DETECT Act seeks cybersecurity guidelines for federal usage of drones

With their recent introduction of the Drone Evaluation to Eliminate Cyber Threats Act of 2024 (DETECT Act), U.S. Sens. Mark Warner (D-VA) and John Thune (R-SD) seek to direct the development of cybersecurity guidelines for the federal government’s use of drones.

“Drones and unmanned systems have the capability to transform the way we do business, manage our infrastructure, and deliver life-saving medicine, and as drones become a larger part of our society, it’s crucial that we ensure their safety and security,” Warner said. “This legislation will establish sensible cybersecurity guidelines for drones used by the federal government to ensure that sensitive information is protected while we continue to invest in this new technology.”

If passed, the bill would direct the National Institute of Standards and Technology (NIST) to develop said guidelines. Guidelines would need to cover cybersecurity for civilian drones and be tested by a federal agency. Further, after testing, every agency using those drones would need to implement principles based on the NIST guidelines, while agencies would have to report security vulnerabilities discovered in any drones used.

Contractors would not escape from such regulations either. Those who supply civilian drones or drone-related services to the government would have to report any discovered security vulnerabilities. If drones cannot meet the guidelines declared, agencies would be forbidden from using them.

“As the capabilities of drones continue to evolve and be utilized by both the federal government and the private sector, it’s critically important that they operate securely,” Thune said. “This common-sense legislation would require the federal government to follow stringent cybersecurity guidelines and protocols for drones and unmanned systems.”

Drones are often used for information gathering, and some worry about the sensitive data they could collect in the line of duty. Still, these guidelines would only apply to federal use of civilian drones, not to the private sector itself, which could voluntarily submit to or reject such guidelines.