In July of last year, a DJI Mavic 2 drone approached a Pennsylvania power substation. Two 4-foot nylon ropes dangled from its rotors, a thick copper wire connected to the ends with electrical tape. The device had been stripped of any identifiable markings, as well as its onboard camera and memory card, in an apparent effort by its owner to avoid detection. Its likely goal, according to a joint security bulletin released by DHS, the FBI, and the National Counterterrorism Center, was to “disrupt operations by creating a short circuit.”
The drone crashed on the roof of an adjacent building before it reached its ostensible target, damaging a rotor in the process. Its operator still hasn’t been found. According to the bulletin, the incident, which was first reported by ABC, constitutes the first known instance of a modified, uncrewed aircraft system being used to “specifically target” US energy infrastructure. It seems unlikely to be the last, however.
In a response to a request for comment, a DHS spokesperson wrote that the agency “regularly shares information with federal, state, local, tribal, and territorial officials to ensure the safety and security of all communities across the country.”
When it comes to the potential for consumer drones to wreak havoc, experts have sounded the alarm for at least six years, saying that their broad availability and capabilities provide opportunity for bad actors. In 2018, an explosives-laden drone carried out an apparent assassination attempt on Venezuelan president Nicolas Maduro. ISIS and other terrorist groups have used consumer-grade quadcopters for both surveillance and offensive operations.
But the Pennsylvania incident represents an alarming escalation in drone use stateside. The US has had incidents before: A drone landed on the White House lawn in 2015, and a recent surge in drone sightings near airports and other critical sites has sent the FAA scrambling. Until now, those intrusions could be written off as accidental. No longer.
“I am surprised it’s taken so long,” says Colin Clarke, director of policy and research at the Soufan Group, an intelligence and security consultancy. “If you have a modicum of knowledge of how drones work, and you can access some crude explosives or just ram it into things, you can cause a lot of damage.”
The operator of the Pennsylvania drone appears to have attempted a less brute-force approach. But efforts to hide the operator's identity may have contributed to their failure to connect with the intended target. By removing the camera, the joint bulletin says, they had to rely on line-of-sight navigation, rather than being able to take a drone’s eye view. While this effort failed, the report’s analysts are clear that it’s unlikely to be an aberration; if anything, they expect to see drone activity “increase over energy sector and other critical infrastructure facilities as use of these systems in the United States continues to expand.”
That mounting threat has not been met with proportional mitigations. While the FAA does place limits on where consumer drones can fly, security experts and drone manufacturers alike have urged it to do even more. “Just like the manufacturers of pickup trucks or mobile phones, we have almost no ability to control what people do with their drones once they have them,” says DJI spokesperson Adam Lisberg. "DJI has long supported giving authorities the legal ability to take immediate action against drones posing a clear threat, and we have long supported laws to penalize some intentional misuse of drones."
“The FAA is still dragging its feet on its congressionally mandated requirement to develop procedures for critical infrastructure locations to request airspace restriction,” Lisberg says. The agency has rulemaking underway to address that requirement, a provision of the FAA Extension, Safety, and Security Act of 2016, but did not provide a specific timeline. "The FAA is aware of the July 2020 incident in Pennsylvania," the agency said in a statement. "The agency works closely with the Department of Homeland Security and other federal, state, local, and tribal security partners to support investigations into malicious drone activity."
Countermeasures like geofencing certain areas, which prevents compliant drones from flying there, are effective to a point, but the process for designating those spaces remains something of a patchwork, says Clarke. And more aggressive anti-drone technology, which can range from signal-jamming guns to megadrones to eagles, often face regulatory challenges of their own. Outfitting every single power substation in the US with drone countermeasures would also present significant financial and logistical hurdles.
For its part, DHS only received legal authority to disrupt or destroy threatening drones with the 2018 Preventing Emerging Threats Act. The agency's Science and Technology Directorate oversees counter-UAS research in search of systems that are effective but not overly disruptive.
There has been some recent traction at the FAA, as well. New rules governing the remote identification of drones in flight, and their ability to fly over people and at night, took effect in April. And on Thursday, Hearst Television reported on recent drone detection tests that the FAA undertook at New Jersey’s Atlantic City International Airport. The agency plans to expand that program to other airports, but the research and testing phase could take at least 18 months, according to the report. Assessing more proactive defensive measures would likely take even longer.
It’s certainly welcome news that regulatory bodies are taking drones seriously. But the Pennsylvania attempt, while unsuccessful, underscores how urgent the threat has become—a warning that some have sounded for years.
“Our thinking about this is still in its very nascent stages,” says Clarke, “and it shouldn’t be, because drones have been around a long time.”