Drone reconnaissance of industrial facilities provides attackers with detailed aerial imagery of site layout, security infrastructure, and equipment placement. A single flight can yield information that would take weeks of physical reconnaissance to gather. Detection of reconnaissance drones is challenging because legitimate civilian and commercial drone activity is increasing, making hostile drones difficult to distinguish from benign flights.
We have worked with industrial clients who discovered drone flights over their facilities only after data about site layout, security camera placement, and power infrastructure began circulating in underground forums. In each case, the reconnaissance preceded attempted intrusion attempts and physical attacks on facility infrastructure.
Reconnaissance Capabilities and Threat Model
Modern commercial drones can capture high-resolution video and imagery, map geolocation, and document thermal signatures that reveal active equipment and power distribution. An attacker conducting drone reconnaissance can identify blind spots in physical security, locate power substations and transformer locations, and document access points and security infrastructure positioning.
Detection is complicated by the legitimate use of drones for site surveys, infrastructure inspections, and construction monitoring. A malicious flight may be visually indistinguishable from a contractor conducting an authorized aerial survey.
Detection and Response Strategies
- Physical surveillance: Monitor facility airspace during normal business hours. Establish protocols for documenting and reporting unusual drone activity.
- RF detection: Deploy RF sensors capable of detecting drone control signals and GPS frequencies. Many commercial drones operate on identifiable frequency bands.
- Authorized flight registry: Maintain a schedule of all authorized drone activity and vendor contractors. Flag flights that do not correspond to scheduled activity.
- Perimeter barriers: Consider netting or other physical barriers around sensitive equipment areas to complicate aerial imagery collection.
Coordination and Response
Drone reconnaissance is often the precursor to physical or cyber attacks. If you suspect hostile reconnaissance, coordinate with local law enforcement and document the incident for threat intelligence purposes. If you'd like to discuss facility perimeter security, RF detection implementation, or drone threat assessment for your facility, reach out.
This article was written by the Cascadia OT Security practice, which advises Pacific Northwest data centers and manufacturers on industrial cybersecurity. For engagement inquiries, reach our practice team.