Unmanned Aircraft Systems Resources

Below are several resources that detail the unmanned aircraft system (UAS) threat environment and security protocols.

What Is the Threat?

UAS-related threats may include:

• Weaponized or Smuggling Payloads – Depending on power and payload size, UAS may be capable of transporting contraband, chemical, or other explosive/weaponized payloads.
• Prohibited Surveillance and Reconnaissance – UAS are capable of silently monitoring a large area from the sky for nefarious purposes.
• Intellectual Property Theft – UAS can be used to perform cyber-crimes involving theft of trade secrets, technologies, or sensitive information.
• Intentional Disruption or Harassment – UAS may be used to disrupt or invade the privacy of other individuals.

Why Is the Threat Important to Critical Infrastructure?

Since UAS use in the United States has increased as a cost-effective, versatile business and national security tool, as well as a popular recreational hobby, the Federal Aviation Administration (FAA) projects the recreational UAS fleet to grow by an average of 2.2 percent annually (from 1.2M units in 2018 to 1.4M in 2023) and the commercial UAS fleet to grow by an average of 24.7 percent annually (from 277K in 2018 to 835K in 2023).. As a result, potential threats associated with UAS will continue to expand in nature and increase in volume in the coming years. Because of their physical and operational characteristics, UAS can often evade detection and create challenges for the critical infrastructure community.

What Actions Can You Take?

Recognizing and implementing security practices that meet federal, state, and local regulatory requirements are key to successfully managing potential security incidents associated with UAS. Although no single solution will fully mitigate this risk, there are several measures that can be taken to address UAS-related security challenges:

• Research and implement legally approved counter-UAS technology.
• Know the air domain around the facility and who has authority to take action to enhance security.
• Contact the FAA to consider UAS restrictions in close proximity to fixed site facilities. More information can be found on the Federal Aviation Administration (FAA) website. Update Emergency/Incident Action Plans to include UAS security and response strategies.
• Report potential UAS threats to your local law enforcement agency.
• Review awareness and mitigation measures for use by federal departments and agencies. More information can be found in Protecting Against the Threat of Unmanned Aircraft Systems (UAS): An Interagency Security Committee Best Practice.

UAS and Critical Infrastructure – Understanding the Risk Video

The Unmanned Aircraft Systems (UAS) video contains information on critical infrastructure challenges associated with the UAS threat, counter UAS security practices, actions to consider for risk mitigation, and provides messages of facility and organizational preparedness related to UAS incidents.

Cybersecurity Risks

• CISA's Secure Your Drone: Privacy and Data Protection Guidance is a resource that provides guidance for drone users to protect their data and privacy before, during, and after flying their drone.
• Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems – Critical infrastructure operators, law enforcement, and all levels of government are increasingly incorporating UAS into their operational functions. Although UAS offer benefits to their operators, they can also pose cybersecurity risks. This guide provides cybersecurity best practices to help commercial operators protect their networks, information, and personnel. 
• Additional UAS security resources may be found on the Homeland Security Information Network - Critical Infrastructure site (HSIN-CI). To learn more about HSIN-CI, please visit dhs.gov/hsin-critical-infrastructure.

Legal Authorities

• Interagency Legal Advisory of UAS Detection Mitigation Technologies - The Department of Homeland Security (DHS), Federal Aviation Administration (FAA), Department of Justice (DOJ), and Federal Communications Commission issued an advisory guidance document to assist non-federal public and private entities interested in using technical tools, systems, and capabilities to detect and mitigate UAS.  
• Counter UAS Legal Authorities - This fact sheet communicates the Department’s legal authority under the Preventing Emerging Threats Act to counter credible threats from UAS to the safety or security of a covered facility or asset, ensure legal privacy protections, and educate the public on the future of DHS CUAS policy.

DHS UAS Resources

• Responding to Drone Calls: Guidance for Emergency Communications Centers – This guide provides an overview of safe and unsafe drone flight and a suggested script that Emergency Communication Centers may follow when receiving a drone related call.
• CISA’s Unauthorized Drone Activity Over Sporting Venues presents options for sporting venue owners and operators to consider, to prevent, protect from, and respond to unauthorized drone activity.
• Unmanned Aircraft Systems (UAS): Considerations for Law Enforcement Action – When law enforcement action is taken against UAS and their operators, state, local, tribal, and territorial law enforcement personnel need to be aware of several Federal statutes that that can affect their engagement, in addition to being familiar with the technical nature of UAS. 
• UAS Frequently Asked Questions (FAQs) – FAQs regarding UAS for critical infrastructure owners and operators. 
• UAS/Drone Pocket Card – This card provides stakeholders with a quick reference for responding to and reporting a UAS incident. 
• Public Safety Unmanned Aircraft System Resource Guide – This guide highlights multiple resources for public safety communications stakeholders about using UAS, developing a UAS program, engaging with the community, responding to unfamiliar or malicious UAS use, and managing UAS with available tools.
• ChemLock: Drone Activity – This guide presents options that owners and operators should consider in preparing for and responding to suspicious drone activity around their facilities and assets.