Safer Skies or Patchwork Protection? The Regulatory Landscape for Airspace Security Over Critical Infrastructure

Terri Lewis/Delta Advisory Group The The Regulatory Compliance Landscape for Airspace Security Panel at EDR Summit (Left to right): Dawn Zoldi, P3 Tech Consulting; Angelissa Savino, Savino Skies Consulting; Jason Day, DRONERESPONDERS; Jen Daskal, Venable

At the inaugural Energy Drone and Robotics Summit’s Energy Security and C-UAS Forum, three of the nation’s leading voices on counter-UAS law and public safety operations delivered their assessment of where the United States stands, and where it falls dangerously short, on airspace security over critical infrastructure. The session, titled “The Regulatory Compliance Landscape for Airspace Security” traced a decade of legislative evolution, a landmark new law, a long-overdue proposed rule and the very real operational gaps that still leave energy facilities, pipelines and power grids vulnerable to drone threats.

A Decade of Slow Progress — Then a Flood

Terri Lewis/Delta Advisory Group; (Left to right): Dawn Zoldi, P3 Tech Consulting; Angelissa Savino, Savino Skies Consulting; Jason Day, DRONERESPONDERS; Jen Daskal, Venable

To understand where the counter-UAS regulatory landscape stands today, Angelissa Savino, founder and managing attorney of Savino Skies Consulting and Autonomy Global’s Homeland Security Ambassador, offered a compressed but striking history lesson. 

By 2015, drones had flooded the American consumer market, and law enforcement had essentially no legal authority to touch them, even when a UAS was clearly a threat. “There was really nothing that public safety agencies could do to take a malicious or careless drone out of the sky,” Savino noted. The Department of Defense and DOE received counter-UAS authority in 2016; DOJ andDHS, followed in 2018 under the Preventing Emerging Threats Act. Then came nearly seven years of legal stagnation. Conferences full of people said the same thing, year after year: “we need this authority, we don’t have it, how do we get it?

That stagnation cracked open in 2025. Executive Order 14305 established a counter-UAS task force and set new regulatory wheels in motion. Then, on December 18, 2025, the SAFER Skies Act was signed into law as part of the National Defense Authorization Act (NDAA). Savino described the moment. “My phone was blowing up. It finally happened,” she said. For the first time, state, local, tribal, and territorial (SLTT) agencies across the country had a legal pathway to detect and mitigate unauthorized drones. The distinction between pathway and permission, however, would prove critical.

The Safer Skies Act: A Door, Not an Open Highway

Savino was careful to frame the legislation precisely. The SAFER Skies Act did not hand immediate authority to thousands of SLTT agencies. Rather, it created a structured process to earn it. Two gatekeepers stand between an agency and operational counter-UAS capability: FBI training center certification for detection, and an additional mitigation training track with access limited to an authorized technology list.

The bottleneck is real. Only a finite number of personnel have completed training so far, and rolling it out nationally will take time. One proposed solution gaining traction, though not yet formalized, would shift detection training to an online format. This would potentially enable mass certification across entire jurisdictions in a matter of hours. “Basically in an hour, all of your SLTTs in your jurisdictions could get mass detection authority overnight,” Savino explained, as she described it as “a really big sea change.” Mitigation training, however, would still require in-person FBI training center certification.

The law also significantly raised the stakes for bad actors. Previously, Temporary Flight Restriction (TFR) violations were misdemeanors. Under the SAFER Skies Act, certain offenses, including drone-facilitated contraband delivery into prisons or repeat violations, can now be prosecuted as felonies carrying up to five years in prison. It also included a directive for a report, due within one year, on what critical infrastructure specifically needs in terms of counter-UAS capabilities. Savino called this provision a potential springboard for further legislative expansion.

On the Ground: Funding Gaps and Operational Reality

Counter-UAS featured prominently for the first time at this year’s Energy Drone and Robotics Summit.

After Savino painted the legislative picture, Jason Day, the Deputy Director of DRONERESPONDERS and former Director of the UAS Program for the Texas Department of Public Safety, provided the operational reality. His experience overseeing a 400-aircraft, 400-operator program that conducted roughly 50,000 drone flights annually makes him one of the most field-tested voices in the industry.

The federal government allocated $500 million for counter-UAS capabilities across two funding tranches, with $250 million made available in late 2024. The problem, Day explained, was that public safety agencies had no clear roadmap to access it. DRONERESPONDERS, the Commercial Drone Alliance, and the White House Task Force convened a summit at George Mason University to walk 400 public safety professionals through the process. Even so, theory and execution diverged sharply.

In Texas, for example, funds flowed from the federal government to the governor’s office, which distributed them to Dallas and Houston for FIFA World Cup security coverage. The games, however, are being played in Arlington, which received no direct grant funding. “Somebody gives you a big pot of money, you’re going to hold onto it,” Day observed dryly. The expectation that Dallas would share resources with Arlington was, in his words, not realistic.

Compounding the funding distribution problem was technology availability. Agencies waiting on authorized equipment found their orders delayed as conflict in the Middle East diverted defense-grade counter-UAS technology to overseas deployments. 

Additionally, only 60 operators had been trained by the FAA to carry actual mitigation authority as of the panel, a paltry number given the scale of national need. Day said, “We need to expand the way that training happens so that more entities can have that mitigation authority,” not just for mass-gathering events like the FIFA games, but for the energy facilities, pipelines and power infrastructure that represent permanent, high-value targets year-round.

2209: A Proposed Rule Full of Promise — and Gaps

Jen Daskal, a partner at Venable and one of the nation’s foremost experts on counter-UAS law, turned the conversation to critical infrastructure owners and operations. She outlined the FAA’s Notice of Proposed Rulemaking 2209, which would  create a mechanism for critical infrastructure to apply directly to the FAA for Unmanned Aircraft-Free Zones (UAFRs)— which are temporary flight restrictions tied to credible threats. This rulemaking was first mandated a decade ago, by the FAA Reauthorization Act of 2016. Its arrival is long overdue. The comment period closes July 6th.

Daskal identified three major structural problems with the draft rule as written.

Coverage Gaps 

The rule covers 16 critical infrastructure sectors and sets  eligibility thresholds for each. In the electric sector, generating facilities must meet a 500-megawatt threshold; most transmission substations must meet a 500-kilowatt threshold. Facilities that fall below those thresholds but serve critical defense functions, such as cooperative power plants in Alaska supporting military installations with nuclear interceptors, have no pathway to protection. “That’s a gap,” Daskal said plainly.

A Honeypot Vulnerability

The application process itself creates a security risk. To obtain a UAFR, applicants must submit detailed vulnerability assessments, consequence analyses, and descriptions of their existing security plans. All of that information would flow to the FAA. “Imagine if that information got out,” Daskal warned. “It’s basically a roadmap for adversaries to identify vulnerable critical infrastructure.” She recommended a self-certification mechanism with specific criteria, rather than a centralized repository of sensitive security documentation.

Toothless Flight Restrictions 

Even when a UAFR is granted, the proposed exceptions largely undercut its protective value. Under the draft rule, commercial and recreational drones can fly over a restricted facility simply by notifying the facility and broadcasting Remote ID, without advance approval. “That is not much of a restriction,” Daskal noted. What critical infrastructure operators actually need is the ability to create approved-operator lists for their own inspection, surveillance and perimeter security drones, while also retaining control over whether and when commercial and recreational drones fly over their facilities.  The draft rule does not provide that.

Despite the criticisms, Daskal struck a measured note of optimism that the current administration is genuinely focused on critical infrastructure protection and wants to get it right. This means there is an opportunity to proactively engage. That said, the window is short. Interested parties should submit comments before July 6th.  Daskal urged attendees to reach out if they have questions as to how to do so. 

The Bigger Picture: Detection First

The panel poses for a group shot.

Closing out the panel, all three speakers agreed on a premise that cuts across legislation, funding and operational readiness: the nation needs a coherent, scalable detection architecture before mitigation can be effective. Daskal noted, “We need detection systems across the nation below 400 feet. We can’t do mitigation if we don’t have detection, and right now we’re creating a  piecemeal detection system that is not scalable. That is not good for national security or homeland security.”

Savino urged energy companies and critical infrastructure operators not to wait passively for SLTT agencies to gain authority, but to begin building the MOUs, coordination frameworks and joint protocols that will be needed the moment those agencies are certified. 

Day emphasized the need for continued collaboration between public safety, the private sector and the federal government, all of whom are aviation stakeholders with a shared interest in a safe national airspace.

The threat is real and accelerating. Recently, a known terror group has publicly called for attacks on FIFA venues. The scenarios these panelists have prepared for are not hypothetical. The legislative framework has shifted dramatically in the last 18 months. Whether the operational and regulatory infrastructure catches up, before a crisis, will be the defining question for the energy security community going forward.