FBI: Farms at Risk by Chinese Drones

Unmanned Aircraft Systems, or drones, pose a significant risk to critical infrastructure and U.S. national security, specifically from those made in China according to a January threat assessment by the FBI and Cybersecurity and Infrastructure Security Agency.

“Basically Chinese company data belong to the Chinese government, is what in essence the laws in China say.” 

That’s Doug Jacobson, Director of the Iowa State University Center for Cybersecurity Innovation and Outreach and speaks with farmers dealing with threats online.

“Ag is one of the 16 critical infrastructures and I would agree it’s one of the most critical ones.” 

And critical infrastructure managers are specifically who the FBI announced this warning for. Three laws in China, passed within the last decade, require its companies to provide collected data, impose strict penalties on non-compliance, and demand cyber vulnerabilities be disclosed with the government before sharing overseas. The FBI says the last one could let China exploit flaws before they’re known.

Jacobson says there’s really two issues with a drone.

“There’s the app you typically have on your phone, but maybe on your laptop, that app is collecting data. Especially on your phone it’s collecting all sorts of data from your phone. And then the drone itself it’s out taking pictures so that data the drone is collecting is also data that could be used by the Chinese government.” 

And without mitigations in place, the widespread deployment of Chinese-manufactured drones in key U.S. sectors is a national security concern according to the FBI, which encourages critical infrastructure owners and operators to buy drones following secure-by-design principles, including those manufactured by U.S. companies.

“Look at where they come from, if you’re talking about things that are connected to the internet, you want to buy from reliable sources and reliable companies who believe in privacy and believe in security.” 

The FBI points out three specific areas of vulnerability: Data Transfer and Collection, Patching and Firmware Updates, and Broader Surface for Data Collection. And it gives some cybersecurity advice Jacobson says applies across devices.

“Multifactor is critical for any sort of financial data or basically any data that you have. This network segmentation, yeah, you don’t want the same network that ‘s running your farm to be also accessible by the general public or people who come to visit your farm.” 

As more businesses use drones to reduce operating costs and improve staff safety. The Cybersecurity and Infrastructure Security Agency calls for urgent attention to China’s cyber operations to steal intellectual property and sensitive data from organizations.