In November 2024, the Federal Bureau of Investigation (FBI) thwarted an attack on the Nashville power grid by a man attempting to use an explosive-laden drone. The FBI indicated that the defendant had ordered the explosive C4 from undercover agents. In the U.S., most critical infrastructure was designed and built in a relatively low-threat environment, designed to survive weather events, minimize accidents, and prevent theft, rather than built to protect against attack or sabotage. The idea that people would intentionally destroy infrastructure was generally not considered. For instance, in the energy sector, most substations were simply protected by chain link fences and signage indicating the dangers of high voltage. The reason for fencing was to deter theft and protect the public. In response to the 2013 Metcalf substation attack, utilities – the North American Electric Reliability Corporation (NERC) and Federal Energy Regulatory Commission (FERC) – began to improve transmission substation security. While ballistic walls are effective at protecting transmission substations against rifle fire, this protection still leaves property vulnerable to weaponized drones attacking from above.
Wars in Ukraine and Israel have shown how drones can be used to destroy civilian infrastructure. In a similar fashion, transnational crime organizations embrace weaponized drones to combat rivals and police, as the use of weaponized drones is spreading beyond war zones. In 2020, a drone was used in an attempt to disrupt the U.S. power grid by attacking a substation in Pennsylvania by dropping a metal cable across high-voltage lines. Fortunately, the attack was unsuccessful. However, it is only a matter of time before a drone attack disables or destroys critical infrastructure.
Several technologies can be used to protect infrastructure from drones, including large nets, net guns, radio frequency (RF) and global navigation satellite system (GNSS) jamming, and cyber spoofing. Using other technologies – such as “frangible” ammunition that becomes tiny pellets when fired from conventional firearms, ground-based and aerial lasers, and RF weapons – will need additional legislation and regulation. Currently in the U.S., critical infrastructure protection is the responsibility of infrastructure owners. Protection options are limited by Federal Aviation Administration (FAA) regulations that prevent shooting down drones. Defenders can use RF jamming, GPS spoofing, and net guns for non-destructive removal of drones as long as they comply with federal regulations. As counter-drone systems have been deployed in Ukraine and Russia, drone technologies have also changed. Drones are now being controlled by a spool of very fine fiber-optic cables up to six miles. Using fiber-optic control overcomes radio frequency detection, RF and GNSS jamming, and cyber-spoofing defenses.
In Ukraine, drones with Thermite spray – a combination of aluminum and iron oxide powder – act as flying flame throwers, igniting the tree lines where Russian forces are hiding. When ignited, Thermite spray produces molten metal at about 4,000 degrees Fahrenheit, which can melt through the steel armor of tanks and trucks to ignite the fuel and weapons inside them. Adversaries can use the same type of drones to overcome fixed netting at substations. Thermite spray can be used to ignite the oil used in substation transformers. Napalm and white phosphorus can also be dropped from drones as incendiary weapons. Similarly, highly conductive graphene powder can be dispersed over a substation. The graphene powder short-circuits equipment, causing arcing across bushings, which can damage transformers.
The Threat Mitigation Process
A process the military uses for countering drones can be adapted for the protection of critical infrastructure. It consists of shaping, sensing, warning, intercepting, responding, protecting, commanding, and controlling:
- Shaping reduces attack options and forces attackers into more easily defended approaches.
- Sensing tracks drones and helps identify friends from foes.
- The warning allows site workers and responders to seek protection.
- Intercepting captures or destroys incoming drones in flight.
- Responding enables law enforcement or the military to apprehend attackers.
- Protecting closes off weaknesses and further protects critical assets.
- Commanding and controlling occur throughout the process to coordinate defensive actions and record tactics, techniques, and procedures to inform other vulnerable sites.
Several techniques can be used to detect and identify drones as they approach critical infrastructure. These include acoustic detection, optical and infrared sensing, radio frequency sensing of control channels, light detection and ranging (LiDAR), and radar. Each approach has advantages and limitations. Ukraine uses a network of several thousand pole-mounted cell phones as sensors to inexpensively track incoming drones acoustically:
- Acoustic sensing can be limited by noisy environments and quiet drones.
- Optical and infrared sensing can be effective but requires a line of sight, which may be affected by dust and fog environments. Attackers may pick an approach with the sun behind them to limit optical sensor effectiveness. The infrared signature of a drone may be quite small, leading to false positives.
- Radio frequency direction-finding can provide accurate direction but may have issues with range accuracy for rapidly moving drones.
- LiDAR can provide precise characterizations of an incoming drone but may be affected by dust, rain, and heavy fog.
- Compact radar systems offer the advantages of all-weather, all-time detection. Unfortunately, radar emissions can also be used as homing signals for drones.
Active and Passive Defense
Several technologies can actively capture or disable drones. Net guns launch nets that tangle the propellers of incoming drones, causing them to crash. These can be ground-launched or launched by defensive drones. The U.S. Army has developed an expanding net that can be launched from a standard grenade launcher.
Frangible ammunition can be used from rifles or radar-controlled guns to disable drones. Frangible ammo breaks into small pieces to minimize any collateral damage beyond the target. The effect is similar to skeet shooting.
The U.S. Army is deploying radar-controlled guns along with laser weapons for counter-drone protection. As technology advances and costs come down, lasers or radar-controlled guns with frangible ammunition could be viable solutions to protect critical infrastructure sites.
In addition to lasers and radar-controlled guns, it is possible to defeat drones using phased array high-power microwave systems. These systems use radiated electromagnetic pulses at microwave frequencies to destroy the drone’s control electronics. The sudden change in voltage on control circuitry damages the chips in the drone control system, and the drone loses control and crashes.
One concern with active-defense measures is the potential for collateral damage beyond the target. Bullets, lasers, and high-power microwave weapons require coordination with the FAA to avoid affecting aircraft. Therefore, protecting critical infrastructure in urban areas may be difficult with active-defense solutions.
With the increasing sophistication of drone attacks, infrastructure owners may need to rethink how to design and build facilities. Adding concrete walls and a roof may not be suitable for many existing substations with limited space. Concrete walls require a significant below-grade foundation. One option is to use composite panels for ballistic protection.
It may be necessary to consider building new underground structures in parallel to existing facilities to counter the threat of weaponized, fiber-optically controlled drones equipped with Thermite spray, incendiaries, munitions, and graphene powder.
Command and Control
Many critical infrastructure owners have network operation centers and security operation centers. These are connected to infrastructure sites by fiber, cellular, and satellite links. In the Metcalf substation attack, fiber-optic cables in two communication vaults belonging to AT&T and Level 3 were cut. This action disabled some of the area’s landline, cellular, and internet communications, as well as the 911 center. Once the communications were disabled, attackers shot holes in transformers, causing millions of dollars of damage. These tactics emphasize the need for multiple communication technologies at critical sites.
Satellite communication companies provide flat-panel antennas and electronics that can be used for remote alerting at relatively low costs. Their low profile and small size make them difficult for attackers to destroy. While the data rate is fairly low, it is sufficient for alerting and control. To relay high-speed data, such as images from cameras and Forward Looking Infrared systems or data from Identification Friend or Foe systems, Low Earth Orbit satellite internet data Starlink terminals can provide excellent connectivity. Both solutions provide diverse paths that operate in addition to terrestrial connections.
Next Steps
An analysis is needed to determine which critical infrastructure sites should be protected first. The analysis could consider the possible approaches for defending each site and then recommend the most effective means of protection against emerging drone threats.
Legislation is needed to define exclusion zones for specific activities around critical infrastructure. The legislation should allow critical infrastructure owners to intercept, disable, or destroy drones within the exclusion zone. The legislation may need to address the placement of acoustic, optical, LiDAR, and miniature radar systems, drone identification systems, drone capture systems using net guns, or drone disablement using frangible bullets from human-in-the-loop automated systems, lasers, or high-power microwave systems.
Given the challenges of legislative approval for active-defense measures by utilities and private companies, critical infrastructure owners may need to consider passive protection by fully enclosing above-ground infrastructures using ballistic panels or reinforced concrete roof and walls or by building underground infrastructure for existing facilities.
Congressional action is needed to protect critical infrastructure from the clear and present danger posed by weaponized drones. Congress must provide guidance and funding to install counter-drone systems, encasement, or undergrounding of critical sites. FAA regulations need to be amended to provide exclusion zones around critical infrastructure sites and rules by which critical infrastructure security teams can shoot down weaponized drones before they destroy the infrastructure.
David Winks
David Winks is the senior advisor for Advanced Technology. He currently serves as a subject matter expert for the Foundation for Infrastructure Resilience and as part of the U.S. Department of Homeland Security (DHS) Resilient Power Working Group. He has been a subject matter expert in the U.S. Department of Defense’s Electromagnetic Defense Task Force and the North American Electric Reliability Corporation EMP Task Force. He is a co-author and co-editor of the book Powering Through – Building Critical Infrastructure Resilience, author of the report Protecting the U.S. Electric Grid Communications from EMP, and contributor to the DHS Cybersecurity & Infrastructure Security Agency report Resilient Power Best Practices for Critical Facilities and Sites. Currently working on advanced data centers using immersion cooling for secure environments, David has developed cyber defense architectures utilizing binary hardening, software-defined perimeters, zero-trust access, artificial intelligence, automated orchestration, and restoral for information and operational technology networks. His work includes EMP-shielded natural gas turbines, fuel cells, Stirling engines, solar thermal systems, wind, geothermal, and hydropower generation. He is a co-inventor of a patented, rugged, ground-conformal solar thermal system. David has a degree in physics (cum laude) with additional coursework in electrical and mechanical engineering.
- David Winkshttps://www.domprep.com/author/david-winks
- David Winkshttps://www.domprep.com/author/david-winks
- David Winkshttps://www.domprep.com/author/david-winks
Steve Chill
Steve Chill is a retired Marine with decades of security experience in domestic and overseas environments. He has executed or created U.S. Department of Defense/Service policy for the security of special weapons, ships, and bases of all types and units ranging in size from combatant commands down to the individual Marine. He was recently an author/editor of both Joint Base San Antonio’s guide titled Domestic Electromagnetic Spectrum Operations and Infragard’s Powering Through: Building Critical Infrastructure Resilience.
- Steve Chillhttps://www.domprep.com/author/steve-chill
Frederick Ferrer
Frederick Ferrer is a national intelligence professional, homeland security expert, and educator. He is a 20-year military intelligence veteran who worked with the upper echelons of the U.S. intelligence community before retiring and returning to his home state to complete a PhD program of studies in American history, with minors in Russian and European history. Mr. Ferrer’s last posting was at the Idaho National Lab’s National Security Division. He held top secret security clearances across a half-dozen agencies over four decades. Mr. Ferrer currently teaches topics like counterintelligence, cyber- and anti-terrorism for various universities across the nation.
- Frederick Ferrerhttps://www.domprep.com/author/frederick-ferrer
Michael J. "Apollo" Lovell
Brigadier General Michael J. “Apollo” Lovell, USAF (Ret.), served as the United States Strategic Command Mobilization Assistant to the Director of Intelligence and flew 212 mission-hours as the Airborne emergency action officer on the E‐6B Looking Glass Airborne Nuclear Command Post. General Lovell is an intelligence, surveillance and reconnaissance, and cyber senior leader who served the Texas Air National Guard as the director of intelligence. He is an ISR mission commander with over 1,800 mission hours in the MQ-1, MQ-9, MC-12, RQ-4, RQ-170, and U-2. He has a master of science in executive leadership and is a graduate of the Maxwell School’s National Security Studies at Syracuse University and Kenan‐Flagler’s Executive Development program at the University of North Carolina.
- Michael J. "Apollo" Lovellhttps://www.domprep.com/author/michael-j-apollo-lovell
Mike Swearingen
Mike Swearingen is a retired electric cooperative power systems engineer with 20+ years of experience. He has worked in every aspect of power systems operation, including control systems, protection systems, transmission design, substation design, distribution design, and NERC compliance as well as regulatory matters. He represented his cooperative as a member of the Transmission Working Group, Market Operations and Policy Committee, and Market Working Group at the Southwest Power Pool. He served as an analyst and independent merit reviewer on several projects at the Department of Energy, was a technical advisor for the National Electric Energy Testing Research and Applications Center, and is an IEEE senior member.
- Mike Swearingenhttps://www.domprep.com/author/mike-swearingen
Mary Lasky
Mary Lasky, a Certified Business Continuity Professional, serves as the program manager for business continuity planning for the Johns Hopkins University Applied Physics Laboratory, where she coordinated the APL Incident Command System Team. She also is a member of InfraGard, where she is the vice chair for the InfraGard EMP-SIG. In Howard County, Maryland, she served as president of the Community Emergency Response Network Inc.; president of the board of directors of Grassroots Crisis Intervention Center; and for Leadership Howard County is co-chair of the steering committee for the Leadership Premier Program. For many years, she has been adjunct faculty at the Johns Hopkins University Whiting School of Engineering. She is the immediate past president of the Central Maryland Chapter of the Association of Contingency Planners and has held a variety of supervisory positions in information technology and in business services. Her consulting work has included helping nonprofit organizations create and implement their business continuity plans.
- Mary Laskyhttps://www.domprep.com/author/mary-lasky
- Mary Laskyhttps://www.domprep.com/author/mary-lasky
- Mary Laskyhttps://www.domprep.com/author/mary-lasky
- Mary Laskyhttps://www.domprep.com/author/mary-lasky