Executive Summary

A swarm of small commercial drones laden with explosives descended on the attendees departing the local university hockey game in the town of “Minor Spoon,” North Dakota, leaving multiple dead and more wounded.  Another swarm attacked the electric grid, causing a power outage across the entire town and surrounding area.  The nearby air base suffered considerable damage from a third wave of attack.  First responders faced a city in panic and mass casualty event that seemingly came out of nowhere. . .       

This was the hypothetical scenario laid out by the Center for Cybersecurity Policy and Law during a three-hour exercise in Grand Forks, North Dakota, on October 13, 2025.  Over the course of an afternoon, participants from local, state, and federal governments, along with private industry, higher education, and representatives from key energy providers, responded to hypothetical attacks on the air base, electricity grid, and a local hockey game in the fictitious town of “Minor Spoon.”

Sound far-fetched?  Over the past several months, drone sightings in Europe have led to multiple airport shutdowns.  During the Paris Olympics, authorities reported an average of six unauthorized drone incursions each day.  Drones also have crashed into the seating areas at the U.S. Open and a Major League Baseball game, luckily with no injuries.  Ukraine’s drone attack on strategic air bases deep inside Russia as part of Operation Spider Web also provides a stark reminder of the vulnerabilities in places otherwise deemed secure. The low cost of drones makes them a potentially powerful and pervasive weapon.

Exercise participants grappled with both the threat and response options.  Participants were broken into four teams:  the Minor Spoon Air Base, the Minor Spoon Electric, the Minor Spoon University, and the Minor Spoon city government.  Over three rounds, the teams were tasked with:

• Responding to threat briefings that included inchoate warnings about a potential, impending attack
• Reacting to an attack that caused loss of life, injuries, and damage to property; and
• Engaging in recovery actions, while still facing the possibility of follow-on attacks.

The teams worked collectively to identify actions that would best ensure the safety and well-being of the local population, minimize damage to property, and lead to a better understanding of the source of the attacks and potential for future attacks.  At the conclusion of the exercise, participants convened to discuss their key takeaways and recommendations for preparing and responding to a potential drone threat.

Among the key findings:

• Effective detection is key. Without effective detection, there is no way to assess whether reported drone sightings are actual drones (versus birds, other aircraft, or mis-sightings), and, if so, whether they are likely hobbyist drones or drones associated with sophisticated malicious actors.
• Effective detection is hindered by several limitations, including a lack of baseline mapping of what is “ordinarily” in the airspace, resource constraints, confusion about the kinds of detection measures permitted under current law, and legal restrictions on engaging in certain advanced detection measures that interact with the communication signal between a drone operator and the drone.
• Far too few actors have authorities to effectively counter the drone threat. Only a handful of federal government actors—the departments of War, Energy, Justice, and Homeland Security—are authorized to engage in drone mitigation, and even these authorities are limited to protecting certain assets and facilities.  State and local officials and critical infrastructure owners do not have affirmative authority to engage in active detection measures that engage the communication system between the drone operator and drone, let alone any mitigation measures.
• Counter-drone measures need to be integrated into core security planning.  Management of the threat posed by the malicious or negligent use of drones needs to be integrated and normalized as part of core security planning.  Conversely, management of the drone threat should incorporate key elements of crisis management and prevention, regardless of the source of the threat.  In the wake of an attack, there is a need for rapid deployment of emergency services, crowd control, engagement across local, state, and federal authorities, smart and effective communications, and strong organizational structures.  Longer term, there are likely to be oversight demands, litigation risks, and the need for rebuilding and rebranding.

The following paper describes the exercise in more detail, including findings and associated recommendations for increased resources, authorities, education, and planning to address the threat.  

‍