![Future of Commercial Drones 2024, DJI responds Chinese drone data security](https://dronelife.com/wp-content/uploads/2024/01/DJI_Inspire_1_Professional_by_D_Ramey_Logan-300x200.jpeg)
Photograph by D Ramey Logan, CC BY 4.0
In a recent joint publication, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) expressed concerns about Chinese-manufactured unmanned aircraft systems (UAS) and their potential risks to critical infrastructure and U.S. national security. The guidance underscores the necessity for caution when procuring and operating such UAS as a result of data access issues and cybersecurity vulnerabilities related to Chinese entities.
AUVSI, a drone advocacy group, supported the CISA and FBI guidance, with Chief Advocacy Officer Michael Robbins calling for a shift away from unsecure PRC drones and foreign supply chains. “Organizations collecting sensitive information must shift away from unsecure PRC drones,” stated Robbins.
DJI, the world’s largest drone manufacturer, responded to the allegations with a comprehensive rebuttal, reaffirming its commitment to data privacy and security. DJI’s response included these facts:
FACT #1: DJI created the marketplace for ready-to-fly civilian and business drones almost twenty years ago and has invested heavily in robust safety and security protections in addition to expanded user data privacy controls for our products.
FACT #2: Customers only share flight logs, images or videos with us in the event that they affirmatively decide to achieve this. Default collection doesn’t exist with us.
FACT #3: Operators of our consumer and enterprise drones can decide to ‘fly offline’ through Local Data Mode, ensuring that no unauthorized parties can get access to their drone data.
FACT #4: Since 2017, we’ve recurrently submitted our products for third-party security audits and certification. These U.S. and European cybersecurity experts buy our products off the shelf and conduct the review independently. Their findings validate that we offer best-in-class data security and data privacy protections.
The corporate emphasized certifications obtained for data security, similar to the DJI Core Crypto Engine’s NIST FIPS 140-2 certification and DJI FlightHub 2’s ISO 27001 certification.
The CISA publication focused totally on the laws specific to China allowing the Chinese government to access data held by Chinese corporations, stating:
While any UAS could have vulnerabilities that enable data theft or facilitate network compromises, the People’s Republic of China (PRC) has enacted laws that provide the federal government with expanded legal grounds for accessing and controlling data held by firms in China. The usage of Chinese-manufactured UAS requires careful consideration and potential mitigation to scale back risk to networks and sensitive information.
DJI clarified its stance on disclosing information based on local laws and regulations, asserting that any disclosure would adhere to legal requirements inside the national jurisdiction of the federal government agency making the request and stating that they may only disclose data that they collected: not data that users selected to not share.
Despite geopolitical challenges and accusations, DJI advocated for the event of a transparent technology-based standard for drone security, applicable to all manufacturers no matter their country of origin. The corporate urged industry-wide adherence to such standards to reinforce overall drone and data security.
While US government concerns persist about Chinese-manufactured UAS, DJI’s detailed response provides insights into its data privacy measures, cybersecurity practices, and its commitment to addressing industry challenges. The continued dialogue underscores the necessity for nuanced discussions surrounding security concerns within the drone industry.
Read more: