Get short URL
The US Department of the Interior (DOI) has grounded its fleet of 810 drones over fears the fleet’s Chinese-made drones could leave sensitive information they handle vulnerable to hacking – a reversal of their previous vindication of the Chinese drones they use.
In its latest attack on Chinese tech companies, another US government department has taken dramatic measures in response to perceived fears their Chinese-made equipment could become espionage tools for Beijing.
“Drones for non-emergency operations will remain grounded while the Interior Department reviews the possibility of potential threats and ensures a secure, reliable and consistent drone policy that advances our mission while keeping America safe,” DOI spokesperson Carol Danko said in a Wednesday press release.
Danko noted some drone operations will continue to be allowed in emergency situations, including fighting wildfires, search and rescue operations and other types of natural disasters “that may threaten life or property.”
A Rising Tide of Suspicion
The decision follows an October order that temporarily grounded the fleet, and its formalization follows a spate of warnings from the Pentagon about the espionage dangers Chinese-made drone systems could potentially pose, culminating in an all-out ban on their purchase in the 2020 National Defense Authorization Act, signed into law last month.
For example, an internal US Navy directive dating to 2017 warns that drones from Shenzhen-based Dà-Jiāng Innovations (DJI) “should be considered highly vulnerable in the cybersecurity realm and employed accordingly … While encrypted, open source research indicates numerous techniques available to passively view the video and metadata from the air vehicle as well as assume control over the air vehicle by adversaries.”
In another warning from the Department of Homeland Security’s Infrastructure Security Agency in May 2019, the agency advises companies to “be cautious when purchasing [drone] technology from Chinese manufacturers as they can contain components that can compromise your data and share your information on a server accessed beyond the company itself … Manufacturers and vendors can build in malware or collect data from your UAS device without your knowledge.”
However, while a senior DOI official told Cyberscoop Wednesday’s order “does not specifically mention Chinese [drones] because we wanted to leave it open in case there are additional foreign-made sources that may be issues,” they conceded “there is an emphasis on Chinese-made drones without question.”
Decision Contradicts Prior Findings
The decision directly contradicts July 2019 conclusions by the DOI vindicating DJI’s “high-security” drones following a rigorous 15-month testing period. The report determined DJI was able to meet performance, scalability and price requirements domestic drone providers could not, advising the DOI to acquire Matrice 600 Pro and Mavic Pro drones from DJI but continue third-party security validation.
The DOI website lists two DJI drone models in the department’s fleet: specialized “government editions” of the Matrice 600 Pro and Mavic Pro, although it doesn’t say how many of the drones the department uses.
DJI fired back on Wednesday, saying the order “inappropriately treats a technology’s country of origin as a litmus test for its performance, security and reliability” and denouncing “politically-motivated country of origin restrictions masquerading as cybersecurity concerns.”
“This decision makes clear that the US government’s concerns about DJI drones, which make up a small portion of the DOI fleet, have little to do with security and are instead part of a politically-motivated agenda to reduce market competition and support domestically produced drone technology, regardless of its merits,” the statement continues.
“DJI makes some of the industry’s most safe, secure, and trusted drone platforms for commercial operators. The security of our products designed specifically for the DOI and other US government agencies have been independently tested and validated by US cybersecurity consultants, US federal agencies including the Department of Interior and the Department of Homeland Security, which proves today’s decision has nothing to do with security.”
When it comes to civilian drones, DJI has got the market pretty much cornered, making up 74% of civilian drone sales worldwide, according to a 2018 estimate by Skylogic Research, a drone analysis company. As Western intelligence agencies have raised warnings about Chinese tech companies in recent years, firms like DJI have joined Huawei, ZTE, Dr. Peng and others in being singled out for exclusion by Western governments, especially the so-called “Five Eyes” Anglophone intelligence-sharing countries of the UK, US, Canada, Australia and New Zealand.
They claim that Chinese tech companies, with their connections to the Chinese state, have been or could be forced to hand over user data, including sensitive information, to Beijing authorities, turning them into surreptitious arms of Chinese government intelligence.
In June, DJI Vice President and Regional Manager for North America Mario Rebello pushed back, saying in a letter to the US Senate Commerce Committee that DJI drones “do not share flight logs, photos or videos unless the drone pilot deliberately chooses to do so.” Rebello’s claims have been echoed by leaders of other tech giants doing business in the West, such as Huawei, which found itself blacklisted last May by the US Department of Commerce, alongside 70 other Chinese firms.