Last week, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems (UAS), which outlines the risks and threats posed by Chinese-manufactured unmanned aerial systems (UAS or drones) and provides cybersecurity safeguards to reduce these risks to networks and sensitive data.

The biggest issue: the People’s Republic of China enacted laws that allow the government to use a variety of legal grounds to access data collected by Chinese businesses. Chinese-manufactured drones used for critical infrastructure operations potentially risk exposure of such information to the Chinese government. The CISA/FBI guidance provides the following mitigation recommendations:

  • PLAN/DESIGN: Ensure secure, organization-wide development of the goals, policies, and procedures for the UAS program.
  • PROCURE: Identify and select the UAS platforms that best meet the operational and security requirements of the organization.
  • MAINTAIN: Perform regular updates, analysis, and training in accordance with the organization’s plans and procedures.
  • OPERATE: Ensure proper operational and security policies are followed during operational usage.

While the guidance offers cyber safeguards and recommendations, critical infrastructure organizations are encouraged to utilize drones that are secure-by-design and manufactured by U.S. companies.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy and Security Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.