WASHINGTON – U.S. Sens. Mark R. Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, and Marsha Blackburn (R-TN) led a bipartisan group of senators in urging the Cybersecurity and Infrastructure Security Agency (CISA) to reevaluate the risks associated with the use of drones manufactured by Shenzhen DJI Innovation Technology Co., Ltd. (DJI), a company with deep ties to the Chinese Communist Party (CCP).
In 2022, DJI was officially identified as a “Chinese military company” by the Department of Defense following several warnings about its risks, including a 2017 intelligence bulletin warning that DJI was likely providing sensitive U.S. infrastructure and law enforcement data to the Chinese government. Despite this action, the use of DJI drones remains common throughout the country. In 2021, it was reported that DJI controlled almost 90% of the consumer drone market in North America and over 70% of the industrial market. And in 2019, it was reported that 73% of public safety organizations are flying the company’s aircraft.
“[T]he widespread use of DJI drones to inspect critical infrastructure allows the CCP to develop a richly detailed, regularly updated picture of our nation’s pipelines, railways, power generation facilities, and waterways,” the senators wrote in a letter to CISA Director Jen Easterly. “This sensitive information on the layout, operation, and maintenance of U.S. critical infrastructure could better enable targeting efforts in the event of conflict.”
CISA has previously taken action to warn against the purchase and use of DJI aircrafts. In 2019, CISA published an “industry alert” underscoring the federal government’s “strong concerns” with Chinese drones and warning entities to be “cautious” in purchasing them. However, since this alert more information regarding the severity of the threat has come to light, and the senators are asking for a complete analysis of the security risks posed by DJI drones to be conducted and made publicly available.
In addition to Sens. Warner and Blackburn, the letter was signed by Sens. Richard Blumenthal (D-CT), John Thune (R-SD) Jeanne Shaheen (D-NH), Rick Scott (R-FL), Kyrsten Sinema (I-AZ), Todd Young (R-IN), JD Vance (R-OH), Ted Budd (R-NC), Dan Sullivan (R-AK), Deb Fischer (R-NE), Mike Braun (R-IN), Cynthia Lummis (R-WY), Tommy Tuberville (R-AL), and Jerry Moran (R-KS).
Sen. Warner is a strong supporter of the domestic production of unmanned systems, including driverless cars, drones, and unmanned maritime vehicles. Earlier this year, he introduced the Increasing Competitiveness for American Drones Act, legislation that will clear the way for drones to be used for commercial transport of goods across the country. As Chairman of the Senate Intelligence Committee, he has led efforts in Congress to shore up U.S. national and cybersecurity against hostile foreign governments through unmanned air systems. Last month, Sen. Warner introduced legislation to prohibit the federal government from purchasing drones manufactured in countries identified as national security threats, such as the People’s Republic of China.
A copy of the letter can be found here and below.
Dear Director Easterly:
We write today regarding the cybersecurity risks posed by the widespread use of drones manufactured by Shenzhen DJI Innovation Technology Co., Ltd. (“DJI”) to operators of critical infrastructure and state and local law enforcement in the United States. In short, we believe that given the company’s identified connections to the Chinese Communist Party (“CCP”), the use of its drones in such sensitive contexts may present an unacceptable security vulnerability. We ask that the Cybersecurity and Infrastructure Security Agency (“CISA”) evaluate this concern and make the results of its evaluation available to the public through the National Cyber Awareness System.
China’s efforts to modernize the capabilities of the People’s Liberation Army (“PLA”), including through their “Military-Civil Fusion” strategy – which systematically blurs the lines between PLA and civilian science and technology research and development efforts – are well documented. In October 2022, the Department of Defense identified DJI as a “Chinese military company” operating in the U.S. under Section 1260H of the William M. (“Mac”) Thornberry National Defense Authorization Act for Fiscal Year 2021. Identification of this relationship between DJI and the PLA suggests a range of risks to U.S. operators of the technology, including that sensitive information or data could wind up in PLA hands. Indeed, Huawei, another entity identified under Section 1260H, has been credibly accused by the Department of Justice of misappropriating intellectual property and trade secret information from U.S. companies.
Yet, despite these risks, the use of DJI drones remains widespread throughout the U.S. In 2021, it was reported that DJI controlled almost 90% of the consumer market in North America and over 70% of the industrial market. And in 2019, it was reported that 73% of public safety operations are flown by the company’s aircraft. As a result, the CCP may have access to a variety of proprietary information. For example, a 2017 Department of Homeland Security assessment warned that Chinese companies had used grape production information gathered by a DJI drone purchased by a California wine producer to inform their own land purchasing decisions. Even worse, the widespread use of DJI drones to inspect critical infrastructure allows the CCP to develop a richly detailed, regularly updated picture of our nation’s pipelines, railways, power generation facilities, and waterways. This sensitive information on the layout, operation, and maintenance of U.S. critical infrastructure could better enable targeting efforts in the event of conflict.
We appreciate that CISA has addressed this risk in the past, most notably in a 2019 “Industry Alert,” stating the federal government’s “strong concerns” with Chinese drones and warning entities to be “cautious” in purchasing them. However, over the past four years more information regarding the scope of the problem has become available—including the official identification of DJI as a Chinese military company by the Department of Defense.
We therefore ask that CISA revisit its analysis of the security risks posed by the use of DJI-manufactured drones and release the results of that analysis publicly through the National Cyber Awareness System.