U.S. owners and operators of critical infrastructure are being warned not to use Chinese-made unmanned aircraft systems (UAS) due to security risks, in a memo and report issued on Jan. 17 by the FBI and Cybersecurity and Infrastructure Security Agency (CISA).
“However, the use of Chinese-manufactured UAS risks exposing sensitive information that jeopardizes U.S. national security, economic security, and public health and safety.”
“Urgent attention” must be paid to “China’s aggressive cyber operations to steal intellectual property and sensitive data from organizations,” Mr. Mussington added.
Chinese Laws
However, it highlights the risks associated with using Chinese-made drones by pointing to different Chinese laws, including the National Intelligence Law that took effect in 2017, which compels Chinese companies to hand over data collected within China and elsewhere to Beijing’s intelligence agencies.“The 2021 Cyber Vulnerability Reporting Law requires Chinese-based companies to disclose cyber vulnerabilities found in their systems or software to PRC authorities prior to any public disclosure or sharing overseas,” the report adds.
“This may provide PRC authorities the opportunity to exploit system flaws before cyber vulnerabilities are publicly known.”
The report points out three major vulnerabilities that Chinese-made drones can exploit: data transfer and collection, patching and firmware updates, and a broader surface for data collection. Drones controlled by smartphones and other internet-of-things devices could allow foreign intelligence gathering on U.S. critical infrastructure.
Sensitive imagery, surveying data, and facility layouts are some of the vulnerable data that “allow foreign adversaries like the PRC access to previously inaccessible intelligence,” according to the report.
“Without mitigations in place, the widespread deployment of Chinese-manufactured UAS in our nation’s key sectors is a national security concern, and it carries the risk of unauthorized access to systems and data,” Bryan Vorndran, assistant director of the FBI’s Cyber Division, said in a statement.
Responses
Rep. Elise Stefanik (R-N.Y.), chairwoman of the House Republican Conference, and Rep. Mike Gallagher (R-Wis.), chairman of the House Select Committee on the Chinese Communist Party (CCP), issued a joint statement in response to the report.“The new Cybersecurity and Infrastructure Security Agency report makes clear that Communist Chinese drones present a legitimate national security risk to our critical infrastructure and must be banned from the U.S.,” the lawmakers stated.
“The CCP has subsidized drone companies such as DJI and Autel in order to destroy American competition and spy on America’s critical infrastructure sites. We must ban CCP-backed spy drones from America and work to bolster the U.S. drone industry.”
Sen. Mark Warner (D-Va.), chairman of the Senate Intelligence Committee, advised people interested in purchasing Chinese-made drones to read the security report.