A cascading catastrophe: The drone threat to critical infrastructure

A cascading catastrophe: The drone threat to critical infrastructure

Zachary Kallenborn

The FBI recently revealed an attempted drone attack on the American electric grid, via an electrical substation in Pennsylvania. Someone or some group modified a drone to dangle a length of copper that, if it hit high-voltage equipment below, would have caused a short circuit. While the drone crashed into the ground without causing any harm, in theory a successful attack could have caused broader power outages and much bigger problems.

The 2020 attack failed, but a blueprint for trouble remains.

Risks to critical infrastructure are growing as terrorists increasingly adopt drones as an attack vehicle. Commercial drone producers are not only making larger drones available at lower cost, they are making increasingly sophisticated systems that incorporate capabilities like autonomy. But drones have numerous legal and popular uses— from taking glam real-estate photos to checking on pipelines—the United States and global governments face a balancing act in trying to reduce the risks drones could pose.

More drone terrorism. After failing as a political force in Japan, Aum Shinrikyo, the infamous doomsday cult that once boasted tens of thousands of members, believed it would prevail in a World War III-style battle by arming itself with chemical, biological, and nuclear weapons; it even sought earthquake-generating machines. Aum also appears to be the first terrorist organization to pursue drone warfare, acquiring, a Russian helicopter and two remote controlled drones in order to deliver biological weapons, according to a Stimson Center report.

The Japanese government largely brought down Aum after the 1995 sarin gas attacks on the Tokyo subway system. But other terrorist groups have since followed Aum’s lead in pursuing drones.

Trends in terrorist drone use had been steady and upward until ISIS, which at one point had captured vast swaths of Iraq and Syria for its caliphate, took things to a whole new level in the early 2010s. The group flew frequent drone operations, hundreds in one month in 2017 alone. ISIS showed it could “strike with a small munition with surprising accuracy with near complete surprise into areas that are believed to be safe,” a military analyst told Vice’s Motherboard at the time.

Growing terrorist use of drones is no surprise.

After the September 11th attacks, most counter-terrorism measures assumed a ground-based attack: suicide bombers, car bombs, and the like. Aerial drones allow terrorists to skip over the ground-based defenses, like fences and bollards, are easy to buy or even make, and can be launched from safe (for the terrorist) distances. Avoiding all that folderol on the ground is clearly an advantage for a terrorist.

The next terrorist attack in the United States won’t necessarily be a drone attack, of course.  Cheap drones with small payloads might not be worth it for an attacker. Larger drones that can reach a thousand or more pounds, while available on the commercial market, are expensive. Drones are also new, and terrorists might not want to risk a botched attack. They might just buy a gun and shoot up a mall, or drive a truck through a crowd. But as Middle East experience shows, the threat of terrorist drone use is real.

Critical infrastructure at risk. Terrorist organizations can be expected to increasingly target critical infrastructure. The energy grid, water ducts, transportation infrastructure, and other critical systems are necessary for society to function. Disrupting those systems allow terrorists to create large-scale effects with relatively minimal capability.

The risk of cascading consequences—that is, when damage to one area of critical infrastructure cascades to others—is particularly concerning. In 2019, during a five-day blackout in Venezuela, hospitals lost power, patients died of treatable conditions, food spoiled, residents went to rivers to drink, and transport stalled. The Venezuelan government has blamed sabotage and terrorists for blackouts, but others say the outages in that oil-rich country simply reflect its poor track record of investment in energy infrastructure.

Drones have already been used by non-state groups to halt critical infrastructure operations. In December 2018, unknown operators flew two drones around London’s Gatwick airport, causing the airport to shut down for days and grounding thousands of flights. Then in 2019 either Iran or Houthi rebels from Yemen used drones to attack Saudi oil facilities. (Whether the Houthi rebels or Iranian forces were responsible is unclear, though the Houthis have previously launched sophisticated drone attacks with Iranian support.)

The small payloads carried by many drones place an upper bound on how much damage any given drone can cause. So the question is: Can relatively small payloads of explosives cause significant damage, by, for instance, targeting areas of a facility that can cause larger chain-reactions? Facilities should assess for themselves the potential vulnerabilities of critical components within their facilities, and develop response plans.

Drones do not need to be used in direct attacks to be effective terror tools.

Drones provide terrorists with a platform to collect intelligence information to plan an attack. Standard hobbyist drones come with cameras attached. Terrorists could monitor security patrol patterns, inspect a facility parameter, and identify specific points of attack. For example, in the attack on two mosques in Christchurch, New Zealand, that killed 51 people, the attacker used a drone to scout the target.

Long-term trends: Drones are becoming increasingly autonomous. Commercial off-the-shelf drones are capable of basic waypoint autonomy. That means they can be programmed to fly to particular points points without a person moving the joystick. That would allow terrorists to create a crude “fire-and-forget” weapon; they could launch an attack, then run away before the first bomb explodes. Autonomy also poses a grand challenge for counter-drone systems, because most counter-drone systems rely on jamming the signal between operator and drone. If the drone needs no signal, then those defenses are obsolete.


Jellyfish attack nuclear power plants. Again and again.

Cheaper, more available, and more autonomous drones likely mean that terrorists will be more readily able to acquire drones and use more of them in a single attack. Technology also is increasingly enabling the use of true drone swarms—drones that communicate and collaborate on the basis of artificial intelligence. Such advances necessarily require greater capability on the part of the terrorist organization, to include the programming and algorithmic skills to design the system. But that’s far from impossible: MIT students designed the Perdix drone, one of the Department of Defense’s leading swarming drones.

Reducing the threat. Depending on specifications, drones can be cheap—some quite capable models cost no more than $100—and still theoretically useful in a crude attack on critical infrastructure. Of course, would-be terrorists could acquire much more capable and expensive drones, as well. Controlling the sale of popular and useful tools is difficult. What should the US government, or others, do to reign in the threat drone terror could pose to utilities or other critical infrastructure?

Within the United States, only federal authorities can operate counter-drone systems. The Department of Homeland Security’s 2019 Counter Unmanned Systems Technology Guide, a 33-page booklet about drones and ways to detect and disable them, contains four warnings, in case anyone mistakes the guide’s description of the counter-drone systems for permission to build or acquire them. Counter-drone systems create their own risk to surrounding systems. A drone-jammer does not just jam the signal to the drone, but any signal operating on the same frequency. That could include air traffic control radio, and other critical signals.

But a federal monopoly on these important defenses raises questions about how effective they can be in an emergency.

If a critical infrastructure owner or operator has to call the FBI when they fear a drone attack, any response will mean little, unless counter-drone operators are already on site. A racing drone flying over 100 miles per hour will outrun a federal SUV every time, especially when the drone has a significant head-start.

The Department of Homeland Security has legal authority to protect “covered” facilities and assets, though exactly what types of facilities are protected is unclear from open sources. (And realistically, that information should not be publicly available, because it would provide a clear guide for adversaries on what facilities are unprotected.) Unless the department protects every covered facility, there will be vulnerabilities, because correctly anticipating every terrorist target is impossible/

Growing technology may create opportunities to avoid making tough value trade-offs. The same technology that allows drones to operate remotely or autonomously may be applied to counter-drone systems. A network of remotely-operated or autonomous counter-drone systems stationed at critical infrastructure sites would allow federal authorities to maintain control, while also allowing far more rapid response to drone events. Authorities could manage numerous counter-drone systems dispersed over a whole region from a central location.

Critical infrastructure faces growing risks from drone terrorism. As the stories of Aum, ISIS, and other terror groups show, non-state actors have been using and experimenting with drones since the mid-1990s. At least back then, to obtain them they had to do more than a quick search on Amazon.

Courtesy: (thebulletin)

The post A cascading catastrophe: The drone threat to critical infrastructure appeared first on The Frontier Post.