In a significant development concerning national security, U.S. entities responsible for critical infrastructure are being cautioned against using Chinese-manufactured unmanned aircraft systems (UAS), based on a warning issued by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on January 17.
This alert is particularly relevant as it involves sectors such as energy, chemical, and communications, which increasingly depend on UAS for their operations.
Increased dependency and emerging threats
David Mussington of CISA highlighted the growing reliance on these systems in his memo accompanying the report, “Cybersecurity Guidance: Chinese-Manufactured UAS.”
He emphasized the benefits of UAS in reducing costs and enhancing staff safety.
However, he also warned, “The use of Chinese-manufactured UAS risks exposing sensitive information that jeopardizes U.S. national security, economic security, and public health and safety.”
This statement underscores the gravity of the threat posed by these systems.
China’s cyber operations: A growing concern
The memo draws urgent attention to “China’s aggressive cyber operations to steal intellectual property and sensitive data from organizations,” as stated by Mussington.
This concern is not new. Chinese-made drones, especially those by Da Jiang Innovations (DJI), have been under scrutiny for some time.
In December 2020, DJI was added to the Commerce Department’s export control list, followed by its inclusion in the Pentagon’s list of “Chinese military companies” operating in the U.S.
FBI-CISA report flags concern over Chinese drone laws
The FBI-CISA report, while not naming specific Chinese UAS makers, highlights the risks posed by Chinese laws.
Laws like the National Intelligence Law 2017 require Chinese companies to surrender data to Beijing’s intelligence agencies.
The 2021 Data Security Law and the Cyber Vulnerability Reporting Law further intensify these risks, potentially allowing Chinese authorities to exploit system vulnerabilities.
Report warns of vulnerabilities in Chinese-Made drones
The report identifies three significant vulnerabilities: data transfer and collection, patching and firmware updates, and increased data collection surface.
Bryan Vorndran of the FBI’s Cyber Division cautions, “Without mitigations in place, the widespread deployment of Chinese-manufactured UAS in our nation’s key sectors is a national security concern, and it carries the risk of unauthorized access to systems and data.”
This highlights the potential for foreign intelligence gathering on U.S. infrastructure.
Prioritizing secure-by-design drones for critical infrastructure
In light of these risks, the memo advises U.S. critical infrastructure owners and operators to prefer drones that are “secure by design,” including those made by U.S. companies.
The report also offers several cybersecurity recommendations to mitigate these threats.
This report has elicited responses from political figures such as Rep. Elise Stefanik and Rep. Mike Gallagher.
Push for ban on CCP-backed spy drones in U.S.
They advocate for a ban on CCP-backed spy drones in the U.S. and emphasize the need to support the U.S. drone industry.
Gallagher and Stefanik have been proactive, introducing the Countering CCP Drones Act and calling for an investigation into Autel Robotics over national security concerns.
Finally, Sen. Mark Warner urges individuals interested in Chinese-made drones to read the security report thoroughly.
Security concerns persist over Chinese-made drones
His statement, “For years, I’ve been concerned about the security risks associated with drones, including those made in the PRC,” reflects ongoing worries about the implications of using these devices.
This comprehensive analysis underscores the need for vigilance and informed decision-making regarding using Chinese-made UAS in critical U.S. sectors.
With national security at stake, adhering to security guidelines and supporting domestic technology cannot be overstated.