What's the Right Way to Regulate Commercial Drones?

What's the Right Way to Regulate Commercial Drones?

Before the Black Friday shopping, let’s consider how to keep every side satisfied.

As the barrage of television, newspaper, and online advertisements alert us to Black Friday shopping extravaganzas, small unmanned aerial systems (sUAS) remain prominent gifts for this year’s holiday wish lists. The ever-lowering costs of these commercial, hobbyist aircraft—and their components—combined with the FAA’s decision to relax restrictions on when, where and what can be flown, and by whom, has the law enforcement community decidedly less excited. Today, law-enforcement operators have two legal options for enforcing laws that address either negligent or deliberately antagonistic drones in urban and rural domestic environments: (1) see something, say something, and (2) forensically identify the drone owner-operator after it has taken off, landed, or caused harm or disruption.

Glaringly absent in law enforcement’s toolbox is the ability to actually counter drones. Interdicting or preventing a sUAS after take-off and before disruption or deliberate damage occurs is bit of a blurry mess.

Law enforcement’s ability to address the threat of negligent or deliberate misuse of drones is very limited. First, legal authorities are unclear, and policies almost nonexistent. Under current law, there is no legal difference between a manned or unmanned aircraft, so interfering with a drone carries the same legal penalties as interfering with a manned aircraft (i.e., go to jail for hijacking). While modifying existing case law or introducing new laws take time, these issues are being addressed by a number of working groups. The speed of technological evolution makes developing a relevant legal framework challenging.

A larger problem, however, is the lack of technology that can reliably address these challenges. While there is no shortage of claims (many unsubstantiated) and marketing for counter-drone systems, they almost exclusively rely on drone manufacturers and owners to follow the community’s rules and traditions. In this honor-based system, counter-drone manufacturers and owners assume the drones have unencrypted data links, the software is reliable or has not been hacked, and that manufacturers (companies or DIYers) actually have built in fail-safes. This is a two-part assumption: first, that COTS drones will act as they say they do on the box, and second, that COTS drones will not be modified after purchase.

Like guns, buying one and registering it legally does not guarantee that it won’t be modified after purchase or that it won’t be used illicitly. Taking this analogy somewhat further, this is like the sale of automatic weapons—for military use—in gun enthusiast shops. COTS drones are increasingly becoming autonomous; consequently, using any radio-frequency-based, cooperative Counter–Unmanned Aerial Systems (CUAS) methods will soon become obsolete.

The most challenging messages to relay to law enforcement tasked with procuring counter-drone systems include: (1) COTS and DIY drones may not perform as they are supposed to; (2) COTS and DIY drones can be engineered—hardware and software—to ignore, spoof, or introduce new commands; (3) current counter-drone systems claims are not backed up by rigorous testing in “polluted,” “dirty,” densely populated areas, where there is interference that can confound or be impacted by today’s radio-frequency countermeasures.

The fuzziness around countering sUAS (CUAS) entails legal, technical, and operational challenges, including:

• Any measures used to take control of another aircraft, no matter how small, is legally hijacking.

• Selling some existing countermeasures for use in urban environments (non-battlefield) is legal, whereas the possession of GPS jammers can be illegal in other cases. In all cases, using them is not legal.

• By their nature, sUAS literally fly under the radar, which makes their detection and defeat a real challenge, should traditional radar be the method of detection.

• The hardware and software used to control sUAS has no standards; it can take any form the manufacturer (company or individual) wants. There are no requirements for reliability or functionality. This impacts the owner-operator trying to disrupt, deter, or defeat a drone that either has (1) not responded to its given command signals, (2) been hacked to circumvent, for example, geofenced areas, or (3) assumes that today’s nonmilitary countermeasures based on cooperatively engaging with the sUAS will work as they are supposed to. Hoping a COTS drone will act as it is supposed to so that it can be countered is not a winning strategy, and it can result in serious loss of property or life, or severe disruption of services.

• There are enough open-source instructions on how to build a DIY drone that is unique and untraceable.

• There are numerous web sites that explain how to hack drones so they can’t be stopped by current CUAS systems. In fact, several companies are developing or selling technologies specifically designed to negate the effects of current CUAS systems.

•  Liability and risk-transfer solutions have yet to be articulated for the drone manufacturer (COTS), the buyer of countermeasures, the user of the COTS drone and the user of the CUAS product.

• Law enforcement operators do not have a set of operational requirements or policies that designate authority, identify when and how to respond, and that help to identify what countermeasures to procure.

Unfortunately, the use of sUAS to perform criminal acts, including espionage, delivery of contraband across borders and into prisons, or merely as a peeping skybot, are not the only cases of misusing COTS drones. Of course, buying a drone for a loved one or for oneself in the spirit of holiday giving need not be fraught with nefarious undertones. Yet law enforcement is responsible not only for managing criminal intent, but also for dealing with accidents and unintentional incidents that have the ability to cause disruption or disaster. Nowhere has this public safety issue featured more prominently than in and around airports.

For the operational communities, the “how” is intimately tied up with the “what.” And while kinetic or nonkinetic countermeasures are being discussed for use in deployed spaces, and there have been some instances of use, there are no policy, doctrine, requirements, or suite of technologies that are being used effectively. Furthermore, their applicability to urban or contested environments is decidedly unclear. What’s more, the reliability of CUAS countermeasures is questionable at best, and absent at worst. The possibility for systems failures is real because COTs drones are built according to any standards. So sUAS used for entertainment, by hobbyists and even by commercial operators engaged in safety-and-security missions run the risk of unintended consequences. Alas, the same systems failures that apply to COTS or DIY drones also apply to commercially marketed CUAS systems.

Moreover, countermeasure solutions need to be agnostic to intentionality and be mindful of acceptable collateral losses. While the law-enforcement community has articulated this issue, a roadmap for operational decisionmaking has yet to emerge. Similarly, for border security operators, there is a need to more fully articulate the rules of engagement of when, who, where and what is to happen in scenarios where nonmilitary sUAS incursions occur in violation of prohibited airspace. Drone registration initiatives, along with campaigns warning drone pilot-operators of what is prohibited, are necessary but not sufficient for preventing or mitigating the effects of drone systems failures or deliberately misused drones.

As the race to identify reliable technological countermeasures gathers momentum, it is hoped that law enforcement end-users of counter-drone technologies are involved in helping to identify the operational needs that will underpin technological solutions. In the absence of any real operational guidance for law enforcement operators, industry is left to create requirements. These industry-prescribed requirements are not always aligned with operators’ needs, doctrine and legal permissibility. To be sure, industry does have a role to play in the overall design, distribution and even deployment of relevant countermeasures. The operative word, however, is relevant.

Melissa S. Hersh is a Washington, DC-based risk analyst and consultant. Michael Hopmeier is President of Unconventional Concepts, Inc., an engineering and policy consulting firm specializing in national security issues. He is also a consultant and senior advisor to numerous government agencies and organizations. Views expressed are their own.

Image: Commercial drone. Pixabay/Public domain