All day the drone / sUAS community was in full speculation mode over the leaked US Army memo saying all DJI products were grounded over cyber vulnerability concerns. Most outlets jumped on the news without bothering to confirm the memo was real.
MEMORANDUM FOR RECORD
2 August 2017
SUBJECT: Discontinue Use of Dajiang Innovation (DJI) Corporation Unmanned Aircraft Systems
a. Army Research Laboratory (ARL) report, “DJI UAS Technology Threat and User Vulnerabilities,” dated 25 May 2017 (Classified).
b. Navy memorandum, “Operational Risks with Regards to DJI Family of Products,” dated 24 May 2017.
2. Background: DJI Unmanned Aircraft Systems (UAS) products are the most widely used non-program of record commercial off-the-shelf UAS employed by the Army. The Army Aviation Engineering Directorate has issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets. Due to increased awareness of cyber vulnerabilities associated with DJI products, it is directed that the U.S. Army halt the use of all DJI products. This guidance applies to all DJI UAS and any system that employs DJI electrical components or software including, but not limited to, flight computers, cameras, radios, batteries, speed controllers, GPS units, handheld control stations, or devices with DJI software applications installed.
3. Direction: Cease all use, uninstall all DJI applications, remove all batteries/storage media from devices, and secure equipment for follow on direction.
4. Point of Contact: Headquarters, Department of the Army G-3/5/7 Aviation Directorate, 703-693-3552
Lieutenant General, GS
Deputy Chief of Staff, G-3/5/7
All it took was a quick phone call to the Pentagon, and the rampant speculation falls apart into a CYA statement by an Army spokesperson:
We can confirm that guidance was issued; however, we are currently reviewing the guidance and cannot comment further at this time.
If you’re wondering what the hell that even says, it’s a basic the left hand didn’t know what the right hand was doing.
DJI’s Adam Lisberg on today’s events was the company was just as confused as the rest of us.
People, businesses, and governments around the world rely on DJI’s products and technology for a variety of uses including sensitive and mission critical operations. The Department of the Army memo even reports that they have “issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets.”
We are surprised and disappointed to read reports of the U.S. Army’s unprompted restriction on DJI drones as we were not consulted during their decision. We are happy to work directly with any organization, including the U.S. Army, which has concerns about our management of cyber issues.
We’ll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by ‘cyber vulnerabilities.’
Until then, we ask everyone to refrain from undue speculation.
Yeah, it’s the Internet. Refrain from speculation? Say what?
Two paths here. The first is say there is a vulnerability of the DJI equipment. It would be a DOD-wide directive from the office of the Secretary of Defense, not the US Army.
The second path is this memo was written and accidentally released. It was never meant for public consumption. The Pentagon and DJI would work together to harden the systems for any classified or mission critical missions the products would be involved in.
It’s another lesson of asking basic questions. Don’t accept something as fact when a simple two-minute phone call gets you a confirmation and a whole lot of CYA. You can literally google the US Army’s Pentagon Public Affairs Office. Adding ‘Reportedly’ to headlines should not release outlets from basic reporting. If a two-man operation in Alabama can get answers, why can’t a VC-backed outlet get the same info?
We will update this article as more information becomes available.