The Drone Evaluation to Eliminate Cyber Threats Act of 2024 (DETECT Act) would direct the National Institute of Standards and Technology (NIST) to develop cybersecurity guidelines for the federal government’s use of drones.
Introduced today by U.S. Sens. Mark R. Warner of Virginia and John Thune of South Dakota, the legislation would address cybersecurity concerns and, after an implementation period, the guidelines would be binding on the federal government’s use of civilian drones.
“Drones and unmanned systems have the capability to transform the way we do business, manage our infrastructure, and deliver life-saving medicine, and as drones become a larger part of our society, it’s crucial that we ensure their safety and security,” Warner said. “This legislation will establish sensible cybersecurity guidelines for drones used by the federal government to ensure that sensitive information is protected while we continue to invest in this new technology.”
Drones have the ability to collect sensitive information, and as they become more common, the security of the technology is of increasing importance. The private sector may voluntarily use the guidelines in their own operations.
“As the capabilities of drones continue to evolve and be utilized by both the federal government and the private sector, it’s critically important that they operate securely,” Thune said. “This common-sense legislation would require the federal government to follow stringent cybersecurity guidelines and protocols for drones and unmanned systems.”
The DETECT Act:
·Directs NIST to develop guidelines covering cybersecurity for civilian drones;
·Directs OMB to test the guidelines by requiring one federal agency to implement them on a pilot basis;
·Directs OMB, after the conclusion of the test period described above, to require every agency with civilian drones to implement politics and principles based on the NIST guidelines;
·Directs OMB to issue guidance to agencies governing the reporting of security vulnerabilities discovered in drones used by the agencies;
·Requires contactors who supply civilian drones or drone-related services to the federal government to report any security vulnerabilities discovered;
·Directs the Federal Acquisition Regulatory Council to promulgate any necessary regulation to carry the forgoing contractor requirements into effect;
·Forbids agencies from acquiring drones that do not meet the guidelines referenced above, subject to a waiver process under certain circumstances.
“As the use of drones for multiple types of important operations –critical infrastructure inspection, public safety, agriculture, drone delivery, and more– has grown significantly in recent years, the need for cybersecurity standards for these critical mission tools has become evident,” Michael Robbins, Chief Advocacy Officer of the Association for Uncrewed Vehicle Systems International, said. “To ensure safety and security, the U.S. must lead in this area. AUVSI thanks Senators Warner and Thune for their leadership in protecting our nation from cyber risks and supporting American leadership in advanced aviation.”