CAA Operational Authorisation · £10m public liability · ICO registered · VAT no. GB 519 2696 62
Critical AssetDrone Inspections
About

A UK drone inspection practice,
built for scrutiny.

Specialist security-assessment work for insurance-sensitive sites, plus broader drone inspection, mapping and aerial photography across six sectors.

Founder

I’m Martin. I fly the drone, run the OSINT, and write the report.

Critical Asset is a one-person practice. I’m CAA-authorised, ICO-registered and Cyber Essentials certified, with a cyber threat intelligence background — an MSc in Computer Science, nine years of structured OSINT and threat-actor analysis in financial services, plus GIAC GCTI, GIAC GOSI, Treadstone 71 Certified Threat Intelligence Analyst and the CAA Remote Pilot Certificate (RPC Level 1). The flagship Site Security Vulnerability Assessment came from one observation: most drone operators don’t carry out intelligence work, and most security consultancies don’t fly. The vulnerabilities that matter most on remote sites sit exactly where those two disciplines meet — and few suppliers combine both in a single fixed-scope engagement. So I built a productised engagement that does, in one fixed-price visit, with one analyst. It grew on solar farms, where the loss-event economics are most obvious (£3,950 + VAT against £50k–£500k+ incidents).

Three other ways in sit alongside the flagship. Incident Response is for sites that have already been hit — cable theft, arson, vandalism — combining post-incident drone capture with an OSINT indicator review, deployment usually targeted within 48–96 hours where conditions permit. Managed Capture handles recurring drone work on a fixed cadence (quarterly through monthly) for construction, infrastructure, property, built-environment, agriculture and industrial sites. Standalone drone inspection, mapping and photogrammetry briefs are quoted per engagement. Same operating discipline across all four engagements; documented scope boundary and clean evidence trail throughout, with dual-graded findings on the SSVA and Incident Response packs. And if you’re not sure whether drone work fits at all, the Discovery Call is a free 30-minute conversation.

For intrusive cyber testing I recommend that the client instruct an appropriately accredited cyber provider, such as a CREST-accredited firm.

Aerial view of a traditional black weatherboarded post mill in open arable farmland — a Critical Asset heritage-asset survey
Founder & lead pilot
Martin
CAA-authorised UAS operator and RPC Level 1 remote pilot, working alongside an OSINT and threat-intelligence background. Cyber threat intelligence background — bringing intelligence-discipline rigour (Admiralty-graded evidence, risk-priority scoring) to physical site vulnerability.
Proof pack

Everything you need before signing.

We work on insurance-sensitive sites — rural renewables, large estates, critical-infrastructure adjuncts — where client confidentiality is often part of the value the engagement delivers. For that reason we don't publish a client list on the website.

Instead, everything a prospect reasonably needs to evaluate us is packaged for the scoping call. Tell us the asset type, the brief and any underwriter questions you're trying to answer, and we'll assemble a proof pack tailored to your site before the first conversation.

AVAILABLE ON REQUEST
  • Methodology walkthrough — what we do, how findings are graded
  • Insurance, CAA and ICO certificates
  • Project references we can discuss under NDA
  • Indicative scope and fixed-price quote
Request the proof pack
Public briefing paper
Cable Theft at Unmanned UK Renewables Sites — Patterns, Losses and Prevention
April 2026 · broker- and underwriter-facing · 25 pages · 35 sources.
Download PDF
Credentials & compliance

Qualified, insured, accountable.

CAA status
Operational Authorisation
PDRA01-28445
Annually renewed · current
Sector background
9 years cyber threat intelligence
Financial services · sector awareness across energy, utilities & telecoms threat landscapes
Qualifications
Cyber threat intelligence + OSINT certified, UK Remote Pilot
SANS Institute GIAC GCTI and GIAC GOSI (cyber threat intelligence and open-source intelligence), Treadstone 71 CTIA (NICCS-listed, UK PHIA-aligned) and the UK CAA Remote Pilot Certificate (RPC Level 1). MSc Computer Science.
Insurance
£10m public liability
via Moonrock · certificate on request
Data handling
ICO-registered
ZC132184 · UK GDPR compliant
Security
Cyber Essentials
Certified
NCSC-approved scheme — certificate available on request.
Equipment

Professional kit for professional jobs.

PRIMARY CAPTURE PLATFORM
Enterprise photogrammetry quadcopter
RTK GNSS positioning, 4/3 CMOS visible sensor, dual-camera wide/tele array — sized for whole-site photogrammetry, 3D digital twin generation and high-accuracy mapping.
SECONDARY & CLOSE-IN
Compact prosumer quadcopter
High-resolution visible imaging on a smaller airframe — used for perimeter detail, access points and structural close-ins where a lighter platform is operationally appropriate.
MULTISPECTRAL CAPTURE
Red-edge & near-infrared imaging
Five-band multispectral sensor — visible, red-edge and near-infrared bands for NDVI/NDRE vegetation indices, drainage performance and crop-health analysis. Calibrated for repeatable comparison across visits.
PROCESSING
Pix4Dmapper & Metashape
Industry-standard photogrammetry pipelines producing 3D digital twins, orthomosaics and GeoTIFF/LAS/DXF exports.
OSINT TOOLCHAIN
Maltego + bespoke pipeline
Dark-web credential monitoring, Telegram and forum signal harvesting, marketplace scraping and graph analysis.
SCORING FRAMEWORK
Admiralty System (NATO AI-2)
Every finding graded by source reliability and information credibility — the same framework used in formal cyber threat intelligence.
REPORTING
Broker-ready report pack
Executive summary, dual-graded findings register, annotated 3D digital twin, OSINT brief, and operator-owned control-review pathway structured for your broker and underwriter.
How to engage

Four ways in — pick the one that fits your brief.

  • Site Security Vulnerability Assessment — the flagship. For insurance-sensitive sites: solar farms, rural estates, remote commercial assets.
  • Incident Response — if your site has already been hit. Deployment usually targeted within 48–96 hours where conditions permit, broker- and insurer-facing evidence pack with an OSINT indicator review.
  • Managed Capture — recurring drone work on a fixed retainer for known deliverables across six sectors.
  • Discovery Call — free 30 minutes if you’re not sure which of the above fits, or whether a drone helps at all.
NEXT STEP
Tell us about the asset.

Scope and fixed price back within 2 working days.

Request an Assessment →