytics will identify the Unmanned Aircraft Systems (UAS) platforms flown in your airspace, including their technical specifications, such as maximum flight time, speed, payload capacity, and range. By understanding the types of drones penetrating your airspace, security teams can build response protocols and adjust these SOPs in accordance with specific threat models.
Where are the pilots and what are they interested in?
Assess the local terrain to identify areas where drone pilots may launch, operate, and land their craft. Airspace security intelligence will display “hotspots” of drone activity, and then critical infrastructure security teams can build on this knowledge by cross-referencing drone activity with sensitive or vulnerable areas or even government-restricted flight areas.
Airspace security systems will differentiate between “friend and foe,” or identified, authorised flights, and unidentified, unauthorised, or potentially malicious flights. Needless to say, nefarious operators are unlikely to comply with airspace regulations
Step 4: Conduct Vulnerability Assessments and Define SOPs
Which SOP’s make the most sense for a specific facility?
After collecting information from steps 1-3, security leaders can solidify their standard operating procedures (SOPs). Response efforts should correspond directly with the drone threat. In this stage, security managers can determine SOPs based on specific vulnerabilities, including:
Facility Vulnerability: Airspace security analytics will reveal whether a specific part of the facility has different drone activity, and therefore, what sort of resources will need to be deployed to protect it.
Cyber/Communications Vulnerability: A drone near exposed communications infrastructure may interfere with emergency response efforts and must be accounted for during response planning.
Operations Vulnerability: Define how and where an unauthorised drone incursion may disrupt operational continuity.
Personnel Vulnerability: Airspace security programmes protect people from drone threats – whether a crowd of spectators at a public event, facility personnel, or onsite visitors. SOPs must account for how and where to move or shield individuals from a hostile drone.
Step 5: Review and Improve
How can security teams remain vigilant?
The picture is always clearer in the rear-view mirror. Post-event analyses or After Action Reports (AARs) determine where organisations can better deploy resources, react faster to specific scenarios, achieve security goals, and grow their understanding of how to prevent damage or disruption from a drone incursion.
Airspace security technology can also be used post-incursion as evidence in a prosecution to ensure such an event does not repeat.
There’s a drone at my critical infrastructure site – now what?Mary-Lou Smulders provides a five-step programme for organisations to make their facilities more resilient to potential attack.
IFSEC Insider
IFSEC Insider | Security and Fire News and Resources
Related Topics
‘Drones are five years ahead of autonomous cars’ – Justin Pringle on UAV threats and countermeasures
G4S in EMEA partners with Dedrone
Dedrone acquires counterdrone systems provider Aerial Armor