U.S. electric utilities need new tools and regulatory authorizations to protect the power grid from drone attacks, experts and industry groups say.
The issue has taken on new urgency recently. The Department of Homeland Security reportedly urged U.S. energy companies to increase security in response to potential threats from Iran, which has successfully used drones to target American military personnel and assets since the U.S. and Israel launched a war against Iran on Feb. 28.
But power grid asset owners and operators have “growing concern” around “unmanned aircraft systems,” or UAS, attacks and their “ability to protect critical assets and infrastructure,” the North American Electric Reliability Corp. said in a report this week.
The report was an assessment of NERC’s 8th biennial electric grid security exercise — GridEx VIII — held in November to evaluate grid security, including the resilience of the North American electric system in the face of a coordinated attack from a nation-state adversary.
Hundreds of organizations stress-tested emergency preparedness protocols and game-planned responses to hypothetical scenarios. In one of those scenarios, multiple UAS targeted a switchyard at a nuclear generating station and a transformer station.
The report said participants noted that there is a “variety of guidance” from different government agencies on drones regarding what laws and regulations apply to detection, and what technologies can be legally deployed.
“Collaboration between industry and government partners would allow for a better understanding of the concerns that [asset owner or operators] maintain related to [drones] and how the government can support [asset owner or operators] during impending and active threats,” it said.
"Currently, utilities leverage detection capabilities to establish baseline traffic near critical assets but are limited to engaging with [drones] only after they are safely on the ground, which is often too late.”
Kimberly Mielcarek
Vice President of Corporate and External Communications at the North American Electric Reliability Corporation
Drones have become ubiquitous in modern warfare, from Ukraine to the Middle East. The United States military is finding drones a difficult threat to counter — and even well-funded electric utilities do not have the budget of the U.S. military.
“The electric grid was never designed with aerial threats in mind,” said Charlie O’Connell, chief business officer of Fortem Technologies, an airspace security firm.
There have been drone attacks on the U.S. electric grid, but the threat is relatively new. In 2021, federal law enforcement issued a warning to state and local officials about an incident the year before where a crashed drone appeared to have been modified to “specifically target energy infrastructure.”
Since then, the threat has grown as the technology evolves. Small drones are “inexpensive, widely available, and increasingly capable, which means utilities now have to think about security not just at the fence line, but in the airspace above critical infrastructure,” O’Connell said.
Federal airspace regulation limits utility options
Power grid asset owners and operators said efforts should be made to consolidate federal guidance for consistency and clarity, NERC’s report noted.
U.S. airspace is regulated by the Federal Aviation Administration, which “grants very few exceptions to interdicting unmanned aircraft systems, which are treated the same as any aircraft,” NERC Vice President, Corporate and External Communications Kimberly Mielcarek, said in an email.
Utilities “are reluctant to engage UAS in flight because of these restrictions and penalties,” Mielcarek said. “The GridEx discussions highlighted this concern across the industry and the need for our government partners to decide the safest and best way to interdict drones over utility assets.”
Meanwhile, the drone challenge facing utilities is “evolving quickly,” said Melissa Swisher, chief revenue officer at SkySafe, an airspace intelligence company with a focus on drone visibility.
Currently, most drone incidents near critical infrastructure appear to involve surveillance or reconnaissance rather than direct attacks, Swisher said. But that reconnaissance can enable more coordinated cyber or physical assaults.
“Drones represent a new domain of exposure for utilities,” she said in an email. “The challenge is less about reacting to a single drone sighting and more about understanding patterns of activity and having visibility into what is happening in the airspace around critical infrastructure.”
Utilities prepare while pursuing policy changes
Many utilities are exploring ways to incorporate airspace monitoring and drone detection capabilities into broader physical security strategies, Swisher said, “alongside traditional protections like perimeter security, surveillance systems, and coordination with law enforcement.”
Utilities track many threats to the grid, the Edison Electric Institute, which represents investor-owned utilities, said in an emailed statement.
“While physical threats to the grid are not new, drones do present unique challenges,” it said.
Grid operators currently use a “defense-in-depth approach to secure critical grid assets” from drones, EEI said, including “counter-drone measures, limiting single-points of failure, and responding and repairing systems should assets be impacted.”
EEI also said it is pursuing “technology and policy changes” that would allow utilities to limit drone use near critical facilities, and allow companies to interdict drones that enter their airspace.
According to Fortem’s O’Connell, the first thing utilities need is “airspace awareness” — the ability to detect and track drones operating near their facilities. Technologies such as compact radar and integrated command-and-control platforms can allow utilities to monitor low-altitude airspace around substations and generation sites, he said. When suspicious activity is detected, utilities can then coordinate with law enforcement and federal partners.
“The electric grid was never designed with aerial threats in mind.”
Charlie O’Connell,
Chief Business Officer of Fortem Technologies, an airspace security firm.
O’Connell also said that the FY2026 National Defense Authorization Act, signed into law in December, expanded domestic counter-UAS authorities and created a framework for state and local law enforcement agencies to “detect, track, and mitigate” credible drone threats.
“That change should make coordination between utilities and local authorities more practical going forward,” he said.
NERC’s primary UAS recommendation resulting from GridEx was for U.S. and Canadian federal government partners to “work with industry partners to identify legally accessible technology to address threats from UAS and clarify available government support.”
Additionally, the reliability watchdog called for government agencies to clarify guidance regarding UAS and the methods available or drone detection, and for more clarity around governmental support available to industry in the event of an incident or attack.
“Currently, utilities leverage detection capabilities to establish baseline traffic near critical assets but are limited to engaging with UAS only after they are safely on the ground, which is often too late,” NERC’s Mielcarek said.
