WASHINGTON – Today, U.S. Sens. Mark R. Warner (D-VA) and John Thune (R-SD) introduced the Drone Evaluation to Eliminate Cyber Threats Act of 2024 (DETECT Act), legislation directing the National Institute of Standards and Technology (NIST) to develop cybersecurity guidelines for the federal government’s use of drones.

Drones have the ability to collect sensitive information, and as they become more common, the security of this technology is of increasing importance. The DETECT Act would address cybersecurity concerns by directing the National Institute of Standards and Technology (NIST) to develop a set of guidelines. Following an implementation period, these guidelines would be binding on the federal government’s use of civilian drones, the private sector may voluntarily use these guidelines in their own operations.

“Drones and unmanned systems have the capability to transform the way we do business, manage our infrastructure, and deliver life-saving medicine, and as drones become a larger part of our society, it’s crucial that we ensure their safety and security,” said Sen. Warner. “This legislation will establish sensible cybersecurity guidelines for drones used by the federal government to ensure that sensitive information is protected while we continue to invest in this new technology.” 

“As the capabilities of drones continue to evolve and be utilized by both the federal government and the private sector, it’s critically important that they operate securely,” said Sen. Thune. “This common-sense legislation would require the federal government to follow stringent cybersecurity guidelines and protocols for drones and unmanned systems.”

Specifically, The DETECT Act:

•  Directs NIST to develop guidelines covering cybersecurity for civilian drones;
• Directs OMB to test the guidelines by requiring one federal agency to implement them on a pilot basis;
• Directs OMB, after the conclusion of the test period described above, to require every agency with civilian drones to implement politics and principles based on the NIST guidelines;
• Directs OMB to issue guidance to agencies governing the reporting of security vulnerabilities discovered in drones used by the agencies;
• Requires contactors who supply civilian drones or drone-related services to the federal government to report any security vulnerabilities discovered;
• Directs the Federal Acquisition Regulatory Council to promulgate any necessary regulation to carry the forgoing contractor requirements into effect;
• Forbids agencies from acquiring drones that do not meet the guidelines referenced above, subject to a waiver process under certain circumstances.

Sens. Warner and Thune have been strong supporters of the domestic production of unmanned systems, including driverless cars, drones, and unmanned maritime vehicles, and have taken steps to ensure that domestic production of drones is both safe and keeping up with global competitors. Last year, the senators introduced the Increasing Competitiveness for American Drones Act, legislation that would clear the way for drones to be used for commercial transport of goods across the country. Sen. Warner also championed legislation to prohibit federal dollars from being used to procure or operate drones from countries or companies identified as posing a national security threat, which was ultimately included in the National Defense Authorization Act (NDAA) of 2024.

"As the use of drones for multiple types of important operations –critical infrastructure inspection, public safety, agriculture, drone delivery, and more– has grown significantly in recent years, the need for cybersecurity standards for these critical mission tools has become evident,” said Michael Robbins, Chief Advocacy Officer of the Association for Uncrewed Vehicle Systems International. “To ensure safety and security, the U.S. must lead in this area. AUVSI thanks Senators Warner and Thune for their leadership in protecting our nation from cyber risks and supporting American leadership in advanced aviation.”

Full text of the legislation is available here.

###