Drones, data and critical infrastructure
Recent reporting about an alleged data breach involving the Chinese cybersecurity firm Knownsec – while not fully validated – reinforces longstanding intelligence community assessments that nation-state adversaries actively pursue information tied to critical infrastructure. Protecting that information requires far more than physical barriers. It demands a unified, multidomain approach that links physical protection with the cybersecurity of IT, operational technology (OT) and information and communication technology systems (ICTS) devices used in modern operations.
The Knownsec reporting suggests that internal documents – some allegedly containing operational details and references to infrastructure, networks and assets spanning more than 20 countries – may have been exposed.
Although the authenticity remains unverified, the incident underscores a persistent concern: Organizations that rely on connected technologies to collect, store or transmit operational data face heightened cybersecurity risk, especially when those systems may be accessible to foreign actors.
This risk grows sharper when viewed through the widespread use of Chinese-manufactured drones such as DJI, which dominate the global commercial market and are widely employed by U.S. infrastructure operators. These platforms are not merely aircraft; they are ICTS equipped with high-resolution sensors, onboard processors, storage modules and wireless connectivity. Drones now perform critical roles across the critical infrastructure community – collecting enormous amounts of operational data that support inspections, mapping, security and maintenance. The same features that make them indispensable also make them potential conduits for compromise.
The Knownsec incident, verified or not, reflects a broader pattern tied to the legal environment in which many Chinese technology companies operate. Three national laws grant the People’s Republic of China sweeping authority over private-sector data and technology activity. The 2017 National Intelligence Law obliges every organization and citizen to assist state intelligence work when requested, leaving no mechanism to resist such demands. The 2021 Data Security Law gives Beijing broad control over information deemed relevant to national security, economic stability or public interest. And the 2021 Cyber Vulnerability Reporting Law requires companies to disclose newly discovered software flaws to the government before notifying customers or partners – raising concerns about exploitation and data harvesting.
Together, these laws create an environment in which Chinese-based firms, regardless of industry, are legally obligated to cooperate with state security and intelligence agencies. This reality elevates risk around Chinese-manufactured ICTS devices, including drones: The concern is not only about the technology’s design, but also about the authorities governing the companies behind it.
U.S. policy has mirrored that concern. In September, Reuters reported that DJI lost its lawsuit seeking removal from the Department of Defense’s list of Chinese military companies. The ruling reinforced the assessment that DJI maintains ties and dependencies that raise national-security questions – particularly when its platforms are used to collect or transmit data from critical infrastructure environments. These developments demonstrate why the Knownsec conversation, even if partially speculative, warrants ongoing attention.
A central point often overlooked is that a drone is not simply an aircraft – it is a sophisticated information-collection platform that functions as an integrated ICTS device. Modern drones combine high-end sensors, onboard computing power, wireless data links and cloud-connected applications, enabling them to capture and transmit vast quantities of operationally sensitive data in real time. The information they gather – spatial, thermal, structural and environmental – can reveal equipment states, facility layouts or access routes that expose exploitable weaknesses within the nation’s most critical assets.
These capabilities have transformed operations across infrastructure sectors. Drones conduct inspections of bridges, pipelines, power lines and substations that once required hazardous manual labor. They enable surveying and mapping of construction sites, energy corridors and communication networks, producing detailed models for engineering and planning. They enhance asset security and emergency response by providing live imagery and sensor data that improve situational awareness and accelerate decision-making.
However, when missions involve sensitive or high-value facilities, the resulting data becomes a strategic intelligence asset. High-resolution imagery, thermal profiles and geospatial models can allow adversaries to model vulnerabilities and conduct reconnaissance with precision once reserved for state-level surveillance programs. Treating drones solely as aircraft overlooks their true nature – they are digital sensors capable of producing intelligence-grade data. Their cybersecurity posture, data-handling practices and manufacturer obligations must therefore be treated as central components of national-security risk management.
If a nation-state actor such as China were to obtain this information, the consequences could include the targeting of critical sites, disruption of operations or exploitation of systemic weaknesses. That is the enduring lesson of the Knownsec reporting: Critical-infrastructure data is a strategic target, and drone-generated information represents an expanding attack surface that adversaries are positioned to exploit.
Protecting against that risk requires collaboration. Organizations must treat drones as cyber-enabled ICTS devices, not simply aircraft. National policymakers, industry leaders and critical infrastructure operators should work together to strengthen defenses while preserving innovation and affordability. The goal is to ensure that drone technology continues to improve safety and help organizations work smarter and more effectively, without putting sensitive infrastructure or the data it collects at risk.
Several practical steps can help achieve that balance. Federal incentives – through grants or procurement programs – should accelerate development of secure-by-design domestic drone platforms built with embedded cybersecurity and data-integrity protections. This approach reduces reliance on foreign systems while keeping options viable for small businesses, first responders and public-safety agencies that depend on capable and cost-effective aircraft. Organizations should also stay informed about exploitable vulnerabilities and participate in Information Sharing and Analysis Centers (ISACs) to receive threat intelligence and share best practices, fostering collective defense across sectors.
When acquiring new aircraft, critical infrastructure operators should prioritize vetted platforms that have undergone independent security evaluation. AUVSI’s Green UAS and the Department of Defense’s Blue UAS lists identify systems that meet rigorous cybersecurity, manufacturing and supply-chain standards. Finally, those continuing to operate Chinese-manufactured drones should follow CISA’s 2024 cybersecurity guidance, which provides clear measures for network segmentation, device hardening and secure data practices to minimize exposure during sensitive operations.
Drones now occupy a permanent place in national security, emergency response, and commercial and small-business operations. Their ability to safely collect and analyze data has saved lives and driven economic growth. Yet the same data that makes them valuable also creates risk if mishandled – particularly when missions involve sensitive critical infrastructure environments. The path forward is not to discard these tools or restrict their use across the board, but to use them responsibly based on mission risk: treating drones as ICTS devices with strong cybersecurity requirements for sensitive operations, while ensuring public safety agencies and small businesses can continue relying on cost-effective platforms for non-sensitive work.
By building a security culture that protects data at every stage – from collection and transmission to storage and analysis – we can preserve the benefits of drone technology while reducing the potential for exploitation. The Knownsec story serves as a reminder that vigilance, collaboration and smart integration are essential. With deliberate policy and disciplined practice, drones can remain an asset to resilience and public safety rather than a Trojan horse within critical infrastructure operations.