It’s no surprise that the proliferation of commercial drones operating in United States has spawned interest in technologies to counter such drones when they pose a threat. What’s not well understood, however, is that taking cyber control of another aircraft—even to stop it from crashing or deliberately threatening people—isn’t permitted under U.S. law. Taking control of a remotely-piloted aircraft is tantamount to cyber hijacking. Tampering with the ground control station of a drone is unlawful even if that tampering is performed by law enforcement. Just as it’s illegal for law enforcement officials to listen into a phone conversation and then impersonate the voice on the call to alter the instructions being given to the receiving party. Getting a warrant for such an operation is highly unlikely even in extenuating circumstances where security is at stake, thus making routine use by law enforcement nearly implausible. Furthermore, if the call is encrypted, the technology used to impersonate the voice may prove futile.
The very same First and Fourth Amendment rights are at the heart of the counter unmanned aerial system debate. A CUAS is a system to detect, track, respond to and mitigate the effects of threat drones—those that would break laws, injure people, disrupt society and damage things. While the overwhelming majority of commercial systems currently available are capable of detecting data links, assessing the data, and then taking control of the data to create an alternate outcome, what’s the legal basis for doing so? And, if the communications are encrypted, is there any assurance that the process will work?
Unfortunately, it’s not easy for buyers of these systems to separate fact from fiction. There’s relatively little data available on reliable CUAS because we don’t yet have standards against which to measure reliability. Not only must operators distinguish what’s legally permissible from what’s functionally possible, end-user due diligence also requires separating marketing claims from actual capabilities. CUAS operators must also be able to weigh the risks and rewards of their decisions.
There’s another glitch here as well, and it’s a big one. Since commercially marketed CUAS tend to be radio frequency (RF)-centric, they are technically hampered by needing to know in advance the RF signature of the platform they are going up against. In short, the offending drone must be able to cooperate and communicate with the CUAS for there to be successful engagement. Recent advances in fully autonomous flight don’t depend upon receiving or transmitting RF signals, and this is bad news for current RF-centric products.
The real need is for CUAS able to operate successfully in the absence of known RF signals. Non-cooperative engagement is vital for meeting the needs of emerging technologies that allegedly elude electronic interference (regardless of their legal permissibility). Equally important are CUAS operators who understand the rules of engagement and risks of collateral damage, including unintentional disruption of aircraft control systems and wireless systems of all kinds.
Furthermore, there are serious concerns about using what amounts to electronic warfare in civilian environments, something that could result in interference with medical devices or systems that affect industrial and infrastructure processes. RF spectrum management has strategic, operational, tactical and economic components. Currently, there is no agreement among the Federal Aviation Administration, Federal Communications Commission, National Telecommunications and Information Administration, the Department of Homeland Security, and the Defense Department on commercial CUAS spectrum management issues. This must be resolved.
Buyers need to be able to ask and answer questions about what, why, how, when, and where to deploy a CUAS, and who’s responsible. The only way to ensure that the technology under consideration is reliable is to understand what goals it’s supposed to enable an operator to accomplish. Having an operational plan is a good start. Knowing the threats and vulnerabilities in one’s zone of concern is not just useful for understanding what system should be considered, but is vital. Not all environments are the same.
There’s currently no accreditation body or agency providing validation services for CUAS capabilities or operator training. While there will likely be such entities in the future, for the time being buyers should look to universities engaged in test and evaluation as well as reputable, independent safety companies.
Technical due diligence, operational planning, and procurement decisions that consider off the shelf options, custom-made solutions, and upgradeability are all necessary for reliable and accountable use. However, there’s no use case if there’s no permissive regulatory environment.
Michael Hopmeier is President of Unconventional Concepts, Inc., an engineering and policy consulting firm specializing in national security issues. He is also a consultant and senior advisor to numerous government agencies and organizations. Melissa S Hersh is a Washington D.C.-based risk analyst and consultant. She is also a Truman National Security Fellow and Non-Resident Fellow at the Stimson Center. Views expressed are their own.