Drone Threat Intel Report: DroneSec Notify #41

This summary has been extracted from our weekly public threat intelligence report. For more information on the platform or weekly email PDFs, please visit: or email us at [email protected] or join the slack group at

A big thank you to all of our readers and Notify users who attended the Global Drone Security Network (GDSN) on Friday/Saturday. We streamed live via a range of platforms to over 400 concurrent viewers, 7 countries and 6 time zones. We are very grateful to the eight other speakers who took the time to present, and the viewers who took time out of their day to listen, ask questions and provide feedback. We had almost 60 questions come through our social channels over the course of the event! Individual videos will be available shortly – for now, you can use the ‘chapters’ option to find each presentation in the above link and the Google drive to locate presentation slides, for those that shared them.

Some very interesting artefacts this week, with a number of featured reports. I wanted to break some of these down as there are some interesting titbits. In regards to the featured prison incident, you’ll notice that the officers course of action was to ignore the drone and instead focus on the payload it was delivering. An interesting tactic considering the mitigation may not be a legal option. In this case, they focused on mitigating the delivery/contraband and leaving the drone to authorities. Prison officers focus can shift in a drone incident and its important to highlight your default course of action in your SOP. Is your key objective focusing on the drone and operator, whilst possibly missing the dropped contraband? Or ignoring the drone, and focusing on the payload delivery landing location? All should be considered and practiced in a mock simulation where possible.

Over to the Buttersworth hospital incident - an interesting use case for counter-drone operations: with the pilot manually collecting someone else’s drone out of the air(or otherwise aircraft), could there possibly be any legal recourse for the drone operator? Albeit the drone operator was clearly in the wrong, it sets an interesting precedent for how and who is allowed to mitigate the drone’s presence, in this scenario. We’ll be analysing this one closely, but our bets are that the drone operator (nor the FAA) won’t be calling for the prosecution of the pilots any time soon.

Multiple drone sightings occurred near several police stations in Gadchiroli, India. It is interesting to note that only after multiple independent reports, did they consolidate the sightings across towns into one specific threat actor. It is important to use a centralised documentation process or shared intelligence feed in order to ascertain if nearby events are connected or interlinked. By combining this with evidence, forensic collateral or user sightings, a specific threat actor profile can be created, tracked and used for simulating future incident response.

In Norway, we see some insights into how police over there have dealt with rogue drones. Almost a humanoid perspective of AI-based decision making, the officers gauged the drone was a threat based on distance, direction and circumstances. It is important to note that with Unmanned Traffic Management (UTM) systems, they’re likely making these decisions in real time. Is that an allowed or disallowed drone? What weight is it, carrying a payload or capable of a payload dangerous enough to warrant a risk in xyz geo-area? These decisions, based on a form of threat matrix, will continue to evolve as UTM and CUAS combine, and is certainly an area to watch closely. 

Leave a reply