Skip to content

On 5 October 2018, President Trump signed the Federal Aviation Administration (FAA) Reauthorization Act of 2018, providing new authority for the Department of Homeland Security (DHS) and the Department of Justice (DOJ) to “mitigate” threats from unmanned aircraft systems (UAS) or “drones” using counter-UAS (C-UAS) measures. The new law also makes changes, additions and clarifications to the current rules regulating the private and commercial use of drones.

The C-UAS provisions of the FAA Reauthorization Act originated in a standalone Senate bill introduced earlier in 2018 by Senators Ron Johnson (R-WI) and Claire McCaskill (D-MO), the Chairman and Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, respectively. While privacy advocates and some drone operators opposed the new authority as being too broad and potentially subject to abuse, the bottom line was that outdated communication and aviation laws have prevented federal agencies from employing any C-UAS measures, despite the very real threat from UAS attacks.  

In an October Senate hearing, FBI Director Christopher Wray stated that “While there has been no successful malicious use of UAS by terrorists in the United States to date…[w]e have seen repeated and dedicated efforts to use UAS as weapons, not only by terrorist organizations, such as ISIS and Al Qa’ida, but also by transnational criminal organizations such as MS-13 and Mexican drug cartels, which may encourage use of this technique in the U.S. to conduct attacks. The FBI assesses that, given their retail availability, lack of verified identification requirement to procure, general ease of use, and prior use overseas, UAS will be used to facilitate an attack in the United States against a vulnerable target, such as a mass gathering.” Wray also noted the recent attempted assassination of Venezuelan President Maduro using explosives-laden UAS and the foiled 2012 plot by U.S. citizen Rezwan Ferdaus. Ferdaus, who held a degree in physics, obtained multiple jet-powered, remote-controlled model aircraft capable of flying 100 miles per hour and planned to fill them with explosives and crash them into the Pentagon and the Capitol using a GPS system in each aircraft.

The new law provides DOJ and DHS with the authority to “authorize personnel with assigned duties that include the security of or protection of people, facilities or assets to take such actions that are necessary to mitigate a credible threat [as defined by DOJ, DHS, and DOT] that a UAS poses to the safety or security of a covered facility or asset.” The actions authorized run the gamut from providing warnings to drone operators, jamming signals and using “reasonable force, if necessary, to…destroy the UAS.” DOJ and DHS are required to coordinate with the FAA when authorized actions might affect aviation safety or the use of airspace, or if the actions involve intercepting communications from a UAS. DOJ, DHS, and DOT must also formulate guidance, conduct risk assessments, test equipment and comply with a variety of reporting requirements. Finally, any C-UAS actions that are taken must also be conducted in a manner consistent with the First and Fourth Amendments.   

The law defines the term “covered facility or asset” as those (1) within the United States; (2) that are identified by DHS and DOJ through a risk-based assessment; and (3) that directly relate to one of the following missions: US Coast Guard and US Border Patrol security operations; US Secret Service protection operations; Federal Protective Service protection of DHS facilities; US Marshalls and DOJ protection of facilities and court personnel; Bureau of Prisons protection of high-risk facilities; Security for Special Events; National Special Security Events; Special Event Assessment Rating Events; when a state governor or attorney general requests assistance for a mass gathering event that would not otherwise fall into the security for special event category; active Federal law enforcement investigations, emergency responses, or security operations carried out by DHS or DOJ; or reacting to a known national security threat that could involve unlawful use of a UAS.  

While the Act defines the “personnel” who can take C-UAS actions as “officers and employees of the Department of Homeland Security or the Department of Justice,” the report that accompanied the precursor Senate C-UAS bill states that the bill “also authorizes contracted employees of DHS to use the authority in accordance with regulations and guidance by DHS.”  As a result, DHS contractors, such as security companies with Federal Protective Service contracts, could be authorized to take C-UAS actions.

Some C-UAS advocates would also like to see the use of C-UAS equipment be made legal for local law enforcement.  The Act does not go that far, but it does call for DHS/DOJ/DOT to conduct “an evaluation of current Federal and State, local, territorial, or tribal law enforcement authorities to counter UAS threats” and to make “recommendations, if any, for potential changes to existing authorities to allow State, local, territorial, and tribal law enforcement to assist Federal law enforcement to counter the threat where appropriate.” The Act also directs the FAA to develop a strategy for working with state and local governments on how to identify and respond to public safety threats posed by unmanned aircraft.

Thinking ahead to private sector use of C-UAS, DHS also must conduct an assessment on the threat from UAS to critical infrastructure and large domestic airports that will include assessing the current resources available to private and state-owned critical infrastructure and large domestic airports.

As noted, the new law also makes changes to the current rules and processes governing private and commercial drone use, which in the security field has seen a steady rise. While the global market for commercial drone use is currently worth $2B, a 2016 PwC report predicts that number will rise to $127B by 2020, with security set to account for $10B worth of the market behind only infrastructure, agriculture and transportation.  

There are many uses for drones related to security. They can be used to conduct facility risk and damage assessments; monitor perimeters, parking lots, prisons, college campuses, stadiums and other outdoor venues (at night with a thermal imaging camera); to conduct inspections and to assist in executive and convoy security (especially in remote/hostile locations). They also can be used to monitor and secure remote assets, to provide emergency relief, and can be equipped with audio and video sensors. An additional benefit from the use of drones is the potential to reduce overall security operations costs.

In order for a company to use drones commercially for security purposes, it must follow the FAA’s restrictive operational rules, known as “Part 107”, that went into effect in 2016. Some of these restrictions include stating that drones cannot fly over people, they must be operated in a visual line of sight, they can only be used during daylight hours and must fly below 400 feet. These rules are not very conducive to many security and other applications for drones, especially the line of sight requirement.  To operate a UAS for commercial purposes outside of the Part 107 rules, one needs to obtain a FAA certificate of waiver. The FAA states that it will issue waivers to certain requirements of Part 107 if an applicant demonstrates they can fly safely under the waiver without endangering people or property on the ground or in the air.

However, a June 2018 congressionally mandated report by National Academy of Sciences found that “an overly conservative approach to safety risk assessments at the FAA...which tends to overestimate the severity and likelihood of risks from many types of drone operations, can be a significant barrier to introduction and development of this emerging and rapidly changing technology.” Thus, “drone operations in the United States that have the potential of providing safety benefits have been prevented from entering the airspace because of FAA’s application of safety risk assessment techniques, developed over many years for manned aviation, which require evidence of a near-zero tolerance for risk.” A 2018 study found that only 15% of all waivers have been granted and just over 1% of all applications for a waiver to fly beyond line of sight or to fly over people have been approved. The vast majority of the 15% of waivers granted were for nighttime operations (a 37% approval rate). In addition, the waiver process has been plagued by a lack of transparency and delays.     

The new law addresses the waiver process by requiring the FAA to publish on its website a representative sample of the safety justifications used to get small unmanned aircraft waivers. The FAA also must revise the waiver process to provide real-time confirmation that an application has been received and confirm the status of the application. The FAA will also be required to ensure that unmanned aircraft can be used to quickly and efficiently respond to disasters or other emergencies.   These changes to the waiver process combined with a current FAA program called the Integration Pilot Program, which involves government and private sector entities teaming up on drone use projects to better enable the FAA to understand and more smartly regulate night operations, flights over people and beyond the pilot's line of sight, package delivery and detect-and-avoid technologies, should accelerate the greater and more complex use of commercial drones.