Counter-UAS and Drone Threat Operations for Corporate Sites | CloseProtectionHire

Counter-UAS security is the fastest-growing specialist discipline in the physical security market. The combination of Gatwick December 2018 – which established the disruption economics of a drone threat at scale – and the Ukraine conflict from 2022, which documented commercial UAS being adapted for kinetic attack roles against infrastructure, has shifted counter-UAS from an aviation security niche to a mainstream corporate and infrastructure security requirement.

The challenge for private sector operators is managing this transition within a legal and regulatory framework that has not kept pace with the threat. In the UK, the most effective defeat measures – RF jamming, GNSS spoofing – remain restricted to police and certain government agencies. Private operators must build counter-UAS programmes within those constraints rather than assuming that commercially marketed C-UAS systems are uniformly lawful to deploy.

The Legal Framework: UK

Counter-UAS law in the UK operates across three regulatory layers:

Wireless Telegraphy Act 2006 (originally 1949). Any device that transmits radio signals without Ofcom authorisation is prohibited under section 8 of the 2006 Act. This covers RF jamming devices used to disrupt drone command links, GPS spoofing transmitters, and some counter-UAS systems marketed under the label “soft kill.” Operating such a device without authority carries a maximum two-year custodial sentence. Ofcom does not routinely issue licences to private sector entities for jamming devices.

Counter-Terrorism and Border Security Act 2019 (ss.21-23). The Act created ATCO (Aviation Traffic Control Officer) – now more commonly referred to as UAS-enabling legislation – powers for designated police forces, the Civil Aviation Authority, and certain government agencies to direct, disrupt, and destroy unmanned aircraft. These powers do not extend to private security operators. However, private operators who detect a threat and escalate to police may trigger the use of these powers by the relevant authority.

Civil Aviation Authority: Air Navigation Order 2016 (as amended) and CAP 722. CAP 722 (Unmanned Aircraft System Operations in UK Airspace) governs UAS operation. Operators who fly drones in controlled airspace, within 150m of a congested area, or over people without specific authorisation are in breach of the ANO. Reporting an unauthorised UAS in protected airspace to the CAA and police is the primary civilian mechanism for triggering a regulatory and police response.

Temporary Restricted Areas (TRAs). The CAA can issue TRAs over specific locations for defined periods to restrict all UAS operations. For major events and critical infrastructure sites with identified UAS threat, a TRA creates the legal basis for treating any UAS in the protected airspace as an unlawful incursion subject to police action.

Detect-Identify-Defeat: The DID Framework

The DID framework provides the standard analytical structure for counter-UAS programme design:

Detection is the identification that a UAS is present in or approaching the protected area. Detection sensor categories include:

• Passive RF detection: Identifies the radio frequency signals used to control a UAS and communicate telemetry. Effective against remote-controlled UAS but not against autonomous platforms using pre-programmed GPS waypoints. Commercial systems include DJI AeroScope, Dedrone DroneSentry, and DroneShield DroneWatcher RF.
• Acoustic detection: Identifies UAS motor signatures. Effective at close range (typically 200-500m for small commercial UAS) but highly susceptible to background noise in industrial or event environments.
• Radar: Micro-UAS radar detection uses systems tuned to the smaller radar cross-section of commercial drones, distinct from traditional air surveillance radar. Systems include Robin Radar ELVIRA and Thales GroundGuard. Urban clutter and multipath effects are the primary performance limitations.
• Optical/EO/IR: Camera-based AI classification of UAS in the field of view. Effective as a secondary sensor to cue on detections from RF or radar; limited standalone range.

Identification confirms whether a detected UAS is an authorised operator (known delivery service, licensed survey company, facility operator) or an unauthorised incursion, and assesses its payload capability and likely intent based on behaviour.

Defeat – in the restricted private sector context in the UK – means escalating to police to enable ATCO powers, and taking passive protective measures: sheltering the principal or critical asset, triggering emergency protocols, and ensuring the UAS is documented (video recording of incursion event) for subsequent police investigation.

The Gatwick Incident: Economic and Security Lessons

Between 19 and 21 December 2018, sightings of unmanned aircraft near the runway at Gatwick Airport triggered the suspension of all flight operations for approximately 33 hours. Over 1,000 flights were cancelled or diverted. Approximately 140,000 passengers were affected. Gatwick Airport Limited estimated the total economic impact at GBP 50 million.

Sussex Police deployed military counter-UAS assets under Ministry of Defence authorisation after civilian systems proved unable to neutralise the threat. No individual was successfully prosecuted. The perpetrator or perpetrators were never definitively identified.

The security lesson is structural: the asymmetric cost ratio between attacker expenditure (estimated two to three consumer drones at well under GBP 2,000 combined) and disruption cost (GBP 50 million) represents a fundamental vulnerability at any high-consequence site where UAS access cannot be detected and denied. A site without detection capability cannot price this risk or mitigate it – it simply absorbs it.

The Ukraine Conflict and Corporate Threat Recalibration

The Ukraine conflict from February 2022 generated an unprecedented public record of commercial and modified consumer UAS being used for kinetic attack roles against fixed infrastructure. Key documented applications include:

• Modified DJI consumer platforms with dropped munitions used against vehicle and personnel targets
• Shahed-136 (loitering munition, Iranian manufacture, Russian deployment) used against Ukrainian power generation infrastructure, fuel distribution, and logistics nodes
• FPV (First-Person View) racing drones modified with shaped charge warheads for precision attack on hardened targets

The tactical library – payload attachment methods, RF link configurations, evasion of radar detection – became publicly available through open-source conflict documentation at a speed that no classified threat assessment process could match.

NPSA updated its CNI drone threat guidance specifically in 2023 to reflect these developments. Infrastructure operators whose counter-UAS assessments pre-date 2023 are operating against an outdated threat model.

Fixed Site Protection

For a fixed industrial or commercial site, a counter-UAS programme should integrate the following components:

• A current UAS threat assessment against the specific site, based on the most recent NPSA guidance
• A detection layer appropriate to the site environment (urban clutter, industrial noise, facility footprint)
• Integration of detection alerts with the site security operations centre
• A documented escalation procedure to police for any unidentified UAS detection
• Staff training on UAS incident identification and reporting
• A TRA application process for periods of elevated risk (major events, senior executive visits, known protest activity)

Event Counter-UAS

Major outdoor events – festivals, sports fixtures, high-profile corporate gatherings – require a deployable counter-UAS package for the duration of the event. Key elements:

• Police notification in advance to enable use of ATCO powers if needed
• CAA TRA application for the event period over the event footprint
• Deployed RF detection coverage of the event perimeter
• Optical/EO coverage of any restricted airspace above the event
• Documented escalation procedure for UAS detection events

For corporate and critical infrastructure sites where the drone threat intersects with COMAH, ISPS, and ICS/SCADA physical access control requirements – see our security for LNG and gas infrastructure guide and security for power grid and electrical infrastructure guide, both of which address UAS threat as a specific risk category for those sectors.

Sources

Counter-Terrorism and Border Security Act 2019 (c.3), ss.21-23. Wireless Telegraphy Act 2006 (c.36), s.8. UK CAA: CAP 722 – Unmanned Aircraft System Operations in UK Airspace, current edition. UK CAA: CAP 1611 – UAS and Critical National Infrastructure, 2021. Gatwick Airport: Economic Impact Statement, January 2019. Sussex Police: Gatwick Drone Incident Final Report, 2019. Ofcom: Spectrum Management and Radio Jamming Policy, 2023. NPSA (National Protective Security Authority): Unmanned Aircraft Systems – Threat Guidance for Critical Infrastructure Operators, 2023 (updated). DJI: AeroScope Counter-UAS Detection Platform, technical documentation 2024. Dedrone: DroneSentry Product Documentation, 2024. Robin Radar: ELVIRA Micro-UAS Detection, technical documentation 2023. CISA: Counter-Unmanned Aircraft Systems (C-UAS) – Legal Authorities for Law Enforcement and Federal Agencies, 2022. FAA Reauthorization Act 2024 – counter-UAS authority provisions for DHS/DOJ. ESET: Sandworm Ukraine Infrastructure Targeting documentation, 2022-2024.

James Whitfield is a Senior Security Consultant with 20 years of experience in critical infrastructure protection, corporate physical security, and high-threat event security across global markets.