Yesterday, CISA and the FBI published the “Cybersecurity Guidance: Chinese-Manufactured UAS” action guide. This resource was developed to increase awareness of the threats posed by Chinese-manufactured UAS and provide UAS cybersecurity recommendations that reduce risks to networks and sensitive information.
Unmanned aircraft systems (UAS), more commonly referred to as drones, have proliferated around the world over the past decade, primarily driven by cheap, commercially available Chinese UASs. Despite their availability, Chinese-manufactured UASs pose a significant risk to critical infrastructure and U.S. national security. “While any UAS could have vulnerabilities that enable data theft or facilitate network compromises, the People’s Republic of China (PRC) has enacted laws that provide the government with expanded legal grounds for accessing and controlling data held by firms in China,” according to the guide.
Chinese collection of this sensitive information and potential network access could result in significant consequences to critical infrastructure security and resilience, allowing the PRC to advance its strategic objectives and undermine U.S. national security. The risks associated with using Chinese made UASs in critical infrastructure operations is a potential blended threat. In one potential scenario, for instance, a Chinese UAS being used by a water utility around its treatment plant could send back sensitive data to Chinese authorities concerning the utility’s security measures, which could then be leveraged to conduct an attack against the facility. Indeed, many utilites employ UASs for legitimate and routine purposes, like conducting maintenance. However, owners and operators are encouraged to consider the security recommendations provided in the guide before and after acquiring a UAS. Access the guide at CISA here.
The “Cybersecurity Guidance: Chinese-Manufactured UAS” product is a continuation of CISA’s suite of products related to UAS cybersecurity, including Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems and Secure Your Drone: Privacy and Data Protection Guidance.