On June 18, 2019, U.S. subcommittee on security met for the hearing titled, “Drone Security: Enhancing Innovation and Mitigating Supply Chain Risks.” The hearing examined “security threats and challenges posed by unmanned aircraft systems (UAS), including the status of UAS detection and mitigation technology and capabilities.” It also reviewed the “legal and regulatory authorities granted to government agencies to mitigate UAS threats, and any recent deployment of UAS detection and mitigation technologies.”
Five leaders and experts in the UAS industry gave key witness testimony expressing their concerns and views over the present and future state of drones in the national airspace. Each witness’s testimony can be read in full by clicking the links below:
- Testimony for Dr. Catherine Cahill, Director, Alaska Center for UAS Integration, Geophysical Institute, University of Alaska Fairbanks
- Testimony for Mr. Harold Shaw, Chief Security Officer and Director of the Corporate Security and Emergency Preparedness Department, Massachusetts Port Authority
- Testimony for Ms. Angela Stubblefield, Deputy Associate Administrator, Office of Security and Hazardous Materials, Federal Aviation Administration
- Testimony for Mr. Harry Wingo, Faculty, College of Information and Cyberspace, National Defense University
- Testimony for Mr. Brian Wynne, President and Chief Executive Officer, Association for Unmanned Vehicle Systems International
Overall, each testimony commended and praised the FAA for continuing to work with other government agencies and helping further UAS developments through UAS IPP initiatives and other rulemaking. However, each testimony did highlight concerns to what the FAA and the government must do together for the successful and timely integration of UAS into the NAS.
Senate Hearing on UAS Security: Key Points
- Continuing concerns over UAS threats to airport and aircraft safety
- Giving state and local law enforcement more authority
- Implementing Remote ID is a must
- Taking an Airspace management approach
- Protecting U.S. privacy and data, concerns over Chinese products
Continuing concerns over UAS threats to airport and aircraft safety
Many of the testimonies highlighted the risks UAS present to airports and aircraft passenger safety. Airports have been working with the FAA to implement countermeasures such as UAS detection. Since the FAA released the letter to airport operators, we know that only passive detection technology is allowed for airports to use and operators obtain approval from the FAA before they install UAS detection technology.
Airports need tools to detect drones
Mr. Shaw, the chief security officer for the Massachusetts Port Authority, stated quite plainly that after conducting table-top exercise with various government agencies which included: the FAA control tower at Logan, Massachusetts State Police, the FBI, TSA, and the Massachusetts Department of Transportation they were able to examine their security procedures, identify security gaps, and determine their need for drone detection technology. According to Mr. Shaw, the drill “validated our concern that we lack the tools to help us identify potential unauthorized UAS’s or confirm sightings from pilots. We need technical solutions to increase our situational awareness with real-time intelligence so that we can detect and neutralize potential threats as quickly as possible.”
Ms. Stubblefield commended the FAA’s working with airports for counter-UAS deployment and stated, “the FAA wants to coordinate with airports that plan to use UAS detection systems to ensure deployment and use does not create interference or obstruction with aviation safety and efficiency systems at the airport.” She acknowledged the FAA would “undertake several pilot program activities related to testing and evaluation of UAS detection and mitigation technology, including at airports.” Mr. Shaw also commented on the pilot program for testing UAS detection systems at five yet-to-be chosen airports, where he commends the federal agencies involvement and hopes together they can “integrate UAS into the airspace while fostering safe and secure airport operations.”
Giving state and local law enforcement more authority
There is a need for regulatory changes that would allow state and local law enforcement to have authority to regulate and assist with UAS threats. Mr. Shaw made a strong appeal “to this Committee and to Congress to take additional steps that will empower state and local partners to take charge of their own safety.” The Reauthorization Act of 2018 and The Preventing Emerging Threats Act of 2018 authorized federal agencies to intercept and neutralize UAS that pose a threat to safety; however, the agencies lack the capability to provide continuous coverage across the nation. Mr. Wynne pointed out in his testimony that UAS mitigation authority is limited to the Department of Defense, Department of Energy, Department of Homeland Security and the Department of Justice. This leaves state and local authorities with their hands tied with regards to taking action against drone threats.
Implementing Remote ID is a must
The implementation of Remote ID was another key theme is many of the testimonies. Remote ID is seen as the key to safely integrating UAS into the NAS and the catalyst for increasing commercial drone applications. Many testified on the importance of drafting the Remote ID rules and how crucial it is to both the safety and security of UAS use. Mr. Wynne stated, “the implementation of a remote identification system would not just alleviate security concerns; it would also serve as the linchpin needed to advance the UAS industry beyond what is currently possible.”
Mr. Wynne went how to reiterate the importance by saying, “Remote ID is vital for the realization of a UAS Traffic Management (UTM) system, which would work alongside the existing air traffic control system to reduce barriers to innovation and improve the security of the national airspace.”
Taking an Airspace Management approach
Every testimony discussed how regulatory practices must evolve to keep up with the ever-increasing use of drone technology. Yet, Mr. Wynne also put into words what we at 911 Security have written about before, that is moving beyond UAS security and looking at it from an airspace management perspective. Remote ID, UTM, and drone detection fit work to provide a complete view of airspace traffic.
We firmly believe that by unlocking the benefits coming from the remote ID initiative and developing sophisticated airspace management solutions, we can move closer to safely integrating advantageous drone use while curbing the malicious use of drone.
Protecting U.S. privacy and data, concerns over Chinese products
The importance of protecting U.S. privacy and data was another important theme in all the testimonies during last week’s hearing. With two of the witnesses (Dr. Cahill and Mr. Wingo) actually calling out DJI over privacy concerns. Their main concerns are that DJI is sending data back to the Chinese government.
Mr. Wingo takes a harsh stance on Chinese made drones, by saying their dominance of the U.S. drone market is “a special class of risk” and “China poses the most serious potential threat to U.S. drone security.” Mr. Wingo warned of the many threats in the UAS supply chain which “range from counterfeit parts to “back doors” installed to enable remote control of drones or otherwise disrupt UAS operations.” He also called attention to the over-reliance on Chinese drones and the “Three Ds” of strategic drone supply chain risk:1) Data Flow 2) Dual Use 3) Dependency. He is concerned that the “Three Ds” pose a threat to National security risk.
In recommendation to overcome risks, Mr. Wingo strongly encourages incentives for drones to be made in the USA. He also admits it would be quite difficult to disentangle “our micro-electronics supply chain completely from China,” but goes on to recommend cultivating alternative manufacturing partners. Dr. Cahill shares Mr. Wingo’s sentiment on using drones made in the USA, she stated that the “ACUASI is moving towards larger, U.S.-built UAS, like our Griffon Aerospace Outlaw SeaHunter, built in Madison, Alabama.”
Mr. Wingo also asks the subcommittee to “explore the role that open source initiatives like the DroneCode Project might play in providing more transparency, particularly if U.S. companies continue to purchase Chinese platforms.”
Dr. Cahill wraps up her testimony with the significance of maintaining data integrity by stating “the U.S. needs to ensure that it does not give up security, intellectual property, and UAS manufacturing capacity during this rush to advance the positive aspects of UAS technologies at the lowest cost possible.”
DJI responds to privacy claims made during the Senate hearing
On June 24, 2019, DJI, the world’s leading manufacturer of civilian drones and aerial imaging technology, sent a letter to the U.S. Senate Commerce, Science, and Transportation Subcommittee on Security in response to the “inaccurate information” presented during the US Senate hearing.
In response to the very harsh testimony, DJI’s VP and regional manager of North America, Mario Rebello, sent a very thorough letter going over every detail in order to set the facts straight. You can read DJI’s full letter here: DJI response letter to senate hearing.
Mr. Rebello writes that DJI is deeply concerned “the unsubstantiated speculation and inaccurate information presented during your Subcommittee hearing will put the entire U.S. drone industry at risk, causing a ripple effect that will stunt economic growth and handcuff public servants who use DJI drones to protect the public and save lives.”
Key points from DJI’s Response:
- DJI customers have full control of their data
- DJI drones are the preferred choice of state and local public safety agencies
- DJI invests and creates value in the US economy
- DJI leads the drone industry on safety measures
DJI customers have full control of their data
In the letter, DJI stresses the claims are false and gives the following explanations:
This speculation about DJI’s technology is simply wrong. To be clear:
- DJI drones do not share flight logs, photos or videos unless the drone pilot deliberately chooses to do so. They do not automatically send flight data to China or anywhere else. They do not automatically transmit photos or videos over the internet. This data stays solely on the drone and on the pilot’s mobile device. DJI cannot share customer data it never receives.
- DJI’s professional pilot app has a built-in setting to disconnect all internet connection, as an extra precaution for pilots performing sensitive flights. Unlike some technology companies, DJI does not sell or monetize customer data.
- DJI embeds password and data encryption features in the design of our products. This provides customers with secure access to the drone and its onboard data. In cases when U.S. drone users do choose to share their data, it is only uploaded to U.S. cloud servers.
- DJI operates a global Bug Bounty Program so the world’s security researchers can identify unforeseen security issues, and we hire independent security experts to test our products. These are just some of the steps we take to assure high-security users they can use our products with confidence.
Stay tuned for more news on DJI and their latest push towards privacy and security by releasing their Government Edition drone system, which the company also announced the same day this letter was released. The Government Edition was developed specifically for data sensitive government operations.
DJI also updated their YouTube channel with a video showcasing their support to meet the stringent requirements of the government sector for data management, risk mitigation, and enterprise-level data sharing control.