CISA-FBI Guidance Warns on Cybersecurity Risks of Using Chinese-Made UAS

The Cybersecurity and Infrastructure Security Agency and the FBI have issued guidance alerting critical infrastructure operators on the cybersecurity threats from using Chinese-made unmanned aerial systems and suggesting ways to neutralize the risks. 

Titled Cybersecurity Guidance: Chinese-Manufactured UAS, the CISA-FBI resource urges caution on using Chinese-made drones, noting that China has laws with expanded government power to access and control data that Chinese firms hold. In April 2023, FBI Director Christopher Wray revealed that China’s malicious cyber activities soared by 1,300 percent in the past 10 years.

David Mussington, CISA’s executive assistant director for infrastructure security, noted that critical infrastructures, such as the energy, chemical and communications sectors, increasingly use UAS to cut costs and enhance staff safety. However, relying on Chinese UAS  risks unauthorized access to sensitive U.S. information on national and economic security, as well as public health and safety, Mussington added.

The guidance encourages critical U.S. infrastructure organizations to choose American-made UAS designed with security features, CISA said Wednesday.

The potential vulnerabilities that the guidance outlined mostly pertain to the UAS design, such as the use of smartphones and other internet-based devices to control the system. 

According to the guidance, the control setup for UAS data storage and access can open the opportunity for intelligence gathering on critical U.S. infrastructures. As one way to mitigate risk, the guidance suggests that UAS operators verify if the system runs current software and firmware versions addressing cyberthreats and vulnerabilities.