Embedded Cybersecurity
Discover cutting-edge solutions from leading global suppliers
DJI drones often dominate in public service and first response due to performance and affordability, yet persistent national security concerns create a dilemma. Below Jack Watson from Periphery discusses these security challenges and outlines a security-first approach to mitigating the risk through the delivery of embedded, real-time threat detection for edge systems.
Periphery’s solutions help secure critical assets regardless of manufacturer origin, allowing organisations to maintain performance while negating the threat.
In the rapidly evolving landscape of uncrewed systems, one name dominates the skies: DJI. From enabling breathtaking cinematic shots to transforming public safety operations and critical infrastructure inspections, their drones are ubiquitous. Yet, despite their undeniable quality and affordability, a persistent question hangs over their widespread adoption, particularly in sensitive sectors. Why then, do so many first responders and critical infrastructure operators continue to rely on DJI amidst well-documented security concerns?
The answer, as is often the case, lies in a compelling paradox.
The Elephant in the Hangar: Security Concerns
For years, allegations have surfaced regarding DJI drones’ potential data security risks, stemming from the company’s Chinese ownership. These concerns escalated into serious geopolitical issues, especially in the United States. While independent cybersecurity audits commissioned by DJI and others have often stated they found no evidence of surreptitious data transmission to China, the perceived risk remains high. Reports highlighted potential vulnerabilities in associated apps and the broader apprehension around foreign adversaries’ access to sensitive data, particularly for government and critical infrastructure applications.
This climate of concern has led to tangible actions: the US Department of Defense has banned DJI drones, and legislation like the Countering CCP Drones Act aims to restrict or ban new Chinese-made drones from operating on US communication infrastructure, effectively pushing them out of federal and critical infrastructure use. Even for existing fleets, operators in the US face pressure to find alternatives not built in China.
In the UK, while there hasn’t been a sweeping, outright ban on DJI across all public services, security advisories and a general move towards ‘trusted’ suppliers are influencing procurement decisions. Despite this, DJI drones are still widely used by many UK police forces, fire services, and other emergency responders.
The Irresistible Force: Performance and Price
So, if the security concerns are so prevalent and publicly acknowledged, why the continued reliance? It boils down to two potent factors that DJI has mastered: superior performance and unparalleled affordability.
DJI has consistently delivered drones that are simply better at what they do, at a price point that few competitors can match.
- Technological Leadership: DJI drones often boast cutting-edge features, advanced camera systems, highly stable gimbals, sophisticated obstacle avoidance, extended flight times, and intuitive flight controls. For a first responder needing to rapidly assess a dangerous scene, locate a missing person with thermal imaging, or monitor a large-scale incident, the reliability and capability of a DJI platform are unmatched by many alternatives on the market.
- Ease of Use: Their user-friendly interfaces and robust software ecosystems mean minimal training is often required for operators to become proficient. In emergency situations, ease of deployment and operation can be literally life-saving.
- Cost-Effectiveness: This is perhaps the most significant differentiator. Public services and even private critical infrastructure operators often operate under tight budgets. DJI offers enterprise-grade capabilities at prices that are significantly lower than comparable models from non-Chinese manufacturers. Replacing an entire fleet of highly capable and affordable DJI drones with more expensive, less feature-rich alternatives presents a substantial financial and operational hurdle. The upfront cost, ongoing maintenance, and the need for new training can be prohibitive.
- Availability and Ecosystem: DJI’s market dominance also means a vast ecosystem of accessories, repair services, and third-party integrations, making them easy to acquire and maintain.
The Hidden Attack Surfaces: Beyond the Drone Itself
While much of the security discussion around drones focuses on the aircraft themselves, it’s crucial to acknowledge the broader ecosystem and its inherent vulnerabilities. The reality is, even if a drone can operate offline, its supporting infrastructure often introduces significant risks.
For instance, many drones are designed with the capability to operate offline, meaning they don’t require a direct, persistent connection to the cloud for basic flight operations. This can give a false sense of security, as it limits direct data exfiltration during flight. However, this doesn’t eliminate all risk.
The physical infrastructure supporting drone operations, such as drone ports (where drones fly back to, are stored, and recharged), are typically network-connected. These ports become critical points of access for maintenance, data offloading, and mission planning, thereby adding to the overall attack surface. A compromised drone port could provide an entry point for adversaries to access sensitive operational data, manipulate mission parameters, or even inject malicious software onto drones. Organizations need to consider these network connections as seriously as they would any other critical IT infrastructure.
Furthermore, the simple act of plugging these devices into a laptop for data transfer, firmware updates, or detailed analysis can also introduce risk. Laptops used for drone management may not always adhere to the same stringent security protocols as other enterprise systems. A compromised laptop could inadvertently transfer malware to the drone, or sensitive drone data could be exfiltrated from the laptop itself. It’s imperative that organisations implement robust cybersecurity practices for all devices that interact with their drone fleets, extending their security perimeter beyond the drone to every point of contact.
The Way Forward: Securing the Indispensable
The DJI paradox highlights a critical challenge in modern technology adoption: balancing capability and cost with national security and data integrity. While the immediate pressure to switch away from DJI is driven by geopolitical concerns and national security directives, the underlying issue is securing the embedded systems of all critical devices.
At Periphery, we understand this dilemma. Our focus isn’t on which drone manufacturer is used, but on ensuring the inherent security and resilience of any device at the edge. By providing advanced, on-device threat detection for industrial computers and critical embedded systems, we offer a pathway to bolster the security posture of vital equipment, regardless of its origin. This allows organisations to leverage the undeniable operational benefits of advanced technology while actively mitigating the sophisticated threats that target such critical assets.
The future demands that we bridge this gap, securing the indispensable tools that power our defence and critical infrastructure. Ultimately, true operational advantage will belong to those who can unequivocally trust the security and integrity of every device at the edge.
