Chinese drones could expose state, local governments
Connecting state and local government leaders
Amid the uncertainty surrounding drones’ cybersecurity, a new program vets drones to ensure they meet rigorous security requirements.
State and local governments are rapidly embracing drones for public safety, infrastructure inspection, environmental monitoring and disaster management, but the sector’s expansion brings privacy concerns, especially over equipment made in China.
Two of the largest drone use cases so far among state and local governments are in first response and infrastructure maintenance and inspection. Recent research has found that the use of drones by police and fire departments is growing at a staggering pace as agencies look to the technology to help them more quickly search areas for missing people and more efficiently manage firefighting resources.
But there are concerns about the security of the drone manufacturing supply chain, as certain components could also be vulnerable. There are also worries that a drone’s controller could be hijacked for nefarious purposes and that hardware and software could be vulnerable to hacks, including exfiltrating potentially sensitive data.
In fact, a recent report from Georgetown University’s Center for Security and Emerging Technology warned that Chinese companies sell western governments their technologies, which can then serve as “conduits for [Chinese] government espionage and other nefarious activities.”
Brent Skorup, a senior research fellow at the Mercatus Center at George Mason University, said while there is “not much evidence to date” of software vulnerabilities in Chinese-made drones or backdoors through which their data could be accessed, the role of the Chinese government in drone makers like DJI, which holds major market share, should be concerning for state and local officials.
“Any company that is based in China obviously is vulnerable to either government pressure or government edict,” Skorup said. “The risk would be that were DJI ever to have been under government pressure, they would have the ability to perhaps gather information or have control of drones in a way that would harm our national security interests.”
Amid the uncertainty surrounding drones’ cybersecurity, some groups are stepping in to offer their support, especially to state and local governments who may not have the time or the resources to do their own investigation into a piece of technology.
In September, uncrewed vehicle systems trade group the Association for Unmanned Vehicle Systems International announced its Trusted Cyber Program. In collaboration with the Defense Innovation Unit, AUVSI aims to vet drones to ensure they meet federal security requirements.
The program is intended to streamline the vetting process, with AUVSI working alongside cybersecurity firms to provide initial assessments, after which government organizations can carry out additional work. Michael Robbins, AUVSI’s executive vice president of government & public affairs, said that assessment will include looking at bills of materials for a drone’s hardware and software and could include “tearing apart the platform” to review critical components that may be vulnerable.
Robbins said state and local governments will benefit from the program as it will give them an idea of which companies have gone through a “rigorous process” and been certified as safe. American companies that are certified may have “an advantage over a Chinese product that maybe does have some security concerns,” he said.
Lawmakers have also looked to mount a more unified federal effort to promote the security of drones. Five Republicans on the House Science, Space and Technology Committee recently introduced a bill to coordinate federal research and development of civilian drones to ensure U.S. leadership in advanced air mobility technologies.
Rep. Frank Lucas (R-Okla.), the committee’s ranking member, said the effort is needed as drone “demand from businesses and government is only getting larger.”
Despite the lack of federal guidance on the security of drones beyond a “general privacy concern,” Skorup said he is “wary of states trying to take the lead” on this issue, especially as it is an “ever evolving, international” problem. Instead, he said state officials should “stay abreast” of the risks and issues associated with drones and encourage “more clarity” from the federal government.
NEXT STORY: State bans TikTok from government devices