Senators call on CISA to examine cybersecurity risks of Chinese consumer drones

A bipartisan group of senators is asking the Cybersecurity and Infrastructure Security Agency (CISA) to examine consumer drones made by a company with “deep ties” to the Chinese Communist Party, warning that they could be used to spy on U.S. critical infrastructure.

Several companies are in the process of expanding the use of consumer drones across the U.S. for everything from food delivery to emergency services. But U.S. senators Mark Warner (D-VA) and Marsha Blackburn (R-TN) said CISA needs to step in and “reevaluate the risks associated” with drones built by Shenzhen DJI Innovation Technology – a company they accuse of having links to China’s government.

“[T]he widespread use of DJI drones to inspect critical infrastructure allows the CCP to develop a richly detailed, regularly updated picture of our nation’s pipelines, railways, power generation facilities, and waterways,” the senators wrote in a letter to CISA Director Jen Easterly. “This sensitive information on the layout, operation, and maintenance of U.S. critical infrastructure could better enable targeting efforts in the event of conflict.”

A CISA spokesperson said it will not comment on the letter publicly and plans to respond directly to the senators.

DJI did not respond to requests for comment but the senators noted that CISA published its own alert in 2019 raising “concerns” about all drones manufactured in China. DJI is not specifically mentioned in the alert.

“However, since this alert more information regarding the severity of the threat has come to light, and the senators are asking for a complete analysis of the security risks posed by DJI drones to be conducted and made publicly available,” the senators said.

The letter hinges on a more recent determination by the Defense Department that DJI is a “Chinese military company” and notes that an unreleased intelligence bulletin warning from 2017 said DJI “was likely providing sensitive U.S. infrastructure and law enforcement data to the Chinese government.”

The senators said they are alarmed by several reports indicating that DJI is dominating the drone market.

Reuters reported in 2021 that DJI controlled nearly 90% of North America’s consumer drone market and about 70% of the industrial drone market. A 2019 white paper from public safety non-profit Drone Responders said 73% of public safety organizations are using DJI drones.

“In short, we believe that given the company’s identified connections to the Chinese Communist Party, the use of its drones in such sensitive contexts may present an unacceptable security vulnerability,” they wrote. “We ask that the Cybersecurity and Infrastructure Security Agency evaluate this concern and make the results of its evaluation available to the public through the National Cyber Awareness System.”

The letter warned that sensitive information or data could wind up in the hands of China’s military, noting that tech giant Huawei was accused by the Justice Department of “misappropriating intellectual property and trade secret information from U.S. companies.”

The stolen information may range from sensitive military data to more benign theft. The senators cited a 2017 Department of Homeland Security assessment that DJI had taken information from a drone used by a California wine producer and given it to Chinese grape companies to gain an edge on their own production and land purchasing processes.

The letter to Easterly was signed by 14 other senators from both parties.