Citing a worry over “cyber vulnerabilities,” the U.S. Army this week ordered that all drones built by China-based DJI, the world’s biggest drone maker, be immediately removed from Army service. The order comes following a classified study of the issue completed in May by the Army Research Laboratory, and the simultaneous release of a Navy memorandum titled “Operational Risks with Regards to DJI Family of Products.”
According to aviation attorney Jonathan Rupprecht, the FAA has recently created more than 500 security-related flight restrictions prohibiting unpiloted aircraft flights over military locations. Last month, Air Force General Mike Holmes of the Air Combat Command at Langley AFB in Virginia revealed that quadcopters had penetrated controlled air space at unidentified air bases, with one drone overflying a flight line. Drones are known to overfly sensitive nuclear sites, and Holmes has requested authority to down unpiloted aircraft.
According to Patrick Egan, North American Editor for SUAS News, which covers the drone industry, this is not the first time DJI products have been grounded by U.S. government agencies over security concerns. He says NASA and the Department of Energy have already stopped using DJI products. When Egan looked into why, he says they weren’t allowed to use the drones “because they are Chinese.”
Information provided by the Department of Interior last year in response to a Freedom of Information Act request by cyber security expert David Kovar confirms that DJI products had already been grounded by the Department of Energy due to security concerns. The same documents show that Interior had decided to purchase products built by California-based 3D Robotics because of security concerns about DJI. Just this week, however, DJI announced a partnership with 3DR whereby DJI aircraft would become compatible with 3DR surveying software.
According to Blades, because DJI is privately owned, it could be more vulnerable than public corporations would be to pressure from the Chinese government to provide access to drone data. With drones being used more and more for inspections and surveys, the fear is that the Chinese government could develop a massive database of information about critical civilian U.S.infrastructure, in addition to any government- or military-related data or imagery that DJI drones may be capturing.
Not everyone is convinced that DJI is spying. Kevin Finisterre, Senior Software Security Engineer at Department 13, a firm focused on anti-drone work, said by email, “Even though I tend to be one of the more vocal folks against DJI, I have to caution folks on some of the lines of commentary here, as none of them have been ‘technically’ proven. I get the ‘allowing them to build a massive infrastructure database of this country’ line of chatter, but I have yet to see any factual basis for it.”
DJI operates a website called Skypixel, where drone pilots can share photos and video, but Finisterre says there is no proof as yet of an intent to use this material for any other purpose.
Adam Lisberg, Corporate Communications Director for DJI’s North America operations, released a statement this week saying, “We are surprised and disappointed to read reports of the U.S. Army’s unprompted restriction on DJI drones, as we were not consulted during their decision. We are happy to work directly with any organization, including the U.S. Army, that has concerns about our management of cyber issues.
“We’ll be reaching out to the U.S. Army to confirm the memo, and to understand what is specifically meant by ‘cyber vulnerabilities.’ Until then, we ask everyone to refrain from undue speculation.”