Last week, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems (UAS), which outlines the risks and threats posed by Chinese-manufactured unmanned aerial systems (UAS or drones) and provides cybersecurity safeguards to reduce these risks to networks and sensitive data.

The biggest issue: the People’s Republic of China enacted laws that allow the government to use a variety of legal grounds to access data collected by Chinese businesses. Chinese-manufactured drones used for critical infrastructure operations potentially risk exposure of such information to the Chinese government. The CISA/FBI guidance provides the following mitigation recommendations:

• PLAN/DESIGN: Ensure secure, organization-wide development of the goals, policies, and procedures for the UAS program.
• PROCURE: Identify and select the UAS platforms that best meet the operational and security requirements of the organization.
• MAINTAIN: Perform regular updates, analysis, and training in accordance with the organization’s plans and procedures.
• OPERATE: Ensure proper operational and security policies are followed during operational usage.

While the guidance offers cyber safeguards and recommendations, critical infrastructure organizations are encouraged to utilize drones that are secure-by-design and manufactured by U.S. companies.