Facing up to the corporate threat of Drones
Drones are now widely available, but in the wrong hands, they present a security risk that banks and major corporations need to take seriously.
What strategies can organisations put in place now to strengthen their defences?
How could a drone be used to attack your business operations?
You may already have considered this question and you can rest assured, criminals certainly have.
If your organisation is vulnerable to hacking, to industrial espionage and theft of information, or to reconnaissance ahead of a criminal attack, then drones (or Small Unmanned Arial Systems – sUAS) represent a powerful new tool for hostile actors to use. And they are using them.
It’s with good reason that the Centre for the Protection of National Infrastructure (CPNI) has issued counter-drone guidance and technology assessments (November 2019).
It’s not just a risk that planners at critical sites need to take seriously; institutions and businesses need to as well.
Last year, Dedrone carried out a drone proximity survey for one of the UK’s biggest financial institutions and what we found prompted them to change their security policies.
Over eight weeks our system detected an average of six drones being flown close to the head office building every day. And while some of these devices were clearly being operated by hobbyists or tourists exploring the Square Mile without malicious intent, others may not have been.
What emerged from the data was a pattern: we discovered that among all those drones, one was returning repeatedly and the times of the flights were synchronising with the times when the security team shifts changed.
Coincidence? Anyone familiar with risk planning will understand the potential significance of this pattern. The possibility that someone was planning a criminal or terrorist attack could not be discounted, knowing as we do that repeated site reconnaissance is an established risk indicator.
The bank involved took our warning very seriously. So, should you?
Consider that the market for drones has grown rapidly over the last ten years, and particularly over the last three. Applications are now widespread and range from industrial infrastructure maintenance to videography, from urban planning to inspecting telecoms towers.
Range and sophistication
With that market growth, drone capabilities have stepped-up rapidly too. Commercially available devices are increasing in range, agility and sophistication, and they are coming down in price. This means that ever more powerful tools are coming into the hands of ever more people, not all of them well-intentioned.
Once you are aware that somebody is repeatedly flying drones close to your buildings, you start to see things differently, and to ask why. There is a growing realisation that every organisation and every security planner needs to be asking the same question.
Commercial espionage is a pervasive threat. Drones now make it easy for anyone to point a 4K camera into any window in your building, to see and record whatever is left on desks or displayed on screens. It’s as if your access control systems have suddenly been weakened because intruders can now, virtually, walk in through the window.
Similarly, your cybersecurity measures can be targeted. It’s now all so easy to land a drone on the exterior of your premises – a roof, a ledge, a tucked-away service area – and to leave it there sending signals undetected.
Backdoor into networks
Hackers can use this as platform to attempt to open a backdoor into your networks, or to fool visitors to your premises with Wi-Fi spoofing.
Criminals who favour traditional methods of eavesdropping and bugging can now use drones as a powerful new delivery method, a way to target microphones close to sensitive meeting rooms.
Senior executives and those close to commercial negotiations need to be aware of this fast-growing risk. We’ve seen plausible reports of drones being used to follow executives onto golf courses and attempts to spy on high-value assets, as rogue traders try to second-guess companies’ likely share price movements. And one firm of solicitors specialising in mergers and acquisitions has reported a major spike in drone activity in periods running up to major deals being finalised.
The unwanted drone threat needs to be taken seriously, which is why the CPNI has issued guidance on countermeasures for the first time and included counter-drone (C-UAS) solutions in its Catalogue of Security Equipment. This guidance focuses particularly on measures to detect, track and identify drones.
You should now be thinking of counter-drone DTI systems as integral to your company’s existing threat detection infrastructure – i.e. a default technology that sits alongside all the other systems that your 24/7 security operation monitors: access systems, alarms and, most obviously, CCTV.
Alerted to approaches
Counter-drone technologies are easily integrated and are designed to be operated by the same teams, using the same interfaces.
In practice, at any location where you have security staff checking cameras, you should make sure that they are also now alerted to drone approaches. The capability exists.
For security planners the first requirement is iintelligence. Only with accurate data can you assess the scale of the problem, develop a risk mitigation strategy – or take immediate action if the threat is imminent – and persuade the board that the issue needs to be taken seriously, long term.
You shouldn’t wait until a major incident hits the headlines – as it surely will – to get a handle on this issue. Assess the threat, develop proportionate mitigation policies and be prepared to answer questions.
There’s a memorable moment at the start of George Orwell’s 1984 where a government helicopter is described darting around like a bluebottle “snooping into people’s windows”.
Back in 1949, this seemed like one of the book’s more far-fetched predictions. But these days, like so much that Orwell warned about, it seems suddenly less fantastical.
Who needs helicopters though, with drones getting smaller, lighter and quieter? And it may not be Big Brother who wants to snoop on you but plenty of others do, and they have the means.
Vice President of Sales for The Americas & UK