Last week, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems (UAS), which outlines the risks and threats posed by Chinese-manufactured unmanned aerial systems (UAS or drones) and provides cybersecurity safeguards to reduce these risks to networks and sensitive data.
The biggest issue: the People’s Republic of China enacted laws that allow the government to use a variety of legal grounds to access data collected by Chinese businesses. Chinese-manufactured drones used for critical infrastructure operations potentially risk exposure of such information to the Chinese government. The CISA/FBI guidance provides the following mitigation recommendations:
- PLAN/DESIGN: Ensure secure, organization-wide development of the goals, policies, and procedures for the UAS program.
- PROCURE: Identify and select the UAS platforms that best meet the operational and security requirements of the organization.
- MAINTAIN: Perform regular updates, analysis, and training in accordance with the organization’s plans and procedures.
- OPERATE: Ensure proper operational and security policies are followed during operational usage.
While the guidance offers cyber safeguards and recommendations, critical infrastructure organizations are encouraged to utilize drones that are secure-by-design and manufactured by U.S. companies.