OPSEC Guide for Drone Use in Ukraine

Information

DroneSec has opened vetted access to its OPSEC Guide for Drone Use in Ukraine. Usually only available to DroneSec UAS Threat Intelligence customers, the document is being made available via C-UAS Hub in an effort to provide the C-UAS industry, law enforcement, government agencies, and security professionals with knowledge of adversary drone operations and tactics, techniques, and procedures (TTPs).

The document was released in early 2022 as a tactical playbook for friendly forces in providing baseline operational security measures for the use of commercial-off-the-shelf (COTS) drones in Ukraine. The guide was tested and vetted by a variety of drone security and C-UAS experts in real-world scenarios. The aim was to release open-source, UNCLASSIFIED material which could be easily shared between friendly forces without classification restrictions.

The information contained within demonstrates how well-informed adversaries are currently using techniques or technical modifications to evade and bypass detection and/or mitigation by authorities. Many of the methods are still not yet common knowledge and have only been shared with the closed drone threat intelligence community and the DroneSec Drone Threat Intelligence Platform (DTIP).

Background

DroneSec has been tracking drone threat actors and their various TTPs since 2016. When the invasion of Ukraine began, a significant number of COTS drones started being used for ISR and payload drops. Thousands of these drones were being used, detected and mitigated by a combination of counter-drone, electronic warfare, and counter-counter-drone techniques. In some cases, pilot positions were being targeted by artillery fires due to their lack of general knowledge surrounding drone communications.

DroneSec, with the help of various expert drone and C-UAS individuals, compiled their known list of adversary and red-team methods for evading counter-drone systems into a single tactical guide. This guide, which was translated into Ukrainian and Arabic by volunteers, provided a central operating framework for the dangerous, but impactful, use of COTS in the conflict area of Ukraine,

Whilst some of the technologies, modifications, methods and caveats have since bubbled into the public eye, the guide has remained hidden without detection that it has fallen into adversary hands. The guide has also been improved upon, being adapted and released under a variety of formats (Handbooks, Infographics, Training Courses) with permission from DroneSec.

Document Abstract:

This document was produced in support of operations in Ukraine where the utilization of COTS drones was an ‘only option’. It includes private and little-known publicly methods of reducing identification and attribution of drones and their operators by some drone detection systems. Some of the Tactics, Techniques and Procedures (TTPs) contained within mirror activities used by current-day criminals in evading Law Enforcement and C-UAS vendor technologies. The document has been peer-reviewed by experienced members of the community and in theatre operations within conflict zones.

Any reader of the guide should be aware of the potential methods available in underground communities and prepare their counter-counter strategies and technical mitigations appropriately.

This document is now available to public requests (manual vetting occurs). The first draft was made available to units within Ukraine and DroneSec customers in March 2022. If you would like to receive similar documents to these on a regular basis, consider joining our UAS Threat Intelligence subscription by visiting https://dronesec.com or contacting us at info@dronesec.com.

Table of Contents

The following practical steps to minimise adversaries targeting drone operators is a brief summary of what is contained with the guide:

• Operational Structure (launch, land, and strike syndication)
• Drone Security Rankings (analogue, digital, COTS)
• Primary Baseline Controls
• Physical Security Controls (visual/acoustic camouflage, hardware/software obfuscation, device hygiene)
• Activation and First Use OPSEC (unboxing, bypassing geofences, evading No-Fly-Zones)
• General Use OPSEC (video, launch/landing site OPSEC, GPS/RF jamming evasion, automated/remote flights)
• Technical Guidance (Drone IDs, drone location spoofing, bypassing common C-UAS)
• Groups and Technical Modifications

How can I access this document?

Please request access by clicking ‘View’ below and submitting the form with your contactable information. DroneSec will manually vet and approve each access request on a case-by-case basis. The document is currently available in English, Ukrainian and Arabic; please select the language(s) you would like it available in. Vetting may take up to 24 hours.

Why is this information being released now?

The conflict in Ukraine has continued for over a year. Technology must innovate and C-UAS vendors must become aware of the latest TTPs by adversaries to overcome their detection and mitigation practices. This will help friendly forces in the future, and aid friendlies in non-conflict areas, such as prisons, ports, stadiums, airports and government facilities. To reduce intelligence stovepipes, DroneSec regularly shares information from its UAS Threat Intelligence subscription.

What other mediums is this document available in?

Some materials are only available to FVEY. The document has also been turned into a training course and is available to vetted participants via the DroneSec Training Platform on request (https://training.dronesec.com/).

Who is DroneSec?

DroneSec is an all-source threat intelligence firm which provides drone threat awareness, incident analysis and training to government, law enforcement and military globally. DroneSec provides real-time coverage (daily, weekly, monthly) of drone threats capabilities, threat actors and their budgets, technology, tactics, techniques and procedures (TTPs). The DroneSec Drone Threat Intelligence Platform (DTIP) is an automated aggregation, categorisation and dissemination platform for drone incidents relating to weaponization, contraband, ISR, smuggling and other categories. The platform provides customers with a central operating picture for tracking thousands of drone incidents around the world and fusing data sources to provide threat modelling and determine intent off trends and patterns.

www.dronesec.com

Stay on top of industry news, developments, resources and articles- Sign up for a free C-UAS Hub Membership to bookmark your favorite content and receive the C-UAS Hub newsletter and important industry updates!