Senators want NIST to create cyber guidelines for agencies’ use of civilian drones
Sens. Mark Warner (L) and John Thune confer at a hearing in February 2023. The Virginia Democrat and the South Dakota Republican are teaming up on legislation to introduce cybersecurity guidelines for the federal government's fleet of drone aircrart. Tom Williams/CQ-Roll Call, Inc via Getty Images
The new bipartisan bill would also require that every agency using civilian drones “implement policies and principles based on the NIST guidelines.”
A bipartisan duo of senators introduced legislation this week that would require the National Institute of Standards and Technology to draft cybersecurity guidelines around the federal government’s use of civilian-made drones, with the ultimate goal of implementing binding requirements for all agencies.
The Drone Evaluation to Eliminate Cyber Threats Act — introduced Wednesday by Sens. Mark Warner, D-Va., and John Thune, R-S.D. — would require NIST to develop a document concerning agencies’ use and management of “unmanned aircraft systems owned or controlled by an agency and regularly connected to or exchanging data with information systems.”
The bill would direct the Office of Management and Budget to “test the guidelines by requiring one federal agency to implement them on a pilot basis,” and then would subsequently have OMB “require every agency with civilian drones to implement policies and principles based on the NIST guidelines.” Agencies would be prohibited from purchasing drones that do not comply with the NIST guidelines unless they receive a waiver.
The proposal would also require civilian contractors to alert the agency and the Cybersecurity and Infrastructure Security Agency when they discover any security weaknesses in their drones, including “a supply chain compromise or an identified software or hardware vulnerability for which there is reliable evidence of attempted or successful exploitation by an actor without the authorization of the owner of the unmanned aircraft system.”
Warner said in a statement that the bill would “establish sensible cybersecurity guidelines for drones used by the federal government to ensure that sensitive information is protected while we continue to invest in this new technology.”
“Drones and unmanned systems have the capability to transform the way we do business, manage our infrastructure and deliver life-saving medicine, and as drones become a larger part of our society, it’s crucial that we ensure their safety and security,” he added.
Wednesday’s bill is the latest instance in which Warner and Thune have teamed up during the 118th Congress to address perceived regulatory gaps around federal and civilian uses of drones.
The two senators previously introduced legislation in February 2023 that would require the Federal Aviation Administration to simplify the approval process for “beyond visual line of sight” drone flights and also “clear the way for drones to be used for commercial transport of goods across the country.”