Critical Infrastructure Security

Chinese Drones Pose Threat to US Infrastructure, CISA Warns

CISA, FBI Urge Critical Infrastructure Owners to Bolster UAS Security Measures
Chinese Drones Pose Threat to US Infrastructure, CISA Warns
The U.S. Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners to buy secure drones. (Image: Shutterstock)

The U.S. Cybersecurity and Infrastructure Security Agency is sounding the alarm on the mounting popularity of Chinese-manufactured unmanned aircraft systems, warning that Sino drones could pose serious risks to American critical infrastructure sectors.

See Also: Webinar | Mythbusting MDR

The nation's cyber defense agency published joint guidance Wednesday with the FBI detailing how "the use of Chinese-manufactured UAS in critical infrastructure operations risks exposing sensitive information to PRC authorities." The guidance highlights that Chinese law compels prominent Chinese-owned UAS manufacturers operating in the United States to collaborate with Beijing's intelligence services and engage in foreign data collection operations.

Critical infrastructure owners and operators across the country "are increasingly relying on UAS for various missions that ultimately reduce operating costs and improve staff safety," CISA Executive Assistant Director for Infrastructure Security David Mussington said. Organizations use drones to enhance operations and reduce costs, including by inspecting power lines or inspecting offshore oil rigs without having to place humans in danger.

Chinese-manufactured or other insecure UAS devices in or near critical infrastructure facilities can potentially provide foreign adversaries with sensitive imagery and a broader surface for data collection, the guidance says. CISA urged organizations using UAS in critical infrastructure settings to transition to "secure by design" systems that have incorporated robust security measures.

"Without mitigations in place, the widespread deployment of Chinese-manufactured UAS in our nation's key sectors is a national security concern," Bryan Vorndran, assistant director of the FBI's cyber division, said in a statement. "It carries the risk of unauthorized access to systems and data."

UAS platforms and their components should be included in organizational cybersecurity frameworks for internet of things devices, CISA recommended. The guidance also urges organizations to implement a zero trust framework for the UAS fleet and a supply chain risk management program for all information and communications technology devices.

CISA has previously published guidance for critical infrastructure operators, law enforcement and the public on UAS cybersecurity best practices, as well as privacy and data protection guidance for all drone users.


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.