In addition to recreational use, unmanned aircraft systems (UAS)—also known as unmanned aerial vehicles (UAV) or drones—are used across our Nation to support firefighting and search and rescue operations, to monitor and assess critical infrastructure, to provide disaster relief by transporting emergency medical supplies to remote locations, and to aid efforts to secure our borders. However, UAS can also be used for malicious schemes by terrorists, criminal organizations (including transnational organizations), and lone actors with specific objectives.
What Is the Threat?
UAS-related threats may include:
- Weaponized or Smuggling Payloads – Depending on power and payload size, UAS may be capable of transporting contraband, chemical, or other explosive/weaponized payloads.
- Prohibited Surveillance and Reconnaissance – UAS are capable of silently monitoring a large area from the sky for nefarious purposes.
- Intellectual Property Theft – UAS can be used to perform cyber crimes involving theft of trade secrets, technologies, or sensitive information.
- Intentional Disruption or Harassment – UAS may be used to disrupt or invade the privacy of other individuals.
Why Is the Threat Important to Critical Infrastructure?
Since UAS use in the United States has increased as a cost-effective, versatile business and national security tool, as well as a popular recreational hobby, the Federal Aviation Administration (FAA) estimates combined hobbyist and commercial UAS sales will rise from 2.5 million in 2016 to 7 million by 2020. As a result, potential threats associated with UAS will continue to expand in nature and increase in volume in the coming years. Because of their physical and operational characteristics, UAS can often evade detection and create challenges for the critical infrastructure community.
What Actions Can You Take?
Recognizing and implementing security practices that meet federal, state, and local regulatory requirements are key to successfully managing potential security incidents associated with UAS. Although no single solution will fully mitigate this risk, there are several measures that can be taken to address UAS-related security challenges:
- Research and implement legally approved counter-UAS technology.
- Know the air domain around the facility and who has authority to take action to enhance security.
- Contact the FAA to consider UAS restrictions in close proximity to fixed site facilities. More information can be found on the Federal Aviation Administration (FAA) website.
- Update Emergency/Incident Action Plans to include UAS security and response strategies.
- Build federal, state, and local partnerships for adaptation of best practices and information sharing. More information can be found at Hometown Security.
- Report potential UAS threats to your local law enforcement agency.
UAS and Critical Infrastructure – Understanding the Risk (Video)
The Unmanned Aircraft Systems (UAS) video contains information on critical infrastructure challenges associated with the UAS threat, counter UAS security practices, actions to consider for risk mitigation, and provides messages of facility and organizational preparedness related to UAS incidents.
- Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems – Critical infrastructure operators, law enforcement, and all levels of government are increasingly incorporating UAS into their operational functions. Although UAS offer benefits to their operators, they can also pose cybersecurity risks. This guide provides cybersecurity best practices to help commercial operators protect their networks, information, and personnel.
- Additional UAS security resources may be found on the Homeland Security Information Network - Critical Infrastructure site (HSIN-CI). To learn more about HSIN-CI, please visit https://www.dhs.gov/hsin-critical-infrastructure.
- Interagency Legal Advisory of UAS Detection Mitigation Technologies - The Department of Homeland Security (DHS), Federal Aviation Administration (FAA), Department of Justice (DOJ), and Federal Communications Commission issued an advisory guidance document to assist non-federal public and private entities interested in using technical tools, systems, and capabilities to detect and mitigate UAS.
- DHS CUAS Legal Authorities - This factsheet communicates the Department’s legal authority under the Preventing Emerging Threats Act to counter credible threats from UAS to the safety or security of a covered facility or asset, ensure legal privacy protections, and educate the public on the future of DHS CUAS policy.
DHS UAS Resources
- Responding to Drone Calls: Guidance for Emergency Communications Centers – This guide provides an overview of safe and unsafe drone flight and a suggested script that ECCs may follow when receiving a drone related call.
- CISA’s Unauthorized Drone Activity Over Sporting Venues presents options for sporting venue owners and operators to consider to prevent, protect from, and respond to unauthorized drone activity.
- Considerations for Law Enforcement Action – When law enforcement action is taken against UAS and their operators, state, local, tribal, and territorial law enforcement personnel need to be aware of several Federal statutes that that can affect their engagement, in addition to being familiar with the technical nature of UAS.
- UAS Frequently Asked Questions (FAQs) – FAQs regarding UAS for critical infrastructure owners and operators.
- UAS CI Drone Pocket Card – This card provides stakeholders with a quick reference for responding to, and reporting an, Unmanned Aircraft Systems incident.
- SAFECOM Public Safety Unmanned Aircraft System Resource Guide – This guide highlights multiple resources for public safety communications stakeholders about using UAS, developing a UAS program, engaging with the community, responding to unfamiliar or malicious UAS use, and managing UAS with available tools.
For more information, please send an email to SUASsecurity@cisa.dhs.gov.