Counter-Unmanned Aerial Systems
Supporting our customers in assessing and mitigating the security risks posed by unmanned aerial systems.
Unmanned aerial systems (UAS) present exciting benefits to society. They are used by a wide variety of industries and public sector services, including the emergency services, dealing with everything from the management of critical incidents to searching of missing persons. They are also used by those responsible for the inspection and maintenance of buildings and infrastructure, and can reduce the risk to people working in hazardous areas and drive more efficient ways of working. Furthermore, there are possibilities for businesses and the public sector to create new high tech jobs and boost the economy in a way that wouldn’t have been perceived a few years ago. However, security risks are also emerging, as they have the potential to facilitate a wide range of hostile activity.
Some operators may be unaware of the regulations around flying, or fly their UAS in a reckless and irresponsible manner which may cause danger or disruption. Other actors may use them for more hostile purposes. Events at Gatwick Airport in December 2018 demonstrated the significant disruption that they can cause, and further worldwide events have shown how they can be used by nefarious actors, including terrorist groups to carry out or facilitate attacks.
It is therefore vital to make certain that robust preparation and planning is undertaken to assess the risks that UAS pose to your site or organisation and that, where necessary, adequate and effective measures are introduced to mitigate risks at national infrastructure sites, sensitive sites, crowded places and major events. Where appropriate, sites should develop a counter-unmanned aerial system (C-UAS) strategy and plan that sits as part of their overarching security approach.
Planning needs to be kept under regular review as a result of the rapid developments in both UAS capability and advances in counter measures.
The role of CPNI
CPNI seeks to provide protective security advice to our customers in terms of:
- understanding the threat – understanding the security threats posed by UAS in the UK and how they are likely to evolve
- understanding protective security solutions – supporting customers in mitigating the security risks posed by UAS through a comprehensive understanding of the protective security solutions (e.g. operational response procedures, the use of C-UAS technology)
- testing and accreditation – the creation and management of standards for C-UAS equipment that are versatile enough to cater for the general needs of CNI, and other domestic uses that require fixed or permanent protection
- influencing legal and policy developments – providing input into legal and policy developments
- advice delivery – providing guidance, training and one-to-one protective security technical advice to support our customers in mitigating the security risks posed by UAS
CPNI collaborates closely with the Home Office Counter Drones Unit (CDU), other government departments and national policing to maximise efficiency and minimise confusion. The Home Office CDU coordinates activity across government to produce a consistent package of policy, legislation and operational response to the threat posed by UAS, in line with national security needs and in a way which secures the future of the UAS sector.
This page focuses on the work of CPNI, and introduces the key components that need to be developed to build a C-UAS strategy for a site. These pages will be updated and added to as new guidance becomes available.
This information has been created to assist national infrastructure site security managers in developing a C-UAS strategy. Many of the concepts will apply to crowded places and major events; however, there will be some differences.
What are unmanned aerial systems?
There are many terms which are often used interchangeably with ‘UAS’, including:
- unmanned Aircraft (UA)
- remotely Piloted Aircraft System (RPAS)
UAS are comprised of three key components:
- An unmanned aerial vehicle (UAV) that can operate without a pilot being on-board.
- A ground control system (GCS) which allows the pilot to remotely control and or monitor the operation of the UAV.
- A bi-directional link between the UAV and the GCS which provides control, status and imagery information using radio frequency (RF) communications.
UAS describes the whole system. They may be of a fixed wing or rotary wing design, all of which are all operated remotely.
Developing a C-UAS strategy
Counter unmanned aerial systems (C-UAS), for the purposes of this page, is used to describe a wide range of protective security measures and processes that can be used to mitigate the risk of hostile UAS activity.
In order to mitigate the risk of hostile UAS activity at your site to an acceptable level, there are multiple complex factors involved in developing an effective C-UAS strategy,. These create a requirement for a considered and structured approach to be adopted. The foundations for this approach should be developed within a C-UAS strategy and plan, the components of which are outlined in the following sections.
The development of a site’s C-UAS strategy must acknowledge, and indeed integrate, with wider protective security measures that are already in place. The introduction of C-UAS mitigations must augment the site’s existing concept of operations to achieve an all-inclusive security solution. This holistic set up will need to be informed by a strategic risk assessment, summarising the security risks posed by hostile UAS and the organisation’s aims to address them and so protect the site.
A plan should then be developed setting out how the mitigations will be managed and delivered. This will define the detail of what needs to be achieved, who will be involved and the timeframe for delivery.
Assessing the threat and risk from hostile UAS
UAS have been used unlawfully by threat actors across the world, including terrorists, criminals and those conducting unlawful protest. In addition, users who are simply reckless and negligent in how they fly a UAS, may often cause disruption in or around a site.
It is most important to make a realistic assessment of the risk to a site. Every site will already have a security risk assessment process. A site should first seek to understand how they may be vulnerable to the risks posed by UAS, understand the impact of the different types of UAS incident and then identify suitable mitigation options.
Reducing negligent and reckless use – C-UAS mitigation measures
The number of incidents caused by reckless/negligent users can be reduced by introducing a range of mitigations. These can be tailored to meet your site’s needs and may include a mix of the following elements:
- educating the public on the CAA Drone Code and areas where unauthorised UAVs should not be flying
- educating staff and security personnel of the threat from UAS and developing appropriate response procedures
- developing and implementing deterrence communications, such as ‘no drone zone’ signage
- target hardening: making it harder to operate a UAS at a site through the use of physical countermeasures (e.g. netting, barriers, etc.)
- community engagement
Careful consideration should be given to the response to a hostile UAS incident.
This includes setting out:
- who is required to respond, when and how
- how the incident should be managed and contained
- how it should be reported
- who needs to be informed and when
- how to preserve evidence
- how to work with police and other agencies
On sites where it is clear that the risks posed by hostile UAS require the site to consider technological countermeasures, then the process of establishing the nature, quantity, appropriateness, relevance and purpose of these can begin.
Technical countermeasures can broadly be broken down into the following categories:
- detect, track and identify (DTI)
- detect, track, identify and effect (DTIE)
Following extensive CPNI and wider government field trials of C-UAS technology, CPNI has developed a C-UAS standard against which it is evaluating mature and readily available equipment. Systems that pass the evaluation are then included in the CPNI Catalogue of Security Equipment (CSE), which provides a listing of a range of CPNI tested equipment. CPNI recommends the use of equipment from the CSE.
There are two elements to the CPNI C-UAS standard; i) DTI, ii) DTIE. Testing of DTI technology is currently underway and testing of effectors (DTIE) will commence in 2020.
Further information is available for manufacturers of DTI technology.
Testing and exercising
The development of an end–to-end testing and exercising plan will be vital. It should be used to aid decision making in relation to the mitigations being selected. This is particularly important when DTIE options are being considered. Table-top exercises (TTX) should be used to confirm the selection of mitigations and satisfy decision makers that the right solutions are being selected and there is good understanding of the implications of each element.
A series of exercises should be developed in preparation for, and to refine, all the elements within the concept of operations. The TTX, and follow up field exercises, provide an opportunity for refinement and to ensure all aspects are understood, integrated, that technical capabilities are working and there is a clear understanding of roles and responsibilities.
Working in partnership
The identification and involvement of both internal and external stakeholders in the development of the strategy and plan is very important.
Internal stakeholders must be involved in the development of the solution to ensure they are able to provide support and buy-in at every stage.