Release Cybersecurity Guidance on Chinese-Manufactured UAS for Critical Infrastructure Owners and Operators 

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released, Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems (UAS), to raise awareness of the threats posed by Chinese-manufactured UAS and to provide critical infrastructure and state, local, tribal, and territorial (SLTT) partners with recommended cybersecurity safeguards to reduce the risk to networks and sensitive information. 

The People’s Republic of China (PRC) has enacted laws that provide the government with expanded legal grounds for accessing and controlling data held by firms in China. The use of Chinese-manufactured UAS in critical infrastructure operations risks exposing sensitive information to PRC authorities. This guidance outlines the potential vulnerabilities to networks and sensitive information when operated without the proper cybersecurity protocols and the potential consequences that could result.  

“Our nation’s critical infrastructure sectors, such as energy, chemical and communications, are increasingly relying on UAS for various missions that ultimately reduce operating costs and improve staff safety. However, the use of Chinese-manufactured UAS risks exposing sensitive information that jeopardizes U.S. national security, economic security, and public health and safety,” said CISA Executive Assistant Director for Infrastructure Security, Dr. David Mussington. “With our FBI partners, CISA continues to call urgent attention to China’s aggressive cyber operations to steal intellectual property and sensitive data from organizations. We encourage any organization procuring and operating UAS to review the guidance and take action to mitigate risk. We must work together to ensure the security and resilience of our critical infrastructure.”  

“Without mitigations in place, the widespread deployment of Chinese-manufactured UAS in our nation’s key sectors is a national security concern, and it carries the risk of unauthorized access to systems and data,” said Assistant Director of the FBI’s Cyber Division, Bryan A. Vorndran. “The FBI and our CISA partners have issued UAS guidance in order to help safeguard our critical infrastructure and reduce the risk for all of us.”   

Critical infrastructure organizations are encouraged to operate UAS that are secure-by-design and manufactured by U.S. companies. This guidance offers cybersecurity recommendations that organizations should consider as part of their UAS program, policies, and procedures.  

For more information, please visit CISA’s Unmanned Aircraft Systems Resources webpage.  

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on Twitter, Facebook, LinkedIn, Instagram.