Site icon DRONELIFE

DJI’s Rebuttal: Safeguarding Data Privacy and Cybersecurity

Future of Commercial Drones 2024, DJI responds Chinese drone data security
Photograph by D Ramey Logan, CC BY 4.0

DJI’s Rebuttal to National Security Concerns Surrounding Chinese Drones

In a recent joint publication, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) expressed concerns about Chinese-manufactured unmanned aircraft systems (UAS) and their potential risks to critical infrastructure and U.S. national security. The guidance underscores the need for caution when procuring and operating such UAS due to data access issues and cybersecurity vulnerabilities associated with Chinese entities.

AUVSI, a drone advocacy group, supported the CISA and FBI guidance, with Chief Advocacy Officer Michael Robbins calling for a shift away from unsecure PRC drones and foreign supply chains. “Organizations collecting sensitive information must shift away from unsecure PRC drones,” stated Robbins.

DJI, the world’s largest drone manufacturer, responded to the allegations with a comprehensive rebuttal, reaffirming its commitment to data privacy and security. DJI’s response included these facts:

FACT #1:  DJI created the market for ready-to-fly civilian and commercial drones almost two decades ago and has invested heavily in robust safety and security protections as well as expanded user data privacy controls for our products.

FACT #2: Customers only share flight logs, images or videos with us if they affirmatively choose to do so. Default collection does not exist with us.

FACT #3: Operators of our consumer and enterprise drones can choose to ‘fly offline’ through Local Data Mode, ensuring that no unauthorized parties can get access to their drone data.

FACT #4: Since 2017, we have regularly submitted our products for third-party security audits and certification. These U.S. and European cybersecurity experts buy our products off the shelf and conduct the review independently. Their findings validate that we provide best-in-class data security and data privacy protections.

The company emphasized certifications obtained for data security, such as the DJI Core Crypto Engine’s NIST FIPS 140-2 certification and DJI FlightHub 2’s ISO 27001 certification.

The CISA publication focused primarily on the laws specific to China allowing the Chinese government to access data held by Chinese companies, stating:

While any UAS could have vulnerabilities that enable data theft or facilitate network compromises, the People’s Republic of China (PRC) has enacted laws that provide the government with expanded legal grounds for accessing and controlling data held by firms in China. The use of Chinese-manufactured UAS requires careful consideration and potential mitigation to reduce risk to networks and sensitive information.

DJI clarified its stance on disclosing information based on local laws and regulations, asserting that any disclosure would adhere to legal requirements within the national jurisdiction of the government agency making the request and pointing out that they could only disclose data that they collected: not data that users chose not to share.

Despite geopolitical challenges and accusations, DJI advocated for the development of a clear technology-based standard for drone security, applicable to all manufacturers regardless of their country of origin. The company urged industry-wide adherence to such standards to enhance overall drone and data security.

While US government concerns persist about Chinese-manufactured UAS, DJI’s detailed response provides insights into its data privacy measures, cybersecurity practices, and its commitment to addressing industry challenges. The ongoing dialogue underscores the need for nuanced discussions surrounding security concerns in the drone industry.

Read more:

 

Exit mobile version