Global Drone Incidents

Zev Nadler:

So basically at 20 years old, I was working in a slaughterhouse [laughs] and I was taking IT courses. This is back in probably 1981 or so, and I thought it was a natural transition to go from the Slaughterhouse to IT. If you've ever worked with computers or in IT you can get that.

Fast forward I saw the programmers were making more money than the hardware technicians which is what I went in as. And because I speak a couple of different languages, learning the syntax of programming was pretty quick and the next thing I knew I was in EDS employee on a General Motors account because General Motors bought EDS.

I'd gone into GM as a consultant, and fast forward from there 20 years later or so I was a senior manager at a large consulting confirm McGladrey & Pullen and kind of semi-retired in 2000 here in Scottsdale. I made a couple of bad high tech stock moves which had me go back to work and I opened another IT firm here. We were able to get the Arizona State e-procurement system. Then from there, I got a little bit tired of IT, and scope creep and all the good stuff that goes with being in the IT world.

And I had this dream of teaching people how to drive correctly and shoot correctly in the desert, here in Arizona. We have a lot of open desert land and people go driving in there and you know, don't necessarily take care of the land, the way it is, and it was my purpose to teach them how to do that. So instead of being in the back of a Hummer or a Jeep, we had 15 formally IDF Special Forces Vehicles which are like golf carts on steroids, and I mostly hired former Marines as my guides. There was a guide in front of the guy in the back because these guys really have been trained to make sure everything comes back intact and to keep people safe.

From there I sold that back in '13 and went into the firearms industry and round 2015. The company, I was working for said, "You knows Zev, I think drones would be great at a firing range because you could be five feet above and five feet in front of the shooter without risking the camera down range at the targets." And so, I got myself a phantom and the next thing I knew I was in commercials for firearms companies and did some work for recoil TV. By 2020, I was performing business development for some US and international drone entities. And by April of '22 I became a specialist. I'm by no means a subject matter expert. That's reserved for guys like Jimmy McMahon who have trained 12,000 people, worked on 120 different types of SHORAD and air defense systems. But I became a specialist in OSINT to help our country and NATO be able to defend against nefarious drones. So that's what I’m doing now and it's been a lot of fun.

David Lewin:

That's great. Well, that's the fun story. I mean it's really interesting to hear everybody's paths. I'm glad that you know you weren't making those investments when this whole SVB bank and all those things that... [laughs] They've failed on a bunch of people. So, there's probably going to be more startups coming from people who thought that they were nice and retired and now may need to shift gears right?

Zev Nadler:

Now, a lot of the companies that have been using the periscope as their basis for their RF detection, are going to have to find a new way of doing that as well, right?

David Lewin:

Yeah totally. There’s opportunity for innovation for sure. So that leads us right to the meat of the conversation.

I wanted to get into the global drone incidents and talk about the map. We can pull that up here in a second. When you signed up for this LinkedIn live, you probably saw the snapshot of global incidents with drones. We’ll take a look at the map and all the underlying data and threat intelligence reports. But just the map showing the level of activity is enlightening.

It's difficult for a lot of critical infrastructure security teams to actually make the business case internally to their leadership to prove that drones and the emerging potential threat of drones is worth prioritizing over other risks and threats.

And so, you know we certainly want to make good decisions based on data and not hype. There's actual real data here that not everyone knows is available and it helps to have real life data to make a true business case and put a higher priority on implementing full technology for drone detection. Even if it's just putting resources into training and creating a counter drone program and response plan so that folks at least know what to do if they do happen to see a drone, right? So, across the board it is very helpful if there's a good strong business case based on data. And with that, I'll share the screen of that map.

Zev Nadler:

It is important to know how we maintain the intel constantly to be ahead of the threat. I'm going to take on the persona of an operator in an electrical power plant - let's call it a gas fire energy power plant. And I'm right on the Arizona border and I've got cartels to the south of me, and various actors all over and we see some bad critical infrastructure strikes. So, the first thing I'm going to do is show you what I do when I first come to work in the morning.

Zev Nadler:

You're looking at the dashboard that a typical operator would pull up every morning and they would see what's going on in the world. So, on the top here we can see a bunch of blinking items. This is usually things that have happened in the past 30 days.

We're seeing overall incident in phone overall artifact info. Why are artifacts important? Because at the core of what we're looking at here of our global threat UAS tool is OSINT, our Open Source Intelligence, and that's gleaned through scraping the internet and being really good at doing it-we've been doing it for about four years or so. I would have to say that the other 20% is our analysts having burrowed deep into the various actors’ layers, like the dark web, certain groups they're in, having known the groups or certain personas that allow them to get information when these folks brag about their feats that they've accomplished.

So, when we look at the artifact categories, where do they come from? Counter drone systems, UTM systems, various regulations will come out, drone news and so on. We also take a look at the incident categories.

And then the last thing we have are instant results of the incidents that occurred, how many were seized and how many were not seized.

Okay, so we're going to go into the incident map now. So, when you see something with cannabis in the gun, it's going to be a prison drop. Prisons are a critical infrastructure with regard to the risk chain due to potential impact of escapees or increased criminal activity (like drones dropping drugs or weapons in the yard, or prison release or escapees) in neighboring communities.

David Lewin:

If we take these concerns and concepts and apply them to a day the life as the COS operator at electric utility, data is a powerful tool for creating a business case and solution before a site has a very bad day as consequence of drone activity.  Looking at global activity will inform US based security and safety responses, longer term and as drone use expands – both as tools and intentional threat carriers.

Zev Nadler:

Yes. What's happening around the globe is going to happen in a theater near you soon. So, it's something that you want to look at, you want to see things that are going on across the globe and then you might want to look into you know your area and see what's happening that is notable?

Now, if we go back into the incident map, we could see basic intrusions - two arrested for going over Dow Chemical plan, for example. Now, when I open up critical infrastructure, we can see an oil tank, we can see educational facilities and power grids – all critical infrastructure. You see how COTS (commercial off the shelf) drones are being used.

David Lewin:

And Zev, I got a comment here. I'm going to highlight this from Christopher Schaffer, "Arizona prisons have been experiencing large uptake in drops. You know, we just had some with Arizona law enforcement." And I thought that was interesting if you want to comment on that and you know, and maybe highlight you know something on the map. 

Zev Nadler:

I was showing the system to an administrator of this prison, and he asked me to do a search on anything in Mississippi and he said, "Yep, that was mine, I was there, and that was in that cam that caught that Phantom 3." And as we go through it, you know, he sees his desk, he sees his chair, he sees his drone, and he sees the contraband, and this is the beauty of OSINT. Then we do an analysis. We talked about what happened and our analysts tells you what the TTP's of these threat actors are and what could have been done.

David Lewin:

Here’s a question related to something we were talking about right before we started and there was kind of an interesting reaction from the prison and they saw their own photos on their, right?, "How are the OSINT reports confirmed and what steps are taken to avoid false reports duplicates or other potential inaccuracies?"

Zev Nadler:

Yeah, so it's a great question and the answer is that we vet every single item that you see in our system from three different sources when possible, and that's most of the time. So, anything you see in here, any link to an artifact has been verified.

David Lewin:

Adam thanks for your comment. He agrees with Chris, "At Arizona and many other DOCs across the US are experiencing them flux of drone-borne contraband." As are other critical infrastructure sites. That's a big deal, right?

Zev Nadler:

Absolutely. Here's an electrical grid threat that I brought up I think we're all familiar with - the drone that came to the copper wire to intentionally disrupt power. And in here (within the data system), this is where we give a summary. We give a picture of the drone taken by someone at the scene. And the interesting thing about this one, where we all can learn from again, is that they did everything they could to thwart any forensics. So, they actually had its camera, internal memory card, and any identifying markings removed. So that goes far beyond you know, just tape over the navigational lights with duct tape. They're actually doing more they're getting smarter, and they know how to cover their tracks which is why when we looked at the dashboard, we see there are those pilots who have been apprehended and those who have not. So yeah, great point, Adam. It's nice to see you on here. I know we chat sometime, see each other's posts on LinkedIn. It's good to see you as well, Christopher.

David Lewin:

So maybe you were going here already, Zev.  But I would be really interested in looking at that weekly threat intelligence report because we’re all trying to stay in front of this curve. You need to, right? You need tools, resources, education, so that you're not just deploying a system, setting in and forgetting it. That does not work.

With that said, it's important to be able to have some sort of summary almost like you know, reading the Wall Street Journal if you're working on Wall Street you need to stay up to date and current, and have those resources. And so, these Global UAS threat intelligence reports - how would someone use something like that you know, real world to just very quickly drill in and get some highlights on things they should be concerned about, they should bring to their team et cetera?

Zev Nadler:

Absolutely, this goes hand-in-hand with one of the value propositions you mentioned today which is how can you have something to bring to your boss for budgetary and procurement purposes, in addition to doing your job, so the juice is really worth the squeeze. Okay, so a private intelligence report is delivered weekly into my inbox; subscribers see featured advisories, you'll see counter drone systems, drum technologies, conflict news and so on. So, they actually give you a picture of it, and then analysis. Also, we'll talk about what kind of contraband is being dropped and what's dropping it. This is all critical information for you to understand what people are doing, what is happening. You see here are some pistols and ammunitions.

David Lewin:

Well, and for my consultant standpoint or a hardware manufacturer, anyone who's helping advise a critical infrastructure client on what type of technology stack that they need to have that awareness, that detection capability. This is really fascinating, right? To see how people operate what their tactics are, where they're taking off from, where they're landing, what types of drones, what size, what kinds of payload, you know? We talked a lot about layer technology - whether it's radar, cameras, RF, acoustics -and you see real world examples of threats and get actual data points on how bad actors are actually operating.

Zev Nadler:

And that's why we call it, “the art of counter ‘insert exponents’ here,” UAS. It's a cat and mouse game that's going to continue. Before we were able to do things with GPS and RF spoofing and now we can't because they're figuring out how to subvert that counter-measure -  they're using on-board waypoints or on-craft map with AI. By the way, what you guys are doing is incredible because you've extended the reach of detection by putting your radar panels on EasyAerial craft that can fly and observe 10, 15 miles away and then send it back via repeater and receiver so we know what might be coming.

I know we talked about the map, and I want to show that to you. So, I'm going to get out of this for one moment.

David Lewin:

And I will say Zev, we have about 18 minutes left. I do want to make sure you're able to show some of the video clips and other things. And keeping that in mind as you're transitioning, I want to highlight a question by Charles Mason: "How does a live report to local police get handled when many local police aren't trained to handle these types of situations and it may end with it being an FAA rule of law." So, I mean, as we know, the regulations are very prohibitive right now of anyone, but those very select few two or three, more federal agencies that are allowed to actually directly interdict a drone that's in flight.

Zev Nadler:

That is a great point and a good segue, but I want to show the global map first. Let me come back to this question because I have a pretty robust answer. We want to get this on screen because a lot of people came to see this.

David Lewin:

Yeah okay, got you.

Zev Nadler:

So, we produce a map every month, global, European, US, and so on. This is a drone incident summary that folks will get for the month of February, showing what and where key outstanding issues occur. You can then find more about these in our knowledge base along with a legend of what was high priority, what was medium priority - crashes, military drones, collisions, contraband and so on. This map can be shared as part of a weekly threat assessment report to the brass. At the same token, this gives you an idea of what's going on, on an ongoing basis.

Zev Nadler:

Going back to our questions about live reports, the way it works right now is we do not receive feeds from any one particular agency.

Now, you had alluded to, and that's very important to talk about, the National Action Plan in which number five of the priorities is having a dashboard that everybody can look at and pump information up to and get information down from the federal level to the state level. For the 18,000 SLTTs, tribal territorial and local agencies, that doesn't exist at the moment.

Further, the FAA can log reports, but they cannot use information from those reports to help law enforcement, at this time. The stuff that they capture is not going to have RIDs that they can disseminate. That's an important process that the guys are working through. And I know that everybody wants to see that sped up and I've been reading some LinkedIn post about how hey, you know, the laws aren't keeping up with the tech. And we all want UTM (Unmanned Aircraft System Traffic Management), we all want AAM (advanced air mobility) but until the point that we know that detection and mitigation isn't going to mess with the volume of delivery within the UTM airspace we have to be careful, and we have to make sure that something bad doesn't happen.

We can detect right now, but we're not allowed to mitigate. So, what else can we do? Well, we can identify where our possible threats might come from to our facility.

As part of my job as an operator, my boss came to me and said "Zev, I need you to put together a survey, as to where the threats might be coming from, so that we can have our security guys know where our problem points are." I'm going to share audio for this for a couple of minutes so that you get an idea of what's going on