Dive Brief:
- The U.S. Department of Homeland Security issued an alert Monday citing “strong concerns” that Chinese-made drones could be sending sensitive flight data to manufacturers and potentially to the Chinese government, CNN reported.
- The drones “contain components that can compromise your data and share your information on a server accessed beyond the company itself,” said DHS’s Cybersecurity and Infrastructure Security Agency memo. Coupled with this is the fact that Chinese companies are under “stringent obligations … to support national intelligence activities,” it added. DHS cautioned users to be wary of purchasing Chinese-made drones and to take precautions such as turning off a unit's internet connection and removing secure digital cards.
- While no specific manufacturers are named, 79% of drones in use in the U.S. and Canada are manufactured by Shenzhen, China-based DJI, according to a 2017 report from Skylogic Research. DJI’s Phantom model is the top-selling commercial drone on the market. The company responded to the scrutiny by noting customers are given “full and complete control over how their data is collected, stored and transmitted,” and that the security of its technology has been independently verified by the U.S. government.
Dive Insight:
This is not the first time Chinese-made drones have raised national security concerns, CNN reported. In 2017, the U.S. Army banned the use of DJI drones, alleging that the firm transmitted critical infrastructure and law enforcement data collected through the devices to the Chinese government. In addition, a division of Immigration and Customs Enforcement last year banned the product, alleging the firm was “selectively targeting government and privately owned entities” to exploit sensitive data.
If this is the case, drone use on construction projects could leave contractors and their customers vulnerable to information theft. ICE’s 2017 memo noted that a DJI drone had been used on the McCarthy and Mortenson-led $1.2 billion agro-defense facility at Kansas State University to help with layout and security during construction.
Compared to other industries, construction may be particularly at risk for cybersecurity breaches. The construction, engineering and infrastructure sector had the largest year-over-year increase in cyber incidents of all industries covered in Kroll's 2017 Global Fraud & Risk Report, with 93% of respondents affected by such an incident in the 12 months prior. Security incidents over the same period affected 67% of respondents. Nearly six in 10 respondents said they felt their firm was somewhat or highly vulnerable to physical theft or the loss of intellectual property, the survey found.
Compounding these risks is construction companies' relatively low technology and IT spend. Tech's small share of the annual budget and the shortage of staff to innovate while implementing security measures, for example, were some of the top challenges cited by contractors when it comes to technology adoption, according to the JBKnowledge 2018 ConTech report.