By Dawn M.K. Zoldi, Colonel (USAF, Ret.), Esq.
Congress has been very deliberate about who can shoot down, jam or seize drones over the United States, and under what conditions. On the federal side, it has granted tightly constrained counter‑UAS mitigation authorities to a short list of departments for clearly defined “covered facilities and assets.” The FAA’s new UAS security NOTAM, however, appears to treat any drone inside certain roving “national defense airspace” bubbles as a potential threat to “protected personnel, fac (sic), or assets” subject to mitigation, and extends those bubbles to mobile convoys “AND THEIR ASSOCIATED ESCORTS.” That move raises hard questions about whether the FAA has functionally expanded mitigation authority beyond what Congress authorized…and whether it conflicts with how DoD, DHS, DOE and possibly even the FAA themselves have implemented their own statutes.
What Congress Actually Authorized
Since 2018, Congress has carved out narrow exceptions to otherwise applicable criminal and communications laws so that a few federal departments can detect and mitigate threatening drones.
DoD – 10 U.S.C. 130i. DoD may detect, track, warn, disrupt, seize or even destroy drones that pose a threat to specified “covered facilities or assets,” including certain military bases, operations and assets designated by the Secretary of Defense, in coordination with the Secretary of Transportation.
DHS/DOJ – 6 U.S.C. 124n. DHS and DOJ are authorized, under the Preventing Emerging Threats Act, to take similar mitigation actions against drones that present a “credible threat” to the safety or security of defined covered facilities or assets, again tied to enumerated locations and missions and subject to coordination with FAA.
DOE – 50 U.S.C. 2661. DOE receives comparable authority to mitigate drone threats to certain nuclear facilities and assets designated by statute.
Importantly, these laws:
- Identify which departments may mitigate.
- Tie authority to specific covered facilities or assets, not generic mission categories.
- Require a credible threat determination and interagency coordination, particularly with FAA, to minimize collateral impact on the national airspace system.
So let’s get granular. Under 10 U.S.C. 130i(j)(3), a “covered facility or asset” is any facility or asset that:
– “(A) is identified by the Secretary of Defense, in consultation with the Secretary of Transportation with respect to potentially impacted airspace, through a risk‑based assessment for purposes of this section;”
– “(B) is located in the United States (including the territories and possessions of the United States); and”
– “(C) directly relates to the missions of the Department of Defense pertaining to—
– “(i) nuclear deterrence, including with respect to nuclear command and control, integrated tactical warning and attack assessment, and continuity of government;”
– “(ii) missile defense;”
– “(iii) national security space;”
– “(iv) assistance in protecting the President or the Vice President (or other officer immediately next in order of succession to the office of the President) pursuant to the Presidential Protection Assistance Act of 1976;”
– “(v) air defense of the United States, including air sovereignty, ground‑based air defense, and the National Capital Region integrated air defense system;”
– “(vi) combat support agencies (as defined in paragraphs (1) through (4) of section 193(f) of this title);”
– “(vii) special operations activities specified in paragraphs (1) through (9) of section 167(k) of this title;”
– “(viii) production, storage, transportation, or decommissioning of high‑yield explosive munitions, by the Department; or”
– “(ix) a Major Range and Test Facility Base (as defined in section 4173(i) of this title).”
Critically, these designations are not “all DoD bases, everywhere, all the time.” They are a defined subset that must be formally covered through internal processes, with coordination and notice to FAA and Congress.
For example, a place like the U.S. Air Force Academy, where I worked, is a major Air Force installation and an academic institution, but it would not automatically qualify as a 130i “covered facility.” By contrast, the NOTAM declares “national defense airspace” around a broad category of DoD, DOE, and DHS facilities and mobile assets, including vessels and ground vehicle convoys AND THEIR ASSOCIATED ESCORTS, and then states that UAS operators “deemed to pose a credible safety or security threat to protected personnel, fac, or assets may be mitigated” pursuant to 10 U.S.C. 130i, 6 U.S.C. 124n, and 50 U.S.C. 2661. It does not track the statute’s narrower list of designated covered facilities and assets. It extends to undefined “escorts” and “protected personnel.” It thus reads as if it covers a far larger universe of situations, including routine movements or operations around installations that are not formally designated as 130i sites. That creates the impression, and potentially the practice, that any DoD‑related facility or convoy within the NOTAM framework could trigger mitigation, even if Congress never labeled it a “covered facility or asset” under 130i.
Put differently, where Congress limited counter‑UAS mitigation to a specific, designated subset of DoD locations and missions, the NOTAM risks treating the entire ecosystem of DoD facilities, mobile assets, and escorts, including places like the Air Force Academy, as if they all sit inside a roving zone in which drones can be treated as credible threats to “protected personnel” and mitigated accordingly. That is exactly the kind of expansion of scope that should come from Congress if it is to happen at all, not from an FAA security NOTAM.
(And as a side note, Congress has not granted FAA general mitigation authority. The FAA manages airspace, certifies systems and operators and coordinates with the agencies to whom Congress grants mitigation authorities when their actions might affect aviation safety.)
What the NOTAM Adds: “Protected Personnel” and Roving Bubbles
The new NOTAM invokes 14 C.F.R. 99.7 to create “national defense airspace” around specified DoD, DOE and DHS facilities and mobile assets, including “vessels and ground vehicle convoys AND THEIR ASSOCIATED ESCORTS, SUCH AS UNITED STATES COAST GUARD (USCG) OPERATED VESSELS.” Inside a 3,000‑foot lateral and 1,000‑foot vertical stand‑off, “all unmanned aircraft” are prohibited, absent authorization.
The text then warns:
“IN ADDITION, UAS PERATORS (sic) WHO ARE DEEMED TO POSE A CREDIBLE SAFETY OR SECURITY THREAT TO PROTECTED PERSONNEL, FAC (sic), OR ASSETS MAY BE MITIGATED PURSUAN…”
Several features here go beyond the fixed‑facility model in the statutes. The NOTAM emphasizes “PROTECTED PERSONNEL” as well as facilities and assets, which invites use of mitigation whenever individuals (e.g., ICE teams, DHS field officers, convoy drivers) are deemed at risk. It applies to mobile assets and their undefined “ASSOCIATED ESCORTS,” creating a roving no‑drone bubble that moves through public streets, ports and airspace, not just over fenced bases or static critical infrastructure. In other words, the NOTAM reads like a blanket “green light” signal that anything inside the bubble can be treated as a threat to protected personnel and assets.
Does the NOTAM Functionally Expand Mitigation Authority?
Formally, the NOTAM does not rewrite Title 6, 10, or 50 U.S. Code. Only Congress can broaden which agencies may mitigate or what they can hit. But as a practical matter, it does a few things that look like de facto expansion.
It broadens the set of protected interests. The statutory regimes are anchored to “covered facilities and assets,” whereas the NOTAM leads with “PROTECTED PERSONNEL” and adds mobile assets plus undefined escorts. That framing makes it easier to justify mitigation anywhere those personnel move, not just at statutorily defined sites.
It normalizes the idea that any drone in the bubble is a credible threat. By declaring that UAS “who are deemed to pose a credible safety or security threat to protected personnel, fac, or assets may be mitigated” inside these bubbles, the NOTAM risks turning location into a proxy for “credible threat,” rather than the individualized assessment Congress envisioned.
Tension with Agency Implementation and Policy
DoD and DHS have treated their authorities under 10 U.S.C. 130i and 6 U.S.C. 124n as sensitive. They have built out internal policies, training and classified implementing guidance that stress careful threat assessments, legal review, and coordination with the FAA.
According to what’s available in the public record, their frameworks typically:
- Require that a drone be reasonably believed to present a credible threat based on the totality of the circumstances, not mere presence in the sky.
- Tie mitigation to specific covered facilities, assets or missions approved through internal processes and often reported to Congress.
- Emphasize minimizing collateral effects on other airspace users and communications systems, consistent with FAA’s safety mandate.
By painting large, roving bubbles around “mobile assets and their associated escorts” and framing any drone in that zone as a candidate for mitigation against “protected personnel,” FAA risks encouraging field components to equate “inside the TFR” with “credible threat,” which would short‑circuit those internal thresholds.
There is also a policy tension between this NOTAM and DoD and DHS policies which have carefully defined the triggers relating to drones over a covered facility or asset for mitigation purposes. A NOTAM that effectively treats every convoy and escort as if it were a covered asset could outstrip, not reflect, those internal designations. That could put commanders and field leaders in a bind between their own rules and the broad signal the NOTAM sends.
Finally, the NOTAM creates tension with the FAA’s own role and processes. According to Kerry Fleming, the former FAA Airspace Manager of the System Operations Support Center (SOSC), the group tasked with not only publishing all security related flight restrictions and responsible for issuing UAS airspace waivers for emergency situations, points to that specific environment and cites the devastating impact which system users must realize. “With fixed location airspace restrictions, there is an on-site point of contact that the agency (FAA) personnel coordinates all emergency waiver approvals to ensure the needed flight operation is not unduly delayed. Beyond those emergency waivers, UAS operators are also able to obtain authorization to conduct flight operations via the Low Altitude Authorization and Notification Capability (LAANC) as well as under a Certificate of Waiver (COA/COW). By providing the DOD/DHS/DOJ mobile assets and personnel blanket airspace restrictions, the author of this NOTAM effectively negated the FAA’s own authority as stewards of the National Airspace System (NAS) as well as leaving their system users with no assurance that their approvals will not result in their UAS being mitigated while also facing civil and criminal prosecution for themselves,” he said.
Necessary Safety Net or Overreach?
To be clear, the FAA is right to worry about drones near sensitive convoys, nuclear shipments, or high‑risk DHS operations. Congress’s targeted mitigation statutes exist precisely because those threats are real. But by pairing broad, mobile “national defense airspace” with language that treats any drone in that space as a potential threat to “protected personnel, fac, or assets” subject to mitigation, the NOTAM risks becoming a back‑door expansion of Congressionally-granted c‑UAS authority.
Jennifer Ambrose, who previously worked for the FAA for over 18 years in the Office of the Chief Counsel in various roles and more recently founded Aviation Aerospace Law, PLLC warned, “Without Congressional expansion, “mitigation” that takes down a UAS outside of the counter-drone authorities granted by Congress may also be in violation of 18 USC 32, regardless of whether the individual deploying the counter drone technology is an employee of DHS.”
In an ideal world, if the policy judgment is that more facilities, missions and field operations truly need counter‑UAS protection, the remedy is not for the FAA to stretch a NOTAM to cover ever‑larger roving bubbles. The remedy is for Congress to openly expand, refine or condition mitigation authorities in Title 6, 10, and 50, and then task the FAA with coordinating those democratically chosen lines, not drawing new ones on its own. The FAA would then use the highly tailored SSIs the NOTAM mentions, as well as transparent, asset‑specific designations that track Congress’s careful lines. Federal agencies with Congressional mitigation authorities would continue to apply individualized credible‑threat assessments, anchored in their statutes and internal policies.
Instead, this NOTAM leans on roving bubbles and undefined “escorts,” justified largely by the claim that doing better “may not be feasible,” a rationale that may not satisfy either statutory limits or constitutional expectations when those bubbles envelope public streets, protests and news‑worthy enforcement actions. (See prior AG coverage of First Amendment concerns raised by the NOTAM).
Whether courts ultimately see this as a necessary safety net or an impermissible overreach will depend on how aggressively federal agencies wield the mitigation language in practice. For now, operators, journalists and even federal components themselves should be clear on this one point: Congress gave only a handful of actors the power to take down drones at specific locations. No NOTAM, however broadly worded, can lawfully change that on its own.