The Center for Cybersecurity Policy and Law (CCPL) has released a new report today (December 17) that examines the rise of malicious drone activity and potential gaps in the United States’ current counter-uncrewed aerial system (C-UAS) authorities, resources and preparedness.
Based on a three-hour, multi-agency security exercise hosted by Grand Sky in Grand Forks, North Dakota, in October 2025, CCPL’s Meeting the Homeland C-UAS Threat documents how a coordinated drone attack could overwhelm local, state and federal responders. The October exercise used a hypothetical scenario where a swarm of small commercial drones laden with explosives descended on people departing a university hockey game, leaving multiple dead and more wounded. Another swarm attacked the electric grid, causing a power outage across the entire town and surrounding area, while the nearby air base suffered considerable damage from a third wave of attack. Teams were tasked with responding to threat briefings that included inchoate warnings about a potential, impending attack; reacting to an attack that caused loss of life, injuries and damage to property; and engaging in recovery actions, while still facing the possibility of follow-on attacks.
CCPL says the exercise proved that effective detection is vital and that without it, there is no way to assess whether reported drone sightings are actual drones and whether they are being flown maliciously. The report notes that effective detection is “hindered by several limitations, including a lack of baseline mapping of what is “ordinarily” in the airspace, resource constraints, confusion about the kinds of detection measures permitted under current law, and legal restrictions on engaging in certain advanced detection measures that interact with the communication signal between a drone operator and the drone”.
To address this shortcoming, the report says the Federal Aviation Administration (FAA) should be “authorised and resourced to create this mapping in coordination with private sector partners and required to make this information available to state and local partners”.
The report also highlights a lack of effective C-UAS authorities, a timely issue, as Congress debates expanded C-UAS authorities as part of the FY2026 National Defense Authorization Act as well as other legislation. CCPL says that provisions included in the act would, if enacted into law, “go a long way to addressing these issues, including by expanding federal authorities to engage in mitigation measures, granting mitigation authorities to trained state and local authorities, and setting a 2031 sunset, which puts all of these authorities on a longer term footing.”
In terms of infrastructure funding, federal USD 500 million grant programme supports state and local officials’ efforts to purchase detection equipment and put in place a stronger C-UAS programme, while a separate USD 625 million FIFA World Cup Grant Program can also be used to purchase UAS detection and tracking equipment for the 11 states where the sporting event will be held. CCPL says more resources and a broader geographic reach are needed to support additional state and local officials across the nation.
CCPL recommends that C-UAS measures are integrated into core security planning. “Management of the threat posed by the malicious or negligent use of drones needs to be integrated and normalized as part of core security planning,” the report states. “Conversely, management of the drone threat should incorporate key elements of crisis management and prevention, regardless of the source of the threat.”
The report says that Temporary Flight Restrictions are “useful tools” and notes that the FAA has indicated an intent to issue a new rule (known as the “2209 Rule”) that would “enable critical infrastructure owners and operators and entities that bring together large numbers of people to more easily request and obtain such restrictions”. CCPL says this would better support detection and appropriate response efforts and that the FAA should expedite issuance of this new rule.
With US drone use predicted to reach three million by 2027, amid growing geopolitical as well as domestic tensions, CCPL’s mock exercise and subsequent report serve as both a warning of what might happen and also what might be done to prevent or mitigate such an attack.
For more information
Center for Cybersecurity Policy and Law
CCPL is a non-profit organisation that develops, advances and promotes best practices and educational opportunities among homeland security and cybersecurity professionals. Meeting the Homeland C-UAS Threat was written by Jennifer Daskal, Davis Hake and Tim McGiff.
Image: CCPL graphic
The Unmanned Airspace Global Counter-UAS Systems Directory is the world’s only comprehensive, continually updated directory of global C-UAS companies and systems. It itemises over 1,000 C-UAS products and services with performance details, company sales and partnerships arrangements. It is updated every month and broken down into niche sub-sectors (net-capture, missiles, intercept drones, detectors etc) to give C-UAS procurement and industry personnel a unique perspective of global C-UAS technical capabilities and market positions. It is available in word, PDF and excel formats and Unmanned Airspace readers are eligible for a range of discounts. For more information about the Directory please contact the editor Philip Butterworth-Hayes at philip@unmannedairspace.info.
