The sign at the gatehouse states in big bold red letters: “Photography prohibited anywhere within the plant.” In addition, each visitor is escorted to a room in the administration building to see a safety video that ends with “Taking photographs while on this site is not allowed.” Then, someone from the plant asks for the visitor’s smartphone or camera, noting that the devices will be returned when the visitor’s badge is turned in. And this is only after potential visitors — long before entering the plant gate — have undergone basic screening to see if they should be permitted on site in the first place.
[pullquote]
Call them prudent or paranoid, such steps are increasingly common. The lawyers and security teams at many companies consider them essential. After all, the location, size and shape of equipment and other such details may reveal proprietary technology, the number and nature of railcars on site may offer commercial insights, and both types of information may enable potential attackers to discover vulnerabilities.
However, the adequacy of such measures increasingly is up in the air — quite literally. The emergence of relatively low cost and more capable drones is adding a new dimension to safeguarding intellectual property and protecting plant assets and personnel. Drones already provide high-resolution surveillance photos and real-time video; work now is underway to use them to deliver goods, from getting emergency medical supplies to hard-to-reach locations to speeding receipt of your latest purchase from an online retailer. And, indeed, process plants eventually may benefit from such capacities, e.g., to capture the current configuration of units to update drawings, to supply live feeds of the condition of remote equipment, and to quickly transport needed parts and tools. However, adapting the machines to nefarious purposes isn’t much of a stretch.
Yet, this is an issue that seems to have flown below the radar at most plants.
Sure, helicopters and light planes already can fly over sites to collect information — and could be used to cause damage or worse. It’s a rare plant today that documents, let alone investigates, any aircraft that seems to be taking a particular interest in the site. I bet most facilities ignore these flyovers or casually dismiss them as likely from a regulatory body.
Such aircraft are relatively expensive, must display identification numbers prominently and generally take off and land at prescribed locations. This limits the risk to some extent and eases ongoing tracking of individual helicopters and planes but certainly doesn’t rule out someone renting or hijacking an aircraft to spy on or sabotage sites.
Drones raise far greater potential concerns. They are becoming less and less expensive. Some units aimed at commercial applications now cost under $2,000 and a hobbyist can buy a decent drone for about $1,000. In the U.S., sales are unregulated.
The Federal Aviation Administration (FAA) is working on rules for the commercial use of drones at low altitudes. Its proposal would allow daylight flights of drones weighing 55 lb. or less so long as the devices stay at an altitude below 500 ft and fly slower than 100 mph. Drone operators would have to pass a test and get cleared by the Transportation Security Administration. However, these strictures wouldn’t apply to hobbyists. The FAA now limits flights of hobbyist drones to an altitude less than 400 feet and within sight of the operator.
Clearly the number of drones in our skies will increase vastly in the coming years. So, we now should evaluate and address the potential threats to intellectual property and security they pose, rather than ignoring them and risking learning some hard lessons.