The Department of Justice (DoJ) updated its Policy on the Use of Unmanned Aircraft Systems (UAS), placing an emphasis on cybersecurity and mitigating supply chain risks that may come from drones.
The updated policy, announced November 27, adds supply chain concerns to DoJ’s procurement process on Unmanned Aerial Vehicles—an area that has been of growing concern across the Federal government.
“UAS component parts may constitute IT capable of processing, storing, or transmitting information. The procurement of IT must comply with applicable laws, policies, and regulations, including those administered by the Office of the Chief Information Officer,” the policy states.
By explicitly bringing UAS under the existing IT security regulations, drones will need to comply with risk-based safeguards to prevent data exfiltration on Federal systems. The updated regulation also requires local law enforcement agencies to have a cybersecurity program in place if they want to receive funds from DoJ for UAS.
“Our new policy promotes the responsible, appropriate, and effective use of UAS by the Department and can serve as a model for our state, local, tribal, and territorial public safety partners as they develop their own UAS programs and best practices,” said Beth Williams, assistant attorney general for the Office of Legal Policy.
Outside of cybersecurity requirements, the policy keeps privacy regulations in place, mandating that DoJ components not retain personally identifiable information for more than 180 days without justification, gain authorization before using UAS, and provide an annual privacy report on drone usage.