Advertisement

Republican senators ask DOT, FAA to cease using Chinese drones

Capitol Hill is putting on the pressure.
Drone
(Pixabay)

A group of Republican senators sent a letter to the Department of Transportation and the Federal Aviation Administration Wednesday asking them to exclude Chinese drones, particularly DJI drones, from future partnerships due to national security concerns.

The letter comes days after one of the participants in the FAA’s Unmanned Aircraft System Integration Pilot Program announced it would be working with DJI drones, which the U.S. government has found to contain vulnerabilities that could allow adversaries to steal sensitive data — or to even take control of their systems.

“We … urge you to immediately restrict the use of this equipment and technology that has the potential to jeopardize the security of critical information and infrastructure gained through this and other FAA programs,” the Senators write. “American taxpayer dollars should not fund state-controlled or state-owned firms that seek to undermine American national security and economic competitiveness.”

The authors of the letter — Sens. Tom Cotton, R-Ark., Marsha Blackburn, R-Tenn., Marco Rubio, R-Fla., Rick Scott, R-Fla., and John Cornyn, R-Texas — cite the U.S. Army, Department of Homeland Security, and Department of the Interior memos and alerts about the cybersecurity risks inherent to DJI drones.

Advertisement

One such memo, a 2017 warning from Immigration and Customs Enforcement, claims DJI “is selectively targeting government and privately owned entities … to expand its ability to collect and exploit sensitive U.S. data.” It notes that a “foreign government with access to this information could easily coordinate physical or cyber attacks against critical sites.”

More recently a 2019 memo from the DHS’s Cybersecurity and Infrastructure Security Agency notes Chinese drones have products that “contain components that can compromise data and share information on a server accessed beyond the company itself.”

It’s just the latest action lawmakers are taking to try to limit government use of Chinese drones over national security concerns — the 2020 National Defense Authorization Act, pending President Donald Trump’s signature, would ban Chinese-made drones from military purchase. Separately, the American Security Drone Act of 2019 would ban federal agencies from using foreign-made drones, an effort Scott is working on with a group of bipartisan senators, his office tells CyberScoop. That bill has a counterpart version in the House of Representatives, backed by Rep. Dan Crenshaw, R-Texas.

Beyond asking Transportation Secretary Elaine Chao and FAA Administrator Stephen Dickinson to avoid partnering with Chinese drone companies in the future, the Senators also want to know if the DOT and FAA have warned state, local, and tribal partners about the security risks of using Chinese drones. They also want to know what the agencies are doing to mitigate any risk.

Other agencies have started to take action against Chinese-made drones over security concerns. The Army banned DJI drones two years ago following warnings from the Navy that the systems “should be considered highly vulnerable in the cyber security realm.” The Interior Department announced in October this year that it is grounding a fleet of 800 Chinese drones until it knows more about their security risks.

Advertisement

As recently as November, Idaho National Laboratory assessed that in interference-free environments DJI does not appear to have data leakage, according to a report CyberScoop obtained. But the report concluded that further detailed assessment needed to be done to get a fuller cybersecurity risk picture.

Although in a recent interview with CyberScoop, the head of DJI North America acknowledged that DJI drones are not built for military standards, DJI took issue with the Senators’ letter. DJI claims it gives its customers control over how data is collected, stored, and transmitted.

“The letter is riddled with false allegations that paint a misleading picture of DJI and our commitment to advancing the drone industry as well as data and cyber security, the most egregious being that DJI is a state owned entity, which it is not,” a DJI spokesperson said in a statement. “It demonstrates just how misinformed the Senators are about the details of the UAS IPP program and their willingness to perpetuate blatant falsehoods about how DJI’s industry-leading drone technology and safety features work.”

Read the letter in full here.

[documentcloud url=”http://www.documentcloud.org/documents/6586447-DOT-FAA-DJI-Drones-Letter.html” responsive=true]

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts