The small uncrewed aerial system (sUAS) evolution is well underway. This technology’s impact on society is in all aspects revolutionary in that it is changing many facets of everyday life while reshaping the security and safety landscape. This is something that security professionals are starting to respect and the need for support, knowledge, and information exchange is critical. What we are seeing is a tidal wave effect creating a major change to the physical security playbook and this is proving to be significant. Security and safety professionals are now facing a domain that requires deeper thought, advances in technology support, and an understanding of how to plan, prepare, and execute an “air domain” program that nests with the overall physical and cyber plans, policies, procedures, and of course law. The duty of care responsibility has become significantly more complex. Further complicating issues is the lack of emphasis on “the how” and answering the question of “where do I start.” Fundamentally, there is one methodology that captures the challenge in a simple and easy-to-follow framework. That framework consists of three steps and is provided under the ASIS International Preferred CPE Provider Program through online training.
- Conduct a Drone Vulnerability and Risk Assessment (DVRA). The DVRA framework is a process that identifies the threat, accounts for critical assets, determines vulnerabilities to those assets, and then offers responsible and proportionate risk mitigation recommendations. Understanding this process and the framework is detailed in the DVRA course. This course aims to impart fundamental knowledge in carrying out a Drone Vulnerability Risk Assessment (DVRA). It provides a structured approach to assessment and introduces basic concepts to kickstart your ability to add it to your security program. The DVRA will serve as the bedrock for your comprehensive drone risk mitigation strategy and seamlessly integrate with your existing business security program. Certification training and continuing professional education can be attained here.
- Train, educate, and understand the differences between drone detection, monitoring, and visualization (security operations center user interface (UI) technologies), versus true counter uncrewed aerial system (CUAS) mitigation technologies. The CUAS course aims to impart and introduce the fundamental knowledge needed to understand CUAS technologies and the limits on their use. Certification training and continuing professional education can be attained here.
- Develop and instantiate a Drone Emergency Response Plan (DERP) into the overall business or venue security program. The DERP is a framework that provides critical information on “how” to build the policies, procedures, and standing operating procedures needed to execute operations. The DERP course aims to impart fundamental knowledge in carrying out a Drone Emergency Response Plan (DERP) and is directly linked to the foundations established in the Drone Vulnerability & Risk Assessment (DVRA) course. The DERP will serve as the bedrock for your comprehensive drone risk mitigation strategy and seamlessly integrate with your existing business security program. It will establish a framework for “response” and “action” during a drone event. Certification training and continuing professional education can be attained here.
Unfortunately, there are many examples across the globe that highlight the need for this detailed approach concerning the air domain and sUAS technology. Look no further than Ukraine and the effects of commercial off-the-shelf drone platforms playing a major role in combat operations for both sides. This leap in platform capability (think first person view as one example) is now the driving emphasis on including the “air perimeter” in security thought where the threat of surveillance, direct attack, and intellectual and informational property theft (SAII) is now a reality.
In the end, if security professionals follow this framework and certify proprietary and external staff, they are establishing a formal risk mitigation process that will meet the business and venue owner's “duty of care” responsibility while raising the level of expertise in all stakeholders involved. Let’s keep the conversation going!
Bill Edwards, CPP, PCI, PSP - President of Building Intelligence Inc.
