The recent influx of legislation banning Chinese drones for privacy reasons — such as the Countering CCP Drones Act — reflects growing concerns about the security of commercial drones and their handling of data. This has led politicians to develop their own policy ideas on how to make commercial drones safer.
But while bans (or even tariffs, as proposed by more moderate legislation like the DFR Act) may seem like a quick fix, they carry the potential for huge negative side effects. Critics worry that banning China’s generally much more affordable drones could have an outsized negative impact on small businesses, which have tighter budgets than large corporations or government entities.
Meanwhile, many private companies are turning to another solution that makes drone data more secure — without an outright ban.
DJI itself has tried to prove that it is a safer solution for US customers. As of June 27, 2024, DJI will no longer offer US operators the option to sync their flight logs with DJI servers. Interestingly, this ability still remains when flying DJI drones in non-US regions
And that’s not all. Over the course of 2024, we have seen an increase in solutions to enhance the security of drone data. Many such solutions come from major drone companies such as DroneDeploy and AirData. Here’s a look at ways private companies are working to make commercial drones safer — no ban needed:
DroneDeploy is the world’s first security firewall for commercial drones
In June 2024, San Francisco-based software company DroneDeploy launched Dock Shield. Dock Shield is a network security protocol system designed to work with drone docks such as the DJI Dock 1 and DJI Dock 2.
Drone docks (sometimes called drone-in-a-box) are popular systems for landing, charging and storing drones. They are especially popular in remote locations that would be inconvenient for a human operator to constantly monitor. These days, the best drone docks are very advanced. They are even able to store and send data back to teams (usually via the cloud). And it is the storage and sending of data that is so critical to the Dock Shield.
“Since the docked drone is fully autonomous and there is no person on site, safety and security are critical to successful docked drone operations,” said Ashutosh Agrawal, Chief Risk Officer at DroneDeploy. “Shield technology is one way DroneDeploy is addressing concerns about Chinese technology.”
The above network security protocols from DroneDeploy’s Dock Shield are designed to limit connections from drone docks – including DJI docks – to only trusted US servers controlled by DroneDeploy. The shield works by creating a firewall. This in turn makes communication secure and limited to only between DroneDeploy and the drone.
This solution will help ensure that drone data arrives safely – and only to its intended destination.
In fact, while the Dock Shield can be compatible with any drone, it was actually originally tailored for the DJI Dock 1 and 2. DroneDeploy also said it plans to launch a similar product for the DJI Mavic 3 Enterprise later in 2024.
Buy the DJI Dock 2 now from Drone Nerds.
Agrawal said security has not been a major concern among DroneDeploy customers, adding that “DroneDeploy is the most secure platform on the market.” But with the rise of anti-China legislation and debate, DroneDeploy is iterating with solutions.
Agrawal also said that DJI drones are still very popular among DJI customers.
“While there have been many rhetorical changes in the conversation regarding DJI, especially in the last year, we are still seeing widespread adoption of this technology because US competitors are not yet able to produce drones that meet all application needs,” Agrawal said.
Rather than a brand new US-made drone, DroneDeploy is betting that the better safety systems applied to DJI drones are a smarter solution.
“Firewalls are the most practical and effective solution for managing the risks associated with using Chinese hardware,” he said. “Firewalls are a long-standing security solution, not some new fancy or proprietary thing, but a known and industry-proven way to manage security issues.”
AirData allows customers to upload logs without the DJI cloud
AirData is a California-based online platform for drone fleet data management and real-time flight streaming. It allows its users to sync flight logs from DJI without using DJI Cloud.
Although DJI disabled the “Sync Flight Data” function to the DJI cloud in its flight applications in 2024, AirData offers alternative synchronization options so that pilots can monitor flight activity.
There are several ways to do this, such as through the AirData UAV mobile app, which can directly upload flight logs from your device to AirData, bypassing the DJI cloud. This method is straightforward and also secure, ensuring that your data remains under your control. You can also manually upload recordings to AirData by extracting flight logs from your drone and uploading them through the AirData web interface.
Trevor Hall, a spokesman for AirData, said the feature serves multiple purposes.
“Whether it’s due to privacy concerns or a more efficient upload process, our customers often prefer to upload logs directly to AirData via our mobile app (bypassing DJI’s servers),” he said. “It is a decision that is sometimes made by the individual user and sometimes by their employer. Our customers who are part of government agencies are especially excited about using our mobile app to upload logs.”
More ways to make commercial drones safer
Then there are some best practices that you (or your business) can follow to make drone flights safer. Consider some general best practices:
Perform regular firmware updates: Be careful when quickly installing firmware updates that patch security vulnerabilities. One note: make sure you have a secure process to prevent unauthorized firmware loading.
Tamper-resistant hardware: Don’t forget physical security. Consider situations where a physical drone could end up in someone else’s hands. You may be flying the drone in your checked baggage or otherwise leaving it somewhere in the open. If so, be on the lookout. Critical components such as the flight controller and GPS unit should be tamper-proof to prevent unauthorized modifications or hardware implants. Even a simple lock on your drone case can increase the security of commercial drones.
Use multi-factor authentication: It’s not just drones. All kinds of online accounts, such as email, social media, and yes, drone control apps, should have multi-factor authentication enabled. This prevents unauthorized access. This may include passwords, biometrics or hardware tokens.
By implementing a combination of these measures, drone manufacturers, governments and drone pilots can then work together to create a safer drone ecosystem – no actual ban is necessary. This will not only address national security concerns but also build public confidence. Ideally, this will continue to pave the way for wider commercial adoption of drones, not fewer drones given potential bans.