42.6 F
Washington D.C.
Saturday, March 2, 2024

CISA Warns Industries of Security Risks Posed by Chinese-Made Drones

Businesses were warned today by the Department of Homeland Security that Chinese-manufactured drones purchased for everyday industrial uses like inspection or land surveys pose a potential risk to the security of sensitive information or intellectual property.

The industry alert, issued by the Cybersecurity and Infrastructure Security Agency (CISA), notes that U.S. intelligence officials have repeatedly warned about the risks associated with technology — be it cyber systems, telecommunications or unmanned aerial systems — that goes through any steps of the design, manufacture or sales process with a company held or influenced by an authoritarian government. China is notorious both for its aggressive collection activities and expectation that citizens of the communist country will support intelligence operations.

Chinese-made UAS, CISA adds, stoke “strong concerns” as American data could be taken into the territory of a state where it can easily be accessed by a hostile intelligence service. Made-in-China drones and connected devices could also reveal information about the devices’ operations and operators.

Businesses were warned about the ways in which a Chinese-made drone or connected device could exploit their data:

  • Inexperienced operators who aren’t properly securing stored data before, during and after flight.
  • Malware that could be installed on a purchased device that could automatically transfer data to a third party.
  • Data theft from an unencrypted communications feed and unsecured network connected to the UAS.
  • Network breaches that can originate from a compromised UAS.

Organizations were warned to be “cautious” purchasing UAS from Chinese manufacturers, vet their vendor, and find out if data is ever stored by third parties and for how long. Operators are also encouraged to limit UAS access to networks and integrate UAS assessment in overall physical and cyber security risk mitigation.

If a drone comes with an SD card, it should be removed; if it can’t fly without it, all data should be cleared from the card after each flight. The internet connection should be disabled on the UAS controller and caution should be exercised when doing software updates.

CISA Assistant Director for Infrastructure Security Brian Harrell told the Government Technology & Services Coalition’s Emergency Management 2019 event last month that the agency would be providing recommendations to the private sector to prepare critical infrastructure for the UAS threat.

In addition to the espionage threat, Harrell noted that off-the-shelf drones can be easily modified to carry an explosive, biological or chemical payload. “Private industry does not own the airspace above generation facilities, above a transmission substation, above a water plant — so the overhead threat for attack is absolutely real today,” he stressed.

Harrell also suggested that “if you are in industry, and you own a foreign-manufactured drone and it is operating in your system, you are potentially incurring and introducing risk into your system… as that drone is flying, it could be mapping infrastructure, it could be looking at very critical and key things on your system. So does it matter to you that that data is possibly going outside of your system or outside the United States? I’m sure the answer is yes.”

CISA Chief Harrell’s Warning on Drones: ‘The Overhead Threat Is Absolutely Real’

Bridget Johnson
Bridget Johnson
Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a terrorism analyst and security consultant with a specialty in online open-source extremist propaganda, incitement, recruitment, and training. She hosts and presents in Homeland Security Today law enforcement training webinars studying a range of counterterrorism topics including conspiracy theory extremism, complex coordinated attacks, critical infrastructure attacks, arson terrorism, drone and venue threats, antisemitism and white supremacists, anti-government extremism, and WMD threats. She is a Senior Risk Analyst for Gate 15 and a private investigator. Bridget is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera, BBC and SiriusXM.

Related Articles

Latest Articles