U.S.

Department of Homeland Security

Cybersecurity & Infrastructure Security Agency
Office of the Director
Washington, DC 20528

June 23, 2020

The Honorable Jerrold Nadler

U.S. House of Representatives
Washington, DC 20515

Dear Chairman Nadler:

Thank you for your office’s inquiry on May 13, 2020, regarding Dà-Jiāng Innovations’
(DJI) drone donations to state and local law enforcement agencies to assist with the coronavirus
pandemic response.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of DJI donations
to state and local law enforcement, as part of their U.S. Disaster Relief Program – COVID-19.
We are also following various reports that indicate law enforcement’s use of the donated drones
to enforce social distancing and stay at home orders.

CISA recognizes that state and local law enforcement’s use of drones to support public
health and safety operations are a significant resource, given the complex COVID-19 operating
environment. Not only do the drones reduce response time and the risk to law enforcement
officers on the ground, they are also a force multiplier to departments that are stretched thin.

CISA is generally concerned with state and local governments using Chinese
manufactured technology to support security and law enforcement operations. As such, any
information collected by DJI drones should be considered at risk and protected from inadvertent
disclosure. Additionally, departments are discouraged from using DJI donated drones for non-
COVID-19 law enforcement operations that involve the collection of sensitive information.

As you stated in your inquiry, CISA issued an Industry Alert in May 2019 that warned of
the Chinese manufactured Unmanned Aircraft Systems (UAS) threat to information. This
warning to the critical infrastructure community and state and local governments focused on
risks involving sensitive information, specifically, national security and critical infrastructure
proprietary information.

CISA continues to invest in ways that increase awareness and understanding of how to
manage risk when using unsecured UAS, emphasizing concerns for U.S. critical infrastructure
stakeholders – including the emergency services sector. In alignment with CISA’s responsibly to
manage risk to the Nation’s critical infrastructure, we developed the Cybersecurity Best
Practices for Operating Commercial Unmanned Aircraft Systems. Released in June 2019, the
guide provides mitigation measures to reduce the cybersecurity risk associated with UAS.

CISA also partnered with the Federal Bureau of Investigation (FBI) in November 2019 to
develop a (TLP: GREEN) Private Industry Notification. The notification reemphasized the UAS
The Honorable Jerrold Nadler
Page 2

threat to national security and the Nation’s critical functions, as well as reinforced CISA and FBI
recommendations on ways organizations can mitigate the risk posed by UAS.

We have coordinated with the Federal Emergency Management Agency (FEMA) to

require state and local governments to review and acknowledge CISA guidance before
purchasing foreign manufactured UAS with Federal grant funding. Those wishing to continue
with the purchase of a foreign manufactured UAS must provide a written justification that is
screened against criteria that includes an assessment of the UAS manufacturer’s country of
origin. Based on this screening, FEMA may recommend alternatives to recipient jurisdictions on
a case-by-case basis.

CISA is also supporting the Department of Defense’s Defense Innovation Unit Blue
sUAS Program in their development of a U.S. and U.S. allied-manufactured UAS system for
U.S. government and SLTT law enforcement needs. This program seeks to support broader
Congressional objectives to provide secure, trusted, and reliable UAS systems across the U.S.
government. Systems are anticipated to be available on the GSA schedule in September 2020.

We regularly engage with our law enforcement partners through the Department’s Office
of State and Local Law Enforcement on threats to national security and critical infrastructure. On
the matter of UAS threats to information, we provided the above information and resources to
over 2,000 state, local, campus, and tribal law enforcement partners to enhance awareness and
gain their support in mitigating this threat to sensitive information.

Thank you again for your office’s inquiry. Should you wish to discuss this further, please
do not hesitate to contact me or have your staff contact our Office of Legislative Affairs at (202)
819-2612.

Sincerely,

Christopher C. Krebs
Director