Keeping Railroads Secure From Drones

According to the Federal Aviation Administration’s most recent FAA Aerospace Forecast, more than 900,000 unmanned aircraft systems, or UAS, owners have registered with the FAA.^[1] UAS, commonly known as drones, continue to grow in popularity, both for recreational and for commercial use.

Railroad companies have started realizing the potential benefits of UAS, integrating them into their operations to monitor worker safety compliance and to inspect infrastructure more safely and cost-effectively. But while UAS provide benefits, they can also pose security risks and unique challenges for railroads — such as industrial espionage, interference with train operation and worker harassment. 

Congress has moved to afford protections to critical infrastructure, including railyards, but the U.S. Department of Transportation and the U.S. Department of Homeland Security have been slow to issue implementing regulations. As a result, railroad companies have begun to consider technologies that could restrict UAS use near their operations in order to help protect worker and passenger privacy and safety. However, counter- and anti-drone technologies offer capabilities that have developed faster than the laws that could enable them, and may actually be prohibited without extensive coordination with federal and local authorities.

Congress has determined that UAS are aircraft, and, as such, their regulation is overseen by the FAA. While innovation has generally outpaced regulation, progress has been made. For example, 14 C.F.R. Part 107 — known as the smallUAS (sUAS) rule — allows for commercial operations of UAS of less than 55 pounds within enumerated operational limitations.^[2] These, include, for example, requirements that operators must register their drones, fly below 400 feet above ground level and within unaided visual line-of-sight, and avoid other aircraft.

Because UAS are considered aircraft, they are subject to the FAA’s general aviation regulations, including 14 C.F.R. 91.13, which prohibits the careless or reckless operation of an aircraft so as to endanger life or property.^[3] Railroads encountering UAS operating carelessly or recklessly can and should report such operations to authorities; however, section 91.13 is not a prohibition on flying over or near private property.

While the FAA has issued rules restricting UAS operations near certain areas — airports and certain national parks, for example — UAS operators are not generally restricted from flying in airspace over private property. Nonetheless, the FAA and states have recently taken some actions that may benefit railroads wishing to limit risks posed by UAS.

Railroad companies may gain some protections as “critical infrastructure,” to which Congress has granted certain protections. Section 2209 of the FAA Extension, Safety, and Security Act of 2016[^4] and amendments under the FAA Reauthorization Act of 2018 provide that companies may petition the FAA for designation as a “fixed site facility” under Section 2209. The 2018 Reauthorization amendments added “railroad facilities” to the definition of critical infrastructure.^[5] 

However, the FAA has not yet promulgated rules for implementing the Section 2209 process, and the process is currently under development.^[6] Once finalized, Section 2209 promises some protection for infrastructure falling within the definition of “railroad facilities.” 

Additionally, state law can provide some protection. Almost all states have passed or amended laws in response to UAS, and every state has at least considered legislation. For example, states have enacted prohibitions on UAS operation over designated areas — typically municipal water properties, correctional facilities and state parks — though many of the state laws relate to local preemption, law enforcement use and UAS research. 

Some states have laws banning UAS flight near or over critical infrastructure. Four states — Oklahoma, Texas, Oregon and Delaware — have specifically included railroad facilities in the definition of “critical infrastructure.”^[7] These laws tend to closely mirror FAA protections of critical infrastructure, and typically prohibit UAS operation within 400 feet of covered facilities.

More broadly, some states have attempted to expand traditional trespass law to cover UAS. For example, Utah modified criminal trespass to include drones entering and “remain[ing] unlawfully over property” with specified intent.^[8] Railroads in these states can consider using these avenues to deter unwanted UAS activity.

States have also responded to privacy concerns, such as voyeurism, arising from UAS. Though not all of these states have yet focused on privacy outside the home, some have already realized the unique privacy concerns surrounding critical infrastructure. Arkansas, for one, has enacted a privacy law specifically aimed at critical infrastructure,^[9] and Massachusetts is currently considering a bill specifically protecting railroad switching yards and other critical infrastructure from unauthorized UAS surveillance.^[10]

These state actions, however, may be vulnerable to preemption concerns. The FAA claims “exclusive authority to regulate aviation safety, the efficiency of the navigable airspace, and air traffic control” and preemption of any state and local government regulation of “any type of aircraft operations.”^[11] 

State UAS laws haven’t yet been challenged, but states can certainly expect challenges in the future. While some laws seem likely to survive — the FAA distinguished local and state laws regarding land use, zoning, privacy and law enforcement operations — railroads may be wary to wholeheartedly rely on state laws because of the possibility of preemption.

Finally, in addition to FAA protections and some state laws, railroads can look to counter-UAS, or c-UAS, technology. Like the entire legal landscape surrounding UAS, c-UAS technology is still being developed. A creative field, c-UAS includes everything from lasers, jammers, sounders and nets, to trained birds of prey.

Though the field is currently lightly regulated, the 2018 Reauthorization Act provided the FAA 270 days within enactment to provide more guidance to concerned companies. The Department of Homeland Security is also leading efforts to identify and evaluate possible technologies for tracking and mitigating threats. Thus, interested railroad companies can expect movement in this area in the near future. 

For now, companies should note that employing c-UAS potentially implicates multiple federal laws. In its most recent guidance letter on c-UAS, the FAA outlined a number of legal obstacles — for example, the Pen/Trap Statute, the Wiretap Act, the Aircraft Sabotage Act, the Computer Fraud and Abuse Act, the prohibition on Aircraft Piracy and the prohibition against interference with certain satellite operations.^[12] 

Ultimately, railroads seeking to exclude UAS must wait for the law to catch up to the current reality. There are reasons to be hopeful, however. The amendments to Section 2209 are encouraging, and state laws may potentially do the job while the FAA finalizes the Section 2209 petition procedures. 

But there’s still much left to be desired in these contemplated and current regulations. As a result, while c-UAS may be the best solution to preventing industrial espionage and other safety risks, more guidance is needed to aid companies seeking to lawfully employ c-UAS. For the time being, a combination of state and local laws on privacy and trespass, and state and federal laws on critical infrastructure protection, afford an imperfect layered defense of railyards and railway operations.