Security Intelligence

Counter-Drone Security for Executives and Facilities | CloseProtectionHire

Q: "What drone threats does corporate security need to plan for?"

"The drone threat to corporate and executive security has three distinct categories with different mitigations. First, surveillance: commercially available drones with camera systems can conduct persistent aerial surveillance of corporate premises, executive residences, meeting locations, and estate perimeters at costs that are accessible to any motivated actor. A DJI Mavic 3 provides 4K camera capability and 45-minute flight time for under £2,000. The NPSA (National Protective Security Authority) Drone Threat Guidance 2024 identifies covert aerial surveillance as the most common current-use-case threat for corporate and government facilities. Second, payload delivery: drones have been used to deliver contraband (documented in UK prison system since 2015, with NOMS reporting 90+ drone-facilitated supply incidents annually by 2023), explosives (used in Ukraine conflict and in documented cartel operations in Mexico since 2017), and incendiary devices. Third, denial and disruption: a single drone over an airport creates a security response that grounds traffic -- the Gatwick Airport incursion of December 2018 disrupted 1,000 flights and 140,000 passengers over 33 hours, costing an estimated £50 million in disruption costs according to the Civil Aviation Authority's 2019 inquiry. For corporate security, the relevant threat category depends on the nature of the organisation: a financial institution or government contractor is more likely to face surveillance; a CNI operator or high-value target in a P1 city faces the full spectrum."

Q: "What legal authority exists in the UK for counter-drone systems?"

"The UK legal framework for counter-drone measures is defined by the Air Navigation Order 2016 (as amended by the Air Traffic Management and Unmanned Aircraft Act 2021) and the Drones (Wireless Telegraphy) Act 2018. The ANO 2016 prohibits flying drones within 1km of airport boundaries without permission (extended to 5km for specific aerodromes by restriction notices). The 2021 Act created new police powers to land, seize, and ground drones presenting a hazard or used in connection with an offence. The critical legal constraint for private sector organisations is that most counter-drone technical measures -- jamming, spoofing, physical interdiction -- are either prohibited under the Wireless Telegraphy Act 2006 (jamming of radio frequencies is a criminal offence) or restricted under weapons legislation (shooting down a drone uses a projectile weapon). In practice, lawful counter-drone measures available to private sector security are limited to: detection and monitoring (legal), physical barriers to prevent drone access to a specific airspace column (legal), and alerting relevant authorities (police, Civil Aviation Authority) who have lawful interdiction powers. For critical national infrastructure operators, the Home Office can grant specific authority for active countermeasures under the Counter-Terrorism and Sentencing Act 2021. The NPSA Drone Threat Guidance 2024 specifies the authorisation pathway for CNI operators."

Q: "What did the Gatwick December 2018 drone incursion demonstrate for corporate security planners?"

"The Gatwick Airport drone incursion of 19-21 December 2018 -- immediately before the Christmas travel peak -- grounded 1,000 flights and disrupted 140,000 passengers. The Civil Aviation Authority's 2019 inquiry documented that Sussex Police and Gatwick's own security team were unable to reliably locate and neutralise the drone source despite the deployment of military assets. The incursion demonstrated: a single low-cost drone operated by an unknown individual can shut down Category D UK CNI infrastructure for 33 hours; the detection and interdiction capability available to law enforcement at the time was inadequate to the threat; and the cascading consequences of an airport shutdown -- stranded passengers, diverted aircraft, accommodation costs, reputational damage -- were disproportionate to the cost and capability of the threat. For corporate security planners, the Gatwick incident is the UK's primary reference case for the asymmetric threat model: a threat actor with minimal resources, no specialist capability, and no attack intent beyond disruption can impose multi-million-pound consequences on a facility with no countermeasures. Detection systems -- RF monitoring (Dedrone, Droneshield) that identifies drone control frequencies, acoustic sensors, and radar -- are the lawful private sector response to this threat category."

Q: "What was the significance of the Houthi drone attack on Saudi Aramco facilities in September 2019?"

"On 14 September 2019, coordinated drone and cruise missile strikes hit Saudi Aramco's Abqaiq processing facility and Khurais oil field. The US Energy Information Administration (EIA) 2019 assessment documented the attack disrupted 5.7 million barrels per day of Saudi oil production, representing approximately 5% of global supply. Houthi forces claimed responsibility; US and Saudi officials attributed the attack to Iran. The significance for corporate security planning extends beyond the geopolitical context. First, the attack demonstrated that low-cost commercial and military-grade drone technology can cause catastrophic operational damage to major industrial infrastructure defended by state-level security. Second, the attack used a coordinated swarm approach -- multiple drones and cruise missiles targeting specific processing units -- that exceeded the detection and response capability of the facility's existing air defence systems. Third, the Abqaiq facility was a designated critical national infrastructure site with state-level protection; the attack succeeded despite this. For corporate security teams protecting industrial sites, energy infrastructure, or high-value facilities in P1 city environments, the Abqaiq attack established that drone-enabled attack on fixed facilities is not a future threat -- it is a documented, technically accessible current-generation risk."

Q: "What counter-drone detection systems are available for corporate facilities?"

"The commercially available counter-drone detection market has matured since the Gatwick incident of 2018. The principal technology categories are: RF detection systems (DroneShield, Dedrone, AUDS) that identify the radio frequency signature of drone control links and can identify the drone model and, in some cases, locate the operator; acoustic detection (microphone arrays that identify the specific acoustic signature of drone rotors against background noise -- effective at shorter ranges in low-noise environments); radar (3D radar systems designed for low, slow, small object detection -- more expensive but higher reliability at greater ranges); and camera-based detection with AI classification (optical and thermal cameras with machine learning to differentiate drones from birds, aircraft, and other objects). Integrated systems combining RF detection with camera-based confirmation and radar tracking provide the highest confidence in detection. For corporate facilities in urban environments, RF detection is typically the most cost-effective starting point. For perimeter security of larger estates or critical infrastructure, radar-based systems provide coverage at ranges that other methods cannot match. The NPSA Drone Threat Guidance 2024 provides specific technology evaluation criteria for qualifying facilities. All detection-only systems -- which is the lawful category for private sector deployment -- alert the security team and authorities to the drone's presence and, where possible, the operator's location, enabling law enforcement response."

Security guide to counter-drone (C-UAS) threats for executives, corporate facilities, and events. Covers Gatwick 2018, Saudi Aramco 2019, UK ANO 2021, NDAA s.1703, detection systems, and NPSA guidance 2024.

12 May 2026

Written by James Whitfield, Senior Security Consultant

Speak to the Team

Drones are no longer an emerging threat for corporate security. They are a current-generation risk with documented case history across surveillance, payload delivery, and disruption. The Gatwick Airport incursion of December 2018, the Houthi attack on Saudi Aramco in September 2019, and the documented use of commercial drones by Mexican cartels for targeting surveillance are not hypothetical scenarios. They are the reference framework for counter-drone planning.

For most corporate security teams, counter-drone capability sits in the gap between what physical security planning has traditionally covered and what IT or technical security manages. The drone threat is neither purely physical nor purely technical. Addressing it requires a deliberate capability decision.

The Threat Spectrum

Surveillance. The most common current-use drone threat for corporate facilities and executive residences. A DJI Mavic 3 provides 4K video, thermal imaging capability with upgraded models, and 45 minutes of flight time for under £2,000. NPSA Drone Threat Guidance 2024 identifies covert aerial surveillance as the primary drone risk for most commercial and government buildings. The target information that aerial surveillance provides – personnel movements, physical security layouts, meeting locations, vehicle patterns – has direct value for both competitive intelligence operations and physical attack planning.

Payload delivery. Commercial drones have been used for contraband delivery into UK prisons since at least 2015 (NOMS Annual Report 2022-23 documents drone-facilitated supply incidents as a significant ongoing problem). In conflict environments and in P1 cities with documented cartel activity, drones have been used to deliver explosive and incendiary payloads. The capability threshold for this use case has been lowering as drone payload capacity and flight endurance have increased.

Denial and disruption. The Gatwick case is the reference point. A single drone, operated without any attack intent beyond presence, grounded 1,000 flights and disrupted 140,000 passengers for 33 hours at an estimated cost of £50 million. For any facility where a single drone’s presence triggers a mandatory security response – an airport, a nuclear site, a government building – the disruption capability of an inexpensive commercial drone is disproportionate to the attacker’s cost.

The Legal Framework

The Air Navigation Order 2016 (amended by the Air Traffic Management and Unmanned Aircraft Act 2021) governs drone operation in UK airspace. The 2021 Act created new police powers to land, seize, and ground drones used in connection with an offence or presenting a hazard to aviation safety.

The critical constraint for private sector counter-drone response is the Wireless Telegraphy Act 2006, which makes intentional interference with radio communications – including jamming a drone’s control link – a criminal offence. This means that most active counter-drone measures available to military and law enforcement are not lawful for private sector deployment.

Lawful private sector counter-drone measures:

Detection and monitoring (all detection-only technologies)
Physical barriers to specific airspace columns (netting, physical obstruction of approach routes)
Notification of law enforcement and CAA
Drone-exclusion zone signage and registration with NATS/CAA

CNI operators and specific qualifying facilities can seek authority for active countermeasures – jamming, kinetic systems, directed energy – under the Counter-Terrorism and Sentencing Act 2021 through a Home Office authorisation pathway. The NPSA Drone Threat Guidance 2024 specifies this pathway.

Detection Systems

The commercially available detection ecosystem has matured since Gatwick. The principal options:

RF detection (DroneShield, Dedrone, Dronewatcher). These systems monitor radio frequency spectra for the control link signatures of commercial drones and identify the drone’s model, approximate location, and where technically feasible, the operator’s location. They are passive, lawful, and the most cost-effective entry point for corporate facilities. DroneShield’s DroneSentry platform and Dedrone’s DedroneTracker are both in use at UK airports, military facilities, and government buildings.

Acoustic detection. Arrays of microphones tuned to the acoustic signature of drone rotors differentiate drones from birds, aircraft, and ambient noise. Effective at shorter ranges (up to approximately 500m) in environments with controlled background noise. Less reliable in urban acoustic environments.

Radar. 3D radar systems designed for low, slow, small (LSS) object detection provide longer-range coverage (1-3km) with higher reliability. More expensive than RF or acoustic systems. The AUDS (Anti-UAV Defence System), developed by a Blighter/Chess/Enterprise Control consortium with UK MOD funding, combines radar with directed RF jamming (requiring law enforcement authority for the jamming element).

Integrated systems. Camera-based detection with AI classification combined with RF monitoring and radar provides the highest confidence in a detection-and-track capability. For facilities where a drone incursion triggers mandatory response, the false positive rate of the detection system directly determines the cost of the security measure – a system that generates multiple false positives per day creates alert fatigue that degrades the response to genuine incursions.

Executive Residential and Mobile Threat

For close protection operations, the drone threat extends beyond fixed facility security to the principal’s residential environment and vehicle routes. Aerial surveillance of a residential estate establishes movement patterns, security team composition, and access route options. Aerial surveillance of a regular vehicle route can inform ground-based surveillance or attack planning.

Counter-surveillance protocols that have historically focused on horizontal scanning must incorporate upward environmental awareness. For executive residences in P1 city environments, the counter-drone threat assessment should be included in the same residential security review as CCTV coverage, perimeter security, and access control.

For the broader residential security framework that drone threat assessment feeds into, see the related article on residential security for executives. For the corporate office environment where drone surveillance of building access and visitor patterns has been documented, see the article on security for corporate offices and workplaces.

James Whitfield is a Senior Security Consultant with 20 years of experience in executive protection, threat assessment, and corporate security across the UK and internationally.

Summary

Key takeaways

Gatwick 2018: a single low-cost drone shut down UK CNI for 33 hours and disrupted 140,000 passengers

The Gatwick December 2018 drone incursion is the UK's primary reference case for asymmetric drone threat. A single drone, operated by an unknown actor, was not neutralised by law enforcement for 33 hours despite military deployment. The Civil Aviation Authority's 2019 inquiry documented that existing detection and interdiction capability was inadequate. The Gatwick case established that the absence of countermeasures at a major facility is not a security posture -- it is an unmanaged vulnerability.

UK law prohibits most active countermeasures -- private sector counter-drone is detection, not interdiction

Jamming, spoofing, and physical interdiction of drones in UK airspace by private sector actors is unlawful under the Wireless Telegraphy Act 2006 and related legislation. Lawful private sector counter-drone measures are limited to detection (RF monitoring, acoustic sensors, radar, camera systems), physical barriers to airspace access, and notification of law enforcement. CNI operators can seek Home Office authority for active countermeasures under the Counter-Terrorism and Sentencing Act 2021. Corporate security plans that include active countermeasures without lawful authority are not security plans -- they are liability documents.

Abqaiq 2019: drone attack on a state-defended oil facility disrupted 5% of global supply -- the capability is documented

The September 2019 attack on Saudi Aramco's Abqaiq facility, assessed by the EIA as disrupting 5.7 million barrels per day, demonstrated that coordinated drone attack on major industrial infrastructure can achieve catastrophic operational impact. The attack succeeded against state-level air defence. For corporate security teams protecting industrial or energy infrastructure in P1 city environments, Abqaiq establishes the reference case for worst-case drone threat -- a coordinated attack designed to cause maximum operational disruption rather than surveillance.

RF detection systems are the lawful first-response capability for corporate facilities

Commercial RF detection systems (DroneShield, Dedrone) monitor for the radio frequency signatures of drone control links and can identify drone models and operator locations within detection range. They do not interfere with the drone's operation and are lawful for private sector deployment. For facilities that have not assessed their drone threat exposure, RF detection monitoring provides both awareness and the evidence trail required to notify authorities and to document the nature and frequency of drone incursions over time.

Cartel and state drone use in P1 city environments creates a materially different threat than in domestic markets

In Mexico, cartel use of commercial drones for surveillance of security forces, rival cartel positions, and target residences has been documented since at least 2017. In Russia, state-aligned actors use commercial drones alongside military systems for persistent surveillance of priority targets. For executive close protection operations in P1 cities, counter-surveillance protocols must now include upward observation -- not just horizontal environmental scanning -- and the operational planning should address what the response is to confirmed drone surveillance of the principal or the principal's accommodation.

FAQ

Frequently Asked Questions

The drone threat to corporate and executive security has three distinct categories with different mitigations. First, surveillance: commercially available drones with camera systems can conduct persistent aerial surveillance of corporate premises, executive residences, meeting locations, and estate perimeters at costs that are accessible to any motivated actor. A DJI Mavic 3 provides 4K camera capability and 45-minute flight time for under £2,000. The NPSA (National Protective Security Authority) Drone Threat Guidance 2024 identifies covert aerial surveillance as the most common current-use-case threat for corporate and government facilities. Second, payload delivery: drones have been used to deliver contraband (documented in UK prison system since 2015, with NOMS reporting 90+ drone-facilitated supply incidents annually by 2023), explosives (used in Ukraine conflict and in documented cartel operations in Mexico since 2017), and incendiary devices. Third, denial and disruption: a single drone over an airport creates a security response that grounds traffic – the Gatwick Airport incursion of December 2018 disrupted 1,000 flights and 140,000 passengers over 33 hours, costing an estimated £50 million in disruption costs according to the Civil Aviation Authority’s 2019 inquiry. For corporate security, the relevant threat category depends on the nature of the organisation: a financial institution or government contractor is more likely to face surveillance; a CNI operator or high-value target in a P1 city faces the full spectrum.

The UK legal framework for counter-drone measures is defined by the Air Navigation Order 2016 (as amended by the Air Traffic Management and Unmanned Aircraft Act 2021) and the Drones (Wireless Telegraphy) Act 2018. The ANO 2016 prohibits flying drones within 1km of airport boundaries without permission (extended to 5km for specific aerodromes by restriction notices). The 2021 Act created new police powers to land, seize, and ground drones presenting a hazard or used in connection with an offence. The critical legal constraint for private sector organisations is that most counter-drone technical measures – jamming, spoofing, physical interdiction – are either prohibited under the Wireless Telegraphy Act 2006 (jamming of radio frequencies is a criminal offence) or restricted under weapons legislation (shooting down a drone uses a projectile weapon). In practice, lawful counter-drone measures available to private sector security are limited to: detection and monitoring (legal), physical barriers to prevent drone access to a specific airspace column (legal), and alerting relevant authorities (police, Civil Aviation Authority) who have lawful interdiction powers. For critical national infrastructure operators, the Home Office can grant specific authority for active countermeasures under the Counter-Terrorism and Sentencing Act 2021. The NPSA Drone Threat Guidance 2024 specifies the authorisation pathway for CNI operators.

The Gatwick Airport drone incursion of 19-21 December 2018 – immediately before the Christmas travel peak – grounded 1,000 flights and disrupted 140,000 passengers. The Civil Aviation Authority’s 2019 inquiry documented that Sussex Police and Gatwick’s own security team were unable to reliably locate and neutralise the drone source despite the deployment of military assets. The incursion demonstrated: a single low-cost drone operated by an unknown individual can shut down Category D UK CNI infrastructure for 33 hours; the detection and interdiction capability available to law enforcement at the time was inadequate to the threat; and the cascading consequences of an airport shutdown – stranded passengers, diverted aircraft, accommodation costs, reputational damage – were disproportionate to the cost and capability of the threat. For corporate security planners, the Gatwick incident is the UK’s primary reference case for the asymmetric threat model: a threat actor with minimal resources, no specialist capability, and no attack intent beyond disruption can impose multi-million-pound consequences on a facility with no countermeasures. Detection systems – RF monitoring (Dedrone, Droneshield) that identifies drone control frequencies, acoustic sensors, and radar – are the lawful private sector response to this threat category.

On 14 September 2019, coordinated drone and cruise missile strikes hit Saudi Aramco’s Abqaiq processing facility and Khurais oil field. The US Energy Information Administration (EIA) 2019 assessment documented the attack disrupted 5.7 million barrels per day of Saudi oil production, representing approximately 5% of global supply. Houthi forces claimed responsibility; US and Saudi officials attributed the attack to Iran. The significance for corporate security planning extends beyond the geopolitical context. First, the attack demonstrated that low-cost commercial and military-grade drone technology can cause catastrophic operational damage to major industrial infrastructure defended by state-level security. Second, the attack used a coordinated swarm approach – multiple drones and cruise missiles targeting specific processing units – that exceeded the detection and response capability of the facility’s existing air defence systems. Third, the Abqaiq facility was a designated critical national infrastructure site with state-level protection; the attack succeeded despite this. For corporate security teams protecting industrial sites, energy infrastructure, or high-value facilities in P1 city environments, the Abqaiq attack established that drone-enabled attack on fixed facilities is not a future threat – it is a documented, technically accessible current-generation risk.

The commercially available counter-drone detection market has matured since the Gatwick incident of 2018. The principal technology categories are: RF detection systems (DroneShield, Dedrone, AUDS) that identify the radio frequency signature of drone control links and can identify the drone model and, in some cases, locate the operator; acoustic detection (microphone arrays that identify the specific acoustic signature of drone rotors against background noise – effective at shorter ranges in low-noise environments); radar (3D radar systems designed for low, slow, small object detection – more expensive but higher reliability at greater ranges); and camera-based detection with AI classification (optical and thermal cameras with machine learning to differentiate drones from birds, aircraft, and other objects). Integrated systems combining RF detection with camera-based confirmation and radar tracking provide the highest confidence in detection. For corporate facilities in urban environments, RF detection is typically the most cost-effective starting point. For perimeter security of larger estates or critical infrastructure, radar-based systems provide coverage at ranges that other methods cannot match. The NPSA Drone Threat Guidance 2024 provides specific technology evaluation criteria for qualifying facilities. All detection-only systems – which is the lawful category for private sector deployment – alert the security team and authorities to the drone’s presence and, where possible, the operator’s location, enabling law enforcement response.

Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.