China is making fresh economic, military, and political inroads in the United States by the minute. Within the last few months a Chinese spy balloon drifted over our heartland, mesmerizing the media and public; news broke that Beijing has been spying on the United States from Cuba, just 90 miles from the coast of Key West; and Foreign Policy magazine called China’s intelligence onslaught against the West “much worse than you think.”
While these sightings and reports are alarming, in many ways we have been complicit. We openly share our data and information with China when we download and use applications like TikTok. And out of expediency or haste, we fail to properly vet Chinese operatives accessing our secrets in universities, research labs, and factories.
Perhaps most egregious is the threat buzzing just over our heads, piloted by well-intentioned law enforcement and public safety officers: uncrewed aerial systems (UASs), better known as drones.
Our police, sheriffs, and emergency responders fly thousands of missions a day to protect civilians and perform critical tasks such as criminal pursuit, suspect identification, crowd management, investigations, and accident reporting that take precious law enforcement personnel out of harm’s way. But the vast majority of these missions are flown by drones with Chinese hardware and software.
In the United States, more than 92 percent of drones operated by law enforcement are manufactured by Chinese companies that are legally required to work directly with Beijing.
These can map our critical infrastructure – our roads, bridges, ports, airports, power plants, stadiums, and hospitals. Wherever a drone is flown, data is collected and stored.
To be fair, we are in no way suggesting that our law enforcement community is disloyal or poorly intentioned; actually, it is quite the opposite. Our police and sheriffs have turned to UAS as force multipliers for public-safety departments depleted by retirements, funding cuts, and recruitment troubles.
Unfortunately, Chinese drone companies like DJI are a lower-price option for cash-strapped agencies in need of more hands on deck. A Chinese drone – underwritten by Beijing – can cost one-third to one half less than a U.S.-made counterpart. This begs the question: What is the price of our American safety and security?
In 2017, the United States Army discontinued the use of drones produced by the Chinese company DJI, the world’s biggest manufacturer of drones, over the risk of vulnerabilities. And just last December, as part of the 2023 National Defense Authorization Act, Congress expanded the prohibition on the Department of Defense from acquiring and using Chinese manufactured drones to the array of contractors that serve the agency.
Thankfully, this emerging and ongoing threat has caught the attention of Congress. Sens. Mark Warner (D-Va.) and Rick Scott (R-Fla.) have proposed bipartisan legislation that would significantly limit the presence of foreign-made drones in the United States by prohibiting both the federal government and federal funds awarded through grants from being used to purchase such drones. In addition to China, the bill would also prohibit the federal government from buying or using drones produced in Russia, Iran, North Korea, Venezuela, and Cuba.
“Drones have the potential to transform key industries and aspects of our society – from agriculture to emergency services, to deliveries, and so much more,” Warner said. “As the adoption of this technology grows, we need to make sure that we are not advancing the goals of our adversaries, who wish to saturate the market with drones that pose a threat to our national security.”
Aside from the military, the federal government and several states have begun to specifically address the issue.
Florida, Arkansas, Mississippi, and Nevada have passed legislation restricting state and local agency use of Chinese drones, following the lead of several federal agencies including the U.S. Department of Homeland Security. Florida, which banned these insecure drones this past April, is funding a $25 million program to help state and local agencies replace their insecure, untrustworthy drones with secure American and allied hardware.
In March, a bipartisan group of senators asked the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to re-evaluate the risks posed by Chinese drones. Much of the public discourse on this issue has elided the cyberthreat posed by Chinese drones. In fact, as the senators’ letter points out, the threat is far from theoretical.
“A 2017 Department of Homeland Security assessment warned that Chinese companies had used grape production information gathered by a [Chinese] drone purchased by a California wine producer to inform their own land purchasing decisions,” they wrote. “Even worse, the widespread use of [Chinese] drones to inspect critical infrastructure allows the CCP to develop a richly detailed, regularly updated picture of our nation’s pipelines, railways, power generation facilities, and waterways. This sensitive information on the layout, operation, and maintenance of U.S. critical infrastructure could better enable targeting efforts in the event of conflict.”
In addition, Senator Marco Rubio (R-Fla.) heightened the focus on the efforts to prevent potential adversaries from operating in the U.S. law enforcement markets. In a letter to Capitol Police Chief Thomas Manger, he urged the U.S. Capitol Police to discontinue the use of drones manufactured by Chinese companies over security concerns. In the letter, Rubio noted that Chinese drones pose a serious national security threat to the United States.
In addition to the pending legislation, there are technical cybersecurity causes that may require law enforcement to replace Chinese-made drones as soon as possible.
A 2019 industry alert, issued by the Cybersecurity and Infrastructure Security Agency (CISA), noted that U.S. intelligence officials have repeatedly warned about the risks associated with this technology and the ways in which a Chinese-made drones could exploit their data through potential backdoors or by surveillance exploits that can be integrated into chips or other Chinese-made components:
- Inexperienced operators who aren’t properly securing stored data before, during and after flight.
- Malware that could be installed on a purchased device that could automatically transfer data to a third party.
- Data theft from an unencrypted communications feed and unsecured network connected to the UAS.
- Network breaches that can originate from a compromised UAS.
See CISA Warns Industries of Security Risks Posed by Chinese-Made Drones (hstoday.us)
Regardless of the possibility of backdoors, most drones currently used in law enforcement and by first responders are potentially vulnerable against man-in-the-middle attacks and injection commands. This could allow adversaries to take actual control of the drone and use the high-resolution optical and thermal cameras and advanced sensors that have telescopic/zoom-in features to gather information that may be sensitive. This could result in the disclosure of critical infrastructure data, or even more nefarious activities.
Ultimately, we have to be able to trust our drone technology and, unfortunately, the actions of our adversaries have proved to be anything but trustworthy.
We and our allies need to build and expand our own domestic manufacturing bases for microelectronics, including drones. This is the only way to ensure that there are no backdoor exploits or malicious code inserted by foreign sourcing, or insecure supply chains. Until then, we urge the federal government to follow Florida’s lead and provide funding or grants to replace insecure drones manufactured by our adversaries with secure American- and allied-made UAS. Every day we wait to take action we do the men and women of law enforcement a disservice.
The views expressed here are the writers’ and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email editor @ hstoday.us.
