Chinese-manufactured drones 'pose a significant risk to critical infrastructure and U.S. national security,' DHS and FBI warn
Law enforcement agencies said they could steal data.
The Department of Homeland Security's cyber agency and the Federal Bureau of Investigation are warning that Chinese-manufactured drones "pose a significant risk to critical infrastructure and U.S. national security," and could steal American data, according to a public service announcement released on Wednesday.
DHS' Cybersecurity and Infrastructure Security Agency (CISA) and the FBI say that because of Chinese law that allows for the government to access data held by private firms, American data that's connected to drones could be at risk.
"The use of Chinese-manufactured UAS requires careful consideration and potential mitigation to reduce risk to networks and sensitive information," the document read.
China is the country's most "advanced, active, and persistent cyber threat," according to the White House, and one of the reasons why is that they can exploit data that is used by American consumers.
"Central to this strategy is the acquisition and collection of data - which the PRC views as a strategic resource and growing arena of geopolitical competition," the release said. "The use of Chinese-manufactured UAS in critical infrastructure operations risks exposing sensitive information to PRC authorities, jeopardizing U.S. national security, economic security, and public health and safety."
The agencies said a 2021 law expanded China's access "and control of companies and data within China and imposes strict penalties on China-based businesses for non-compliance."
"The data collected by such companies is essential to the PRC's Military-Civil Fusion strategy, which seeks to gain a strategic advantage over the United States by facilitating access to advanced technologies and expertise," the release said.
More and more critical infrastructure companies are relying on drones or as the government identifies them, Unmanned Aircraft Systems (UAS) because it is more cost-effective.
"Our nation's critical infrastructure sectors, such as energy, chemical and communications, are increasingly relying on UAS for various missions that ultimately reduce operating costs and improve staff safety. However, the use of Chinese-manufactured UAS risks exposing sensitive information that jeopardizes U.S. national security, economic security, and public health and safety," said CISA Executive Assistant Director for Infrastructure Security, Dr. David Mussington.
According to the press release, Chinese drones are "capable of receiving and transmitting data."
Some ways the Chinese could exploit drones are by transferring data and collecting it, through software updates, and by utilizing the docking stations as data collectors. For example, plugging in a docking station into an outlet shared on a network could give the device access to other data including "sensitive imagery, surveying data, facility layouts."
The consequences of this data harvesting could "result in significant consequences to critical infrastructure security and resilience," the agencies warn.
Those include exposing intellectual property to Chinese companies, providing details of critical infrastructure operations, compromising cybersecurity and physical security controls, and exposing network details to make it easier for Chinese hackers to get into a system.
CISA and the FBI urge companies and individuals to isolate Chinese-made drones from their network and get regular maintenance to maintain adequate security measures.