US Army Bans All DJI Drones Over Chinese Data Surveillance Risk
What happened
The US Army issued a directive in August 2017 ordering all units to immediately cease use of DJI drone products and remove them from service. The directive cited 'cyber vulnerabilities' and concerns about data — including flight logs, GPS coordinates, and imagery — being transmitted to servers in China. The ban affected thousands of commercially purchased DJI drones that units had adopted for reconnaissance, training, and mapping. DJI denied the security claims but the ban remained and was later extended across other US government agencies.[1]
What went wrong
The Army had widely adopted consumer-grade DJI drones for operational and training use without conducting adequate cybersecurity vetting of the hardware or its data handling practices. DJI's default application settings transmitted operational data to company servers in China. Procurement was driven by cost and availability rather than security review, leaving sensitive flight and location data exposed in operational environments.[1]
Lesson learned
Commercial off-the-shelf hardware is never automatically suitable for sensitive operational roles. Any networked device procured for military or government use requires a cybersecurity review regardless of price point or convenience. The cost of unwinding widespread adoption of a banned technology — including retraining, replacement procurement, and lost capability — far exceeds the cost of a pre-purchase security assessment.
Sources
- [1] DefenseOne Army Bans DJI Drones