Drone intrusion management systems in airports: assessment of ASPRID solution

Drone intrusions pose a growing threat for the airports as their expansion is sponsored by the widespread availability of their technology and by the ongoing U-space implementation. Counter-drone systems traditionally employ a reactive policy, which implies the closure of the overall airport following an intrusion, penalizing the continuity and the resilience of airport operations. Instead, a drone intrusion management system shall ensure a resilient behaviour against drone intrusions with a proactive policy, supported by specific procedures to mitigate the impacts of intrusions. ASPRID (Airport System PRotection from Intruding Drones) is an exploratory research project to develop an innovative operational concept for managing both careless and malicious drone intrusions in airports. This work demonstrates the positive impact of the ASPRID solution for the resilient protection of airport operations against drone intrusions. Such impact is assessed by means of real-time simulations, including a gaming exercise with experts representing aerodrome stakeholders and Law Enforcement Agencies. We present here the main results of the quantitative assessment and the main feedbacks received by the experts.


Introduction
In the last years, the media have covered an ever-increasing number of security violations that involve drones, especially "illegal drone flights" over airports, as evidenced by the intrusion at London Gatwick in December 2018, during which some unauthorized drones caused a 33-hour paralysis [1].Drone intrusions pose a growing threat to the airports as their expansion is sponsored by the widespread availability of their technology and by the ongoing U-space implementation.In that sense, the European Union Aviation Safety Agency (EASA) has published a counter-drone plan [2] and guidelines [3], in which counter-drone solutions shall mitigate the impact of drone intrusions on the airport ecosystem.
Counter-drone systems traditionally employ reactive policies, which imply the closure of the overall airport following an intrusion, and the execution of time-consuming restoration activities.For example, reference [4] provides a detailed survey of technological options for airport counter-drone systems.Reactive policies guarantee safety, but disrupt the other performance levels of the traffic network, penalizing the resilience of airport operations.Instead, a Drone Intrusion Management System (DIMS) shall ensure a resilient behaviour against drone intrusions with a proactive policy, consisting in: (i) a complete and timely situational awareness of drone intrusions to support a dynamic risk assessment; (ii) resilient procedures to mitigate the impacts of intrusions.
ASPRID (Airport System PRotection from Intruding Drones) is an exploratory research project, funded by the Single European Sky ATM Research (SESAR) program to develop an innovative operational concept of the DIMS against both careless and malicious intrusions in airports.The operational concept aims at avoiding the closure of the overall airport (if not necessary) by: limiting the interruption to those operations that are strictly affected by the intruder; enabling specific actions for mitigation and response, which consider the closure of the airport as a last resort.For this purpose, the ASPRID solution: (i) detects, identifies, and tracks the intruder drone; (ii) assesses the situation, alerts and communicates to the concerned actors; (iii) activates procedures and, if deemed safe and possible, recommends neutralization actions to Law Enforcement Agencies (LEAs).The solution is based on a Human Machine Interface (HMI) that offers an enhanced visualization of drone available data (e.g., trajectory, type, etc.) and alerts for air traffic controllers (ATCOs), including both tower controllers and ground controllers.Leveraging on the Business Process Model and Notation (BPMN) [5], ASPRID encompasses both a process model and an operational procedure.
This work demonstrates the positive impact of the ASPRID solution for the resilient protection of airport operations against drone intrusions.Such impact is measured in the form of an operational improvement, made up of the following features: (i) drones that operate at airports and its vicinity are efficiently detected, tracked and monitored by airport operators; (ii) to the maximum extent possible, airport operations remain uninterrupted by drone event/threat; (iii) drone prevention, mitigation, and contingency plans are executed efficiently and safely; (iv) the situational awareness of a drone intrusion is increased and the DIMS supports decision-making processes.Lastly, to validate the solution, a gaming exercise was conducted in June 2022 by real-time simulations with stakeholder experts.The exercise has included the active participation of representatives for ATCOs, airport security and LEAs.We present here the validation results and the main recommendations received from stakeholder experts.

Solution
The outcomes of the ASPRID solution are represented by three building blocks: risk assessment, operational concept, and resilience-driven evaluation.For the risk assessment, our previous works describe a risk-management process within the DIMS of an airport by: (i) a quantitative assessment of the historical features of drone intrusions in airports [6]; a methodological framework for the risk assessment of airport drone intrusions [7].The other blocks are described in the following subsections.

Operational concept
The ASPRID operational concept is a user-oriented description of the operations and the components underlying the DIMS, to give an overall picture of the proposed intrusion management.It includes: a process model, which specifies the actors and the workflow; an operational procedure, which specifies the instructions for the human actors.With respect to the Drone Incident Management Cell (DIMC) recommended by EASA guidelines [3], a new technological actor is introduced, named ASPRID system, which performs: 1. detection and tracking of unauthorized drones (autonomous function); 2. alerting about drone intrusions (autonomous function); 3. classification and identification of unauthorized drones, i.e., reconnaissance of drone features (autonomous function); 4. support to threat assessment for the estimation of the level of risk related to drone intrusion (decision-support function); 5. support to counter-drone actions for the neutralization of unauthorized drones (decision-support function).Also, a new human actor is introduced, named ASPRID operator, for supervising the ASPRID system.
Figure 1 shows the BPMN diagram of the ASPRID process model, which represents the workflow and the information exchanges involving the following actors: the DIMC, the ASPRID system (including the ASPRID operator), Air Traffic Control (ATC), and other actors such as U-space.Figure 2, instead, reports the basic principles for the operational management of a drone intrusion.An alerting system prescribes different alerting levels (from white to red) of an asset, based on the proximity of the intruder drone to the asset and its safety radius.Figure 2 shows the guidelines of the ASPRID operational procedure in a tabular view, based on the alerting classification of assets that are part of airport infrastructure.Such procedure allows for "chirurgical" actions to mitigate the drone intrusion, considering airport closure as the last option and increasing the expected values of resilience performance indicators.Further details about the ASPRID operational concept are available in [8].

Resilience-driven evaluation
The ASPRID operational concept has been assessed by means of a specific evaluation methodology, with the aim of demonstrating the effectiveness of such concept in terms of resilient protection of airport operations against drone intrusions.The demonstration has consisted in providing evidences by the measurement of the main performance benefits related to the improvement of airport resilience in case of drone intrusions.Such measurement has adopted a concrete case study involving a realistic airport environment by choosing Milan Malpensa Airport (ICAO code: LIMC) as reference airport.
The methodology has combined both a quantitative and a qualitative evaluation.The latter is described below with the gaming exercise.The former has assessed some resilience metrics for the ASPRID operational concept.It has exploited real-time functional simulations by means of a specific simulation platform, able to replicate the functional behaviour of the ASPRID system and to support human-in-the-loop simulations of the ASPRID operational concept.A full report of the simulation platform is available in [9]. Figure 3 shows the configuration of the simulated ASPRID operational environment (alerting zones, counter-drone sensors, and counter-drone neutralization) in LIMC.Further details are available in [8], also for the drone-intrusion trajectories in the injected threat scenarios.
Table 1 lists the resilience metrics that have been defined within the proposed evaluation methodology.Such metrics allow to measure the airport resilience against drone intrusions by quantifying the performance-degradation levels of airport operations in the following areas: safety, time performance, workload, and capacity.Further resilience-driven indicators may be introduced to classify the overall resilience level of the airport in each area, based on the values of the related metrics.Some examples of resilience-driven indicators are available in [8].
For the real-time simulations, two different campaigns have been performed: a first campaign and a gaming exercise.The latter has involved real experts as stakeholder representatives to provide both qualitative and quantitative evidences for the evaluation.In detail, the gaming exercise has gathered the following experts' feedbacks: (i) qualitative (subjective) feedbacks on the ASPRID HMI and on the simulated ASPRID operational concept; (ii) quantitative (objective) feedbacks by means of expert-inthe-loop simulations.The former feedbacks have been collected by means of specific questionnaires, which have been filled by the experts after the simulation exercises.The latter feedbacks have been evaluated by means of the assessment of the resilience-driven metrics.For both feedbacks, real-time simulations have been performed using the same operational environment and the same threat scenarios of the first campaign.In regard to the traffic environment, a medium-traffic volume has used, with the real planned departure traffic of LIMC for the day February 8th, 2019, at 15:50 GMT.
The gaming exercise was hosted in the laboratories of the Instituto Nacional de Técnica Aeroespacial (INTA) in Madrid on 7-9 June 2022.The following experts joined the exercise: two ATCOs from ENAIRE, i.e., the Spanish Air Navigation Service Provider (ANSP); two members of the Airport Safety and Security Personnel of the Aeropuertos Españoles y Navegación Aérea S.A. (AENA); two LEA experts from Ministerio del Interior, Spain.Moreover, the following conditions were applied for the human-in-the-loop and expert-in-the-loop environment: one member of the ASPRID consortium played the role of apron and Terminal Manoeuvring Area (TMA) controller; two individuals from ENAIRE played the role of ground and tower controller; two individuals from AENA alternately played the role of the ASPRID operator; two individuals from Ministerio del Interior played the role of ASPRID operator (in alternation with AENA individuals) and for the issuing of neutralization commands.Phone communications were used for the message exchanges between the ATCOs and the ASPRID operator.
Figure 4 shows a screenshot of the HMI for the ASPRID operator during the gaming exercise.Figure 5 shows some excerpts of the questionnaires to be respectively filled by ATCO and non-ATCO (LEA representatives and the ASPRID operator) personnel.Figure 6 shows an excerpt of the questionnaire for collecting feedbacks about the ASPRID HMI.Note that, for all the questions of the questionnaires, the rule "the greater is the better" is applied with respect to the feedbacks for ASPRID effectiveness and benefits (i.e., the first answers are the worst feedback, and the last answers are the best feedback), with the exception of the first question about the HMI.

Results and discussion
The results of the first simulation campaign are reported in [8] and demonstrate a clear improvement of airport resilience against drone intrusions by means of the ASPRID operational concept.This section  3 reports the answer distribution of non-ATCO questionnaires and HMI questionnaires.The symbol "*" denotes an unavailable option in the question.Such tables show a tendency of the answers towards the "good" (i.e., with the greatest numbers) options for ASPRID, except the first question about ASPRID HMI, where the best option is the first one.The feedbacks may be summarized in the following points ("" for positive feedbacks and "" for negative feedbacks):  the ASPRID system has given an improved awareness of the drone-intrusion threats;  during the exercise, the ATCOs have given more trust in the system to proceed to operate in zones not affected by the threat, even when exposed to degradation of the intrusions;  a clear added value for ATCOs has been the integration of the drone position and the related threat in their usual radar screen (controller working position);  the feedbacks received by non-ATCO operators (AENA and LEA representatives) have not been so homogeneous and there is room for improvement on the usability of their HMI.Figure 7 shows the quantitative results of the gaming exercise.By way of example, a comparison is reported between the first campaign and the second day of the gaming exercise for the histograms of some resilience metrics (MDDF, DR, NCDF).The figure highlights the mean values (red vertical lines) and the intervals for the standard deviation (yellow vertical lines) for each sample estimation of the metrics.The comparison demonstrates that the quantitative assessment of the gaming exercise does not exhibit relevant discrepancies with respect to the one of the first campaign, confirming the quantitative improvement of airport resilience against drone intrusions by means of the ASPRID solution.

Conclusion
The proposed assessment has evaluated the main performance benefits of the ASPRID solution.It may be summarized in the following key points with respect to airport drone intrusions: (i) guarantee the safe continuity of airport operations in normal or degraded modes; (ii) reduce time-performance and capacity degradations; (iii) limit the increase in controllers' workload; (iv) improve the situational-awareness and the early-management capabilities of airport operations with respect to the intrusions.These benefits have been confirmed by experts in the gaming exercise, both in terms of qualitative feedbacks and quantitative feedbacks.Note that the assessed benefits should be even greater in case of long-lasting drone intrusions.Further research work shall be performed for extending the operational concept to: include safety bubbles for alerting, according to the features of intruder drones (e.g., speed); manage advanced types of drone intrusions, such as swarm intrusions or drone-based cyberattacks.

Figure 2 .
Figure 2. Tabular view of the ASPRID operational procedure.

Figure 3 .
Figure 3. Configuration of the simulated operational environment (alerting zones, counter-drone sensors, counter-drone neutralization) in the north part of LIMC.
yellow-zone infringements of drone intrusions NOI Number of orange-zone infringements of drone intrusions NRI Number of red-zone infringements of drone intrusions MTYI Mean time of yellow-zone infringement of drone intrusions MTOI Mean time of orange-zone infringement of drone intrusions MTRI Mean time of red-zone infringement of drone intrusions WTYI Worst time of yellow-zone infringement of drone intrusions WTOI Worst time of orange-zone infringement of drone intrusions WTRI Worst time of red-zone infringement of drone intrusions NYI-P Number of yellow-zone infringements of drone intrusions against planes NOI-P Number of orange-zone infringements of drone intrusions against planes NRI-P Number of red-zone infringements of drone intrusions against planes NYI-A Number of yellow-zone infringements of drone intrusions against stationary assets NOI-A Number of orange-zone infringements of drone intrusions against stationary assets NRI-A Number of red-zone infringements of drone intrusions against stationary assets Time Performance NDAF Number of delayed arrival flights with a delay greater than a given threshold NDDF Number of delayed departing flights with a delay greater than a given threshold PDAF Percentage of delayed arrival flights with a delay greater than a given threshold PDDF Percentage of delayed departing flights with a delay greater than a given threshold MDAF Mean delay of arrival flights with a delay greater than a given threshold MDDF Mean delay of departing flights with a delay greater than a given threshold WDAF Worst delay of arrival flights with a delay greater than a given threshold WDDF Worst delay of departing flights with a delay greater than a given threshold Workload NCAF Number of controller clearances for arrival flights NCDF Number of controller clearances for departing flights NNCAF Normalized number of controller clearances for arrival flights NNCDF Normalized number of controller clearances for departing flights Capacity AR Arrival rate (AR) per 15 min for a given runway DR Departure rate (AR) per 15 min for a given runway

Figure 4 .
Figure 4. HMI for the ASPRID operator during the gaming exercise.

Figure 5 .
Figure 5. Excerpts of the ATCO questionnaire (left) and of the non-ATCO questionnaire (right).

Figure 6 .
Figure 6.Excerpt of the questionnaire related to the ASPRID HMI.

Figure 7 .
Figure 7.Comparison of resilience-metric sample values between the first simulation campaign and the gaming exercise.

Table 1 .
Resilience metrics for quantitative evaluation.
describes the results of the gaming exercise.Table2reports the answer distribution of ATCO questionnaires.Table

Table 2 .
Answer distribution of ATCO questionnaires.

Table 3 .
Answer distribution of non-ATCO questionnaires and HMI questionnaires.