The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are raising concerns about the growing use of Chinese-manufactured unmanned aircraft systems (UAS) in critical infrastructure, warning that these drones may pose serious risks to American sectors. The joint guidance emphasizes that Chinese law compels Chinese-owned UAS manufacturers operating in the U.S. to collaborate with Beijing’s intelligence services, raising the possibility of sensitive information exposure to the People’s Republic of China (PRC) authorities. As critical infrastructure organizations increasingly utilize UAS for various operations to enhance efficiency and reduce costs, CISA Executive Assistant Director for Infrastructure Security, David Mussington, highlights the potential risks associated with Chinese-manufactured or insecure UAS devices, including providing foreign adversaries with sensitive imagery and data collection opportunities.
CISA urges organizations using UAS in critical infrastructure to transition to secure-by-design systems with robust security measures, as the widespread deployment of Chinese-manufactured UAS is considered a national security concern. Bryan Vorndan, Assistant Director of the FBI’s cyber division, emphasizes the risk of unauthorized access to systems and data, stressing the importance of implementing mitigations to address these security challenges. The guidance recommends including UAS platforms and their components in organizational cybersecurity frameworks for internet of things devices and advocates for the implementation of a zero trust framework for the UAS fleet. CISA has previously issued guidance on UAS cybersecurity best practices for critical infrastructure operators and has emphasized privacy and data protection guidance for all drone users.
