U.S. Army Issues Memorandum Banning Use of DJI Products Due to Cybersecurity Issues

Robinson+Cole Data Privacy + Security Insider

Last week, the U.S. Army issued a memorandum discontinuing the use of DJI drone products due to cybersecurity concerns. The memorandum said, “Due to increased awareness of cyber vulnerabilities associated with DJI products, it is directed that the U.S. Army halt use of all DJI products. This guidance applies to all DJI UAS and any system that employs DJI electrical components or software including, but not limited to, flight computers, cameras, radios, batteries, speed controllers, GPS units, handheld control stations, or devices with DJI software applications installed.” It wasn’t long before this ban that the U.S. banned the use of closed circuit television (CCTV) cameras on critical infrastructure if the CCTV was manufactured in China.

DJI drones, especially with the launch of the Spark, can take off and land almost autonomously in your hand. They are easy to fly right out of the box, which is perhaps why they are the most popular drone on the shelf right now. But what happens with the drone’s flight log information, GPS positioning data, aerial sensor captured data and the data collected within coinciding apps on your device? Most of this data gets transmitted back to DJI’s servers. Specifically, DJI syncs your flight logs and images to their servers, and caches data from your app when offline and then re-syncs the data to their servers when online, including audio and video data. While these practices are mentioned in the DJI drone manuals, many drone operators are unaware of this constant data collection. And for many commercial drone operators, working as an independent contractor for a company, can’t firmly state that the set of data they provide to the company is the only single copy in existence—so what if you were gathering highly sensitive infrastructure data? The solution is closed systems which can better secure and protect the data collected during a drone operation.

In response to the U.S. Army’s memorandum, DJI said, “We are surprised and disappointed to read reports of the U.S. Army’s unprompted restriction on DJI drones as we were not consulted during their decision. We are happy to work directly with any organization, including the U.S. Army, that has concerns about our management of cyber issues. We’ll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by ‘cyber vulnerabilities’.” We will watch for an update on this front.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.