New legislation would give NIST drone cybersecurity responsibilities

Sens. Warner and Thune have zeroed in on two drone-related proposals.
Sens. John Thune, R-S.D., and Mark Warner, D-Va., hold a news conference at the U.S. Capitol on March 7, 2023 in Washington, D.C. (Photo by Chip Somodevilla/Getty Images)

A new bill from Sens. Mark Warner, D-Va., and John Thune, R-S.D., would have the National Institute of Standards and Technology develop cybersecurity guidance for drones used by the government.

The legislation, which is called the Drone Evaluation to Eliminate Cyber Threats, or DETECT, Act, could eventually lead to binding rules for the federal agencies that use civilian drones, based on the NIST guidelines.

It also has other components, including directions for the Office of Management and Budget to test those guidelines with one federal agency and to implement reporting guidelines for drone security vulnerabilities. ​​Federal agencies would also be forbidden from buying drones that don’t meet these guidelines without a waiver. 

“As the capabilities of drones continue to evolve and be utilized by both the federal government and the private sector, it’s critically important that they operate securely,” Thune said in a statement. “This common-sense legislation would require the federal government to follow stringent cybersecurity guidelines and protocols for drones and unmanned systems.”


It’s not the first time the two senators have taken action on drone technology. A previous proposal, called the Increasing Competitiveness for American Drones Act, would improve the Federal Aviation Administration’s process for dealing with the technology, which Warner and Thune have argued is opaque and sluggish.

“If we want the drones of tomorrow to be manufactured in the U.S. and not in China, we have to start working today to integrate them into our airspace,” Warner said in a February 2023 statement. 

Specifically, that FAA-focused bill would have the aviation industry create a more standardized approach to evaluating drone launch applications by establishing a “risk methodology.” The legislation spells out how the system would work: Operators using drones under 55 pounds would be required to conduct a risk assessment and open themselves up to potential audit, while those using heavier aircraft would have to undergo a more stringent process. 

Applications for drones up to 1,320 pounds would need an airworthiness certificate and operations would need to send risk assessment materials to the FAA. Any vehicle heavier than that would need to fully certified — just like a crewed vehicle. 

Among other steps, the legislation would also establish a remote pilot certification process, create an associate administration of unmanned aircraft systems (UAS) role, and form a UAS certification unit.


Both proposals have support from those representing the UAS industry.

Rebecca Heilweil

Written by Rebecca Heilweil

Rebecca Heilweil is an investigative reporter for FedScoop. She writes about the intersection of government, tech policy, and emerging technologies. Previously she was a reporter at Vox's tech site, Recode. She’s also written for Slate, Wired, the Wall Street Journal, and other publications. You can reach her at Message her if you’d like to chat on Signal.

Latest Podcasts