For decades, security leaders have optimized defenses in two dimensions. Doors, locks, fences, cameras, access badges, identity systems, and multi-factor authentication have all been designed to control who and what moves through physical and digital perimeters.
But as experts discussed during RSAC 2026, something fundamental has changed: the threat landscape has gone airborne.
This shift was the focus of RSAC’s must-see session, Beyond the Fence: Securing Our Skies from the Drone Threat, featuring Jim Trainor, Senior Vice President at LevelBlue and a 20-year FBI veteran; Houston Mills, President of Flight Operations at UPS with four decades of aviation experience; and Jaz Banga, CEO and co-founder of Airspace Defense. Together, they addressed why drones represent one of the most consequential – and least understood – security challenges facing enterprises today.
The Rise of a 3D Threat
Security controls were never designed to monitor the airspace above facilities. As Trainor explained during the session, organizations may have world-class perimeter defenses and sophisticated cyber protections, yet the third dimension (airspace) remains largely unmonitored.
Tens of thousands of anonymous drone flights occur daily over major U.S. cities, often with no verifiable operator identity, limited accountability, and minimal enforcement. While FAA registration exists, adoption is inconsistent, particularly for smaller or custom-built drones. The result is a vast, largely ungoverned layer of activity directly over critical infrastructure.
High-profile venues, like events, stadiums, data centers, airports, utilities, and government facilities have all become viable targets. Recent global conflicts have demonstrated how inexpensive drones can disrupt operations, gather intelligence, or serve as precursors to physical or cyberattacks.
Even a single low-cost drone can create outsized economic and operational impact, grounding flights, halting logistics, or forcing shutdowns. Too often, organizations only recognize this risk after disruption occurs.
Enterprises need visibility and detection today. Recent executive action in the U.S. has even elevated drone identification to a national priority, but policy alone won’t solve the problem. Let’s explore where to start.
Establishing Trust in a Mixed Airspace
One of the most complex challenges in drone security isn’t identifying malicious activity; it’s operating safely in an environment where trusted and untrusted drones coexist. Law enforcement, emergency responders, enterprises, commercial operators, and hobbyists often share the same airspace, making blunt controls impractical.
To address this, the drone ecosystem is beginning to adopt trust frameworks similar to those long used in cybersecurity and critical infrastructure. Industry groups such as the Association for Uncrewed Vehicle Systems International (AUVSI) have introduced initiatives like Blue UAS and Green UAS, which are designed to promote secure supply chains, trusted components, and greater transparency into how drones are built, sourced, and operated.
- Blue UAS focuses on government‑grade platforms that meet stringent security and supply‑chain requirements
- Green UAS extends similar trust principles to commercial and industrial use cases, helping organizations identify drones designed with security and resilience in mind
These programs don’t eliminate risk, but they do provide an important starting point for trust, much like hardware assurance, secure‑by‑design principles, and vendor vetting do in the cyber world. In a landscape defined by mixed traffic and limited attribution, such signals help organizations move beyond simple detection toward informed decision‑making.
Remote ID: Necessary But Not Sufficient
Remote identification is often described as an “electronic license plate” for drones, broadcasting a unique identifier along with the drone’s location and the operator’s position. It represents an important step toward visibility and accountability.
Roughly 85% of drones in the U.S. broadcast remote ID and can be detected relatively easily. The remaining percentage – custom-built, lightweight, or autonomous platforms – require more advanced detection methods, including RF analysis and radar.
However, remote ID alone is not enough. Signals are unencrypted and can be spoofed, copied, or disabled, and some drones may bypass remote ID entirely. And because registration remains voluntary, remote ID does not reliably solve the core problem of attribution. In practice, it provides visibility, not trust.
This is where the drone risk begins to resemble the early days of cybersecurity: low barriers to entry, asymmetric advantages for attackers, blurred jurisdictional lines, and persistent attribution challenges. Threats start small, are easy to dismiss, and scale rapidly – often faster than governance and regulation can keep up.
Just as early cyber threats went underfunded until organizations experienced real pain, drone risks are likely to follow the same trajectory. The absence of a clear “owner” for drone risk – split between physical security, cybersecurity, facilities, and legal teams – only compounds the problem. In many organizations, the lack of policy itself is a material vulnerability.
Detection is the First Line of Defense
While mitigation and takedown authorities are tightly regulated, detection is both legal and essential for enterprises today. Detection does not equal disruption, but without it, organizations are flying blind.
A layered detection strategy typically includes:
- Remote ID sensors to capture the majority of compliant drone traffic (detect ~85% of drones)
- RF-based detection to identify command-and-control links (detect ~99% of drones)
- Radar systems for advanced or RF-dark threats (required for non-transmitting drones)
- AI-driven analytics (to process massive telemetry volumes, separate noise from risk, and enable real-time decision-making)
This approach mirrors Zero Trust principles in cybersecurity: authenticate what you trust, assume everything else is untrusted, and continuously evaluate behavior. Organizations that whitelist legitimate drone operations gain both security and operational advantage, while reducing false alarms and uncertainty.
How LevelBlue Helps
Drone security is not just a physical problem or a compliance issue; it’s a hybrid threat that blends cyber, physical, operational, and geopolitical risk. This is where LevelBlue’s experience matters.
LevelBlue brings deep expertise in threat intelligence, offensive security, managed detection and response, and risk advisory. Drawing on decades of experience helping organizations manage asymmetric cyber risk, LevelBlue helps enterprises:
- Understand how drone threats intersect with existing cyber and physical controls
- Design detection-first strategies aligned with legal and regulatory realities
- Apply cyber resilience principles to airspace security
- Prepare governance models for hybrid threats that don’t fit neatly into one function
As drone activity continues to scale, the question for security leaders is no longer if airspace risk will impact their organization, but whether they will address it proactively, or react after disruption occurs.
With the right visibility, strategy, and expertise, organizations can secure not only their networks and facilities, but the airspace above them as well.
