Pages

26 June 2018

Pentagon Grounds Marines’ ‘Eyes in the Sky’ Drones Over Cyber Security Concerns

Pentagon Grounds Marines’ ‘Eyes in the Sky’ Drones Over Cyber Security Concerns

The Marine Corps has shelved several new, small drones – at least temporarily – amid a Pentagon ban and assessment on the cybersecurity of commercial, off-the-shelf, unmanned aerial systems, a service spokesman told USNI News on Monday. The Department of Defense issued a ban last month on the purchase and use of all commercial off-the-shelf drones until the Pentagon develops a plan to mitigate security risks. The online site sUAS News obtained a copy of the May 23 memo written by Deputy Defense Secretary Patrick M. Shanahan ordering the temporary ban due to “unmanned aerial vehicle systems cybersecurity vulnerabilities.”

Military.com reported on the memo’s effect on the Marines last week.

The Marine Corps officials are asking defense officials to exempt eight systems so Marines can continue to use and train with the drones, Capt. Joshua Pena, a Marine Corps Combat Development Command spokesman, told USNI News Monday.

Pena said exemption requests were being drafted and reviewed by senior leaders and for submission to the Office of the Undersecretary of Defense for these systems: Black Hornet 2 and Black Hornet 3, manufactured by FLIR Systems, Inc.; SkyRanger (Aeryon Labs); InstantEye Mk-2 Gen-3 and InstantEye Mk3 (Physical Sciences Inc.); Indago (Lockheed Martin); and DJI Phantom 3 Pro and DJI Phantom 4 Pro (DJI).

The Mk-2 Gen-3 InstantEye is a centerpiece of the “Quads for Squads” initiative driven by the commandant, Gen. Robert Neller, to equip infantry units with innovative, high-tech capabilities to make Marines more lethal and effective in a cyber battle space, including micro and small drones. The small quadcopter, manufactured by InstantEye Robotics, a division of Andover, Mass.,-based Physical Sciences, Inc., is getting fielded to squads across the Marine Corps’ three infantry divisions.

Evolving Resources provides training to U.S. Marines with 3rd Battalion, 7th Marine Regiment, 1st Marine Division, on properly operating an InstantEye quadcopter during a Quads for Squads event on Marine Corps Air Ground Combat Center Twentynine Palms, Calif., Feb. 28, 2018. US Marine Corps Photo

Neller, speaking June 12 at the 69th Current Strategy Forum held at the Naval War College, touted the service’s push to bolster its cyber capabilities to include using the small quadcopter, according to the Fifth Domain newsletter.

But the Pentagon’s decision has forced Marines to stop using InstantEye until it can get the green light from the Pentagon. It’s considered a COTS product, Pena said, and “the system has been grounded.” The ban “also applies to all UAS ground command and control elements including smartphones or tablets with associated software and hardware,” he added.

So far, all of the Corps’ 26 active-duty battalions have received 600 of the Marine Corps’ initial buy of 800 Mk-2 Gen-3 drones for the “Quads for Squads,” and the remaining 200, slated for its six reserve infantry battalions, are pending shipment, he said. “The policy has not affected that schedule,” he added.

In suspending all COTS unmanned aerial systems, Shanahan cited a May 14 DoD inspector general finding that “the DoD has not implemented an adequate process to assess cybersecurity risks associated with using commercial off-the-shelf (COTS) Unmanned Aerial Systems (UAS).”

“Effective immediately, you must suspend purchases of COTS UAS for operational use until the DoD develops a strategy to adequately assess and mitigate the risks associated with their use. In addition, you must suspend the use of COTS UASs until the DoD identifies and fields a solution to mitigate known cybersecurity risks,” he wrote in the memo.

Shanahan noted his authority to approve any “requests for exemptions, on a case by case basis, to support urgent needs.” He directed military officials and agencies to report to him within 30 days on their actions “to identify and account for all COTS UAS.”

Marine using InstanEye quadcopter, during a Quads for Squads training event on Marine Corps Air Ground Combat Center Twentynine Palms, Calif., Feb. 28, 2018. US Marine Corps Photo

The memo doesn’t indicate what prompted the suspension of the military’s use of drones, which include some popular commercially-available drones sold to consumers and manufactured by U.S. or foreign companies. However, last month, Sen. Chris Murphy, D-Conn., wrote to Defense Secretary James Mattis about “a potential national security threat” in products manufactured by DJI, or Da-Jiang Innovations, a technology company based in China.

In his letter, dated May 7, Murphy cited an Army decision last year to halt the use of DJI commercial UAS and an “intelligence bulletin” issued by U.S. Immigration and Customs Enforcement “asserting that DJI was using its products to provide critical infrastructure and law enforcement data to the Chinese government.”

“These vulnerabilities pose a tremendous national security risk, as the information obtained by the Chinese government could be used to conduct physical or cyber-attacks against U.S. civilian and military targets,” wrote Murphy, whose Senate committee assignments include appropriations and foreign relations.

DJI, or SZ DJI Technology Co., Ltd., as noted on the company’s website, is based in Shenzhen, China, and manufactures drones, including several popular with consumers and drones hobbyists and used by military and federal agencies, and interest remains in recent UAS solicitations including by the Army.

Murphy didn’t cite any specific example of a security breach or hacking by DJI but raised concerns about vulnerabilities particularly with foreign-made systems. “I encourage you to, at a minimum, consider a DoD-wide directive banning the use of UAS owned or manufactured in a foreign nation until further threat-assessments can be completed,” he wrote. He noted the “deluge of foreign-made military equipment” the military has bought and opined that “if the hundreds of DJI drones purchased by the U.S. government in the last several years had been American-made, we would not have subjected ourselves to this massive potential intrusion and exploitation of sensitive U.S. sites.”

Two years ago, security concerns about DJI products prompted the company to issue a statement that “DJI does not routinely share customer information or drone video with Chinese authorities’ and cited its privacy policy.

No comments:

Post a Comment