sUAS D.C. Whack-A-Mole continues into 2025…

Warning: longer than usual post. Sorry.

Just three days into the new year, the Commerce Department issued an Advance Notice of Proposed Rulemaking (ANPRM) asking for comments on an upcoming rule that would address the (alleged) National Security issues for “Information and Communications Technology and Services” supply chains. Specifically about sUAS coming from China (DJI and Autel). All of this is tied to Executive Order 13873 (E.O.13873) from 2019.

One thing that might have caught your eye is the 2019 date. 

Which brings us back to Whack-A-Mole.

Congress has tried to use the tired “National Security” argument over and over again. Some of the former moles we’ve had to whack are the ASDA, the NDAA, and the CCCPDA. When we get one mole back into its hole, Congress seems to scour the records to find another way to bypass the tried and truth American method of rulemaking, via the United States Congress.

Those in Congress who can’t get their bills passed have (allegedly) tried using their influence on Customs and Border Protection to stop DJI at the border using the Uyghur Forced Labor Prevention Act, and now seem to be doing the same thing using E.O. 13873. 

E.O 13873 allows the Commerce Department to develop appropriate regulations for UAS in order to “address undue or unacceptable risks to U.S. national security, including U.S. ICTS (Information and Communications Technology and Services) supply chains and critical infrastructure, or/and to the security and safety of U.S. persons.” If there were true “risks to U.S. national security”, why wait 5 years to bring this up? My guess (and it’s only a guess since I have no proof) is that one of our Congressional members (also ironically called “Public Servants”) have gotten so tired of seeing their dreams shattered by the voice of this industry that they’re now trying any method necessary to satisfy their perverse desire to shut down an entire industry. They’re short-sighted arrogance will also make First Responder fleets useless, thus costing American lives. 

Removing the best, most reliable, and cost effective tool from First Responder teams, and then forcing them to use much less reliable and much more expensive drones simply because they are made in America (at the expense of American lives), is bad business practice as best, and treasonous at worst.

Okay sorry, I was on a rant there for a minute. I’m back now, let’s get back to the issue at hand.

The above mentioned ANPRM is asking for comments, and those comments are prompted by numerous different sections, with a total of 50 leading questions that follow those sections. Many of the questions can be answered by drone pilots and drone companies. And I strongly suggest each and every one of us do that very thing. It’s very easy to leave your comments. You can do so straight from the comment portal, email it to the Department of Commerce’s Bureau of Industry and Security (BIS), or even snail mail it. About the only thing I don’t see if a fax number. Because, you know, it’s 2025…

The Remote ID NPRM had 53,049 comments. And RID really only had a minuscule affect on our industry. At worst, RID was an inconvenience for us under some circumstances. Especially if Network RID was part of the rule. And thanks to those comments, Network RID wasn’t part of the final rule.

Banning or limiting DJI and Autel (not to mention all hobby drones) would not have a minuscule affect on our industry, it would be a catastrophic one.

So let’s have the same overwhelming response to this Department of Commerce ANPRM. Read the entire thing, but concentrate on the sections in your wheelhouse. And make sure your comments are professional in nature, unlike some parts of my article. I won’t apologize for my comments, I’m just tired of trying to be diplomatic. There are time for diplomacy, and there are times for hard lines in the sand. And I’ve drawn my line now.

Again, read the entire ANPRM, and write nice, concise, and professional comments for the areas you know and understand. Although there are a total of 50 questions, no one expects anyone to answer all of them. And much of the commentary contained in the ANPRM is very one-sided. So it’s imperative that we educate the Department of Commerce correctly, with well written, and professional examples.

One of the most distressing realizations as you read through this is that is smacks of a federally funded push poll. Dictionary.com defines Push Poll as, “a seemingly unbiased telephone survey that is actually conducted by supporters of a particular candidate and disseminates negative information about an opponent.” Obviously this ANPRM isn’t a telephone survey, and it isn’t what I’d call unbiased either.  And it certainly “disseminates negative information”. The tern “unacceptable risk” is used 11 times in the document, and “national security” is used 32 times. And each of those terms are used in a predetermined or negative context. This ANPRM also refers back to Executive Order (E.O.) 13873 19 times. And the entire ANPRM is based on wording and authority given to the Commerce Department in E.O. 13873. 

That’s important. Because E.O. 13873 is predicated on the determination that any item, in whole or part, must be “an unusual and extraordinary threat” to “national security, foreign policy, and economy of the United States…”. 

I posit that no gov’t agency or private company has ever determined that any DJI or Autel drone has been found to be “an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States”. Not one.

And as a matter or fact, every recent audit, both private and federal, have found no true threats to any security, national or otherwise exist at all.

So this entire ANPRM is based on a supposition that there is a threat, and the Commerce Department is asking the industry what would happen if they acted on that alleged threat. All without any proof an actual threat exists. This is a federally funded push poll masquerading as federal policy update. 

And yes, before anyone complains in the comment section below, I am 100% displaying my bias. We all have it, it’s just that not every writer or speaker admits it. 

Okay, back to the ANPRM.

Threat Posed by Foreign Adversaries:

Read this section and answer the following 2 questions. Remember, Commerce is tying to this into the issue of data “stored within China’s borders”, and the possibility of DJI or Autel “engineer[ing] vulnerabilities into their products, exploit existing vulnerabilities, or push malicious updates, compromising these products without the UAS owner’s knowledge.” 

Question 8: “In this section, BIS identified threats posed by transactions involving ICTS integral to UAS with a nexus to China or Russia. Has BIS fully captured and articulated the threat posed by transactions involving such ICTS? If not, what additional threats should BIS consider?”

Answer: This answer isn’t about “what additional threats” at all. It’s about a predisposed assumption that DJI or Autel actually pose a threat. DJI no longer allows flight records to be uploaded by DJI owners in the U.S. So there is no current “data stored within China’s borders”. Second, the Chinese law that is cited in the ANPRM says the CCP can demand that only “data stored within China’s borders” must be shared with the CCP. And since none from DJI is stored on Chinese servers any more, that law isn’t an issue any more. And if China mandated that DJI or Autel “compromise” their drones in some way to endanger National Security, our drones would have to be connected to the internet in order to receive those “commands”. Easy answer, “don’t connect to the internet”.

Question 11: “What are the potential tradeoffs of a rule prohibiting the resale or rental in the United States of UAS or UAS components that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary?”

Answer: Short and sweet, eventual total destruction of the commercial UAS market in the United States, and eventual grounding of First Responder fleets. Many small businesses, which are the cornerstones of the American economy, will fail. Not might, will. And the inability of First Responder fleets to replace like drone with like drones as they age will cost the lives of American citizens, and American First Responders. The leading drone to replace the DJI and Autel drones is the Skydio X10. And the X10 is not the answer to a Matrice 350 or an Autel EVO Max. It has reliability issues, flight issues (ask Mr. Bry why he had to hike into the woods during a demo after some recent hurricane damage flights), and signal transmission issues. There are NO comparable replacement drones for the DJIs and Autels this industry relies on. No matter where they are made. NONE!

And many fire departments use thermal DJI and Autel drones to see into smoky fires in order to safely direct firefighters to the correct place to put that fire out. Who in the Commerce Department is willing to go to the widower of a firefighter killed and explain to them that the fire department couldn’t use the right gear to save their spouse and parent because extreme Jingoists in D.C. didn’t want the Chinese government to see how we put out fires.

Same goes for the dead SWAT member’s spouse and children. Who in the Commerce Department will tell them their father or mother died because they couldn’t use the best gear to provide overwatch on a hostage situation so no one saw the bad guy with the gun.

And suppose Skydio and others get their way and they destroy the consumer and prosumer drone industry in the U.S. Are they going to be the ones who rebuild it one (if?) they ever decided to make any drones again to fill that niche? Because whoever destroys something for personal gain should be required to rebuild it as well.

Sorry, I swung back into my rant again…

Data Collection.

Question 15: “What are the general data collection capabilities of UAS? What is the level of aggregation and scale of data that UAS can collect on U.S persons, entities, geography, and infrastructure?

a. Who besides the operator of the UAS generally has authorized access to, or control of, data collected by UAS?

b. How is the data collected by UAS sold or integrated into data markets?”

Answer: How do you collect data? What data do you collect? Who has the access to it? And how does it get delivered and used by clients?

Question 16: “What are the UAS industry standard policies or procedures, if any, governing how data generated by, owned by, or otherwise associated with U.S. persons is stored, managed, processed, gathered, or protected in or on data-related services equipment located outside of the United States? BIS defines “data-related services equipment” as hardware used to receive, store, process or transmit data in support of data-related services, including routers, firewalls, gateways, switches, servers, load-balancers, intrusion detection systems, domain name systems, and storage area networks.”

Answer: How do you protect your data as you collect it? Does it need protecting? Who owns it? Does your company have any policies or procedures to secure data? Would that be a reasonable requirement for all data if U.S. security is at state?

Question 20: “What cybersecurity measures, authentication, or controls do UAS service providers and other companies supporting the UAS supply chain use to mitigate risks surrounding data collection, access, storage, processing, and exfiltration?”

Answer: Do you need cybersecurity measures with your data? What about access to that data? And as above, could it be used as a reasonable requirement for any data that actually needs to be secure in the U.S.?

Question 23: “Which sensors in or on UAS that are typically used in critical industries ( e.g., agricultural, chemical, construction, energy, telecommunication) are able to collect or transmit data or have connection capabilities?”

Answer: Simply write what you capture and what happens to the data. Mention what (if any) ways your drone is connected and transmitting data. Example would be phone connection, 4G dongle, wifi, etc. Mention what the connection is for, such as custom unlock, or possible RTK network connection.

Question 27: “How often are software applications related to the operation of UAS installed on a UAS user’s phone? What policies govern the application’s access to other information on the user’s phone?”

Answer: Mention what apps you use, and if they are transmitting while flying or uploading data. Mention flight apps, weather apps, LAANC apps, and even RID apps.

Question 28:“What systems, sensors, or equipment do UAS and their affiliated UAS operators use when not navigating or storing data over mobile networks?”

Answer: Your computer? SD Cards? SSDs? Back up hard drives, both cloud based and external?

Question 29: “How do UAS operators secure data that is transmitted, received, or stored during the normal operation of a UAS without connecting to the internet?”

Answer: Do you download your card to your computer? If so, how? Wireless direct from the drone, wired direct from the drone, SD card or SSD directly to computer, etc.?

Remote Access and Control

Here we have a number of questions that will need to be answered differently be each and every drone pilot or IT person for a company. But it’s a very important section to comment on. And some can only be answered by manufacturers and builders of components and payloads. But if you can answer any of this and help belay some of the fear and educate those giving incorrect information, it’s important you do so for the questions under this heading.

Section e covers remote access or denial of service. There are some technical questions here as well, but basically it boils down to that fact that if an adversary wanted to brick our gear, they’d need to upload the software to do that, and then the drone itself would have to be connected to the internet to receive the command to do so. There is also the possibly that if a drone does’t “check in” with a server at certain intervals, then it would automatically stop working. But we haven’t seen that, not are we likely to.  That should be very easy to find in an audit.

Question 43: “Which, if any, categories or classifications of end users should BIS consider excluding from any prohibitions on transactions involving foreign adversary ICTS integral to UAS because transactions involving such end users would not pose an undue or unacceptable risk?“

Answer: BIS should consider excluding recreational users, academic users, FPV flyers, and any Drone Service Provider that does not fly in the airspace over critical infrastructure as defined under Section 2209 of the FAA Extension, Safety, and Security Act of 2016. And don’t get me started on how late 2209 is… 

Economic Impact. 

This is the most important part of this ANPRM. Please write explicit answers were. Tell Commerce exactly what is going to happen to you, our company, or your agency if the Commerce Department institutes any type of ban or tariff on Chinese drones or drone parts. 

You can read the ANPRM Author’s comments about the impact here, but it does seem that they are trying to gather more info about what would happen if there are undue burdens placed on this industry if any new rules come out of the ANPRM.

This is where we need to make sure our voices are heard, and heard loudly. 

The big question here is Question 47: “What, if any, anticompetitive effects may result from regulation of transactions involving foreign adversary ICTS integral to UAS as contemplated by this ANPRM? And what, if anything, can be done to mitigate the anticompetitive effects?”

“Anticompetitive effects” basically mean the negative consequences of business practices that reduce or prevent competition in a market. And by the very Federal Trade Commission link above, it would seem that the FTC should step in and override what the Commerce Department is doing. Because this Commerce Department ANPRM is a DIRECT cause of “unfair business practices that are likely to reduce competition and lead to higher prices”.

Answer: If you’ve been following this issue at all, and I hope you have, all you have to do is talk about what would happen if we were forced to use inferior products at inflated prices. Would would happen to our bottom line as businesses? What about replacing the aging fleets of First Responders? Do you use drone to inspect our nation’s infrastructure? How accurate can you inspect something with inferior data and inferior sensors? Is there anything even remotely capable of replacing what you use in your daily work lives, at any price? 

You can expand even further by answering Question 49: “What additional economic impacts to U.S. businesses or the public, if any, might be associated with the regulation of transactions involving foreign adversary ICTS integral to UAS contemplated by this ANPRM?”

This answer would be a good place to talk about the impact on the recreational or educational side of our industry. There are NO recreation or STEM drones available that don’t include Chinese parts, or even fully made in China. Pricing these out of the market with regulations and tariffs, or even worse, forbidding imports at all, would cripple both the education and the recreational aspect of this industry. And those two aspects of our industry are what is going to help save our ever shrinking aviation workforce. It’s the hobby drones and STEM drones that can spark a student’s love of aviation. 

And you can wrap this up nicely by answering Question 50: “What actions can BIS take, or provisions could it add to any proposed regulations, to minimize potential costs borne by U.S. businesses or the public?”

Answer: The simplest answer is just to leave us alone and quit listening to the fear mongers, politicians, and lying bureaucrats, and supposed industry advocacy groups whose purse strings are held by companies that can’t compete with Chinese drone companies. But you should probably word that a bit nicer that what I just wrote.

Explain that there is nothing wrong with proposing and implementing cybersecurity standards for UAS. But those standards cannot simply be based on country of origin. Because that’s not a solution at all. Any device, drone or otherwise, that is connected to the internet can be compromised. And that does’t matter where the parts come from. Whatever standard that is developed must be required across the industry, whenever a drone is needed under more secure circumstances.

We also need to put realistic and logical standards in place about when and where they actually need to be applied. A person taking photos or videos on BLM land doesn’t need the same cybersecurity restrictions someone won is inspecting a nuclear plant or hydroelectric dam. And a person flying for a marketing piece for the Department of Interior certainly doesn’t need the same restrictions either. 

Any blanket set of restrictions is overkill, regardless of industry or economic market. The unintended consequences of those types of regulations are well documented. We don’t need those in the UAS industry too. We are no longer a fledgling industry, but we are certainly still growing. And we’re growing stronger. 

And by the way, if cybersecurity standards can be developed and implemented for parts sourced from China, it would ultimately help the very U.S. drone companies fighting for restrictions on Chinese drones and parts. Because then those parts that would have standards, can now be used in their own drones. And since they can start sourcing those parts from China, they would be in a better position to compete with the very drone companies they vilify due to their current inability to compete. 

If those companies and organizations currently fighting so hard to cut off the supply of anything made in China were to turn their energies to a set of cybersecurity standards,  then everyone wins. Those who build drones in the U.S., and those who use them. 

In a recent LinkedIn post, Bobby Sakaki, self described “The Jason Bourne of the drone industry”, wrote, “We don’t have to be friends, we just can’t be enemies.” And that is an attitude that is sorely needed in this industry. There is too much backbiting and ego driven mud slinging going on. I no doubt have contributed to that as well.

And that doesn’t help this industry at all.

So in conclusion, and as a call to action, please sit down and put your thoughts about all if this on paper (or Word…). And then send it to the Commerce Department. It is vitally important we all do this!

_______________________________________

And check back here for additional resources. I’ll be adding more blogs and videos about this as they are published. We have until March 4th to get our comments submitted. So take your time and put together a well thought out submission.