Firewalls, no cloud requirement: how to make commercial drones more secure
A recent influx of legislation to ban Chinese drones over data privacy — like the Countering CCP Drones Act — reflects growing concerns about the security of commercial drones and their handling of data. That’s led politicians to generate their own policy ideas around how to make commercial drones more secure.
But while bans (or even tariffs, as more moderate legislation like the DFR Act proposes) might seem like a quick fix, they bring the potential for enormous, negative side effects. Critics fear that banning what are generally far more affordable, Chinese-made drones could have an outsized, negative impact on small businesses that have tighter budgets than big corporations or government entities.
Meanwhile, many private businesses are turning to another solution that makes drone data more secure — without an outright ban.
DJI itself has sought to prove itself as a more secure solution for U.S. customers. As of June 27, 2024, DJI no longer offers U.S. operators the option to sync their flight records to DJI servers. Interestingly, the capability still remains when you fly DJI drones in regions outside the U.S.
And that’s not all. Throughout 2024, we’ve seen an uptick in solutions to fortify the security of drone data. Many such solutions come from big drone companies like DroneDeploy and AirData. Here’s a look at ways that private companies are working to make commercial drones more secure — no ban needed:
DroneDeploy introduces world’s first security firewall for commercial drones
In June 2024, San Francisco based drone software company DroneDeploy launched Dock Shield. Dock Shield is a system of network security protocols designed to work with drone docks such as the DJI Dock 1 and DJI Dock 2.
Drone docks (sometimes called drone-in-a-box) are popular systems for landing, charging and storing drones. They’re especially popular in remote places that would be annoying for a human operator to monitor all the time. These days, the best drone docks are highly advanced. They’re even capable of storing and sending data back to teams (generally over the cloud). And it’s that storing and sending of data where Dock Shield comes in so critically.
“Because the docked drone is fully autonomous with no person on site, safety and security are critical to the successful operations of the docked drone,” said Ashutosh Agrawal, a risk director at DroneDeploy. “The shield technology is one of the ways DroneDeploy is approaching concerns over Chinese technology.”
Those aforementioned network security protocols from DroneDeploy’s Dock Shield are designed to limit connections out of drone docks — including the DJI Docks — solely to trusted DroneDeploy-controlled U.S. servers. The shield works by creating a firewall. That, in turn, makes communications secure and limited to only between DroneDeploy and the drone.
This solution will help ensure that drone data arrives securely — and only at its intended destination.
In fact, though Dock Shield can be compatible with any drone, it was actually initially tailored for DJI Dock 1 and 2. DroneDeploy also said it has plans to launch a similar product for the DJI Mavic 3 Enterprise later in 2024.
Purchase the DJI Dock 2 now from Drone Nerds.
Agrawal said that security had not been much of a major pain point amongst DroneDeploy customers, adding that “DroneDeploy is the most secure platform on the market.” But given the uptick in anti-China legislation and debate, DroneDeploy is iterating with solutions.
Agrawal also said that DJI drones are still highly popular amongst DJI customers.
“While there has been a lot of rhetorical change in the conversation over DJI, especially in the last year, we are still seeing wide adoption of this technology as U.S. competitors are not yet able to make drones that fulfill all use case needs,” Agrawal said.
Rather than an entirely-new, U.S.-made drone, DroneDeploy is betting that better security systems applied to DJI drones is a smarter fix.
“Firewalls are the most practical and effective solution to manage risk involved in using Chinese hardware,” he said. “Firewalls are a long-standing security solution, not some new fancy or proprietary thing, but a known and industry tested way to manage security concerns.”
AirData allows customers to upload logs without DJI’s cloud
AirData is a California-based, online drone fleet data management and real-time flight streaming platform. It allows its users to synchronize flight logs from DJI without using the DJI Cloud.
Even though DJI disabled the “Sync Flight Data” feature to the DJI cloud in its flight apps in 2024, AirData offers alternative sync options so pilots can track flight activity.
There are a few ways to do this, such as through the AirData UAV mobile app, which can directly upload flight logs from your device to AirData, bypassing DJI’s cloud. This method is straightforward and also secure, ensuring your data remains under your control. You can also manually upload logs to AirData by extracting flight logs from your drone and then uploading them through AirData’s web interface.
Trevor Hall, an AirData spokesperson, said the capability serves multiple purposes.
“Whether it’s because off privacy concerns or a more streamlined upload process, uploading logs directly to AirData via our mobile app (bypassing DJI’s servers) is often preferred by our customers,” he said. “It’s a decision that’s sometimes made by the individual user and sometimes by their employer. Our customers that are part of government agencies are especially keen to using our mobile app to upload logs.”
Other ways to make commercial drones more secure
Then there are some best practices you can impose on yourself (or your business) to make drone flights more secure. Consider these some general best practices:
Make regular firmware updates: Be diligent about promptly installing firmware updates that patch security vulnerabilities. One note: make sure you have a secure process to prevent unauthorized firmware from loading.
Tamper-proof hardware: Don’t forget physical security. Consider situations where the physical drone might get in the hands of someone else. Maybe you’re flying with a drone in checked luggage or otherwise leaving it somewhere in the open. If so, be on alert. Critical components like the flight controller and GPS unit should be tamper-proof to prevent unauthorized modifications or hardware implants. Even a simple lock on your drone case can make commercial drones more secure.
Use multi-factor authorization: It’s not just drones. All sorts of online accounts, like email, social media and, yes, drone control apps should have multi-factor authentication enabled. This prevents unauthorized access. This could involve passwords, biometrics, or hardware tokens.
By implementing a combination of these measures, then drone manufacturers, governments and drone pilots can work together to create a more secure drone ecosystem — no actual ban necessary. This will not only address national security concerns but also build public trust. Ideally, that’ll continue paving the way for wider commercial drone adoption, not fewer drones given potential bans.