The Department of Defense (DoD) has temporarily banned the purchase and use of commercial off-the-shelf drones because of cybersecurity risks. The Pentagon needs to plan to patch the cybersecurity vulnerabilities in unmanned aerial systems (UAS) and mitigate security risks before the ban is lifted. UAS ground control elements, which include smartphones and tablets, are also included in the ban.
Senator Chris Murphy said that Da-Jiang Innovations (DJI), a technology company that manufactures drones, including those used by the US military, was using its products to provide US military data to the Chinese government. This has the potential to be a massive data breach of sensitive US sites. When DJI responded to security concerns two years ago, it stated it does not share customer information with Chinese authorities.
Information security in the US
The potential damage associated with a governmental data breach is too great to be ignored. With legislation such as the Defense Federal Acquisition Regulation Supplement (DFARS), federal contractors need to be extra vigilant about their information security. DFARS cybersecurity rules state contractors and subcontractors must implement the controls specified in NIST Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations”.
Learn more about NIST and how you can achieve compliance
The NIST Cybersecurity Framework (CSF) is a voluntary framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.
Our free green paper NIST Cybersecurity Framework & ISO 27001 discusses how the NIST CSF and ISO 27001 can work in conjunction with each other, helping you comply with the NIST SP 800-171 requirements mandated by the DFARS cybersecurity rules.
Download our free green paper to find out more about the NIST CSF and ISO 27001.