Cybersecurity and Physical Security

Government warns about use of Chinese-built drones in the U.S.

The U.S. Department of Homeland Security has issued an alert related to the use of Chinese-built drones by entities in the U.S., citing concerns that the information collected by the drones could be transmitted to Chinese drone manufacturers and ultimately China’s government, according to recent media reports.

According to a report on CNN’s website, the alert from the DHS Cybersecurity and Infrastructure Security Agency said that the drones are a “potential risk to an organization's information," and that the products "contain components that can compromise your data and share your information on a server accessed beyond the company itself."

CNN noted that approximately 80 percent of drones used in the U.S. and Canada come from China-based drone manufacturer, DJI.

The alert said that the U.S. government “has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to that data or otherwise abuses that access," CNN reported.

“Drones can serve as a cost-saving beneficial tool for businesses by augmenting safety and security, improving operational efficiency, and increasing situational awareness,” said Brian Harrell, Assistant Director for Infrastructure Security at the Cybersecurity and Infrastructure Security Agency.

“However, the technology can also pose inherent risks such as data theft, corruption by malware, and network breaches if information protection practices are not put in place. As we have seen, technology advances are driving the cyber-physical security convergence conversation,” he said.

“Certain foreign manufactured drones, particularly those made in China, can potentially increase risks due to the potential for data to be shared with unintended audiences such as nation-state adversaries,” Harrell said. “As with all connected devices, protecting sensitive information or intellectual property should be a top priority for critical infrastructure organizations.”

The CISA Alert to Industry “highlights the potential threat, but also outlines actionable mitigation measures to reduce risk,” Harrell noted.

“Given the U.S. energy sector’s increased use of drones, it is vital that the energy industry, and public power utilities in particular, follow the government’s guidance when it comes to this potential threat,” said Sam Rozenberg, Engineering Services Security Director at the American Public Power Association.

Additional information about drones and critical infrastructure is available on the Cybersecurity and Infrastructure Security Agency’s website.