CISA, FBI release joint cybersecurity guidance covering Chinese-manufactured drones

Concerned about cybersecurity risks posed by Chinese-manufactured unmanned aircraft systems (UAS), the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation (FBI) recently released guidance about those threats and advice on safeguards.

The Cybersecurity Guidance: Chinese-Manufactured UAS publication focused on the threats to critical infrastructure and state, local, Tribal and territorial partners, particularly threats posed to networks and sensitive information. Several laws enacted by the Chinese government sprouted concern in the United States for their expansion of legal rights to access and control data held by firms operating in China. U.S. agencies have stated that Chinese-manufactured UAS could expose sensitive information to Chinese authorities.

“Our nation’s critical infrastructure sectors, such as energy, chemical and communications, are increasingly relying on UAS for various missions that ultimately reduce operating costs and improve staff safety,” David Mussington, CISA Executive Assistant Director for Infrastructure Security, said. “However, the use of Chinese-manufactured UAS risks exposing sensitive information that jeopardizes U.S. national security, economic security, and public health and safety. With our FBI partners, CISA continues to call urgent attention to China’s aggressive cyber operations to steal intellectual property and sensitive data from organizations.”

As a result, the guidance detailed possible vulnerabilities to sensitive information points if UAS were operated without proper cybersecurity protocols. They also noted the consequences that could result from such exposures – and used the opportunity to promote use of UAS manufactured by U.S. companies and made to be secure-by-design. 

“Without mitigations in place, the widespread deployment of Chinese-manufactured UAS in our nation’s key sectors is a national security concern, and it carries the risk of unauthorized access to systems and data,” Bryan Vorndran, assistant director of the FBI’s Cyber Division, said. “The FBI and our CISA partners have issued UAS guidance in order to help safeguard our critical infrastructure and reduce the risk for all of us.”   

Failure to secure against Chinese intervention, the report warned, could lead to exposing intellectual property to Chinese companies and costing U.S. companies their competitive advantage. It also noted that if the Chinese government gains such insights into critical infrastructure and vulnerabilities, it could lead to even greater abilities to disrupt critical services. Theft, sabotage of critical assets, and increased cyber-attacks on critical infrastructure were all among the concerns noted by the guidance.