Drone risk and mitigation

Daniel Sjödin

2019.10.23

Although drones have become a commercial product that is both cheap and widely sold and used they are far from new. They have been used by the military since the late sixties, but technical progress has rapidly made them available to the mass market. Laws have not been in pace with drone development and implemented security solutions that address drone threats are easily counted.

The fact that drones are commonly used may in some cases be a risk, but not always. It is the intent that will construct a threat. Cars, as for example, are rarely a threat, but outside some important buildings, risk assessment has given that rising bollards have to be installed to prevent bad intent. It is the same with drones. It is not the products itself that are dangerous, but the individual using it. In some cases, it is enough to fly a drone unattentive, such as near an airport, to be a threat, but most often the flying must be done with bad intent to be a threat.

Do a proper risk assessment then mitigate the risks by implementing an adequate response.

That being said; a threat level that only takes into account negligence flying from a hobbyist should be too low, considering protected value. A risk assessment must take into account a threat with an intent.

Some of our recommended considerations:

  • A risk analysis is always necessary. There are many possible technologies for detecting drones but not all of them might mitigate the risks

  • A pilot with intent can easily decide to be invisible by not transmitting using a protocol where he will be easy to detect.

  • There is no universal technology solution. A multi-layer approach balances the weaknesses and strengths of each solution. 

  • Depending on the threat level, the technology that is being used might introduce new risks that have to be reviewed. As an example networking equipment from several Chines manufacturers products are technology non-grata in the US. A requirement on the products to be manufactured in a friendly, ie. NATO-, country, can be an option.

  • Technology is evolving fast, but there should be no reason for using equipment that is not tried-and-true. Avoid prototypes by requiring solutions with no less TRL level than nine.

  • Whatever the outcome from the risk assessment; the operational process of manage air space security will be in the region of Detect, Identify, Disrupt. Detect to give situational awareness, then identify the type of threat. This information will enable a prompt and accurate decision on counteraction.
    The laws and regulations regarding drones are being updated. Both in the EU and local countries. In several of the Scandinavian countries, there will be support for countermeasures in 2020. Radio-jamming technology is available today and with new, signature-aware technology that will lower the collateral damage, soon to be released.

  • Air space is three dimensional. It is important to design the security considering volume rather than area or range.


https://www.reuters.com/article/us-china-zte/u-s-bans-american-companies-from-selling-to-chinese-phone-maker-zte-idUSKBN1HN1P1

https://www.easa.europa.eu/newsroom-and-events/press-releases/eu-wide-rules-drones-published

https://www.tnp.no/norway/panorama/norway-considers-new-regulations-against-drone-attacks

https://yle.fi/uutiset/osasto/news/police_allowed_to_stop_drones_if_new_law_steps_into_effect/10657737

https://en.wikipedia.org/wiki/Gatwick_Airport_drone_incident

https://www.bbc.com/news/uk-47919680

https://www.regeringen.se/rattsliga-dokument/lagradsremiss/2019/04/skyddsobjekt-och-obemannade-farkoster/