Experts weigh in on extension of 2209 comment period
By DRONELIFE Features Editor Jim Magill
With almost 1 million comments submitted to date, the FAA has extended for a month the comment period on a proposed regulation that would create a path for owners and operators of critical infrastructure to seek flight restrictions over their facilities.
In May, after about a decade of waiting, the unmanned aviation industry got its first view of the FAA’s proposed regulation when the agency announced its long-awaited Notice of Proposed Rulemaking (NPRM) aimed at implementing Section 2209 of the FAA Extension, Safety, and Security Act of 2016. Although the FAA had planned to close the comment period on the proposed rule on July 6, after receiving more than 900,000 submitted comments, the agency extended the deadline for the comment period to August 5.
“The FAA extended the comment period to allow commenters additional time to analyze the proposed rule and prepare their response,” an FAA spokesman said in an emailed statement.
Drone-related companies, associations representing critical infrastructure industries, and other interested parties have all weighed in on the proposed regulation, which is expected to create a major shift in how the national airspace is regulated.
“This is a pretty consequential rule that has real potential to change the security environment in a quite positive way for critical infrastructure owners and operators,” Jennifer Daskal, an expert in the threat posed by unauthorized and malicious use of drones, said in an interview with DRONELIFE. “I think the number of comments is indicative of a high level of interest in this and its importance.”
She said the FAA’s decision to extend the comment period deadline, “reflects a recognition as to how important this is and the need to give entities time to fully assess and provide comments. It gives people more time to respond,” she said.
Daskal, an attorney with the Washington, D.C. firm, Venable, formerly worked in the White House as a deputy of homeland security advisor, and as the acting general counsel of the federal Department of Homeland Security.
The proposed rule would create a new FAA application portal through which eligible site operators could request restrictions imposed on drone activity near their facilities. The FAA identified 16 categories of critical infrastructure that would be eligible for requesting the flight restrictions. Under the proposed rule, operators would apply for their facilities to be covered, by demonstration the facilities’ relative vulnerability to unauthorized drone activity.
“This is a rule that is 10 years in the making. It was first mandated by the 2016 FAA Reauthorization Act that the FAA put in a rule that would enable critical infrastructure owners and operators to obtain temporary flight restrictions over fixed-site facilities in response to credible threats,” Daskal said.
“There’s a real need for critical infrastructure owners and operators to be able to go and make these requests directly to the FAA and get in place the kind of restrictions that will enable them to better protect their facilities.”
Concerns about some aspects of proposed rule
Nevertheless, Daskal expressed some concerns about implementing the proposed rule as it’s currently written, particularly in regard to the volume of sensitive security information the FAA would require the critical infrastructure owners to provide about their facilities.
“The FAA is asking that critical infrastructure owners and operators applying for these restrictions provide incredibly detailed information about their vulnerabilities, and the consequences if those vulnerabilities are exploited, and how they would incorporate a flight restriction into their security plan to address those vulnerabilities,” Daskal said.
“That is very sensitive information that would be very attractive to an adversary and it really creates a honeypot — a treasure trove of information — laying out basically how to attack some of our most important critical infrastructure.”
Daskal suggested that instead the FAA should establish a self-attestation process by which the infrastructure entities’ owners would attest to the fact that they meet certain safety and security criteria in order to qualify for flight restrictions, but without having to reveal their most sensitive security information.
In another critique of the proposed 2209 rule, Daskal said some of the definitions for qualifying facilities are too restrictive, which could limit the number of facilities that could apply.
“It’s obviously quite important that it be expansive enough to cover the full range of critical facilities for whom a drone attack, or surveillance followed by an attack, would really be quite catastrophic for the homeland and for particular communities,” Daskal said.
Asset owners must learn new safety regulation
For companies such as drone-related software developer SkySafe, the Section 2209 rulemaking represents an opportunity to work with infrastructure clients in developing a comprehensive drone and counter-UAS strategy for their assets.
In an interview, Melissa Swisher, SkySafe’s chief revenue officer, said the company is working with its infrastructure-owner clients to ensure that they develop an airspace governance strategy that’s compatible with Section 2209. “We’ve been there somewhat as a supportive mechanism, to help drive those efforts that are going to help those customers,” she said.
The proposed new regulation is expected to expand flight-restricted areas to cover a wide cross-section of infrastructure sites, including chemical plants, communications facilities, critical manufacturing plants, dams, defense industrial bases, hospitals and other sites critical to the national security or the national economy.
The final implementation of Section 2209 will represent a major milestone in the development of the overall drone-centric economy, Swisher said.
“Section 2209 is really an important inflection point because it recognizes that the critical infrastructure security doesn’t stop at that fence line anymore. It is more about that airspace that’s around those facilities,” she said. “What we’re seeing is that drone activity has scaled faster than any sort of traditional security frameworks around it”
Swisher said the new rule also will mark the first step in establishing a framework for a comprehensive airspace security system. “It’s more of a beginning of how the US in particular is going to take a much more mature view of low-altitude airspace security,” she said.
“The reality is that drones are a part of our everyday life,” she said. “And then, there’s also the less than ideal situations involving those drones.”
Read more:

Jim Magill is a Houston-based writer with almost a quarter-century of experience covering technical and economic developments in the oil and gas industry. After retiring in December 2019 as a senior editor with S&P Global Platts, Jim began writing about emerging technologies, such as artificial intelligence, robots and drones, and the ways in which they’re contributing to our society. In addition to DroneLife, Jim is a contributor to Forbes.com and his work has appeared in the Houston Chronicle, U.S. News & World Report, and Unmanned Systems, a publication of the Association for Unmanned Vehicle Systems International

