The US Department of Defense issued a statement Friday saying its position is that “systems produced by Da Jiang Innovations (DJI) pose potential threats to national security.”
The statement appears to have been triggered by a recent Pentagon audit that suggested at least two of DJI’s drones had been assessed and posed no cybersecurity risks. We wrote about that at the time, and DJI was quick to amplify that two of its products had apparently been cleared.
Not so fast, is the message from the Department of Defense.
Bad news for DJI
Having the US Department of Defense say your products pose potential threats to national security must sting. The company had previously been placed on the Department of Commerce’s Entity List, alleging DJI technology had played a role in human rights abuses against the Muslim Uighur minority group in China. Being on the Entity List bans the transfer of technology from the US to China. DJI, meanwhile, has been pushing back against what it calls data security “myths” for more than a year.
But the issue remains. That’s despite DJI’s position there is no evidence of cybersecurity risks, along with the fact the company produces some “Government Edition” models intended to offer additional protection for government and certain Enterprise clients.
The Department of Defense release
The statement not only says the products pose potential threats to national security, it also makes reference to the Pentagon Audit reported by The Hill. This is direct from the DoD statement:
A recent report indicated that certain models of DJI systems had been found to be approved for procurement and operations for US government departments and agencies. This report was inaccurate and uncoordinated, and its unauthorized release is currently under review by the department. In 2018, DOD issued a ban on the purchase and use of all commercial off-the-shelf drones, regardless of manufacturer, due to cybersecurity concerns. The following year, Congress passed legislation specifically banning the purchase and use of drones and components manufactured in China. DOD complies with Section 848 of the FY20 National Defense Authorization Act (NDAA) and additional guidance provided by Executive Order 13981.
Against this backdrop, there’s Blue sUAS
A division of the Department of Defense, the Defense Innovation Unit, has selected five US-made drones that meet certain technical criteria. These endorsed drones are considered as “approved” for purchase by government departments and related agencies.
But earlier this week, there was a dust-up in this realm as well. A report in the Financial Times attributed to the Department of Interior was critical of the Blue sUAS products, suggesting they were vastly more expensive and less efficient than the competition (which would presumably be largely DJI products).
That was when the American Drone Alliance emerged, to push back against the FT report and generally slam Chinese-made drones. DroneDJ senior editor Ishveena Singh covered that story, including the fact we could find no online trace of the ADA. (She’s still chasing this story, by the way.)
In other words, the Drone Wars were already heating up.
And now comes the DoD statement.
The Department of Defense statement says there are exceptions that allow it to purchase Chinese-made drones – and they’re not for circumstances Chinese drone manufacturers will appreciate. Such drones can be purchased, says the statement, “if the operation or procurement is for the purposes of— (1) Counter-UAS surrogate testing and training; or (2) Intelligence, electronic warfare, and information warfare operations, testing, analysis, and training.”
The statement continues:
Mitigating the threats posed by small UAS, including DJI systems, remains a priority across the Department, and DOD continues to ensure existing policy remains current and appropriately implemented.
We reached out to DJI, and quickly heard back from Brendan Schulman, the company’s vice president of policy and legal affairs. Here’s what he said:
The DOD statement confirms what DJI was told by a DOD official earlier this year, that an internal, technical security review involving reverse-engineering of all source code was performed on DJI products and that this deep technical analysis confirmed DJI products show no malicious code or intent and are recommended for use from a security perspective. It was not a report that commented on or changed DOD procurement policy, which is governed by a 2019 statute, and which is what the DOD statement today simply reiterates. The DOD source code analysis is the latest on a long list of third-party security examinations of DJI technology during the past three years, and no evidence has ever been presented in support of the notion that DJI products are a threat to national security.
DJI often points reporters and critics to its article “Busted: Five Common Myths About DJI,” which stresses (among other things) that external audits of its products have not identified cybersecurity risks.
This is far from over.
FTC: DroneDJ is reader supported, we may earn income on affiliate links