Lawmakers Knock DHS for Absence at Drone Hearing
By Jennifer Martinez
7/19/2012 1:31 PM ET
Lawmakers from both sides of the aisle took the Department of Homeland Security to task for refusing to testify at a Thursday hearing that examined how drones could pose national security and privacy risks to the United States.
House Republican members on the Homeland Security Committee’s oversight panel, led by Rep. Michael McCaul (R-Texas) were particularly critical of the department’s absence and argued that boosting the cybersecurity of drone computer systems is a responsibility that falls under DHS’ jurisdiction. McCaul, the chairman of the subcommittee, said that department officials have told his staff that the agency has “no role in domestic unmanned aerial systems.”
McCaul blasted the Department of Homeland Security for not taking steps to proactively address security vulnerabilities found in the computer systems of drones.
“DHS’ lack of attention about this issue is incomprehensible,” McCaul said. “It should not take a 9/11 style attack by a terrorist organization such as Hezbollah or a lone wolf inspired event to cause DHS to develop guidance addressing the security implications of domestic drones. It should not take a hearing to force DHS to develop policy when it comes to the security of our homeland.”
Several lawmakers called for DHS to step up and create policies and guidelines for the use of drones. They also voiced concern about terrorist groups compromising a drone’s computer system and using it as a weapon to attack the United States.
Todd Humphreys, a professor at the University of Texas at Austin, testified that he and his team had successfully tapped into a civilian drone’s computer system through a method known as “spoofing.” Using that method, a hacker transmits counterfeit global positioning system (GPS) signals to fool the drone’s navigation system and take control of it.
He warned that drones and several types of critical infrastructure in the United States rely on civil GPS technology, which can be easily tapped into by spoofing and other hacking methods.
Humphreys recommended that drones weighing more than 18 pounds or deemed critical infrastructure by DHS should bake encrypted signal feeds and spoof-resistant technology into their navigation systems. But he added that DHS should commit to funding the development and implementation of encrypted signatures into civil GPS signals.
“I believe it would fall to DHS to fund something like this,” Humphreys said, adding that the Federal Aviation Administration’s expertise is focused on the safety of airspace rather than the defense of it.
But in the short term, he noted that there are anti-spoofing techniques that can be baked into navigation systems of drones. While these techniques “don’t prevent very sophisticate attacks, they would sure make them much harder,” Humphreys said.
Gerald Dillingham, a director at the Government Accountability Office, said DHS had not implemented the security recommendations that GAO had outlined in an earlier report. The department told GAO it was taking actions that were sufficient to address the issues, he added.
Dillingham said that DHS, the FAA and Justice Department should decide which agency should take the lead in regulating drone use.
Rep. Yvette Clarke (D-N.Y.) said it was “not acceptable” for DHS to decline the subcommittee’s invitation to testify and share its thoughts on the potential risks associated with these devices.
Lawmakers also questioned how drones impact the privacy and civil liberties of American citizens.
Amie Stepanovich, litigation counsel at the Electronic Privacy Information Center, called for Congress to pass legislation that would prohibit drones from carrying out targeted surveillance, as well as make the drone program subject to independent audits and oversight. Stepanovich noted that nefarious actors could their hands on sensitive information by hacking into drones’ computer systems.
Stepanovich criticized DHS for not taking steps to assess how drone use affects Americans’ civil liberties and for not developing policies to safeguard privacy.
“We think it’s important to do this now. Violations have not occurred yet,” she said. “If you wait for the drones to go up in the air before we act, you’re going to regret it.”