This page focuses on the work of NPSA, and introduces the key components that need to be developed to build a C-UAS strategy and plan for a site. These pages will be updated and added to as new guidance becomes available.
This information has been created to assist national infrastructure site security managers in developing a C-UAS strategy. Many of the concepts will apply to crowded places and major events; however, there will be some differences.
Developing a C-UAS strategy
Counter uncrewed aerial systems (C-UAS), for the purposes of this page, is used to describe a wide range of protective security measures and processes that can be used to mitigate the risk of hostile UAS activity.
In order to mitigate the risk of hostile UAS activity at your site to an acceptable level, there are multiple complex factors involved in developing an effective C-UAS strategy. These create a requirement for a considered and structured approach to be adopted. The foundations for this approach should be developed within a C-UAS strategy and plan, the components of which are outlined in the following sections and set out in more detail in the NPSA guidance document titled: Countering Threats from Uncrewed Aerial Systems - Making Your Site Ready.
The development of a site's C-UAS strategy must acknowledge, and indeed integrate, with wider protective security measures that are already in place. The introduction of C-UAS mitigations must augment the site's existing concept of operations to achieve an all-inclusive security solution. This holistic set up will need to be informed by a strategic risk assessment, summarising the security risks posed by hostile UAS and the organisation's aims to address them and so protect the site.
A plan should then be developed setting out how the mitigations will be managed and delivered. This will define the detail of what needs to be achieved, who will be involved and the timeframe for delivery.
Working in partnership
The identification and involvement of both internal and external stakeholders in the development of the strategy and plan is very important.
Internal stakeholders must be involved in the development of the solution to ensure they are able to provide support and buy-in at every stage.
As with all matters relating to security and policing, the relationships with the police are key. The contact may be with either the local police or those specifically tasked with providing policing to certain sites. This engagement may provide support: in developing an understanding of the risk to the site, provision of guidance in relation to the mitigation of the identified risk and the development of the overall plan.
Assessing the threat and risk from hostile UAS
UAS have been used unlawfully by threat actors across the world, including terrorists, criminals and those conducting unlawful protest. In addition, users who are simply reckless and negligent in how they fly a UAS, may often cause disruption in or around a site.
It is most important to make a realistic assessment of the risk to a site. Every site will already have a security risk assessment process. A site should first seek to understand how they may be vulnerable to the risks posed by UAS, understand the impact of the different types of UAS incident and then identify suitable mitigation options.
Reducing negligent and reckless useand deterring hostile activity
The number of incidents caused by reckless/negligent users can be reduced by introducing a range of mitigations. These can be tailored to meet your site's needs and may include a mix of the following elements:
- Local business and community engagement
- Security minded communications
- Airspace restrictions and geo-fencing
Straightforward and less expensive measures to mitigate the risk of negligent and reckless use should be adopted at the first opportunity. Other more complex measures such as creating physical barriers may need to be considered when a higher level of risk has been identified.
Physical security measures can be taken to help protect the asset, through for example concealment, disguise, preventing physical access or hardening. Consideration should be given to making launch sites in the immediate vicinity of key assets less appealing by introducing cover from view, adding lighting and controlling or restricting access.
A C-UAS technical solution is intended to provide:
- Early warning that an unauthorised UAS is approaching or within a site.
- A rapid tasking of operational and technical resources to respond to an incursion.
- Information to enable decisions as to the safe operation of the site during and after any incursion.
- Evidence that will support the investigation and prosecution of offenders.
On sites where it is clear that the risks posed by hostile UAS require the site to consider technological countermeasures, then the process of establishing the nature, quantity, appropriateness, relevance and purpose of these can begin.
Technical countermeasures can broadly be broken down into the following categories:
- detect, track and identify (DTI)
- detect, track, identify and effect (DTIE)
Following extensive NPSA and wider government field trials of C-UAS technology, NPSA has developed a C-UAS standard against which it is evaluating mature and readily available equipment. Systems that pass the evaluation are then included in the NPSA Catalogue of Security Equipment (CSE), which provides a listing of a range of NPSA tested equipment. NPSA recommends the use of equipment from the CSE.
There are two elements to the NPSA C-UAS standard; i) DTI, ii) DTIE. Testing of DTI technology is currently underway and testing of effectors (DTIE) will commence in the future, once an appropriate authorisation framework is in place. All C-UAS technology should only be used within the bounds of the law.
The activities already described in relation to local community engagement and security minded communications help build awareness of the threats posed by UAS and encourage the local community and site staff to report and respond to UAS related incidents.
For any threat to an asset it is important to develop:
- A patrol plan for steady state operations that will act to both detect and deter unauthorised activity.
- Reporting processes that enable the collection of key information.
- A dynamic threat assessment process to help determine an appropriate response on the basis of the information available.
- Response plans that are rapidly deployable, proportionate, effective and lawful. Each having clear lines of accountability for decision-making.
- An exercise plan that will test the capabilities being developed.
- A concept of operations that defines how the response to any incident will be delivered, bringing together people, policies and technology.
Testing and exercising
The development of an end-to-end testing and exercising plan will be vital. It should be used to aid decision making in relation to the mitigations being selected. This is particularly important when DTIE options are being considered. Table-top exercises (TTX) should be used to confirm the selection of mitigations and satisfy decision makers that the right solutions are being selected and there is good understanding of the implications of each element.
A series of exercises should be developed in preparation for, and to refine, all the elements within the concept of operations. The TTX, and follow up field exercises, provide an opportunity for refinement and to ensure all aspects are understood, integrated, that technical capabilities are working and there is a clear understanding of roles and responsibilities.