CISA promotes awareness and encourages partners to Be Air Aware by understanding the cyber and physical risks posed by unmanned aircraft systems (UAS). This page contains information on the UAS threat, legal considerations, and UAS cyber and physical risk mitigation guidance.
- What Is the Threat?
UAS-related threats may include:
- Weaponized or Smuggling Payloads – Depending on power and payload size, UAS may be capable of transporting contraband, chemical, or other explosive/weaponized payloads.
- Prohibited Surveillance and Reconnaissance – UAS are capable of silently monitoring a large area from the sky for nefarious purposes.
- Intellectual Property Theft – UAS can be used to perform cyber-crimes involving theft of trade secrets, technologies, or sensitive information.
- Intentional Disruption or Harassment – UAS may be used to disrupt or invade the privacy of other individuals.
- Why Is the Threat Important to Critical Infrastructure?
Since UAS use in the United States has increased as a cost-effective, versatile business and national security tool, as well as a popular recreational hobby, the Federal Aviation Administration (FAA) projects the recreational UAS fleet to grow by an average of 2.2 percent annually (from 1.2M units in 2018 to 1.4M in 2023) and the commercial UAS fleet to grow by an average of 24.7 percent annually (from 277K in 2018 to 835K in 2023). As a result, potential threats associated with UAS will continue to expand in nature and increase in volume in the coming years. Because of their physical and operational characteristics, UAS can often evade detection and create challenges for the critical infrastructure community.
- What Actions Can You Take?
Be Air Aware and understand the cyber and physical security risks associated with UAS. This includes integrating UAS into existing security plans and taking action to address both UAS cyber and physical risks and vulnerabilities. Here are several measures that can be taken to address UAS-related security challenges:
- Consider investing in passive UAS detection technology to enhance awareness of the airspace above facilities. However, be aware that certain systems may violate federal statutes and regulations. Refer to the interagency legal Advisory on The Application of Federal Laws to the Acquisition and Use of Technology to Detect and Mitigate Unmanned Aircraft Systems for more information.
- Know the air domain around the facility and who has authority to take action to enhance security.
- Contact the FAA to consider UAS restrictions in close proximity to fixed site facilities. More information can be found on the Federal Aviation Administration (FAA) website.
- Update Emergency/Incident Action Plans to include UAS security and response strategies.
- Report potential UAS threats to your local law enforcement agency.
- Review awareness and mitigation measures for use by federal departments and agencies. More information can be found in Protecting Against the Threat of Unmanned Aircraft Systems (UAS): An Interagency Security Committee Best Practice.
- UAS and Critical Infrastructure – Understanding the Risk Video
The Unmanned Aircraft Systems (UAS) video contains information on critical infrastructure challenges associated with the UAS threat, counter UAS security practices, actions to consider for risk mitigation, and provides messages of facility and organizational preparedness related to UAS incidents.
- Cybersecurity Risks
Below are publications developed by CISA to promote awareness of the cybersecurity risks connected to UAS:
- The Cybersecurity Guidance: Chinese-Manufactured UAS highlights the threats posed by Chinese-manufactured UAS and the potential vulnerabilities to networks and sensitive information when operated without the proper cybersecurity protocols. The guidance also provides organizations with mitigation options to consider when operating UAS for national security or sensitive missions.
- CISA's Secure Your Drone: Privacy and Data Protection Guidance is a resource that provides guidance for drone users to protect their data and privacy before, during, and after flying their drone.
- Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems – Critical infrastructure operators, law enforcement, and all levels of government are increasingly incorporating UAS into their operational functions. Although UAS offer benefits to their operators, they can also pose cybersecurity risks. This guide provides cybersecurity best practices to help commercial operators protect their networks, information, and personnel.
- Legal Authorities
- Interagency Legal Advisory of UAS Detection Mitigation Technologies - The Department of Homeland Security (DHS), Federal Aviation Administration (FAA), Department of Justice (DOJ), and Federal Communications Commission issued an advisory guidance document to assist non-federal public and private entities interested in using technical tools, systems, and capabilities to detect and mitigate UAS.
- Counter UAS Legal Authorities - This fact sheet communicates the Department’s legal authority under the Preventing Emerging Threats Act to counter credible threats from UAS to the safety or security of a covered facility or asset, ensure legal privacy protections, and educate the public on the future of DHS CUAS policy.
- DHS UAS Resources
- The Homeland Security Information Network-Critical Infrastructure (HSIN-CI) UAS Cybersecurity and C-UAS Portal facilitates communication and collaboration between federal, private sector, and state, local, tribal, and territorial partners to understand and manage cyber and physical risks posed by UAS to critical infrastructure. Site users can easily access and disseminate sensitive but unclassified information related to unmanned aircraft systems.
- Responding to Drone Calls: Guidance for Emergency Communications Centers – This guide provides an overview of safe and unsafe drone flight and a suggested script that Emergency Communication Centers may follow when receiving a drone related call.
- CISA’s Unauthorized Drone Activity Over Sporting Venues presents options for sporting venue owners and operators to consider, to prevent, protect from, and respond to unauthorized drone activity.
- Unmanned Aircraft Systems (UAS): Considerations for Law Enforcement Action – When law enforcement action is taken against UAS and their operators, state, local, tribal, and territorial law enforcement personnel need to be aware of several Federal statutes that that can affect their engagement, in addition to being familiar with the technical nature of UAS.
- UAS Frequently Asked Questions (FAQs) – FAQs regarding UAS for critical infrastructure owners and operators.
- UAS/Drone Pocket Card – This card provides stakeholders with a quick reference for responding to and reporting a UAS incident.
- Public Safety Unmanned Aircraft System Resource Guide – This guide highlights multiple resources for public safety communications stakeholders about using UAS, developing a UAS program, engaging with the community, responding to unfamiliar or malicious UAS use, and managing UAS with available tools.
- ChemLock: Drone Activity – This guide presents options that owners and operators should consider in preparing for and responding to suspicious drone activity around their facilities and assets.