Drones: Nuisance or Serious, Immediate Threat?
How can enterprise security leaders protect their environments?
As drones become easier to acquire, they pose an increasing threat to public buildings, events and people. To chief security officers (CSOs), drones can be a threat to the privacy and security of the organizations they are charged with protecting. In general, companies face a risk to key business operations as drones can be used to steal IP, damage infrastructure or gather sensitive data about a business. Fortunately, as the drone technology evolves, so does the technology that is being devised to mitigate them.
The Emerging Threat
Over the past decade, the technology for building and operating drones has become relatively inexpensive and very accessible, causing a rapid proliferation in use. In 2016, the Consumer Electronics Association estimated that 700,000 new drones would be sold to commercial and recreational users in the U.S. that year alone. For CSOs, this proliferation is accompanied by the realization that corporate property – as well as large gatherings such as theme parks, concerts and sporting events – are vulnerable “soft targets,” potentially exposed to a drone-based terror attack or the theft of sensitive information.
It is commonplace for drones to have the ability to see and capture data in the form of images and video. A livestream or a recording of individuals or buildings can easily be captured without consent. Moreover, even if the drone is operated by the company itself for internal purposes, the footage it collects is likely to be transmitted back to the user or the cloud via a connection that is not always secure, offering the potential for hackers to intercept and steal the data.
Examples of Drone-Based Security Breaches
Many recent high-profile incursions of drones around the globe have made headlines of interest to CSOs. To cite just a handful of examples:
- In January 2015, a two-foot-wide drone was discovered flying at a low altitude in the vicinity of the White House in Washington, D.C. before it finally crashed on the southeast side of the building and was recovered by the U.S. Secret Service. As soon as it was detected inside the White House compound, there was an immediate alert and lockdown of the complex until the device was examined.
- In February 2016, a drone crashed into the 40th floor of New York City’s Empire State Building and then fell onto a ledge five levels lower. The user, who claimed to be shooting video to promote a non-profit, was charged with reckless endangerment and illegal navigation of an aircraft in and over the city.
- A February 2016 article in The Independent reported that “Star Wars” filmmakers had experienced issues with drones while filming “The Force Awakens” at the Greenham Common RAF base in Berkshire; including the leaking of a few photographs of the set. That fall, the Daily Mail reported how several drones were spotted during the filming of the seventh season of HBO’s popular show “Game of Thrones,” presumably to gain information about the plot.
- In August 2016, a drone crashed at the Koeberg Nuclear Power Station in Cape Town, South Africa, leading nuclear experts to react with outrage toward lax security at the facility. The incident led to the suspension of Koeberg’s safety officer as a precautionary measure.
- In February 2017, National Football League security grounded a drone that was being flown over a practice game of the Atlanta Falcons, near the campus of Rice University, prior to Super Bowl LI. It was not evident from the subsequent NFL pool report regarding how long the drone flew above the practice, who was flying the drone or whether the Falcons were concerned about the drone as it related to their preparation for their matchup against the New England Patriots.
Choosing the Optimal Counter-Drone Strategy
In light of these and similar incidents, CSOs are duty-bound to implement the best strategies to minimize the potential for damage to their respective organizations. The challenge then becomes one of evaluating which strategies are likely to be most effective. Since there are several companies claiming to have anti-drone technologies, what criteria should CSOs look at?
Key to this decision is recognition that technology currently exists to take control of a drone. Commercial counter-drone platforms are being developed, using sophisticated automated detection strategies, that can stop, redirect or land a drone safely. (U.S. military veterans have played a key role in the development of such platforms, using their experience to inform the capabilities of the technology.) This is done by taking advantage of weaknesses found in digital radio signals without simply jamming those signals or affecting other radio communications in the vicinity. These technologies are flexible and able to operate either on their own or capable of working in tandem with existing software.
These anti-drone systems have been designed to manipulate the drone radio signals to handle a wide range of potential drone attack scenarios and drone types. The systems are relatively simple for end-users such as CSOs to operate, requiring no technical background in drone security. CSOs who make an investment in such a system for their organizations are likely to see a near-term payoff with regard to the extra layer of security they have put into place.
In light of the increasing availability of counter-drone technology and the ever-increasing threat that drones present, all CSOs – no matter what the specific function of the organizations they are charged with keeping safe – stand to win by analyzing the benefits of these types of technologies when developing a comprehensive security and safety plan.