On Dec. 19, 2018, over 100,000 holiday travelers at London’s Gatwick Airport found themselves stranded as 1,000 flights were canceled and aircraft were grounded for three days. The airport closure resulted in millions of dollars in lost revenue to the airport and airlines, as well as almost $500,000 in costs to police. The cause of the chaos? A drone incursion. Over the course of three days, numerous drone sightings were reported across the airport complex, including over a perimeter fence and by the runway. There was a peculiar cadence to these reports; as sightings were reported, the airport shut down the runway to prevent a potential collision. Once the runway was closed, there would be a lull. When the airport was about to reopen the runway, more drone sightings would be reported. This pattern repeated several times. It became increasingly apparent that this may have been the work of someone who knew the airport’s operational procedures, accessed or intercepted its communications systems, and knew how to work around them.[1] Almost three years later, the operator is still at large.

Prior to the Gatwick incident, drones were largely viewed as a benign technology. After all, how much damage could a store-bought quadcopter inflict? Over the past few years, the realities of the impact that drones can have on security has expanded as the technology’s capabilities have advanced. With each generation, drones are becoming more intelligent, compact, foldable, lighter, faster, and able to fly longer and carry heavier payloads. For these reasons, drones have become a valuable addition to critical infrastructure owners, state and local entities, and recreational operators. Critical infrastructure owners are increasingly relying on commercial drones to reduce risk to employees and improve operational efficiency. Likewise, municipalities are leveraging drones to support security, response, and recovery operations. Hobbyist usage of drones has also risen significantly, with over three million drones sold in the United States to date.

Despite these numerous benefits, the Gatwick incident placed an international spotlight on a new reality: the nefarious or careless use of drones poses a significant threat to public safety and national security. The drone threat is a particularly complex advancement due to its cyber-physical nature. A drone is a physical device with cyber capabilities – and consequences.

When analyzing the drone threat environment, it is important to identify the threat actors. The Cybersecurity and Infrastructure Security Agency (CISA) organizes the drone threat environment into three groups of threat actors: the careless and clueless recreational drone user; intentional operators and activists; and terrorists and paramilitary users. Based on CISA’s analysis of drone incident reporting, careless and clueless users represent the most prominent threat actors in the United States. These users generally operate commercial off‐the‐shelf (COTS) multirotor platforms and, as their name suggests, may commit witting or unwitting violations of the national airspace. Among other areas, intentional and activist users are suspected to operate across international borders and prisons. These users also operate COTS drones, but modify them to carry/drop payloads, such as drugs, money, cell phones, and weapons. As with most threats, terrorists and paramilitary users typically have greater resources, more advanced tactics, and intent to harm. Unlike the previous two groups, these users operate customized fixed-wing drones that are larger, faster, longer-range, and can avoid detection through autopilot. Drones are particularly attractive to this user group because they present a low-cost, high-yield method for sending a political message, conducting a standoff attack, or circumventing ground-based force protection measures.

Read more: HSToday