Hardware

Navigating Executive Order 13981’s Impact on Government Drone Procurement

Laws and regulations around the government purchase of unmanned aerial vehicles has changed in the past few years.

Twitter

Phil Goldstein is a former web editor of the CDW family of tech magazines and a veteran technology journalist. He lives in Washington, D.C., with his wife and their animals: a dog named Brenna, and two cats, Grady and Princess.

For years, federal agencies have been using drones for a wide range of use cases, from mapping to surveillance, search and rescue, and scientific research.

However, in recent years federal agencies’ use of and ability to procure drones, or unmanned aerial systems (UAS), has evolved, largely stemming from security concerns about drones from Chinese manufacturers. In 2020, for example, the Interior Department grounded its entire fleet of drones over concerns “that Chinese parts in them might be used for spying, making exceptions only for emergency missions like fighting wildfires and search-and-rescue operations,” as The New York Times reports.

Last year, former President Donald Trump issued an executive order just before leaving office that said the U.S. government would seek to prevent “the use of taxpayer dollars to procure UAS that present unacceptable risks and are manufactured by, or contain software or critical electronic components from, foreign adversaries, and to encourage the use of domestically produced UAS.”

As a result, the General Services Administration works to ensure that only drones approved by the Defense Innovation Unit are permitted under Multiple Award Schedule contracts.

So, which drones can federal agencies currently procure? Do they need to be American-made drones? How can agencies ensure that the drones they do use are as secure as possible? Here’s a breakdown of the state of UAS procurement.

Click the banner to get access to customized federal IT content by becoming an Insider.

Which Drones Can Federal Agencies Purchase?

Under MAS contracts, GSA policy prohibits the award of drones other than those approved through the DIU’s Blue sUAS program, according to a GSA spokesperson.

“The Blue sUAS program provides secure, trusted sUAS options for DOD and federal government procurement that meet FY20 NDAA Section 848 requirements,” the spokesperson notes.

Under the Fiscal Year 2020 National Defense Authorization Act, Congress banned the purchase and use of drones and components manufactured in China. The law bans the use of Chinese-made components in drones for everything from the flight controller to data transmission devices, cameras, operating software, network connectivity hardware and software, and data storage.

Additionally, according to the GSA spokesperson, the Trade Agreements Act is applicable to GSA’s MAS program and other Federal Acquisition Service contract vehicles.

“For procurements subject to the TAA, agencies must purchase only U.S.-made or designated-country end products,” the spokesperson says. Under the Federal Acquisition Regulation, the country of origin is the country in which substantial transformation occurs.

DIVE DEEPER: Here are some best practices for drone technology innovation in government.

Which Government-Approved Drones Are Made in the U.S.?

According to the GSA spokesperson, most of the drones in the Blue sUAS program are manufactured by domestic suppliers.

Additionally, for procurements subject to the Buy American Act, “agencies must purchase American-made products unless an exception applies,” the spokesperson says.

The Blue sUAS program consists of five lines of effort that curate, maintain and improve a “robust roster of policy approved commercial UAS which suit the diverse needs” of the Defense Department.

Policy-compliant commercial UAS, once vetted by the Blue UAS On-Ramp approval process, do not require a continuous exception to DOD policy renewal, according to the DIU.

The Blue sUAS program has so far approved the following drones: Sensefly eBee TAC, Skydio X2D, FLIR ION M440, Parrot Anafi USA GOV, Parrot Anafi USA MIL, Teal Golden Eagle and the Vantage Robotics Vesper.

VIDEO: Take a deep dive into the Interior Department’s use of drones.

How to Ensure Drone Security for Agencies

Agencies also must ensure that the drones they do use are as protected from cybersecurity threats as possible.

Drones “provide innovative solutions for tasks that are dangerous, time-consuming and costly,” the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency says in guidance on cybersecurity best practices for drones. “Critical infrastructure operators, law enforcement, and all levels of government are increasingly incorporating UASs into their operational functions and will likely continue to do so.”

Although UAS offer benefits to their operators, they can also pose cybersecurity risks, and operators should exercise caution when using them, CISA says. A key best practice is vetting the software and firmware used in drones, CISA says.

That includes ensuring “that the devices used for the download and installation of UAS software and firmware do not access the enterprise network,” and ensuring “file integrity monitoring processes are in place before downloading or installing files.”

Agencies also need to work to make drone communications as secure as possible. CISA advises agencies to use “complicated Service Set Identifiers (SSIDs) that do not identify UAS operations on the network.” Agencies should also “avoid using the specific make or model of the UAS or the operating organization in the SSID.”

If the drones support the Transport Layer Security protocol, agencies should ensure that it is enabled to the highest standard that the UAS supports

“Have the data links for UAS control, telemetry, payload transmission, video transmission, and audio transmission encrypted with different keys,” CISA advises. “Make sure the UAS is able to encrypt the data stored onboard.”

Agencies should also leverage encryption and multifactor authentication for drone data storage and transmission. “Erase all data from the UAS and any removable storage devices after each use,” CISA adds.

evandrorigon/Getty Images