Advertisement

The new guidance aims to help owners and operators protect themselves against risks.

A DJI Mavic 2 Pro made by the Chinese drone maker hovers in place on December 15, 2021 in Miami, Florida. (Photo by Joe Raedle/Getty Images)

The Cybersecurity and Infrastructure Security Agency and the FBI are warning about potential threats from Chinese-made drones on critical infrastructure.

In new guidance issued Wednesday, CISA and the FBI warned that Beijing could use drones to obtain sensitive information from critical infrastructure sites. The guidance is meant to assist critical infrastructure owners and operators to reduce the risk from those drones, and it encourages buying from U.S. companies.

“Our nation’s critical infrastructure sectors, such as energy, chemical and communications, are increasingly relying on [Unmanned Aircraft Systems] for various missions that ultimately reduce operating costs and improve staff safety,” David Mussington, executive assistant director for infrastructure security at CISA, said in a statement. “However, the use of Chinese-manufactured UAS risks exposing sensitive information that jeopardizes U.S. national security, economic security, and public health and safety.”

Concerns over Chinese-made drones have long been a concern for critical infrastructure sectors as the use in industrial facilities grows. One such company, Da Jiang Innovations, which is headquartered in Shenzhen, China, garnered additional attention as the tech company dominated the commercial drone market. The Commerce Department added DJI to the export control list back in 2020 because of national security concerns.

Advertisement

The report also comes amid increasing concerns that China is actively preparing for destructive attacks against critical infrastructure. Recent intrusions by Chinese threat actors like Volt Typhoon shows that Beijing has been targeting critical infrastructure sectors in a way that is more destructive than espionage-focused.

The guidance warns about the potential information collection threats due to regulations in China that require companies to hand over data. Such data, the guidance warns, is “essential to the [People’s Republic of China’s] Military-Civil Fusion strategy, which seeks to gain a strategic advantage over the United States by facilitating access to advanced technologies and expertise.” The guidance warns that such devices could help China spy on critical infrastructure facilities.

State-backed hackers could also learn about vulnerabilities in such drones before they are made public, the report warned. Additionally, updates from Chinese manufacturers or vendors controlled by China could introduce data-collection capabilities in a drone.

“Without mitigations in place, the widespread deployment of Chinese-manufactured UAS in our nation’s key sectors is a national security concern, and it carries the risk of unauthorized access to systems and data,” Bryan Vorndran, assistant director of the FBI’s Cyber Division, said in a statement.

The concern over drones led to the passage of the American Security Drone Act in the annual National Defense Authorization Act, which prohibits federal entities from purchasing or using drones made by foreign entities.

Christian Vasquez

Written by Christian Vasquez

Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out:  christian.vasquez at cyberscoop dot com

Latest Podcasts

Government

Technology

Geopolitics