Counter-Drone Tabletop Exercises: Wargaming the Threat

On the morning the U.S. Army gathered at Fort Bragg in May 2026, the scenario handed to participants read less like a drill and more like a nightmare. Units of the XVIII Airborne Corps were trying to deploy when everything went wrong at once: a cyberattack on a water-treatment system unleashed an E. coli outbreak that sickened soldiers preparing to leave; a swarm of small drones carrying explosive charges struck commercial electrical stations on post; and a worker clearing debris accidentally cut a fiberoptic line that crippled command-and-control communications. The clock on the wall was unforgiving. Participants had three minutes to decide what to do.

No drones actually flew. No fiber was cut. This was a tabletop exercise, a structured, scenario-driven wargame conducted entirely through discussion and decision-making rather than live hardware. But the discomfort in the room was the entire point. As small, cheap, commercially available drones reshape warfare from Ukraine to the American homeland, tabletop exercises like this one have quietly become one of the most important tools the U.S. military and its civilian partners have for figuring out what they would actually do when the threat arrives faster than the paperwork.

What a tabletop exercise actually is

A tabletop exercise, or TTX, is a discussion-based session in which leaders walk through a hypothetical crisis step by step. There are no troops in the field and no equipment at risk, just a scenario, a set of decision-makers, and a facilitator feeding in new developments. The military and emergency-management worlds have leaned on this format for decades, structuring it around national frameworks like the Department of Homeland Security’s Homeland Security Exercise and Evaluation Program (HSEEP) and the Joint Staff’s training guidance.

The engine of any serious exercise is the Master Scenario Events List, or MSEL: a meticulously timed script of events and “injects,” new pieces of information dropped into the room to force decisions. An inject might be a simulated intelligence report, a fabricated news alert, or a sudden escalation. A well-designed TTX uses injects to peel away participants’ initial assumptions and watch how they adapt under pressure. The deliberately short fuse at Fort Bragg, three minutes to coordinate a multi-agency response, was an inject design choice, meant to test how existing relationships, legal authorities, and communication channels hold up under genuine duress rather than at the relaxed pace of a planning meeting.

For drone and command-and-control (C2) teams, the TTX has had to evolve well beyond its boardroom roots. Traditional military wargames assumed a relatively clean flow of information across a map. Modern drone scenarios assume the opposite: jammed signals, severed links, degraded data, and an adversary who can launch from anywhere, including from inside the homeland.

Why drones changed the calculation

The urgency behind these exercises traces directly to what cheap drones have done to the economics of attack. A commercial quadcopter costs a few hundred to a few thousand dollars; the systems built to detect and defeat it can cost orders of magnitude more. That asymmetry has turned up everywhere from Middle Eastern battlefields to the airspace over U.S. installations.

The single event most often invoked in these exercises is Ukraine’s “Operation Spiderweb.” In June 2025, Ukrainian operatives reportedly smuggled drones hidden inside shipping containers deep into Russian territory, then launched a coordinated strike that damaged or destroyed a swath of Russian military aircraft across several airbases, some thousands of kilometers from the front. The operation became an instant case study in how a diffuse, pre-positioned, low-cost force can bypass conventional frontline defenses and hit high-value targets from within. The imagery, captured by the drones themselves, broadcast a blunt warning: this could happen to anyone.

That warning is precisely what U.S. exercise designers have absorbed. At the Fort Bragg summit, planners explicitly built their drone scenario around a Spiderweb-style threat. As Army Secretary Dan Driscoll described it, the exercise went after “four operational challenges using a threat similar to Operation Spider’s Web,” probing physical drone threats, cyber impacts, force-projection dependencies, and the lag in sharing information across organizations.

The institutional response: standing up a counter-drone establishment

The U.S. military’s recognition of the small-drone threat hardened around 2016, during coalition operations against the Islamic State, when small unmanned aircraft systems (sUAS) were formally treated as a persistent, asymmetric danger to deployed troops and fixed installations. That recognition drove a doctrinal shift away from using wargames purely for conventional air defense and toward purpose-built counter-UAS (C-UAS) exercises.

In 2020, the Secretary of the Army established the Joint Counter-small Unmanned Aircraft Systems Office (JCO) to centralize and standardize counter-drone doctrine, training, and acquisition across the Department of Defense, which had been pursuing the problem in fragmented ways across its branches. The JCO became the central architect of standardized, repeatable exercise frameworks, and a driving force behind the Joint C-sUAS University established at the Fires Center of Excellence at Fort Sill, Oklahoma, which aims to institutionalize counter-drone training across the force.

The JCO’s founding director was then Major General Sean A. Gainey, who became one of the most visible advocates for scaling counter-drone training. Drawing on lessons from the war in Ukraine, Gainey argued that drone defense could no longer be the exclusive job of specialized air defenders and needed to be trained down to the individual soldier. (Gainey has since been promoted to lieutenant general and moved on from the JCO; he went on to lead U.S. Army Space and Missile Defense Command, and was himself succeeded there in April 2026, but the doctrine he pushed continues to shape how exercises are scoped today.)

March 2025: gaming out an attack on the homeland

The most influential recent exercise in this space was run not by a base but by a think tank. In March 2025, the RAND Corporation, partnering with the JCO, convened more than 100 participants from over two dozen federal agencies for a tabletop exercise on defending domestic military bases against drones. It was the sixth in a series of counter-drone wargames the two organizations had run since 2022, and it focused on a deceptively hard question: how should U.S. Northern Command, which is already responsible for securing North American airspace, synchronize counter-drone operations to protect bases at home?

The exercise used two real installations, Fort Bliss in Texas and Joint Base Pearl Harbor-Hickam in Hawaii, to vary the conditions: drones flying at different altitudes, bearings, and ranges, arriving by different means, against a tangle of federal, state, and local authorities. Teams were placed in separate rooms and linked only by secure chat, simulating the friction of real coordination.

What surfaced was sobering. RAND researcher Christopher Pernin offered a vivid illustration of the time pressure: imagine a drone flying down the Potomac near the Pentagon. Maybe the FAA has authorized it, but how would the people responsible for defense know that in time? They would have to query the system and look it up. “You’ve got 67 seconds to figure this out,” he said. In another vignette from the exercise, a duty officer had just over a minute to approve the use of lethal force after a drone appeared overhead, and a controller at Pearl Harbor waited nine minutes for imagery that should have taken ten seconds to arrive.

The deeper finding was legal and institutional rather than technical. Defending domestic bases, the designers concluded, cannot be the military’s job alone; it requires a framework to integrate state, local, tribal, and territorial authorities into operations at or near installations. And that opens a thicket of jurisdictional problems.

The legal knot: who is allowed to pull the trigger?

Tabletop exercises keep exposing the same uncomfortable truth about domestic drone defense: the hardest problem is often not seeing the drone or even stopping it, but establishing who has the legal authority to act.

Section 130i of Title 10 of the U.S. Code grants certain commanders authority to disable threatening drones over their installations. But the moment a drone drifts beyond the fence line, the picture fractures. Active-duty federal forces operate under Title 10; National Guard units under state control operate under Title 32; and local law enforcement operates under yet another set of rules. During the RAND exercise, the gaps were concrete: at Fort Bliss, one officer chose not to jam a rogue quadcopter because local regulations classified signal interference as vandalism. Participants regularly stalled while trying to determine who actually held the authority to jam or shoot down a drone over populated American soil.

There is also a civil-liberties dimension that has no equivalent on a foreign battlefield. The Federal Aviation Administration has raised pointed concerns about counter-drone sensing in domestic settings. Radio-frequency direction-finders can passively locate a drone and its operator by detecting emissions, but tracking a domestic operator’s command-and-control link risks intercepting or storing protected personal information without authorization. The FAA’s guidance pushes operators to constrain their sensors in ways that a deployed military unit never would, which makes a realistic domestic exercise harder to design, because the most aggressive tools are off the table by law.

Then there is the deconfliction problem. Authorizing a kinetic shoot-down or a GPS jam over a city could bring down a civilian aircraft, disrupt friendly drones, or scatter debris over people. How operators verify a target’s identity and hostile intent, and clear the airspace before acting, remains one of the most stubborn challenges these exercises are still trying to streamline.

The vulnerability nobody owns: private infrastructure

The Fort Bragg summit in May 2026 put a spotlight on a different kind of exposure, one that has little to do with airspace and everything to do with ownership. The Army runs roughly 288 camps, posts, and stations, and the overwhelming majority depend on privately owned utilities for power, water, natural gas, and data. When a drone swarm or cyberattack hits the civilian grid feeding a base, the military cannot simply seize control of infrastructure it does not own.

This is the “information-sharing lag” that Driscoll’s team named as one of its four operational challenges: the critical minutes lost while military commanders try to establish secure communications, navigate legal constraints, and share sensitive threat intelligence with private utility executives who hold no security clearances but control the physical assets. Lt. Gen. Gregory Anderson, commanding general of the XVIII Airborne Corps and Fort Bragg, put it plainly: the Army cannot assume that gas, water, and electricity will always be available.

The summit, the first of its kind, hosted by the XVIII Airborne Corps with about 14 external partners ranging from federal agencies to local leaders and utility companies, was explicitly designed to start building the relationships that would close that gap. Brandon Pugh, Principal Cyber Advisor to the Secretary of the Army and a lead architect of the Army’s Defense Critical Infrastructure strategy, framed the stakes bluntly: “This is a no-fail mission and it’s a national security imperative. Critical infrastructure resilience is a strategic imperative, not a back-office function.” The stated goal was to turn the lessons into a repeatable “playbook” that a local garrison commander, who is unlikely to be a cyber or physical-security expert, could apply to their own installation. Pugh said the Army Cyber Institute at West Point captured lessons throughout, and that he personally noted 19 of them, though he declined to share specifics.

The money behind the methodology

The intensity of all this exercising tracks a market that is expanding fast. The global counter-UAS market was estimated at roughly $6.64 billion in 2025 and is projected to reach $20.31 billion by 2030, a compound annual growth rate of about 25.1%, according to MarketsandMarkets. The growth is driven by demand for integrated systems, radars, RF sensors, electro-optical and infrared cameras, and command units, that can be stitched together across land, sea, and air.

That hardware spending has a training corollary. Organizations cannot rehearse on live, multimillion-dollar systems where a single operator error could destroy an asset or cause a friendly-fire incident, which keeps pushing investment toward high-fidelity simulators and digitally distributed exercises. North America, unsurprisingly, is among the fastest-growing regions for these capabilities; it is where most of the doctrine, and most of the budget, currently sits.

How the exercises themselves are evolving

The TTX is migrating from paper toward software. The Air Force’s Distributed Mission Operations Center (DMOC) at Kirtland Air Force Base in New Mexico has spent years building synthetic battlespaces that link geographically separated units into a single training environment, the backbone of its long-running “Virtual Flag” exercises. In these setups, allied operators in different countries can fight the same simulated enemy in the same virtual airspace without leaving home station, erasing the geographic limits of older training models and letting coalition forces rehearse C2 coordination in real time.

The next wave is being built around three ideas that recur in nearly every forward-looking discussion of the field:

The first is AI-generated, adaptive scenarios. Instead of a fixed script, advanced exercises are beginning to use software that generates new injects in response to what participants actually do; if a team neutralizes one threat, the simulated adversary instantly shifts tactics, stressing the decision loop until something breaks.

The second is the contested, “zero-trust” network environment. As cyberattacks on C2 infrastructure become a baseline assumption in near-peer conflict, exercises increasingly drop operators into scenarios where their own networks are presumed compromised. The recently announced partnership between Booz Allen Hamilton and Anduril, unveiled in May 2026, is emblematic: it brought together command-and-control, cyber and RF effects, and zero-trust security on Anduril’s Menace hardware and Lattice software platform, exactly the kind of integrated, edge-deployable tooling that exercises are designed to validate against sophisticated adversaries. Closely related is training for GPS-denied operations, where drones must navigate using onboard intelligence rather than continuous satellite signals or centralized links.

The third is scale: moving from isolated drones to swarms, and from a handful of specialized air defenders to universal training. As the Joint C-sUAS University at Fort Sill matures, the ambition is to shift counter-drone instruction from a niche specialty toward a basic competency that any infantry unit can fold into its own squad-level exercises.

The asymmetry that breaks the model

There is a structural mismatch lurking underneath all of this that the proprietary, high-end tooling can obscure. The threat that exercises are increasingly built to model, the Spiderweb threat, does not run on accredited defense software. It runs on cheap, off-the-shelf airframes and open-source flight stacks that iterate far faster than any defense procurement cycle.

The clearest example is the software layer itself. A large share of the world’s small drones are governed by open-source autopilots, principally ArduPilot and PX4, that communicate with their operators using MAVLink, an open telemetry and command protocol. MAVLink is ubiquitous precisely because it is free, well-documented, and easy to build on. But those same qualities make it a soft target: the protocol was not designed with security as a first principle. Its second version added an optional message-signing mechanism, yet it still provides no encryption of the data stream, and academic and industry security researchers have repeatedly demonstrated spoofing, command injection, and denial-of-service attacks against unprotected MAVLink links. An adversary does not need to crack a hardened military waveform when a meaningful fraction of the relevant ecosystem is talking over a protocol whose weaknesses are catalogued in public papers.

That creates a genuine design problem for exercises. An adversary fielding constantly shifting, custom-compiled drone software can change its behavior between one operation and the next, while the defender’s tooling, and the doctrine wrapped around it, moves at the speed of acquisition and accreditation. A tabletop exercise that games only against a fixed, known threat profile risks rehearsing for last year’s drone. The harder version of the exercise has to assume an opponent who is, in effect, patching faster than the defense can.

At the terminal: the operator’s problem

For all the attention paid to generals, agency heads, and think-tank researchers, the decisions that exercises are ultimately stress-testing get made by service members sitting at screens. And the ground-level view is where a lot of the difficulty actually lives, which is exactly what a top-heavy exercise can miss.

Consider the moment the C2 link to a friendly drone goes dark. To a commander in a briefing, that is a single line in a scenario. To the operator at the terminal, it is an ambiguous emergency with no label attached. Did a fiber line get cut? Is the adversary jamming the radio-frequency link? Has the ground control software simply crashed under load? Each diagnosis points to a different response, the symptoms can look identical in the first frantic seconds, and the operator is expected to tell them apart while the rest of the picture is also falling apart. The same ambiguity applies to the sensor feeds an operator is supposed to fuse into a single coherent track: distinguishing a hostile drone from a friendly asset, a bird, or commercial clutter in congested airspace is hard enough without the added question of whether the data itself can be trusted.

This is where the artificial three-minute clocks and 67-second windows earn their keep. They are not there to be cruel; they are there because the cognitive load of diagnosing failure under time pressure is the thing most likely to break a real response, and the thing a relaxed, discussion-only exercise is least equipped to surface. An exercise that captures the policy decision but not the operator’s diagnostic scramble has tested the easy half of the problem.

The honest debate about whether any of this works

For all the investment, there is a genuine argument about whether tabletop exercises actually prepare anyone for anything. The sharpest criticism is that traditional, discussion-based TTXs become a “check-the-box” ritual: leaders sit around a table, talk through a scenario with no real consequence for a bad decision, and walk away having satisfied a compliance requirement without ever feeling the urgency a real attack would impose.

Proponents of heavily gamified, computer-assisted exercises argue that only a digital interface with an unscripted, reactive adversary can produce hard, measurable data on reaction times and decision flaws. But defenders of the classic format push back: the entire value of a tabletop exercise is the open-ended strategic discussion and the relationship-building among leaders from different agencies who would otherwise never be in the same room. Over-engineer the simulation, the argument goes, and you lose the human connective tissue that actually matters when the phones start ringing for real.

The boxing metaphor most often cited in this world, usually attributed to Mike Tyson, that “everyone has a plan until they get punched in the face,” captures why the debate may be beside the point. The purpose of these exercises is not to produce a perfect plan. It is to discover, in a room where nothing is actually on fire, exactly which assumptions will shatter on first contact. Fort Bragg’s three-minute clock, RAND’s 67-second window, Fort Bliss’s jamming-as-vandalism dilemma: each was a punch thrown in safety, so that the flinch could be studied before it costs anything real.

That is the quiet logic of the tabletop. The drones in these scenarios never fly. But the questions they raise, who decides, who acts, who owns the wire that the whole base runs on, are the ones the country would rather answer at a conference table than under a sky full of incoming.

---

Sources

• First Defense Critical Infrastructure summit aims to develop repeatable playbook (Breaking Defense, May 2026)
• Facing growing threats, Army hosts Defense Critical Infrastructure summit to boost installation crisis response (DefenseScoop, May 2026)
• Army, interagency, industry and local leaders unite at inaugural DCI Summit (U.S. Army, May 2026)
• Defending U.S. Military Bases Against Drones? A Recent Tabletop Exercise Explores How (RAND Corporation, June 2025)
• These wargames explored drone attacks on US military bases (Army Times, July 2025)
• Counter-UAS Systems Market predicted to reach $20.31 billion by 2030 (MarketsandMarkets, October 2025)
• Booz Allen and Anduril Partner to Deploy C2, Cyber, and Zero Trust Capabilities on Menace and Lattice (Business Wire, May 2026)
• Distributed Mission Operations Center (Kirtland Air Force Base, U.S. Air Force)
• Exploiting the Vulnerabilities in MAVLink Protocol for UAV Hijacking (IEEE Xplore, peer-reviewed analysis of MAVLink v2 authentication and sequence-verification weaknesses)
• UAS Detection and Mitigation Systems Aviation Rulemaking Committee, Final Report (Federal Aviation Administration, February 2024)