Drones In Nuclear Security
What the nuclear security sector needs to ask about drones before it goes shopping
Before we talk about keeping drones out of nuclear facilities, we should probably talk about why we’re putting them in.
The case for drone utility in nuclear security operations is not complicated. If a task is Dangerous, Dirty or Difficult, the drone is almost always a better option than the human alternative — and in a nuclear environment, the list of tasks that qualify on at least one of those three counts is longer than in almost any other operational setting. Radiation monitoring. Perimeter inspection in restricted zones. Post-incident assessment. Infrastructure survey in areas where human access is undesirable, slow, or genuinely hazardous.
The sector knows this. Adoption is accelerating. And then some sort of incident in the news raises the profile of drone related risk - a war, for instance - and suddenly drones are a problem again.
When anyone mentions counter-drone, the conversation splits in two — as if the drone we’re trying to protect the facility from and the drone we’re using to protect it with are somehow unrelated problems being discussed by unrelated people.
They’re not. And until the nuclear security community confronts that tension honestly, it risks building countermeasures that defeat its own operational capability while leaving the actual threat largely unaddressed.
That’s what I want to put on the table at The World Institute for Nuclear Security (WINS) this week, as I present the keynote at the Institute’s Drones In Nuclear Security event. Not a technology shopping list. A question the sector needs to answer before it goes shopping.
Why Drones Belong Inside The Fence
Nuclear facilities are not entirely unique in their general configuration. A cluster of critical buildings alongside a collection of not-quite so critical ones, somewhere in the middle of an often sprawling site, situated in an out-of-the-way location, probably specifically chosen for its remoteness and inaccessibility.
The size, shape and topographical makeup of such a place can sometimes be as much of a challenge for the security and maintenance teams as it might be for a would-be attacker.
Airports, other dirty power plants, some military and industrial facilities - these could all share similar issues and even be subject to similar drone related threats and opportunities.
The cost, complexity and sheer hassle of performing day to day tasks, including things like power line inspections, incident response and routine maintenance divert attention and (more importantly) budget away from everything else that costs money and might be higher up on the priority list.
Rope access, cradles, helicopters, cranes and platform lifts all have their place, and although we may soon see these being managed by robots of one sort or another, we aren't there yet.
So if it’s Difficult, Dangerous or Dirty, why not Do it with a Drone?
The 5Ds Challenge
But Drones Remain A Threat
The problem is that the exact same technology that makes the drone an obvious answer to those questions also makes it an obvious tool for anyone who wants to cause harm.
In July 2018, Greenpeace France flew a drone dressed as Superman into the no-fly zone around the Bugey nuclear plant near Lyon, navigated it between reactors, and crashed it against the wall of the spent fuel storage pool — an area containing, by some accounts, more radioactivity than the reactor building itself.
It is difficult to know where to start with this.
The operator, EDF, said police had intercepted the drones and that facility security was unaffected. Greenpeace said the crash was deliberate and entirely successful. A Superman costume was involved. A French parliamentary investigation into nuclear security happened to be concluding that same week.
Strip away the costume and what you have is this: a civilian activist group with no hostile intent, operating an inexpensive consumer drone, identified the most radiologically significant and structurally accessible building on a major nuclear facility, penetrated the no-fly zone, and reached their target. They chose not to cause damage. The next person to attempt something similar may not make the same choice.
The spent fuel pool buildings at French nuclear plants were designed in the 1970s. External airborne attack was not in the threat model. It is now. And a Superman drone got there first.
In July 2020, a DJI Mavic 2 — a consumer drone available from any electronics retailer — was recovered from the roof of a building adjacent to a power substation in Pennsylvania. It had been modified. The camera was gone. The memory card was gone. Every identifying mark had been removed. Hanging below it on nylon cords was a two-foot section of curved copper wire, positioned to trail across high voltage equipment and cause a short circuit.
The FBI, DHS, and the National Counterterrorism Center assessed it as the first known instance of a modified drone specifically targeting US energy infrastructure. The attack failed — the drone crashed before reaching the substation, its navigation compromised by the same electronics removal that was intended to defeat detection. The operator has never been identified.
Two things about this incident deserve more attention than they typically receive.
The first is the counter-detection logic. Removing the RF datalink — the component that most commercial C-UAS systems are designed to find — was a deliberate operational decision. Whoever built this device understood that the primary detection layer at a power substation would be looking for radio frequency emissions. They engineered around it. They got the concept right and the execution wrong. The next iteration of this approach will not necessarily make the same mistake.
The second is the hardware. A DJI Mavic 2 is the same class of drone that nuclear facility security teams are currently evaluating for perimeter inspection and infrastructure survey. The device that represents the threat and the device that represents the solution are, in many cases, identical. Any C-UAS framework that cannot make that distinction — reliably, in real time, without depending on RF emissions that a motivated attacker will simply remove — is not a framework. It’s a comfort blanket.
The fact that the copper wires suspended from the drone were so small that they would in all likelihood have simply vaporized if they'd come into contact with high tension conductors is mostly irrelevant. That was probably not the concept the attackers were aiming to prove.
We got lucky with the physics. Security planning that depends on the attacker not doing their homework is not security planning.
The C-UAS Detection Problem - Only Even More Difficult
A drone stripped of its RF datalink - like the one used in the Pennsylvania incident - defeats the primary detection layer of most deployed commercial C-UAS systems, which aim to locate the pilot or the drone by listening for the radio frequency traffic back and forth between the UAV and the controller signal.
On the battlefield we’ve seen how this vulnerability has been removed by using drones controlled over optical fiber that pays out of a spool attached to the drone, carrying both control and video signals entirely off the RF spectrum — essentially invisible to every detection system built around the assumption that a drone needs a radio link.
This might not be a technique we see so much in the civil world, but it is just one of many examples that illustrate how our current drone detection paradigms have shifted in the real world. The C-UAS industry has not yet responded convincingly to this issue.
Remove the controller signal and you’re down to radar, audio or optical systems, each with their own practical and technical limitations when deployed in cluttered or noisy environments trying to find a small, low-flying, slow-moving, objects on potentially erratic trajectories. That’s the hardest version of an already hard problem.
The Drone Defeat Problem
And if you solve that problem, then what? Even where detection works, the response options at a nuclear facility are more constrained than almost anywhere else. Jamming sections of the RF spectrum in the hope that you choose the correct group of possibly diverse and changing frequencies is totally hit or miss as a strategy. It also risks grounding your own fleet of operational drones, some of which are likely to represent your best chance of pursuing and locating either the pilot or the hostile drone.
Every option for kinetic defeat introduces its own completely unpredictable risk calculus. Maybe stop and think about that before you take a pot shot.
What goes up must come down, and the question of where each of the many pieces of the drone, its mystery payload and any projectile (or projectiles) you send up to do the job could come down might need its own risk assessment and its own conversation with your insurers.
That’s before you consider the risk that any of those pieces might land on the people, the neighbors, the traffic, or the protestors outside the gate. That’s not going to help your PR team do their already difficult job.
Shooting vehicles out of the sky is never the sort of thing that can be taken lightly no matter what the risk could actually turn out to be. Whether it be bombs, noxious substances, anonymous white powder or just chunks of battery and electronics, the world has not properly defined how the law around unexpected items falling from drones should or could work, where liabilities rest for different types of outcome or who bears the cost. However, it is quite universally agreed that without some understanding of what might be inside the drone hovering above your head as well as some legally agreed terms of engagement, shooting it down is never the lowest risk option. For anyone.
The Restricted Airspace False Comfort
What many countries do agree on - however - is that drones should not be allowed to fly around without any restriction or regulation, and as a result of this, most nuclear facilities are likely to be designated drone-free no-fly zones.
No-fly zones are a legal instrument. Geofencing is a flimsy technical whimsy, trivial to defeat and incompatible with the needs of a modern drone-supported electrical transmission network. Neither are physical barriers. Bugey had a no-fly zone. The Pennsylvania substation had regulatory protection. Neither stopped anything. The nuclear sector’s instinct to point at airspace restrictions as a layer of defence needs to be examined honestly and probably with the support of the nuclear sector itself. Aviation regulators are good at aviation regulation but not necessarily at working out what happens away from airports.
The Regulatory Speed Mismatch
The threat has evolved faster than the framework. The drone that represents the current threat is not the drone that most nuclear security frameworks were written to address. Regulatory processes that move at the speed of consensus are competing with technology that moves at the speed of a maker community.
The Civil Aviation regulators in most countries - even those in the handful developed nations where drone based services have already been introduced - are some way off a set of comprehensive regulations for drone operations, and most have barely any capacity for policing or enforcing those regulations. That's in general, not just in nuclear.
That's not a criticism, but it is a warning.
What The Workshop Needs To Produce
When I was first asked to contribute to a WINS event focusing on drones the industry was still wondering what drones were and whether or not they should take any notice.
Six years on - after the numerous drone scares we've all seen in the news, after the whirlwind of innovation, development and hostile field trials we've seen on the battlefields of Ukraine, Yemen and the Persian Gulf - the capabilities and the resulting threats from these uncrewed weapons delivery platforms have grown beyond recognition.
But also the range of real world examples of beneficial use from the exact same range of technologies, in power line and infrastructure inspection, in autonomous incident response and delivery, and a whole list of Difficult, Dirty and Dangerous applications all over the world is proof that there is an undeniable place for these annoying little buzzers in the sky above our facilities.
Some of the most difficult technical challenges that existed back in 2020 still exist today, and that's why we still need to approach the topic with a healthy dose of caution.
That's why I don't expect this event to deliver security managers in the nuclear sector with a technology procurement list. The sector has been burned by procurement-first thinking before — C-UAS products that were bought before the detection problem was honestly assessed, that now sit in facilities providing false assurance.
Things we’re still missing in the Nuclear Security Space in relation to drones and low altitude electric aviation use would include :
An honest shared audit of what works and what doesn’t, against the specific threat profile of nuclear facilities, not against the generalised threat profile that vendors design their marketing materials around.
A framework for operating in the gap — what do you do in the period between acknowledging that current systems have limitations and acquiring something better? What compensating measures are available? What does responsible risk management look like when the technology isn’t 100% there yet?
Serious engagement with the utility vs countermeasure tension. Any facility that is moving toward drone-based operations — perimeter patrol, infrastructure inspection, emergency response — needs a C-UAS framework that can distinguish between its own assets and a threat. That’s not a trivial technical problem and it needs to be on the table.
There are two beliefs I expect to encounter in the room with WINS delegates this Tuesday, that I’d genuinely love to see challenged.
The first is the instinct to shoot it down. Kinetic defeat feels decisive. It feels like the security professional’s job being done. In a nuclear environment it introduces a second risk calculus that I think deserves more honest examination than it typically receives — but I’m curious whether the people in this room who have operational experience of actual drone incidents have reached the same conclusion - both those who are operating within striking distance of a Shahed and those who are not.
The second is the belief that nuclear facilities are simply too difficult to damage to warrant serious concern about drone threats. The reactor building is hardened. That part is true. Everything around it is considerably less so — and a sophisticated adversary does their target selection accordingly.
Both of these beliefs are comfortable. Both are likely to be somewhere in the room. Whether two days of operational experience from Serbia, Bulgaria, Ukraine and the UK is enough to shift them — or at least to put them honestly on the table in a world where there are FPV drones capable of flying in through a window and hunting down their target is what I’ll be watching for.
I’ll report back.
How Much Longer Can We Depend On Luck?
We got lucky with the physics in Pennsylvania. We got lucky with the costume in France. Security planning that depends on the attacker not doing their homework is not security planning. The homework is being done. The question is whether we’re doing ours.