Rules of Engagement for Counter-Drone Operations
The legal and operational framework governing when and how military and law enforcement personnel can engage unmanned aircraft—and why the Tower 22 attack exposed critical gaps in that framework.

Quick Overview
What It Is
Rules of Engagement (ROE) for counter-drone operations define the conditions under which military commanders, security forces, and law enforcement can detect, track, and physically defeat unmanned aerial systems. These rules balance legal authority, threat identification requirements, proportionality constraints, and the asymmetry between slow bureaucratic rulemaking and fast-moving drone threats.
How It Works
Military ROE for C-UAS derive from Standing Rules of Engagement (SROE) issued by the Chairman of the Joint Chiefs of Staff (CJCSI 3121.01B) and Combatant Commander-specific ROE supplements. Domestic law enforcement operates under entirely different authorities—primarily state law and the highly constrained federal counter-drone authority in 6 U.S.C. § 124n. The gap between what a military commander can do in a foreign theater and what a state trooper can do in domestic airspace is vast, and operating in the space between—overseas bases, National Special Security Events—creates some of the most legally complex ROE problems.
Rules of Engagement for Counter-Drone Operations
Rules of Engagement exist to answer a specific question: under what conditions can a military or security force member take an action that would otherwise be illegal—using violence against another person or their property, destroying aircraft, jamming communications—against a specific target at a specific moment? For manned aircraft, that framework has been refined over decades of military aviation law, international air law, and hard-won operational experience. For unmanned aircraft, particularly small commercial-derived UAS, the framework is still being written, and the gaps in that framework have produced real casualties.
The Legal Baseline: What Authority Exists
Counter-drone actions in military operations derive their legal basis from a combination of sources that must align for a given engagement to be lawful.
The Standing Rules of Engagement (SROE) provide the baseline authority framework for U.S. forces worldwide. CJCSI 3121.01B, while classified, establishes principles and specific authorities that commanders at various echelons can exercise. The SROE distinguishes between unit self-defense (protecting assigned personnel and equipment without higher authority), national self-defense (actions taken in response to attacks on the United States as a nation), and operations in support of other missions (requiring specific ROE authorization from appropriate authority).
Combatant Commanders supplement the SROE with theater-specific ROE that address the operational and political context of their area of responsibility. CENTCOM's ROE differ from EUCOM's differ from INDOPACOM's—not in fundamental principles, but in specific authorities, approval thresholds, and context-dependent rules that reflect the particular environments and political constraints of each theater.
Positive Identification (PID) is the requirement that a commander must reasonably conclude, based on available information, that a target is a military objective before engaging it. PID is derived from the Laws of Armed Conflict principle of distinction—the requirement to distinguish between combatants and civilians, military objectives and protected property. For manned aircraft, PID has well-established procedures: radar track correlation, IFF (Identification Friend or Foe) transponder interrogation, visual identification, aircrew communication.
For small UAS, PID is genuinely challenging in ways that have no easy technical solution. A commercial DJI Mavic carrying surveillance equipment looks identical on electro-optical sensors to a commercial DJI Mavic carrying a hand grenade. A hobbyist flying near a military installation looks similar to a reconnaissance drone positioning for a strike. The time available to make a PID determination may be measured in seconds.
Proportionality requires that the anticipated incidental harm to civilians and civilian property from an attack not be excessive relative to the anticipated military advantage. For C-UAS engagements, proportionality analysis must consider: debris from a kinetically defeated drone (which may weigh tens of kilograms and fall unpredictably), blast effects from an interceptor missile, RF interference from jamming (which affects all RF-dependent systems in the area, not just the target drone), and the broader consequences of engaging a drone that turns out to be civilian.
Self-Defense Authorities and Their Limits
Self-defense is the most permissive authority available to military commanders and individual soldiers. Under the SROE, the right of self-defense includes unit self-defense against "hostile acts" and "demonstrated hostile intent." A hostile act is an attack or use of force against U.S. forces. Demonstrated hostile intent is a situation where force is not yet used but intent to attack is reasonably inferred from observable indicators.
For C-UAS, the self-defense framework runs into a fundamental problem: by the time a drone demonstrates clear hostile intent (approaching a position rapidly, releasing a payload, diving toward personnel), the time available for a response may be insufficient for existing defeat systems, particularly kinetic systems that require valid firing solutions and deconfliction. Electronic defeat (jamming) can respond faster but requires legal authority that self-defense alone may not provide in all contexts—particularly domestically.
The self-defense authority also requires positive identification that the threat is directed at U.S. forces. A drone orbiting 2 kilometers from a forward operating base may represent ISR collection, weaponization preparation, or a confused hobbyist. Self-defense authority against it requires a determination that attack is imminent—a judgment call that commanders must make with incomplete information and real consequences for being wrong in either direction.
Warning requirements under the SROE typically require an attempt to warn a potential threat before engagement when doing so is possible without endangering personnel. For manned aircraft intrusions, this involves radio communication, visual signals, and maneuvering. For small UAS operated autonomously or with a distant operator, warning is largely meaningless—the drone's behavior may be pre-programmed and unresponsive to any signal short of physical defeat. ROE must accommodate this reality, and some theater ROE have done so by establishing conditions under which warning requirements are waived for C-UAS engagements.
The Tower 22 Case Study
The attack on Tower 22 (Al-Tanf Garrison near the Jordan-Syria-Iraq border) on January 28, 2024 is the most consequential recent test of C-UAS ROE in a U.S. military context. Three soldiers were killed and dozens wounded when a one-way attack drone struck sleeping quarters at the base—the first U.S. fatalities from an Iranian-backed drone attack in the conflict.
Post-incident reporting indicated that the threat drone may have returned to base at approximately the same time as a U.S. military drone, creating sensor fusion ambiguity that delayed engagement. Whether this represents a deliberate spoofing tactic, coincidental timing, or some combination is not publicly established. What is established is that the C-UAS system at the location did not defeat the threat before impact.
The incident raised several ROE-relevant questions that the subsequent review addressed:
- Were engagement thresholds appropriate for the threat environment at forward operating locations?
- Did PID requirements create a timeline incompatible with the response time available?
- Were C-UAS systems properly integrated with the local air picture to enable immediate response?
- Were operators empowered to engage at the appropriate decision level, or was authority inappropriately elevated to higher command?
The classified findings drove immediate changes to C-UAS posture at vulnerable forward locations, including authority delegation and sensor integration improvements. The public lesson is more general: ROE frameworks designed for a threat environment can be defeated by adversary adaptations that exploit known constraints, and the review-adjust cycle must be continuous.
Domestic Authority: The Law Enforcement Gap
The contrast between military ROE in foreign theaters and domestic law enforcement authority is stark and consequential.
Under current federal law, state and local law enforcement have essentially no authority to physically defeat an unmanned aircraft. The Federal Aviation Act vests exclusive sovereignty over navigable airspace in the federal government (49 U.S.C. § 40103). Shooting down, jamming, spoofing, or otherwise defeating a drone—even one conducting surveillance of a crime scene, following a suspect, or overflying a prison—exposes law enforcement officers to federal prosecution under 18 U.S.C. § 32 (destruction of aircraft) and 18 U.S.C. § 1030 (unauthorized computer access, for hacking drone communications).
Federal counter-drone authority under 6 U.S.C. § 124n is limited to specific agencies (DHS components including TSA, Secret Service, CBP; DOD; DOJ including FBI) and specific contexts (protecting federal facilities and assets, national security). This authority does not extend to state or local law enforcement and does not create a general domestic counter-drone authority.
The practical consequence: a local police department watching a drone surveil a kidnapping suspect's hideout cannot jam the drone's communications. A state prison watching a drone deliver contraband cannot shoot it down. A county sheriff watching a drone follow a domestic violence victim cannot defeat it without federal law enforcement involvement and the time delays that entails.
This gap has driven proposals for a State and Local Counter-UAS Authority Act that would create a framework for extending limited counter-drone authority to state and local law enforcement, with appropriate training, accountability, and limitation requirements. These proposals have faced opposition from privacy advocates concerned about extending defeat authority to agencies with limited oversight infrastructure, and from aviation safety interests concerned about proliferating counter-drone capability without adequate deconfliction mechanisms.
Proportionality in Practice: Kinetic vs. Electronic
One ROE dynamic that is often underappreciated is the different proportionality analysis for kinetic versus electronic C-UAS defeat.
A kinetic defeat—firing a missile, deploying a net, or shooting a drone—has bounded physical effects. The drone falls, potentially causing collateral damage from debris. The effects are immediate, local, and generally predictable.
An electronic defeat—jamming the drone's RF communications, spoofing its GPS, hacking its command link—has potentially unbounded effects depending on the system and the operational environment. A broadband RF jammer effective against a threat drone will also affect friendly communications, navigation systems, and civilian infrastructure within its range. GPS spoofing in an urban environment affects not just the target drone but every GPS-dependent system in the spoofed area.
The proportionality analysis for electronic defeat must therefore account for these broader effects, which are harder to estimate and may include both military and civilian impacts. ROE addressing electronic C-UAS defeat typically include specific constraints on the type and power of EW systems that can be employed, the environments in which they can be used, and the approval authorities required for employment.
This asymmetry partly explains why ROE sometimes authorize kinetic defeat more readily than electronic defeat in certain contexts—the collateral effects of a well-aimed kinetic shot may be more predictable and limited than the effects of broadband jamming. Getting this tradeoff right requires both sophisticated ROE drafting and technical understanding that cannot always be assumed at the decision-making level.
The Way Forward: Adaptive ROE for an Adaptive Threat
The adversary is adapting faster than the rulemaking process. Iranian-backed groups have modified commercial drones with optical navigation to defeat GPS jamming. Russian forces have developed frequency-hopping communication protocols that defeat narrowband jamming. Commercial drone manufacturers continuously update flight controller software in ways that change the signatures C-UAS systems are trained to detect.
ROE frameworks must build in mechanisms for faster adaptation than traditional approval processes allow. This means pre-delegating authority for new defeat methods to lower echelon commanders with clear parameters, rather than requiring new ROE approval for every significant threat adaptation. It means investing in classified processes that can turn threat characterization into ROE updates at operational tempo. And it means accepting that some decisions will be made imperfectly under time pressure and establishing accountability frameworks that incentivize good judgment rather than defensive inaction.
The legal framework will never perfectly anticipate the next drone attack. The goal is a ROE architecture flexible enough to adapt continuously and robust enough to maintain lawful constraints even when the threat is evolving faster than the rules.
Key Features
- Standing Rules of Engagement (SROE) and theater-specific supplements
- Positive Identification (PID) requirements before lethal engagement
- Proportionality and collateral damage estimation for C-UAS defeat
- Self-defense authorities (unit, individual, and national)
- Domestic counter-drone authority under 6 U.S.C. § 124n
- Force protection postures (Alpha through Delta) and corresponding C-UAS thresholds
Advantages
- SROE framework provides consistent baseline across theaters and commanders
- Self-defense authorities allow immediate response without higher approval when threat is clear
- Proportionality requirements prevent escalatory responses that could create strategic problems
- Clear PID requirements reduce risk of inadvertent engagement of friendly or civilian aircraft
Limitations
- PID requirements for small UAS are technically and procedurally challenging to meet before threat materializes
- Domestic authorities are so restricted that law enforcement effectively cannot respond to most drone threats
- ROE approval processes often move slower than drone threat timelines
- Ambiguous threat indicators for commercial-derived military drones make PID genuinely difficult
- Tower 22 demonstrated that even well-established ROE frameworks fail under specific operational conditions
Real World Application
The January 2024 attack on Tower 22 at Al-Tanf Garrison, Jordan killed three U.S. soldiers and wounded dozens. Initial reports indicated that a threat drone returned to base simultaneously with a U.S. military drone, potentially leading to confusion that delayed engagement. The incident prompted a comprehensive review of C-UAS ROE at forward operating locations and accelerated both authority expansions and sensor network upgrades at vulnerable sites.