The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation have published an advisory to inform organizations of threats posed by aerial drones developed in China.
The guidance is a response to existing People’s Republic of China (PRC) laws providing the Asia-Pacific government abilities to access and control data stored by companies in the country.
Due to these legal grounds, CISA wrote that usage of Beijing’s unmanned aerial system (UAS) products in the US could expose critical data to the PRC authorities.
Other outcomes of locally deploying China-manufactured drones lacking proper cybersecurity protocols may lead to US-based network vulnerabilities and sensitive information exploitation, the agency added.
“Our nation’s critical infrastructure sectors, such as energy, chemical and communications, are increasingly relying on UAS for various missions that ultimately reduce operating costs and improve staff safety,” CISA Infrastructure Security’s David Mussington explained.
“However, the use of Chinese-manufactured UAS risks exposing sensitive information that jeopardizes US national security, economic security, and public health and safety.”
Maintaining ‘Resilience’
In the advisory’s announcement, CISA prompted critical infrastructure operators and owners to leverage drones that are “secure by design” and built by US industry partners.
“With our [Federal Bureau of Investigation] partners, CISA continues to call urgent attention to China’s aggressive cyber operations that steal intellectual property and sensitive data from organizations,” Mussington stated.
“We encourage any organization procuring and operating UAS to review the guidance and take action to mitigate risk. We must work together to ensure the security and resilience of our critical infrastructure.”