‘The CCP has subsidized drone companies such as DJI and Autel in order to destroy American competition and spy on America’s critical infrastructure sites.’
U.S. owners and operators of critical infrastructure are being warned not to use Chinese-made unmanned aircraft systems (UAS) due to security risks, in a memo and report issued on Jan. 17 by the FBI and Cybersecurity and Infrastructure Security Agency (CISA).
“Our nation’s critical infrastructure sectors, such as energy, chemical and communications, are increasingly relying on UAS for various missions that ultimately reduce operating costs and improve staff safety,” David Mussington, executive assistant director for CISA’s Infrastructure Security, said in a memo that accompanied the report, titled “Cybersecurity Guidance: Chinese-Manufactured UAS.”
“However, the use of Chinese-manufactured UAS risks exposing sensitive information that jeopardizes U.S. national security, economic security, and public health and safety.”
“Urgent attention” must be paid to “China’s aggressive cyber operations to steal intellectual property and sensitive data from organizations,” Mr. Mussington added.
Chinese-made drones have long been a concern in the United States, particularly those made by China-based Da Jiang Innovations (DJI), which is the world’s largest manufacturer of commercial drones. In December 2020, the Commerce Department added DJI to its export control list for being complicit in the Chinese regime’s human rights abuses. Two years later, the Pentagon added DJI to its list of “Chinese military companies” that are operating directly or indirectly in the United States.
The FBI–CISA report doesn’t mention DJI or other Chinese UAS makers by name.
Chinese Laws
However, it highlights the risks associated with using Chinese-made drones by pointing to different Chinese laws, including the National Intelligence Law that took effect in 2017, which compels Chinese companies to hand over data collected within China and elsewhere to Beijing’s intelligence agencies.
“The 2021 Data Security Law expands the PRC’s access to and control of companies and data within China and imposes strict penalties on China-based businesses for non-compliance,” the report says, referring to China’s official name, the People’s Republic of China.