Guest Post: Building the “Air Domain” Into Your Security Program

Building Intelligence’s Bill Edwards, Chair of the SIA Counter-UAS Working Group, Answers the Question, “Where Do I Start?”

Bill Edwards is the president of federal and public safety at Building Intelligence Inc. and chair of the SIA Counter-UAS Working Group. He is a retired U.S. Army colonel and veteran of the Iraq War.
Bill Edwards is the president of federal and public safety at Building Intelligence Inc. and chair of the SIA Counter-UAS Working Group. He is a retired U.S. Army colonel and veteran of the Iraq War. He is also the author and provider of a series of online training courses.

The small uncrewed aircraft system (sUAS) evolution is well underway. A recent drone event in New Jersey, where a person used their sUAS platform to drop chemicals into swimming pools to turn the water green, is not about turning pool water green – it’s about capability and the continued maturity of use cases in private-sector environments. The sUAS technology impact on society is in all aspects revolutionary in that it is changing many facets of everyday life while reshaping the security and safety landscape. This shift is something that security professionals are starting to respect, and the need for support, knowledge and information exchange is critical. What we are seeing is a tidal wave effect creating a major change to the physical security playbook, and this is proving to be significant. Security and safety professionals are now facing a domain that requires deeper thought, advances in technology support and an understanding of how to plan, prepare and execute an air domain program that nests with the overall physical and cyber plans, policies, procedures and, of course, law. The duty of care responsibility has become significantly more complex. Further complicating issues is the lack of emphasis on “the how” and answering the question of “where do I start?” Fortunately, initiatives are emerging to support security professionals in all market verticals that answer and support that exact question. 

Fundamentally, there is one methodology that captures the challenge in a simple and easy-to-follow framework. That framework consists of six major steps:

  1. Conduct a drone vulnerability and risk assessment (DVRA): The DVRA framework is a process that identifies the threat, accounts for critical assets, determines vulnerabilities to those assets and then offers responsible and proportionate risk mitigation recommendations.
  2. Determine the sUAS activities over your business or venue by conducting a 14- to 30-day pilot of a detection capability that can begin to show you the pattern of life. This pilot will reinforce your DVRA and provide critical data that will support capital investment in a more permanent path forward. 
  3. Train, educate and understand the differences between drone detection, monitoring and visualization (security operations center user interface, technologies versus true counter-UAS mitigation technologies. Lastly, dive into current law and understand the processes in place that may or may not support a counter-UAS deployment, especially when your business or venue is supporting a large public mass gathering event, where the potential for a “bad day” and the risk to the public is high.
  4. Develop and incorporate a drone emergency response plan (DERP) into the overall business or venue security program. The DERP is a framework that provides critical information on how to build the policies, procedures and standing operating procedures needed to execute operations. The DERP course aims to impart fundamental knowledge in carrying out a DERP.
  5. Taking the knowledge gained from the DVRA, the airspace reconnaissance, and the DERP, build the first of a series of tabletop exercises. First, start with leadership and proprietary staff. Then elevate to the next event by adding key external stakeholders and finally including contract and special staff. This approach allows for the formation of a comprehensive training, rehearsal and exercise program that supports a coordinated and ready sUAS incident response. 
  6. The final step is to establish and substantiate a formal business training, rehearsal and exercise program that is kept on the calendar and supported by leadership. These are “fenced off” events that are known well in advance and have the full support of the leadership to avoid any distractions. This is the type of hands-on training that shows the gaps in policies, plans and procedures and allows for real-time lessons learned to be identified and implemented, thereby showing the staff the agility of the business to make important changes that reflect their hard work and dedication to the business purpose. 

Unfortunately, there are many examples across the globe that highlight the need for this detailed approach concerning the air domain and sUAS technology. Look no further than Ukraine and the effects of commercial off-the-shelf drone platforms playing a major role in combat operations for both sides. This leap in platform capability (think first person view as one example) is now the driving emphasis on including the “air perimeter” in security thought where the threat of surveillance, direct attack and intellectual and informational property theft is now a reality. 

In the end, if security professionals follow this framework and certify proprietary and external staff, they are establishing a formal risk mitigation process that will meet the business and venue owner’s duty of care responsibility while raising the level of expertise in all stakeholders involved. Let’s keep the conversation going!