Implementing the “Air Domain” Into Your Security Program: A Framework to Consider

Building Intelligence’s Bill Edwards, chair of the SIA Counter-UAS Working Group, explores what can be done and where business owners and staff can start.

Let’s be honest – there is no way security professionals can ignore the evolution of the small uncrewed aircraft system (sUAS) platform and the technologies associated with it. It is very clear to me that the Russia-Ukraine war has proven each side is moving quickly to innovate drone and counter-drone technology. This conflict, above all others in recent times, has proven that the creativity of the platform has not only changed modern conflict, but also opened a window into the future that security safety, and emergency preparedness professionals cannot disregard. 

As we all know, security planning, implementation and operations are often stuck in the status quo. There are set playbooks that most follow, and companies providing technologies have set plays to sell to the market; however, that formula has been dramatically shaken with the precipitous evolution of drones. This is especially true for venues and facilities that host the public in mass gathering events but doesn’t negate the need for professionals in other market verticals to understand the implications and capabilities of the technology. Keep in mind a nefarious actor is paying attention and looking for ways to exploit a myriad of environments. Just like in war zones where an action creates a reaction, private-sector security teams face the same reality. So what can be done, and where do business owners and their staff start?  The answer starts with the “ground game.”  

This may sound counterintuitive, but preparing internal and external stakeholders methodically through a series of substantive actions will support the concept of assessment, technical data gathering for informed decision making, emergency response planning, training/rehearsing/exercising and executing a sUAS left-of-launch operational posture. Let’s start with an assessment. 

The drone vulnerability and risk assessment (DVRA) is the foundational approach to truly understand your environment as it pertains to the air threat. This study will identify key aspects of realistic and proportional threats, critical assets that require protection, vulnerabilities to those critical assets, consequences if nothing is done and potential risk mitigation actions and will also set conditions for a proactive left-of-launch operational approach. The DVRA is a decision-making tool. It helps to focus energy and resources in the right place at the right time. Skipping this step often leads to misguided operational decisions, unfocused training plans and capital investment in technologies that may not address the right need. The DVRA starts as a nine-step process but is easily customized to specific needs. Next, let’s discuss detection, monitoring and counter-drone options. This is the technology that is needed to gather realistic data associated with drone flights and supports the DVRA analysis of the environment.  

There is a misconception that drone detection and tracking is also a counter-drone solution. This subtle distinction is often argued, that the geolocation of the operator facilitates counter-drone operations. It is a good argument but misses the intent of distinguishing and understanding the ecosystem. In reality, drone detection and monitoring is a function of a holistic counter-drone approach; however, current law restricts counter-drone operations outside of specific government-approved events and circumstances, so let’s focus on how detection and monitoring supports the assessment phase of the “ground game” approach. 

To properly confirm or deny the DVRA findings employing a technology that can collect data on realistic drone flight tracks in a specific environment, it is prudent to set up a window of time, normally 14 to 30 days, in which the detection technology gathers data associated with this need. Most companies that offer this product as a service are more than happy to establish a test environment to show activity. Based on these two actions, the beginning of the “ground game” support for the security program is in full motion. So what is the next step?  

Once the security team has the data, it’s now time to start preparing the drone emergency response plan (DERP), an 11-step process that focuses on setting the right conditions for the staff (internal and external stakeholders) to plan and prepare for a drone event. Essentially, the DERP gets everyone involved on the same page as it pertains to responsibilities and actions. More specifically, it will identify who does what and when. Often, security plans are siloed and hold a prestigious position on the director’s bookshelf, but with an active DERP, teams are formed, people are activated and actions are enabled. The mystery of who does what is removed, which enables a proactive response and negates a reactive scramble. The DERP is a critical planning phase for many reasons, but most important is that it leads to the next step of this framework, which is the execution of a proactive “left of sUAS launch” operational posture. 

The concept of a left-of-sUAS launch function/plan within the security program is a new idea that takes all the information gathered from this methodological approach and solidifies it around an operational action. This plan is focused on 10 steps that engage the proprietary, contract and external stakeholders to a point of coordinated task execution and link directly to the DVRA analysis, technical data gathering and DERP planning. During this phase of “air domain” planning, the DVRA analysis is refined, key named areas of interest (NAI) within five kilometers of the facility are identified and, within those NAIs, specific target areas of interest are designated to allow for finite focusing of patrolling assets as it pertains to potential launch locations and air ingress routes. In essence, the operationalization of the assessment and plan information takes shape. Now you might think we are done here. There is now a critical phase of this framework left to consider. As we’ve often heard, practice makes perfect and repetition builds proficiency. Let’s finish with training, rehearsing and exercising. 

Training, rehearsing and exercising are essential but time-consuming actions that turn this framework into a comprehensive approach, but finding time is always the hardest part of making it happen. Coordinating calendars and attempting to do too much too quickly is a common mistake, or simply not doing anything at all makes the previous effort useless. The DERP and the “left of sUAS launch” plans will need significant explanation and support, so a good way to approach this task is to break it into digestible phases. By starting with internal and proprietary staff, the security professional sets the conditions to train external stakeholders that will often have a high turnover rate, making proficiency difficult but not impossible. A good initial step is to start with tabletop exercises designed to focus on specific scenarios. To do this, follow a crawl, walk and run program framework that builds on itself.  

We no longer have the option of avoiding or disregarding the “air threat” to the security program. This is a cultural shift in thought and approach, but warranted. Don’t sit back and wait. Start your assessment process now, and share it with your teammates. It’s always time to “keep the conversation going!”

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association.