Drone threats are evolving; data retention rules are not

Tech. Sgt. Ian Kay, a member of the U.S. Northern Command Counter-small Unmanned Aerial System fly-away kit team, sets an Anvil drone interceptor on its platform during an exercise at Minot Air Force Base, N.D., on Oct. 27, 2025. (Department of Defense photo by John Ingle)

By Philip W. Rohlfing • May 07, 2026

The rapid proliferation of small, unmanned aircraft systems (UAS) has transformed what was once a limited aviation concern into a persistent challenge for force protection and homeland defense. Commercially available drones now possess range, endurance, payload capacity, autonomy, and coordination capabilities that, until recently, were confined to specialized and tightly controlled systems. In the domestic context, these platforms are increasingly used to approach, observe, and probe military installations, sensitive facilities, and other protected sites within the United States.

The threat UAS devices pose to U.S. national security, including surveillance of military installations, mapping of security perimeters, and signal collection against critical infrastructure, is no longer hypothetical. Over the past several years, the Department of Defense and U.S. Northern Command have reported a steady increase in unauthorized drone activity near domestic military installations. Publicly available reporting has described repeated incursions at sites such as Joint Base Langley-Eustis and other sensitive facilities. Senior defense officials have testified that the number of drone sightings over U.S. installations now reaches into the hundreds annually. Meanwhile, the Federal Aviation Administration and the Nuclear Regulatory Commission have documented hundreds of unauthorized drone incursions near civilian airports and nuclear power plants, underscoring a broader rise in low-altitude unmanned activity across the national airspace. Recent prosecutions involving UAS-enabled surveillance indicate that many incursions are deliberate, not incidental.

In response, Congress has granted the Department of Defense counter-UAS authorities, most notably in 10 U.S.C. § 130i. That provision authorizes the Defense Department, notwithstanding any other applicable criminal statutes, to detect, identify, monitor, track and mitigate threats posed by UAS to covered facilities and assets located domestically. From the outset, these authorities were deliberately narrow and designed to operate alongside long-standing domestic surveillance and privacy protections. Over time, the practical operation of these authorities came to rely on limited retention of UAS-related data to support, among others, countermeasure evaluation and pattern recognition.