Clarifying Cybersecurity Guidelines for Drones: the DETECT Act
Last month, two U.S. senators introduced legislation designed to clarify cybersecurity guidelines for government use of civilian drones. The Drone Evaluation to Eliminate Cyber Threats Act of 2024 (DETECT Act) directs the National Institute of Standards and Technology (NIST) to develop a framework of cybersecurity principles.
In an announcement on Senator Mark Warner’s (D-VA) webpage, Sens. Mark R. Warner and John Thune (R-SD) explained the purpose of the legislation:
Drones have the ability to collect sensitive information, and as they become more common, the security of this technology is of increasing importance. The DETECT Act would address cybersecurity concerns by directing the National Institute of Standards and Technology (NIST) to develop a set of guidelines. Following an implementation period, these guidelines would be binding on the federal government’s use of civilian drones, the private sector may voluntarily use these guidelines in their own operations.
“Drones and unmanned systems have the capability to transform the way we do business, manage our infrastructure, and deliver life-saving medicine, and as drones become a larger part of our society, it’s crucial that we ensure their safety and security,” said Sen. Warner. “This legislation will establish sensible cybersecurity guidelines for drones used by the federal government to ensure that sensitive information is protected while we continue to invest in this new technology.”
“As the capabilities of drones continue to evolve and be utilized by both the federal government and the private sector, it’s critically important that they operate securely,” said Sen. Thune. “This common-sense legislation would require the federal government to follow stringent cybersecurity guidelines and protocols for drones and unmanned systems.”
In addition to directing NIST to develop cybersecurity guidelines for civilian drones, the legislation would direct the Office of Management and Budget, responsible for purchases for federal agencies, to require all agencies using civilian drones to implement “politics and principles” based on the guidelines. Additionally, the proposed legislation “Forbids agencies from acquiring drones that do not meet the guidelines referenced above, subject to a waiver process under certain circumstances.”
Would the DETECT Act Clarify or Muddy the Waters for Drone Manufacturers?
Clarification of cybersecurity standards is clearly needed to allow drone manufacturers to develop products for the government market and enable commercial users to make appropriate purchase decisions based upon their risk tolerance.
If passed and designed to supercede previous orders, the legislation could make it easier for drone manufacturers not focused on defense and not included in the Blue sUAS list, even if they meet NDAA compliance standards, to receive government contracts. Currently, government agencies must to go through a waiver process to purchase even US manufactured drones not on the Blue sUAS list.
If the legislation is passed and layered on top of existing executive orders and drone security legislation, the purchase process could become more challenging for governement agencies who could benefit from many civilian drone technologies – and make it more difficult for small manufacturers to identify all of the requirements and develop drones that meet them.
Read more:
Miriam McNabb is the Editor-in-Chief of DRONELIFE and CEO of JobForDrones, a professional drone services marketplace, and a fascinated observer of the emerging drone industry and the regulatory environment for drones. Miriam has penned over 3,000 articles focused on the commercial drone space and is an international speaker and recognized figure in the industry. Miriam has a degree from the University of Chicago and over 20 years of experience in high tech sales and marketing for new technologies.
For drone industry consulting or writing, Email Miriam.
TWITTER:@spaldingbarker
Subscribe to DroneLife here.