Which Drones Can Federal Agencies Purchase?
Under MAS contracts, GSA policy prohibits the award of drones other than those approved through the DIU’s Blue sUAS program, according to a GSA spokesperson.
“The Blue sUAS program provides secure, trusted sUAS options for DOD and federal government procurement that meet FY20 NDAA Section 848 requirements,” the spokesperson notes.
Under the Fiscal Year 2020 National Defense Authorization Act, Congress banned the purchase and use of drones and components manufactured in China. The law bans the use of Chinese-made components in drones for everything from the flight controller to data transmission devices, cameras, operating software, network connectivity hardware and software, and data storage.
Additionally, according to the GSA spokesperson, the Trade Agreements Act is applicable to GSA’s MAS program and other Federal Acquisition Service contract vehicles.
“For procurements subject to the TAA, agencies must purchase only U.S.-made or designated-country end products,” the spokesperson says. Under the Federal Acquisition Regulation, the country of origin is the country in which substantial transformation occurs.
Which Government-Approved Drones Are Made in the U.S.?
According to the GSA spokesperson, most of the drones in the Blue sUAS program are manufactured by domestic suppliers.
Additionally, for procurements subject to the Buy American Act, “agencies must purchase American-made products unless an exception applies,” the spokesperson says.
The Blue sUAS program consists of five lines of effort that curate, maintain and improve a “robust roster of policy approved commercial UAS which suit the diverse needs” of the Defense Department.
Policy-compliant commercial UAS, once vetted by the Blue UAS On-Ramp approval process, do not require a continuous exception to DOD policy renewal, according to the DIU.
The Blue sUAS program has so far approved the following drones: Sensefly eBee TAC, Skydio X2D, FLIR ION M440, Parrot Anafi USA GOV, Parrot Anafi USA MIL, Teal Golden Eagle and the Vantage Robotics Vesper.
How to Ensure Drone Security for Agencies
Agencies also must ensure that the drones they do use are as protected from cybersecurity threats as possible.
Drones “provide innovative solutions for tasks that are dangerous, time-consuming and costly,” the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency says in guidance on cybersecurity best practices for drones. “Critical infrastructure operators, law enforcement, and all levels of government are increasingly incorporating UASs into their operational functions and will likely continue to do so.”
Although UAS offer benefits to their operators, they can also pose cybersecurity risks, and operators should exercise caution when using them, CISA says. A key best practice is vetting the software and firmware used in drones, CISA says.
That includes ensuring “that the devices used for the download and installation of UAS software and firmware do not access the enterprise network,” and ensuring “file integrity monitoring processes are in place before downloading or installing files.”
Agencies also need to work to make drone communications as secure as possible. CISA advises agencies to use “complicated Service Set Identifiers (SSIDs) that do not identify UAS operations on the network.” Agencies should also “avoid using the specific make or model of the UAS or the operating organization in the SSID.”
If the drones support the Transport Layer Security protocol, agencies should ensure that it is enabled to the highest standard that the UAS supports
“Have the data links for UAS control, telemetry, payload transmission, video transmission, and audio transmission encrypted with different keys,” CISA advises. “Make sure the UAS is able to encrypt the data stored onboard.”
Agencies should also leverage encryption and multifactor authentication for drone data storage and transmission. “Erase all data from the UAS and any removable storage devices after each use,” CISA adds.