The legal and regulatory framework for counter-drone defense does not yet exist in any meaningful form. History shows that courts, insurers, and professional organizations will build it before government does. Organizations that wait for legislative clarity are not playing it safe; they are ceding the standard to someone else and accepting the exposure that comes with it.

I have finally reached the last stage of grief when it comes to drone policy change: acceptance. Change is not coming until there is a major event. That is the nature of the government beast. Acceptance has made me think about whether history offers any parallels for how regulation, policy, law, and case law will eventually form around the small-drone threat. If change cannot be made before a drone causes real damage, the historical pattern is the best roadmap available.

Every security culture lives or dies on the free flow of information up and down the chain of command.  Frontline employees see threats before leaders do.  Leaders see patterns frontline employees cannot.  When that two-way communication breaks, people get hurt, organizations lose money, and careers end.  This is why hospitals conduct a surgical "time out" before every procedure, and why the failure of this culture at NASA in 1986 may have cost seven astronauts their lives.

I remember laying on an operating room table with a sheet over my head.  I was awake because the procedure I was having did not require anesthesia.  It had been a stressful past few years for me at the time.  A fainting episode led me to having a loop recorder implanted in my chest for three years, right above my ribcage over my heart.  It was there to monitor my heart rhythm to see if that is what caused my fainting episode.  Luckily it had not picked up anything abnormal, and I never had another fainting incident, so it was time to get it out.

Before my cardiologist began the procedure, the surgical team gathered around her, and she explained who I was and what the procedure was going to entail.  Then she asked if anyone on the team had any questions or concerns.  She also explained if at any point anyone had any concerns, they could stop the procedure until their concerns were dispelled.  It was touching.  It was a mixture of professionalism and compassion I have rarely seen in my life.

The 2013 Metcalf sniper attack exposed a gap that still exists today: local law enforcement is almost always the first agency on scene at a critical infrastructure attack, but almost never trains for one. Closing that gap requires preparation before the next incident, not after.

Today marks the 13th anniversary of an attack that should have changed how we think about security, but most people have never heard of it. If you are one of the few who already know what happened that night and quietly lost hope that anyone else would ever care, the new threat environment may finally change that.

On April 16, 2013, a lone wolf or small team of attackers went to the Pacific Gas and Electric Metcalf transmission substation in Coyote, California, and nearly took out the power grid for Silicon Valley. No bombs or sophisticated technology, just rifles and a deep understanding of the substation.

This article proposes applying Crime Prevention Through Environmental Design (CPTED) principles to counter the unmanned aerial systems (UAS) threat, an intersection that remains largely unexplored in existing counter-UAS research.

I am a huge proponent of Crime Prevention Through Environmental Design (CPTED). Ever since I learned about the theory, I knew it was something I wanted to become fluent in. I eventually obtained my CPTED Practitioner designation from the state of Florida and have become an even bigger proponent for this way of looking at the world around us.

Another topic I have become entranced by is countering the threat posed by small commercial drones to our communities here in the United States. After studying this threat, it has also changed the way I look at the world around me. In my search for the answers to counter this emerging threat, I found what appears to be a gap in knowledge, using CPTED to counter the drone threat.

Applying the Crime Prevention Triangle to the civilian drone threat, this post argues that a malicious drone attack on a U.S. civilian target is a matter of when, not if, because all three required elements, Desire, Ability, and Opportunity, are already present.

In my previous post I discussed the idea of the crime prevention triangle.  If you have not read it, go here to read a more in-depth explanation of the concept.  To quickly summarize, the crime prevention triangle theorizes that for a crime to occur three elements must be present: the criminal must have the desire to commit the crime, the ability to carry it out, and the opportunity to do so without being stopped.  If desire, ability, or opportunity are missing, then the crime will not occur.

Using this framework, I believe it is a matter of time before malicious actors use drones to hit civilian targets on US soil.  Let's go through each of the three concepts one at a time.

The Crime Prevention Triangle, a framework used by security professionals and law enforcement, teaches that every crime requires three elements: Desire, Ability, and Opportunity. Effective security works by eliminating Opportunity, the only element organizations can reliably control.

When I started my journey studying criminology in college and then crime prevention as a cop, I ran across what is sometimes called the "Crime Prevention Triangle."  This is the idea that three things must be present for a crime to occur.

First, there must be a desire to commit the crime.  The criminal must want to commit the crime.  Second, there must be the ability to commit the crime.  The criminal must have the skills and access to do so.  Finally, there must be the opportunity to commit the crime.  The criminal must be able to act without being stopped.

Desire + Ability + Opportunity = Crime