Recent legislation banning Chinese drones on data privacy grounds (e.g. the Chinese Communist Party Drone Countermeasures Act) demonstrates growing concerns about the security and data handling of commercial drones. This has led politicians to come up with their own policy ideas on how to make commercial drones safer.
But while a ban (or tariffs, as proposed by more moderate bills like the DFR Act) might seem like a quick fix, it carries the potential for significant negative side effects. Critics worry that banning Chinese drones, which are generally much cheaper, could have a disproportionately negative impact on small businesses with tighter budgets than on large corporations or government agencies.
Meanwhile, many private companies are looking to other solutions to secure drone data without an outright ban.
DJI itself wanted to prove that it was a safer solution for its US customers. As of June 27, 2024, DJI will no longer offer US operators the option to sync flight records to DJI servers. Interestingly, this feature will still be available when flying DJI drones outside the US.
And that’s not all. Throughout 2024, there will be a growing number of solutions to secure drone data. Many of these solutions are coming from big drone companies like DroneDeploy and AirData. Let’s take a look at how private companies are working to make commercial drones safer. No bans needed.
DroneDeploy Launches World’s First Security Firewall for Commercial Drones
In June 2024, San Francisco-based drone software company DroneDeploy launched Dock Shield, a network security protocol system designed to work with drone docks such as the DJI Dock 1 and DJI Dock 2.
Drone docks (also known as drone-in-a-boxes) are a popular system for landing, charging, and storing drones. They are especially popular in remote areas where it would be cumbersome for a human operator to constantly monitor them. The best drone docks these days are very advanced. They can even store data and send it back to the team (usually via the cloud). And that’s where Dock Shield comes in.
“Safety and security are critical to the successful operation of docked drones, as docked drones are fully autonomous and there are no humans on site,” said Ashutosh Agrawal, Risk Manager at DroneDeploy. “Shield technology is one of the ways DroneDeploy is addressing concerns about Chinese technology.”
The network security protocol mentioned above in DroneDeploy’s Dock Shield is designed to restrict connections from drone docks, including the DJI Dock, to only trusted US servers controlled by DroneDeploy. This shield works by creating a firewall, which secures communications and restricts them only between DroneDeploy and the drone.
This solution helps ensure that drone data arrives safely and only to its intended destination.
Although the Dock Shield is compatible with all drones, it was actually initially designed for the DJI Dock 1 and 2. DroneDeploy also says it plans to release a similar product for the DJI Mavic 3 Enterprise in late 2024.
Buy the DJI Dock 2 now from Drone Nerds.
Agrawal said security isn’t a huge concern for DroneDeploy customers, adding that “DroneDeploy is the most secure platform on the market.” But as legislation and controversy over China grow, DroneDeploy is iterating on its solutions.
Agrawal also said DJI drones remain hugely popular with DJI customers.
“While there has been a lot of rhetorical change in the conversation around DJI, especially in the last year, we still see widespread adoption of this technology because U.S. competitors have yet to build a drone that meets all use case requirements,” Agrawal said.
DroneDeploy believes that better security systems implemented on DJI drones are a smarter solution than releasing an entirely new, American-made drone.
“Firewalls are the most practical and effective solution to managing the risks associated with using Chinese hardware,” he said. “Firewalls are not a new luxury or a proprietary thing, they are a long-standing security solution and a known and industry-proven way to manage security issues.”
AirData allows customers to upload logs without the DJI Cloud.
AirData is an online drone fleet data management and real-time flight streaming platform based in California. It allows users to sync DJI flight logs without using the DJI Cloud.
Although DJI will disable the “Flight Data Sync” feature to the DJI Cloud in its flight apps in 2024, AirData provides an alternative sync option for pilots to track their flight activity.
There are several ways to do this, for example, you can upload flight logs directly from your device to AirData via the AirData UAV mobile app, bypassing DJI’s cloud. This method is simple, secure, and gives you control over your data. You can also manually upload logs to AirData by extracting flight logs from your drone and then uploading them via AirData’s web interface.
Trevor Hall, an AirData spokesperson, said the feature could be used for a number of purposes.
“Whether it’s for privacy concerns or a more streamlined upload process, we often see customers preferring to upload logs directly to AirData via the mobile app, bypassing DJI’s servers,” he said. “This is sometimes a decision made by individual users, and sometimes by employers. Our government customers in particular prefer to use the mobile app to upload logs.”
Other ways to make commercial drones safer
So here are some best practices you can apply to yourself (or your business) to make drone flying safer. Consider some general best practices:
Update your firmware regularly: Be diligent in promptly installing firmware updates that patch security vulnerabilities. One caveat: Make sure you have a secure process in place to prevent unauthorized firmware from being loaded.
Tamper-proof hardware: Don’t forget about physical security. Consider situations where your physical drone could fall into the wrong hands. You may be flying your drone in checked baggage or in other open areas. If so, be vigilant. Critical components such as flight controllers and GPS units should be tamper-resistant to prevent unauthorized modification or hardware transplantation. A simple lock on your drone case can make your commercial drone more secure.
Use multi-factor authentication: It’s not just drones. All kinds of online accounts, such as email, social media, and of course drone control apps, should have multi-factor authentication enabled. This will prevent unauthorized access. This can include passwords, biometrics, or hardware tokens.
By combining these measures, drone manufacturers, governments, and drone pilots can work together to create a safer drone ecosystem without actually banning it. This will not only address national security concerns, but also build public trust. Ideally, a potential ban would not reduce drones, but would continue to pave the way for broader commercial drone adoption.