Home > Uncategorized > Dept. of Interior Bans use of DJI products due to national security concerns

Dept. of Interior Bans use of DJI products due to national security concerns

[An update to this discussion may be found here. Another perspective from a very respected gentleman who has been covering UAVs for quite awhile may be found here.]

The quoted post, below, appeared on the Facebook group “Commercial sUAS Operators” on July 7th. It was taken down very rapidly and no further discussion on the topic appeared. I spoke with Dennis Bosak SSA this morning and he confirmed the statement as written. Any further details must be requested in writing.

Another story is circulating that the DOI has either retracted the ban or it was never in place. However no copy of that memo can be made available and Mr. Bosak stood by his statement as of 0730 this morning.

To summarize, the Department of the Interior is banning any internal use of DJI products due to concerns about the product’s automatic uploading of telemetry and other information to DJI servers during firmware updates.

Last year I developed a presentation on cyber security and consumer/commercial UAVs. In that presentation I noted that we are self selecting areas of interest – test crops, critical infrastructure, disaster sites, … – and sending highly detailed information about these sites to often poorly understood cloud infrastructure.

Apparently, according to this post, the Department of the Interior has also identified this risk. Worse, it appears that DJI products are automatically sending sensitive telemetry information to their own servers. As the following announcement notes, DJI is a Chinese firm and some conclusions must be considered.

Many applications collect profile and debugging information for legitimate purposes. Most of those applications give the user an opt-in option. DJI could quickly defuse this situation by releasing an update that provides this option while also demonstrating that all such communication has been terminated. Regaining the trust of their clients, and of the U.S. Government, may be more difficult.

DJI is just one vendor. There are many others, hardware, software, and service. What are these vendors doing with the data you are collecting about your potentially sensitive sites?

OAM – Office of Acquisition Management
DOI – Department of the Interior
“All,
OAM had a telecom this morning with the aviation manager at DOI.
During that conversation we learned that they have banned the use of DJI products (which include the popular Phantom and Inspire aircraft) as they discovered that their products record telemetry information, to include routes flown, altitudes, etc., and send that recorded information to DJI each time the aircraft is plugged into a computer to perform a software/firmware update. As DJI is a Chinese company the security issue is readily apparent.

OAM highly recommends that, before choosing any particular aircraft, from any manufacturer, especially those that might be used for sensitive purposes, that your technical people fully understand what information may be transmitted, to whom it might be transmitted to, and whether it matters to your program.

Please distribute this information as widely as possible.

Dennis Bosak SSA
Department of the Interior
Office of Law Enforcement and Security
1849 C Street NW
Washington DC 20240
202 208-5836”

Advertisements
Categories: Uncategorized
  1. D Bosak
    July 8, 2016 at 8:14 pm

    The statement written above was not authored by SSA Bosak as it appears nor is he an expert in this field. Recently some email communictons have claimed the Depatment of Inteior had “banned” the use of particular UAS products. THIS IS NOT TRUE. DOI does not “Ban” any aircraft manufacturers or aircraft types/models, manned or unmanned. They select aircraft for acquisition based on their ability to meet a broad range of safety, mission, technical, etc. requirements. Those that aren’t selected for particular DOI acquisitions aren’t “banned” and may continue to make offers to future DOI solicitations: where those specific requirements and thier evolving capabilities may intersect. Any questions regarding this matter should be made to the Department of Interior, Office of Aviation Mananagment

    • July 10, 2016 at 8:08 am

      If you are the D Bosak I spoke with on Friday morning, you stated that you stood by the post. If there is a different version of the post that is more accurate, I would be quite happy to update my post.

      I agree, the products are not banned. However, it is very reasonable to assume that DOI will not buy any UAV products that send telemetry data to servers in China for national security reasons.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: