Cautious Optimism on the FAA Drone ANPRM

Posted at Security Debrief-1.22.2019 By Ken Dunlap

The last twelve months have been a banner year for global experimentation in countering rogue drones. Alleged sightings at Gatwick and Heathrow resulted in flights being cancelled for 150,000 passengers and delays for thousands more.  A couple was arrested, ruled out, and released. Millions of £ pounds were spent on counter UAS systems rushed to the alleged scenes of the crime and presumably victory declared. -at least by the system manufacturers. Add to the mix an Aeromexico flight damaged in-flight by what arm-chair accident investigators immediately concluded was a drone. It was a busy year.

Through all of this, let’s give credit where credit is due to the Department of Homeland Security (DHS) and other U.S. Government agencies for not over-reacting. Yes, it can and will happen in the U.S. sooner rather than later--but we need to react to the real threat and not the perceived threat as others have done to date. Part of this involves putting the regulatory fundamentals in place and setting the scene for the countermeasures that will necessarily be placed on top of them.

Department of Transportation (DOT) Secretary Chao took an important step in mid-January by announcing an ANPRM (or advanced draft rule) on safe and secure operations and an NPRM (or draft rule) on flights over people. As expected, most of the resulting press has focused on drones being allowed to fly over you and me and to fly at night. Both activities are severely restricted under existing regulations. Drone proponents are naturally giddy over these developments.

At the same time, and with little public attention, in the notional rules FAA proposes a series of fundamentally important steps to address the national security risks “not anticipated or envisioned” should these rules go into effect. In many ways, these provisions set the stage for good countermeasures and avoid the current industry and government paradigm of “fire, aim, ready” when responding to drone incursions. Here’s a brief rundown.

Remote Identification and Tracking. Regardless the system, and hopefully DOT choses inexpensive and rational methods, remote ID serves as an important way of separating so called good operators from rogue operators. It makes the haystack a bit smaller when you look up at the sky and start planning your response. Fundamentally, this is intelligent risk management and not a counter-measure per se.

UAS-Specific Airspace Restrictions. Bully for allowing a streamlined procedure for critical infrastructure operators to designate their airspace as no-fly zones. As in the case with remote ID, this is intelligent risk mitigation. It’s another way of saying by definition if I see you in this airspace you are a rogue drone operator.

Airspeed limits. This warrants an honorable mention, largely for helping tracking systems make automated decisions on the category of risk to assign to an observed vehicle. Also too, limiting the amount of damage a vehicle can cause by limiting the kinetic energy it possesses.

What’s missing from the DOT proposals and areas for DHS to address, the drone threat needs to be placed within context among all the other threats to critical infrastructure. Next, we need to map the specific vulnerabilities of each piece of critical infrastructures that we believe may be vulnerable to UAS systems. Finally, we need to develop countermeasures based on the actual vulnerabilities of drone systems and not ones we imagine. All of these steps must be required before we jump to close airports, arrest individuals, and deploy countermeasures.

DHS also has a role in preparing for future drone systems. The work needs to start because tomorrow’s drone threat will be nothing like todays.

Most of today’s countermeasures work by exploiting basic vulnerabilities in the control systems used to stabilize and navigate the drone. The ground truth today is that the drones you see and read about rely on external data sources for guidance, whether it is one of the global positioning systems (GPS) or operator commands through a telemetry link.

Eliminate correct GPS signals and within 30 seconds the drone loses its sense of position. Jam the command link and the operator immediately cannot steer the vehicle or drop ordinance. Tomorrow’s autonomous vehicles rely on internal sensors to sense their environment and guide themselves. GPS and command links are not required.

For these types of autonomous vehicles, we will need to have a different suite of countermeasures that include advanced materials, coatings, and deception. That is because autonomous vehicles rely on machine perception systems, such as LiDAR, camera arrays, or even RADAR to build a picture of their world and navigate through it to achieve mission success.

That’s how we need to be thinking because these vehicles are here now. You can read more on this topic by reading our white paper: Countering Tomorrow: The Age of Materials, Coatings, and Deception. If you are a developer or potential user countermeasures, you need to consider Safety Act coverage.