Unmanned aerial systems (UAS) present exciting benefits to society. They are used by a wide variety of industries and public sector services, including the emergency services, dealing with everything from the management of critical incidents to searching of missing persons. They are also used by those responsible for the inspection and maintenance of buildings and infrastructure, and can reduce the risk to people working in hazardous areas and drive more efficient ways of working. Furthermore, there are possibilities for businesses and the public sector to create new high tech jobs and boost the economy in a way that wouldn’t have been perceived a few years ago. However, security risks are also emerging, as they have the potential to facilitate a wide range of hostile activity.
Some operators may be unaware of the regulations around flying, or fly their UAS in a reckless and irresponsible manner which may cause danger or disruption. Other actors may use them for more hostile purposes. Events at Gatwick Airport in December 2018 demonstrated the significant disruption that they can cause, and further worldwide events have shown how they can be used by nefarious actors, including terrorist groups to carry out or facilitate attacks.
It is therefore vital to make certain that robust preparation and planning is undertaken to assess the risks that UAS pose to your site or organisation and that, where necessary, adequate and effective measures are introduced to mitigate risks at national infrastructure sites, sensitive sites, crowded places and major events. Where appropriate, sites should develop a counter-unmanned aerial system (C-UAS) strategy and plan that sits as part of their overarching security approach.
Planning needs to be kept under regular review as a result of the rapid developments in both UAS capability and advances in counter measures.
The role of CPNI
CPNI seeks to provide protective security advice to our customers in terms of:
- understanding the threat – understanding the security threats posed by UAS in the UK and how they are likely to evolve
- understanding protective security solutions – supporting customers in mitigating the security risks posed by UAS through a comprehensive understanding of the protective security solutions (e.g. operational response procedures, the use of C-UAS technology)
- testing and accreditation – the creation and management of standards for C-UAS equipment that are versatile enough to cater for the general needs of CNI, and other domestic uses that require fixed or permanent protection
- influencing legal and policy developments – providing input into legal and policy developments
- advice delivery – providing guidance, training and one-to-one protective security technical advice to support our customers in mitigating the security risks posed by UAS
CPNI collaborates closely with the Home Office Counter Drones Unit (CDU), other government departments and national policing to maximise efficiency and minimise confusion. The Home Office CDU coordinates activity across government to produce a consistent package of policy, legislation and operational response to the threat posed by UAS, in line with national security needs and in a way which secures the future of the UAS sector.
This page focuses on the work of CPNI, and introduces the key components that need to be developed to build a C-UAS strategy and plan for a site. These pages will be updated and added to as new guidance becomes available.
This information has been created to assist national infrastructure site security managers in developing a C-UAS strategy. Many of the concepts will apply to crowded places and major events; however, there will be some differences.
What are unmanned aerial systems?
There are many terms which are often used interchangeably with ‘UAS’, including:
- unmanned Aircraft (UA)
- remotely Piloted Aircraft System (RPAS)
UAS are comprised of three key components:
- An unmanned aerial vehicle (UAV) that can operate without a pilot being on-board.
- A ground control system (GCS) which allows the pilot to remotely control and or monitor the operation of the UAV.
- A bi-directional link between the UAV and the GCS which provides control, status and imagery information.
UAS describes the whole system. They may be of a fixed wing or rotary wing design, all of which are all operated remotely.
Developing a C-UAS strategy
Counter unmanned aerial systems (C-UAS), for the purposes of this page, is used to describe a wide range of protective security measures and processes that can be used to mitigate the risk of hostile UAS activity.
In order to mitigate the risk of hostile UAS activity at your site to an acceptable level, there are multiple complex factors involved in developing an effective C-UAS strategy. These create a requirement for a considered and structured approach to be adopted. The foundations for this approach should be developed within a C-UAS strategy and plan, the components of which are outlined in the following sections and set out in more detail in the CPNI guidance document titled: Countering Threats From Unmanned Aerial Systems – Making Your Site Ready.
The development of a site’s C-UAS strategy must acknowledge, and indeed integrate, with wider protective security measures that are already in place. The introduction of C-UAS mitigations must augment the site’s existing concept of operations to achieve an all-inclusive security solution. This holistic set up will need to be informed by a strategic risk assessment, summarising the security risks posed by hostile UAS and the organisation’s aims to address them and so protect the site.
A plan should then be developed setting out how the mitigations will be managed and delivered. This will define the detail of what needs to be achieved, who will be involved and the timeframe for delivery.
Working in partnership
The identification and involvement of both internal and external stakeholders in the development of the strategy and plan is very important.
Internal stakeholders must be involved in the development of the solution to ensure they are able to provide support and buy-in at every stage.
As with all matters relating to security and policing, the relationships with the police are key. The contact may be with either the local police or those specifically tasked with providing policing to certain sites. This engagement may provide support: in developing an understanding of the risk to the site, provision of guidance in relation to the mitigation of the identified risk and the development of the overall plan.
Assessing the threat and risk from hostile UAS
UAS have been used unlawfully by threat actors across the world, including terrorists, criminals and those conducting unlawful protest. In addition, users who are simply reckless and negligent in how they fly a UAS, may often cause disruption in or around a site.
It is most important to make a realistic assessment of the risk to a site. Every site will already have a security risk assessment process. A site should first seek to understand how they may be vulnerable to the risks posed by UAS, understand the impact of the different types of UAS incident and then identify suitable mitigation options.
Reducing negligent and reckless use and deterring hostile activity
The number of incidents caused by reckless/negligent users can be reduced by introducing a range of mitigations. These can be tailored to meet your site’s needs and may include a mix of the following elements:
- Local business and community engagement
- Security minded communications
- Airspace restrictions and geo-fencing
Straightforward and less expensive measures to mitigate the risk of negligent and reckless use should be adopted at the first opportunity. Other more complex measures such as creating physical barriers may need to be considered when a higher level of risk has been identified.
Physical security measures can be taken to help protect the asset, through for example concealment, disguise, preventing physical access or hardening. Consideration should be given to making launch sites in the immediate vicinity of key assets less appealing by introducing cover from view, adding lighting and controlling or restricting access.
A C-UAS technical solution is intended to provide:
- Early warning that an unauthorised UAS is approaching or within a site.
- A rapid tasking of operational and technical resources to respond to an incursion.
- Information to enable decisions as to the safe operation of the site during and after any incursion.
- Evidence that will support the investigation and prosecution of offenders.
On sites where it is clear that the risks posed by hostile UAS require the site to consider technological countermeasures, then the process of establishing the nature, quantity, appropriateness, relevance and purpose of these can begin.
Technical countermeasures can broadly be broken down into the following categories:
- detect, track and identify (DTI)
- detect, track, identify and effect (DTIE)
Following extensive CPNI and wider government field trials of C-UAS technology, CPNI has developed a C-UAS standard against which it is evaluating mature and readily available equipment. Systems that pass the evaluation are then included in the CPNI Catalogue of Security Equipment (CSE), which provides a listing of a range of CPNI tested equipment. CPNI recommends the use of equipment from the CSE.
There are two elements to the CPNI C-UAS standard; i) DTI, ii) DTIE. Testing of DTI technology is currently underway and testing of effectors (DTIE) will commence in the future, once an appropriate authorisation framework is in place. All C-UAS technology should only be used within the bounds of the law.
Further information is available for manufacturers of DTI technology.
The activities already described in relation to local community engagement and security minded communications help build awareness of the threats posed by UAS and encourage the local community and site staff to report and respond to UAS related incidents.
For any threat to an asset it is important to develop:
- A patrol plan for steady state operations that will act to both detect and deter unauthorised activity.
- Reporting processes that enable the collection of key information.
- A dynamic threat assessment process to help determine an appropriate response on the basis of the information available.
- Response plans that are rapidly deployable, proportionate, effective and lawful. Each having clear lines of accountability for decision-making.
- An exercise plan that will test the capabilities being developed.
- A concept of operations that defines how the response to any incident will be delivered, bringing together people, policies and technology.
Testing and exercising
The development of an end–to-end testing and exercising plan will be vital. It should be used to aid decision making in relation to the mitigations being selected. This is particularly important when DTIE options are being considered. Table-top exercises (TTX) should be used to confirm the selection of mitigations and satisfy decision makers that the right solutions are being selected and there is good understanding of the implications of each element.
A series of exercises should be developed in preparation for, and to refine, all the elements within the concept of operations. The TTX, and follow up field exercises, provide an opportunity for refinement and to ensure all aspects are understood, integrated, that technical capabilities are working and there is a clear understanding of roles and responsibilities.