[Senate Hearing 116-570]
[From the U.S. Government Publishing Office]






                                                        S. Hrg. 116-570

                 DRONE SECURITY: ENHANCING INNOVATION 
                   AND MITIGATING SUPPLY CHAIN RISKS

=======================================================================

                                HEARING

                               before the

                        SUBCOMMITTEE ON SECURITY

                                 of the

                         COMMITTEE ON COMMERCE,
                      SCIENCE, AND TRANSPORTATION
                          UNITED STATES SENATE

                     ONE HUNDRED SIXTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             JUNE 18, 2019

                               __________

    Printed for the use of the Committee on Commerce, Science, and 
                             Transportation





[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]












                Available online: http://www.govinfo.gov   
                             _________
                              
                 U.S. GOVERNMENT PUBLISHING OFFICE
                 
52-607 PDF               WASHINGTON : 2023
                
                
                
                
                
                
                
                
                
                
                
                
                
       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                     ONE HUNDRED SIXTEENTH CONGRESS

                             FIRST SESSION

                  ROGER WICKER, Mississippi, Chairman
JOHN THUNE, South Dakota             MARIA CANTWELL, Washington, 
ROY BLUNT, Missouri                      Ranking
TED CRUZ, Texas                      AMY KLOBUCHAR, Minnesota
DEB FISCHER, Nebraska                RICHARD BLUMENTHAL, Connecticut
JERRY MORAN, Kansas                  BRIAN SCHATZ, Hawaii
DAN SULLIVAN, Alaska                 EDWARD MARKEY, Massachusetts
CORY GARDNER, Colorado               TOM UDALL, New Mexico
MARSHA BLACKBURN, Tennessee          GARY PETERS, Michigan
SHELLEY MOORE CAPITO, West Virginia  TAMMY BALDWIN, Wisconsin
MIKE LEE, Utah                       TAMMY DUCKWORTH, Illinois
RON JOHNSON, Wisconsin               JON TESTER, Montana
TODD YOUNG, Indiana                  KYRSTEN SINEMA, Arizona
RICK SCOTT, Florida                  JACKY ROSEN, Nevada
                       John Keast, Staff Director
                  Crystal Tully, Deputy Staff Director
                      Steven Wall, General Counsel
                 Kim Lipsky, Democratic Staff Director
              Chris Day, Democratic Deputy Staff Director
                      Renae Black, Senior Counsel
                                 ------                                

                        SUBCOMMITTEE ON SECURITY

DAN SULLIVAN, Alaska, Chairman       EDWARD MARKEY, Massachusetts, 
ROY BLUNT, Missouri                      Ranking
TED CRUZ, Texas,                     AMY KLOBUCHAR, Minnesota
DEB FISCHER, Nebraska                RICHARD BLUMENTHAL, Connecticut
MARSHA BLACKBURN, Tennessee          BRIAN SCHATZ, Hawaii
MIKE LEE, Utah                       TOM UDALL, New Mexico
RON JOHNSON, Wisconsin               TAMMY DUCKWORTH, Illinois
TODD YOUNG, Indiana                  KYRSTEN SINEMA, Arizona
RICK SCOTT, Florida                  JACKY ROSEN, Nevada 

















                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on June 18, 2019....................................     1
Statement of Senator Sullivan....................................     1
    Prepared statement...........................................     1
Statement of Senator Markey......................................     3
Statement of Senator Scott.......................................    44
Statement of Senator Lee.........................................    52
Statement of Senator Sinema......................................    54
Statement of Senator Blumenthal..................................    56

                               Witnesses

Angela H. Stubblefield, Deputy Associate Administrator, Office of 
  Security and Hazardous Materials, Federal Aviation 
  Administration.................................................     4
    Prepared statement...........................................     6
Dr. Catherine F. Cahill, Director, Alaska Center for UAS 
  Integration, Geophysical Institute, Unniversity of Alaska 
  Fairbanks......................................................    11
    Prepared statement...........................................    13
Brian Wynne, President and Chief Executive Officer, Association 
  for Unmanned Vehicle Systems International.....................    15
    Prepared statement...........................................    17
Harry Wingo, Faculty, College of Information and Cyberspace, 
  National Defense University....................................    20
    Prepared statement...........................................    21
Harold H. Shaw, Chief Security Officer, Massachusetts Port 
  Authority......................................................    38
    Prepared statement...........................................    40

                                Appendix

Letter dated June 18, 2019 to Hon. Dan Sullivan and Hon. Edward 
  Markey from Marc Rotenberg, EPIC President; Jeramie Scott, EPIC 
  Senior Counsel; and Caitriona Fitzgerald, EPIC Policy Director.    65
American Fuel & Petrochemical Manufacturers, prepared statement..    66
Response to written questions submitted to Angela H. Stubblefield 
  by:
    Hon. Dan Sullivan............................................    67
    Hon. Deb Fischer.............................................    68
    Hon. Todd Young..............................................    69
    Hon. Amy Klobuchar...........................................    70
    Hon. Tammy Duckworth.........................................    71
Response to written questions submitted to Dr. Catherine F. 
  Cahill by:
    Hon. Todd Young..............................................    75
    Hon. Tammy Duckworth.........................................    77
Response to written questions submitted to Brian Wynne by:
    Hon. Todd Young..............................................    86
    Hon. Tammy Duckworth.........................................    87
Response to written questions submitted to Harry Wingo by:
    Hon. Todd Young..............................................    89
    Hon. Tammy Duckworth.........................................    90
Response to written questions submitted to Harold H. Shaw by:
    Hon. Todd Young..............................................    91
    Hon. Tammy Duckworth.........................................    92

 
 DRONE SECURITY: ENHANCING INNOVATION AND MITIGATING SUPPLY CHAIN RISKS

                              ----------                              


                         TUESDAY, JUNE 18, 2019

                               U.S. Senate,
                          Subcommittee on Security,
        Committee on Commerce, Science, and Transportation,
                                                    Washington, DC.
    The Subcommittee met, pursuant to notice, at 2:25 p.m. in 
room SD-562, Dirksen Senate Office Building, Hon. Dan Sullivan, 
Chairman of the Subcommittee, presiding.
    Present: Senators Sullivan [presiding], Lee, Scott, Markey, 
Blumenthal, and Sinema.

            OPENING STATEMENT OF HON. DAN SULLIVAN, 
                    U.S. SENATOR FROM ALASKA

    Senator Sullivan. Good afternoon. This subcommittee hearing 
on Security as part of the broader Commerce Committee will now 
come to order.
    I want to thank our witnesses for being here and I want to 
thank you in advance for a little bit of a juggling that we're 
going to be doing. There are several votes that we're now in 
the middle of and we're trying to keep them to 10 minutes. So 
we're going to try and do a little port starboard activity here 
between the Chairman and Ranking if we have to. We might have 
to briefly recess if both of us are going down there to vote 
but we don't want to take away from the importance of this 
important subcommittee hearing.
    So I'm going to truncate in the issue of time my opening 
statement, which I will submit the written opening statement 
for the record, without objection.
    [The prepared statement of Senator Sullivan follows:]

   Prepared Statement of Hon. Dan Sullivan, U.S. Senator from Alaska
    Good afternoon.

    Unmanned Aircraft Systems (UAS)--commonly referred to as 
``drones''--have the potential to provide huge societal benefits. 
Whether its delivering goods and services with precision and ease, 
transporting key medical supplies to remote areas, inspecting hard to 
reach critical infrastructure, or enhancing the capabilities of our 
first responders, drones can make these often times dangerous or 
mundane tasks safer and more routine.
    But like any tool, these systems can also be used for nefarious 
purposes, as we've seen with the reported sightings at Newark 
International Airport and the Gatwick and Heathrow airport incidents, 
and--perhaps more frighteningly--with the weaponization of these 
commercial drones on the battlefields of Syria and Yemen.
    The proliferation of civilian drones raises security risks, 
including the possibility that bad actors could use a drone to carry 
out an attack or other economically disruptive activities.
    In September 2011, the FBI disrupted a homegrown terrorist plot to 
attack the Pentagon and the Capitol with large model aircraft packed 
with high explosives. Numerous other safety incidents involving drones 
have been reported in the United States and abroad.
    In order to realize a future which safely and effectively 
integrates drones into the national airspace, a robust and reliable 
counter drone--or counter-UAS--framework needs to be in place in order 
to protect critical infrastructure, population centers, and personal 
and corporate privacy.
    The first step in this process is to ensure that federal, State, 
and local agencies have the tools they need to execute counter-UAS 
operations.
    There are multiple legal and regulatory considerations associated 
with taking any counter-UAS action. Drones are considered aircraft, and 
an attempt to damage a drone or hack into its signals is often legally 
equivalent to taking the same action against a manned aircraft.
    The Super Bowl earlier this year served to highlight the magnitude 
of the challenge faced by law enforcement agencies. The FBI--using 
systems provided by the Department of Defense and exercising authority 
granted last October in the FAA Reauthorization Act of 2018--dealt with 
54 drone incursions in the ``no drone zone'' set up around the stadium.
    While FAA has issued general guidance to law enforcement regarding 
unlawful drone operations, it is not clear that law enforcement 
agencies currently have sufficient training or technical capacity to 
respond to this emerging threat.
    In addition to attempting to combat illicit drone activity, many of 
those same federal, State, and local agencies are employing drone 
programs of their own to enhance their operational effectiveness--be it 
police, fire, or search and rescue. But the market for small drones is 
dominated by Chinese manufacturers--notably DJI Science and Technology 
Company which has almost three quarters of the entire global market 
share. There are serious and credible security and privacy concerns 
with government agencies using these foreign built products.
    Recently, DHS circulated a draft internal memo warning against 
using Chinese-made drones that may present ``potential risk to an 
organization's information'' by containing ``components that can 
compromise your data and share your information on a server accessed 
beyond the company itself.'' The memo emphasized that users should 
study and understand what access the drone system has to networks and 
to take precautionary steps such as turning off the device's Internet 
connectivity and removing secure digital cards.
    In 2017, the U.S. Army issued a guidance directing units to 
discontinue the use of DJI products, citing concerns over data security 
and cyber vulnerabilities. Also in 2017, Immigration and Customs 
Enforcement issued a bulletin alleging that DJI had actively targeted 
government and privately owned U.S. entities to collect and exploit 
their sensitive data.
    It's critical that we enhance and encourage domestic manufacturing 
of these drone systems, so that we can fully and safely exploit the 
benefits that drones present while not sacrificing security and 
privacy. There has been some movement in this space from a handful of 
U.S. companies who are creating open source software that can be 
coupled more safely with Chinese made hardware--but this is not enough, 
we need domestically owned and manufactured hardware and software to 
ensure sensitive information is not falling into the hands of our 
adversaries.
    Today we will be hearing from government, academic, and industry 
witnesses to examine the security threats and challenges posed by 
drones, and ways to best integrate those systems into the national 
airspace safely and effectively.
    With that, I want to thank our witnesses for being here today and I 
look forward to hearing their thoughts on these issues. I now recognize 
the Ranking Member for any opening statement that he may have.

    Senator Sullivan. But we are here today to discuss the 
issue of unmanned aircraft systems, UASs, or commonly known as 
drones, and they have the potential for huge societal benefits, 
whether it's safety, whether it's getting to remote areas, 
whether it's examining critical infrastructure, but these, like 
any important technology, can also be used in a way that 
creates challenges or even nefarious opportunities.
    We are seeing challenges and problems with regard to drones 
as it related to sightings at Newark International Airport, the 
Gatwick and Heathrow Airport incidents in London, and so what 
this hearing, with our strong witnesses here today, is going to 
be looking at is looking at the opportunities but also 
addressing some of the challenges that we see with regard to 
the overall drone system, how we are working with Federal 
agencies, states, localities in making sure that as we look at 
these systems, that some of the challenges, particularly it's 
becoming a theme, by the way, on this committee with regard to 
technologies provided by China, are not used in a way that 
undermines American interests, whether national security 
interests, privacy interests, or economic security interests of 
our citizens.
    So with that, I'm going to turn my time over to my Ranking 
Member, Senator Markey, so we can again get our witnesses on 
record with their statements and then, once the votes are 
moving and finished, we will have numerous questions for all of 
you.
    So Senator Markey.

               STATEMENT OF HON. EDWARD MARKEY, 
                U.S. SENATOR FROM MASSACHUSETTS

    Senator Markey. Thank you, Mr. Chairman, very much, and 
thank you for this very important hearing.
    Let me first welcome Mr. Harold Shaw, the Chief Security 
Officer of the Massachusetts Port Authority, to our 
subcommittee.
    Among many responsibilities, Massport owns and operates the 
airports, including Logan Airport in Boston that connects 
Massachusetts and New England to the world. Massport epitomizes 
professionalism and always puts safety and security first, and 
I am pleased, Mr. Shaw, that you are here to represent that 
incredible group of professionals.
    Today, we only need to look up to see that the future is 
already here. Drones are increasingly present in people's 
every-day lives and this technology has the potential to 
revolutionize the way we live and conduct business.
    Imagine a world where drones deliver your packages, 
groceries, school supplies directly to your doorstep, where 
drones serve as early warning systems platforms, perform search 
and rescue missions, and provide critical aid to those in need, 
where drones find our missing pets, inspect our critical 
infrastructure and even take out our garbage. The possibilities 
are actually endless.
    Yet, like all technology, there is a Dickensian quality to 
drones. It is the best of inventions and the worst of 
inventions simultaneously.
    So today, we explore the degrading and debasing side of 
drones. We must acknowledge that, although drones offer many 
benefits, there are also safety and privacy risks that we need 
to quickly address.
    With more and more drones taking flight every day, the risk 
of a drone colliding with a jumbo jet continues to rise. During 
December 2018, in an incident at Gatwick in Great Britain, 
reports of a drone sighting on the runway led to 33 hours of 
disruptive travel.
    The BBC reported that a thousand flights were canceled, not 
delayed, as planes were grounded and that a 140,000 passengers 
were caught up in the chaos.
    Drones have similarly been sighted at Logan Airport in 
Boston during the past year. Thankfully, travel was not 
disrupted, but the economic consequences of drone delays at 
airports could be enormous.
    More importantly, should a drone like this actually strike 
a plane or helicopter, the consequences and loss of life would 
be catastrophic and it would change air travel in our country 
forever.
    We need to be thinking about how to prevent such threats 
before tragedy strikes and we must also keep in mind that 
airports are not the only danger zone. The sky is an open road 
and drones can fly anywhere.
    So we thank each of our witnesses for your willingness to 
testify here today.
    I thank you, Mr. Chairman, for this very important hearing 
and look forward to your testimony.
    Senator Sullivan. Well, thank you, Senator Markey, and I 
want to thank the witnesses.
    Again, we have a distinguished panel here. I'm going to 
mention each one of you and then we'll begin with opening 
statements and again if you can be a little flexible with our 
voting, we'll be trying to make this as least disruptive as 
possible but we have first, from left to right, Ms. Angela 
Stubblefield, who is the Deputy Associate Administrator, Office 
of Security and Hazardous Materials from the Federal Aviation 
Administration.
    Dr. Catherine Cahill. You mentioned one of your 
constituents, Senator Markey. She is one of mine. I think 
certainly gets the award for traveling the furthest for this 
hearing. She's the Director of the Alaska Center for UAS 
Integration, Geophysics Institute, at the University of Alaska 
Fairbanks. So, Dr. Cahill, a special welcome to you.
    Dr. Brian Wynne, who's President and Chief Executive 
Officer, Association for Unmanned Vehicle Systems 
International.
    Dr. Harry Wingo, Faculty, College of Information and 
Cyberspace, National Defense University, I also think a Navy 
Seal in his background. So we honor your service, Mr. Wingo.
    And, finally, Mr. Harold Shaw, Chief Security Officer and 
Director of the Corporate Security and Emergency Preparedness 
Department at the Massachusetts Port Authority.
    Thank you all very much for attending this important 
hearing and, Ms. Stubblefield, we'll begin with you.

              STATEMENT OF ANGELA H. STUBBLEFIELD,

                DEPUTY ASSOCIATE ADMINISTRATOR,

          OFFICE OF SECURITY AND HAZARDOUS MATERIALS,

                FEDERAL AVIATION ADMINISTRATION

    Ms. Stubblefield. Good afternoon, and thank you, Chairman 
Sullivan and Ranking Member Markey. I appreciate the 
opportunity to speak with you today.
    My office at the FAA works to address issues related to UAS 
security and counter-UAS policy, including coordinating with 
our Federal, state, and local and private sector security and 
public safety partners on addressing risks associated with UAS 
integration.
    Safe and secure integration of UAS into the national 
airspace system continues to be a national priority. However, 
this cannot be achieved without addressing the risks posed by 
the malicious or errant use of UAS.
    Today, I would like to discuss how the FAA is working with 
our Federal security partners to implement their counter-UAS 
authorities and coordinating with law enforcement and critical 
infrastructure owners, such as airport sponsors, to address UAS 
safety and security risks.
    Consistent with our mission to provide the safest, most 
efficient airspace system in the world, the FAA has published 
new rules to address the expanding operations and capabilities 
of UAS, balancing the mitigation of safety and security risks 
with the support for technological and operational 
advancements.
    One of the most important UAS efforts underway at the FAA 
is the drafting of a remote identification rule. The ability to 
remotely identify the location of UAS operators and connect 
them with their aircraft in flight will be a crucial stepping 
stone for UAS traffic management, facilitating what we envision 
as high-volume safe and secure low-altitude drone operations.
    From a security perspective, it will allow the FAA and our 
security and law enforcement partners to locate, assess, and, 
if necessary, take appropriate action against operators 
conducting unauthorized UAS operations.
    Trying to counter UAS policy, a critical component of UAS 
integration is addressing risks posed by unauthorized drone 
operations over certain national security-sensitive facilities, 
missions, and assets.
    Congress has granted the authority to counter such drone 
operations to the Departments of Defense, Energy, Homeland 
Security, and Justice. The FAA is closely working with these 
agencies to ensure counter-UAS technologies are tested, 
evaluated, and deployed in a manner that avoids adverse impacts 
to the safety and security of the national airspace system.
    With regard to counter-UAS technologies at domestic 
airports, several unique challenges in the airport environment 
necessitate further testing and technological development to 
ensure such capabilities can be safely and effectively 
deployed. As directed in the 2018 FAA Reauthorization Act, the 
agency is currently planning to test UAS detection and 
mitigation systems at several airports.
    We also believe other actions, such as education, outreach, 
and remote identification requirements, offer an effective and 
cost-efficient multifaceted strategy to address many concerns 
related to non-compliant UAS operations in and around the 
airport environment.
    That said, we understand the potential impacts a drone 
disruption can cause at an airport. The FAA is engaging with 
airport sponsors to assist them in making informed decisions 
about deploying UAS detection technology.
    The FAA is also closely coordinating with our Federal 
security partners on a national Federal response plan through 
which Federal counter-UAS authorities and resources can be 
rapidly deployed to address a persistent UAS disruption at a 
major U.S. airport.
    The FAA and our security partners have determined that most 
non-compliant UAS operations are likely errant without 
malintent.
    In addition to public education and outreach, the FAA is 
addressing errant operations through inclusion of knowledge 
testing for recreational users. However, if an operator is 
unwilling or unable to comply with applicable regulations or 
deliberately flouting them, the FAA will take action through 
our civil enforcement tools, ranging from warning letters to 
civil penalties to suspension or revocation of FAA 
certifications.
    Also, through the Law Enforcement Assistance Program and 
Special Event Airspace Security planning, we are providing 
support and assistance to law enforcement at the Federal, 
state, and local level every day.
    Finally, assessment of UAS security and safety necessarily 
includes increasing concerns of cyber and data security risks.
    Operators must consider what level of protection is 
required for the data on their UAS. We strongly recommend that 
UAS operators closely review their user licensing agreements 
and the data access policies for their drones to ensure that 
adequate protections are in place.
    Likewise, the FAA is reviewing our agreements with UAS 
service suppliers to ensure data transparency, sovereignty and 
protection requirements are included.
    The FAA continues to work with our Federal and national 
security partners to identify and address cyber and data 
security threats to aviation in general, including those 
specific to UAS.
    A robust security framework is critical to advancing the 
Administration's goal of the UAS integration. The FAA, security 
and law enforcement agencies, and critical infrastructure 
owners working together to detect and respond to UAS risks will 
enable the United States to continue leading the way in UAS 
innovation and offer the safest, most secure, and most 
efficient airspace system in the world.
    We thank the Committee for your leadership on this issue 
and look forward to working with you.
    This concludes my statement, and I'm happy to answer your 
questions, sir.
    [The prepared statement of Ms. Stubblefield follows:]

    Prepared Statement of Angela H. Stubblefield, Deputy Associate 
   Administrator, Office of Security and Hazardous Materials Safety, 
                    Federal Aviation Administration
    Chairman Sullivan, Ranking Member Markey, and Members of the 
Subcommittee:

    Thank you for inviting me to speak with you today. As the Federal 
Aviation Administration's (FAA) Deputy Associate Administrator for the 
Office of Security and Hazardous Materials Safety, I share the 
Associate Administrator's responsibilities for formulating policies and 
plans, and directing national programs involving internal security, 
intelligence analysis and threat warning, emergency response, and safe 
air transportation of dangerous goods. This includes ensuring programs 
and operations are coordinated and integrated with the appropriate 
external and internal organizations. My office coordinates regularly 
with the National Security Council (NSC), the Departments of Defense 
(DOD), Homeland Security (DHS), Justice (DOJ), and Energy (DOE), as 
well as other security and safety partner agencies at the federal, 
state, and local levels, to resolve complex national security, safety, 
and crisis-response challenges. My office is helping to coordinate FAA 
engagement with stakeholders on Unmanned Aircraft System (UAS) security 
issues including UAS detection and Counter-UAS (C-UAS) policy.
    UAS technology represents one of the fastest growing sectors in 
aviation today. The volume of UAS operations is outpacing manned 
aircraft, and there are currently nearly four times as many UAS as 
registered manned aircraft. UAS are used every day to inspect 
infrastructure, provide emergency response support, survey agriculture, 
conduct geological and environmental surveys, and to go places that are 
otherwise dangerous for people or other vehicles. Entrepreneurs around 
the world are exploring innovative ways to use UAS in their commercial 
activities. The need for us to fully integrate this technology into the 
National Airspace System (NAS) in a safe, secure, and efficient manner 
continues to be a national priority--one in which both the FAA and our 
security partners are heavily invested.
    UAS technology offers tremendous benefits to our economy and 
society, as Congress has recognized, but we must also acknowledge that 
potential misuse of this technology poses unique security challenges 
that enable bad actors to overcome the traditional ground-based 
security measures in place at most sensitive facilities. Today, I would 
like to discuss with you the FAA's efforts in support of the safe, 
secure, and efficient integration of UAS into the NAS, including the 
status of our work with our Federal partners to implement counter-UAS 
authorities and coordination efforts with airport sponsors and other 
critical infrastructure owners to support their desire to identify and 
respond effectively to the safety or security risks that may be posed 
by the errant or malicious use of UAS.
Safe and Secure Integration of UAS into the NAS
    The FAA's primary mission is to provide the safest, most efficient 
airspace system in the world. The FAA uses its statutory authority to 
carry out this mission by issuing and enforcing regulations and 
standards for the safe operation of aircraft, by developing procedures 
to ensure the safe movement of aircraft through the Nation's skies, and 
by providing air traffic control and other air navigation services. In 
exercising its authority, the FAA also must consider the public's right 
of free transit through the navigable airspace. This requires close 
coordination to balance the needs of our security partners with the 
right of airspace access for both manned and unmanned aircraft. 
Consistent with our mission, in 2016, the FAA issued the basic rules 
for small UAS operations--14 C.F.R. part 107--which set the global 
standard for integration and provided small UAS operators with 
unprecedented access to the NAS.
    Recently, as part of our effort to address the ever-expanding 
universe of UAS operations and capabilities, the FAA together with the 
Department's Office of the Secretary published a proposed new rule on 
the operation of small UAS over people.\1\ The proposal seeks to 
balance the need to mitigate safety risks with supporting technological 
and operational advances. The FAA also recently published an advanced 
notice of proposed rulemaking seeking public input to identify UAS 
safety and security issues and explore ways to mitigate risks UAS may 
pose to other aircraft, to people on the ground, or to national 
security.\2\ The FAA's security partners have highlighted for us some 
of the important security and public safety questions as we work 
through these issues. Further, in February 2019, the FAA published an 
interim final rule on external marking requirements for small UAS.\3\ 
The rule requires small unmanned aircraft owners to display their 
unique identifier (FAA registration number) on an external surface of 
the aircraft. Small unmanned aircraft owners are no longer permitted to 
enclose the FAA-issued registration number in a compartment. The FAA 
took this action to address concerns expressed by the law enforcement 
community and the FAA's interagency security partners regarding the 
risk a concealed explosive device poses to first responders who must 
open a compartment to attempt to find the small unmanned aircraft's 
registration number.
---------------------------------------------------------------------------
    \1\ https://www.federalregister.gov/documents/2019/02/13/2019-
00732/operation-of-small-unmanned-aircraft-systems-over-people
    \2\ https://www.federalregister.gov/documents/2019/02/13/2019-
00758/safe-and-secure-operations-of-small-unmanned-aircraft-systems
    \3\ https://www.federalregister.gov/documents/2019/02/13/2019-
00765/external-marking-requirement-for-small-unmanned-aircraft
---------------------------------------------------------------------------
    I would also highlight the work of our joint industry Unmanned 
Aircraft Safety Team (UAST), which is taking a data-driven approach to 
the analysis of small UAS safety issues and potential mitigation 
initiatives. This joint government--industry collaboration is a key 
effort by FAA's UAS Integration Office and engages leaders from 
government and a wide variety of industry participants.
    Going forward, however, perhaps one of the most important UAS 
efforts underway at FAA is drafting a remote identification rule. The 
ability to remotely identify UAS operators and connect them with a UAS 
in flight will be a crucial stepping stone for UAS traffic management 
and will facilitate what we envision as high volume, safe, and secure 
low-altitude UAS operations. Congress recognized the importance of 
remote identification when it enacted the FAA Extension, Safety, and 
Security Act of 2016. That Act laid the foundation for the FAA's work 
with operators and our security partners to realize the importance of 
remote identification and to reach a consensus on how to address it. 
More recently, the FAA Reauthorization Act of 2018 provided the FAA 
with additional authority to move ahead with work on universal 
registration and remote identification--both of which are critical to 
the success of commercial UAS operations and safe and secure UAS 
integration more broadly.
    Remote identification is fundamental to both safety and security of 
UAS operations. Remote identification will be necessary for routine 
beyond visual line-of-sight operations and operations over people, 
package delivery, operations in congested airspace, and for the 
continued safe operation of all aircraft in shared airspace. It will 
also be foundational for the advancement of automated passenger or 
cargo-carrying air transportation--what is often referred to as Urban 
Air Mobility. From a security perspective, remote identification is 
vital to enabling us to connect a suspect UAS to its control station 
location and to identify the registered owner of a suspect UAS. With 
universal remote identification, the FAA, our national security 
partners, and state and local law enforcement will be better able to 
locate and identify a UAS operator, determine if a UAS is being 
operated in an unsafe, unauthorized, or criminal manner, and take 
appropriate action if necessary. The FAA is committed to establishing 
remote identification requirements as quickly as possible.
    Congress has recognized that integration of UAS into the NAS will 
require dedicated traffic management. In 2016, Congress granted 
authority to the National Aeronautics and Space Administration and the 
FAA to conduct research and a pilot program for Unmanned Aircraft 
Systems Traffic Management (UTM). UTM is essentially a set of concepts 
and tools being developed to safely de-conflict and facilitate dense 
low-altitude UAS operations. In 2018, Congress provided continued broad 
authority for UTM implementation, which will allow the FAA to continue 
its important work to balance the needs of all system users and ensure 
that UAS are safely and securely integrated into the NAS. DOD, DHS and 
other national security partners have joined in the development of UTM 
concepts to support their missions. The FAA is already implementing 
prototype foundational UTM capabilities such as the Low Altitude 
Authorization and Notification Capability (LAANC), which gives UAS 
operators the ability to request and receive near real-time response 
from the FAA to authorize operators to quickly plan and execute their 
flights in controlled airspace.
    We are also using our existing airspace authority to address 
concerns about unauthorized UAS operations over certain national 
security-sensitive Federal facilities. To date, we have restricted UAS 
flights over military installations and vessels, sensitive energy 
facilities, and iconic landmarks, like the Statue of Liberty, Hoover 
Dam, and Mount Rushmore, in the interest of national security. To 
ensure the public is aware of these restricted locations, we created on 
the FAA website an interactive map and repository of geospatial data 
used by UAS Service Suppliers and others, and we have updated our 
B4UFLY mobile app to include a warning to users in close proximity to 
these sites. This work is also informing our efforts to determine the 
most efficient and effective way to implement section 2209 of the FAA 
Extension, Safety, and Security Act of 2016, which will establish a 
process for critical infrastructure owners to petition the FAA for UAS-
specific flight restrictions over their facilities.
Counter-UAS Authority
    Through the Fiscal Year 2017 and 2018 enactments of the annual 
National Defense Authorization Act, Congress provided DOD and the DOE 
with authority to respond to UAS that pose a threat to designated 
facilities and assets. To ensure that C-UAS systems are operated safely 
in the NAS, Congress requires close FAA coordination with DOD and DOE 
to define what actions constitute a credible threat, develop a concept 
of operations for employing C-UAS systems, analyze and mitigate the 
spectrum impact of selected systems, and draft notification procedures 
and reporting requirements. Pursuant to similar authority contained in 
the FAA Reauthorization Act of 2018, DOJ and DHS are also working 
closely with the FAA to ensure that UAS detection and mitigation 
technologies are tested, evaluated, and deployed in a manner that 
minimizes adverse impacts on airspace access, air navigation services, 
avionics, and other systems that ensure safe and efficient operations 
in the NAS, while also protecting individuals' privacy and civil 
liberties.
    The FAA's role in supporting our partner agencies' research and 
eventual use of C-UAS technologies is to ensure that the safety and 
overall efficiency of the NAS is not compromised while facilitating 
their security responses. The FAA must be involved in deployment of C-
UAS technology at each fixed location, and for ad hoc and mobile 
operations. We must conduct specific, data intensive analyses for each 
potential deployment of C-UAS to ensure the concept of operations 
balances the need for operator notification, airspace access, and 
appropriate airspace safety mitigations with the protective missions of 
our security partners. Neither the FAA nor our partner agencies want to 
jeopardize aviation safety or interfere with compliant UAS operations. 
In order to strike that balance, the FAA will continue working closely 
with all of our partner agencies as they deploy C-UAS technology at 
sensitive facilities and to cover high-risk operations and assets in 
the United States. We worked through many of the toughest aspects of C-
UAS deployment with DOD and DOE and are now sharing these processes and 
procedures with DHS and DOJ in order to expedite their implementation.
C-UAS in the Airport Environment
    Section 2206 of the FAA Extension Safety, and Security Act of 2016 
required the FAA, working with DHS and other relevant Federal agencies, 
to evaluate UAS detection technology at airports. From February 2016 
through December 2017, the FAA and our partner agencies observed and 
assessed UAS detection technologies operating at domestic airports in 
Atlantic City, New York City, Denver, and Dallas-Fort Worth. Through 
this important work, the FAA learned that the airport environment 
presents several unique challenges to the effective use of such 
technologies. The technical readiness of the systems, available at the 
time, combined with a multitude of other factors, such as geography, 
interference, location of the majority of reported unauthorized UAS 
sightings, and the cost of deployment and operation, demonstrate that 
more testing, evaluation, technology development, and sensor 
integration is required for effective use in domestic civil airport 
environments.
    In view of these results, the FAA believes other actions, such as 
education and outreach in the local community, as well as 
implementation of remote identification requirements, offer effective 
and cost-efficient options to address many of the concerns related to 
non-compliant UAS operations on and around airports and air traffic 
patterns. That said, with the December 2018 protracted UAS disruption 
at Gatwick Airport, and other disruptions at airports around the world 
and in the United States, we understand and share the concerns of 
airport sponsors and our security partners regarding the potential 
safety hazards and security threats presented by errant or malicious 
UAS in the airport environment. A number of airport sponsors have 
acquired or are pursuing possible acquisition of UAS detection systems 
for their airports. In an effort to make sure such activity is 
conducted in a safe and coordinated manner, in early May, the FAA sent 
informational correspondence to airport sponsors, which included 
information to support informed airport decision-making regarding the 
potential issues surrounding the demonstration or installation of UAS 
detection systems at airports (including the legal uncertainties posed 
by certain UAS detection systems), answers to some frequently asked 
questions, and technical considerations that the FAA has used to assess 
the readiness of UAS detection technologies.\4\ The FAA wants to 
coordinate with airports that plan to use UAS detection systems to 
ensure deployment and use does not create interference or obstruction 
with aviation safety and efficiency systems at the airport.
---------------------------------------------------------------------------
    \4\ https://www.faa.gov/airports/airport_safety/media/Updated-
Information-UAS-Detection-Countermeasures-Technology-Airports-
20190507.pdf
---------------------------------------------------------------------------
    Another serious consideration is the quality and timeliness of data 
provided from privately developed and purchased detection systems. Poor 
quality information could lead to a reaction that is more detrimental 
than the errant UAS itself. Such information could cause a significant 
distraction to air traffic control and create unnecessary delays. 
Detection systems would be a tool for airports to determine if there is 
in fact a UAS in their airspace. That detection is the first step in 
determining whether a UAS poses a threat. This underscores the 
importance of implementing remote identification. Remote identification 
will provide critical information to help determine the errant UAS 
operator's intent. In addition, it is imperative that airports develop 
and coordinate risk-based operational response plans with relevant 
airport stakeholders, including the FAA, the Transportation Security 
Administration, and airport law enforcement, to ensure safety hazards 
or disproportionate efficiency impacts are not created when attempting 
to respond to a potential security risk.
    In the FAA's May communication with airport sponsors, the Agency 
also reiterated its objection to the use of UAS mitigation systems by 
any public or private sector entity outside the four Federal 
Departments that have been provided statutory authority for C-UAS. 
Given the impacts many UAS mitigation technologies can have on the 
safety and efficiency of manned aircraft operations, compliant unmanned 
aircraft, and the provision of air navigation services, the FAA does 
not currently endorse the general use of any UAS mitigation technology 
on or around an airport. The use of mitigation technology could 
introduce more disruption and safety risk than the suspect UAS 
operation, the very thing its use is intended to counter.
    However, given the events in Gatwick, there is no doubt about the 
significant operational and economic impacts a persistent UAS 
disruption can have in the airport environment and the need to be able 
to not only detect, identify, and track a disruptive UAS but also to be 
able to take action to end the disruption. The FAA along with our 
Federal security partners have formulated a concept of operations 
(CONOPS) for a National Federal Response plan through which current 
Federal C-UAS authorities and existing Federal C-UAS equipment can be 
rapidly projected into a major U.S. airport experiencing a persistent 
operational disruption due to an unauthorized UAS operation. This 
CONOPS has been socialized with airport and airline associations and 
should be finalized for implementation soon.
    While there are a number of UAS detection and mitigation 
technologies in the marketplace, relatively limited testing and 
evaluation of these systems has been conducted at airports and in other 
domestic civil environments due in large part to legal constraints. The 
efficacy of their performance and the collateral impacts of their use 
have not been documented sufficiently to provide confidence in their 
purchase or use. The 2018 FAA Reauthorization Act directed the FAA to 
undertake several pilot program activities related to testing and 
evaluation of UAS detection and mitigation technology, including at 
airports (Section 383) and to support safety enforcement (Section 372). 
In addition, the FAA was directed to establish standards for the use of 
C-UAS systems and to develop a plan for permitting, authorizing, or 
allowing the use of such systems in the NAS (Section 383). The Agency 
is currently developing plans and milestones for these efforts.
Enforcement
    The interagency work to address the security challenges presented 
by UAS appropriately has been focused on the risks presented by 
criminal operations. To date, however, the FAA and our security 
partners assess that a preponderance of the non-compliant UAS 
operations that have occurred are likely errant with no malicious 
intent. These errant operations present a safety concern, which the FAA 
is addressing in a number of ways. First, public education and outreach 
are key to reducing these incidents. Efforts such as the ``Know Before 
You Fly'' information campaign and the small UAS registration process 
serve as opportunities to help UAS operators understand the rules and 
responsibilities for flying an aircraft in the NAS. The Agency is also 
working to implement the requirements of Section 349 of the 2018 FAA 
Reauthorization Act, which, among other things, provided the FAA with 
authority to require knowledge testing of recreational users. Section 
349 also requires recreational flyers to receive authorization from the 
FAA to fly in controlled airspace and provides better clarity on 
authorized operations. In the future, the FAA anticipates opening the 
LAANC system to recreational pilots to allow users the ability to 
efficiently request and receive authorization to operate in controlled 
airspace.
    That said, if an operator is unwilling or unable to comply with 
applicable regulations, or is deliberately flouting the regulations, 
the FAA will not hesitate to take enforcement action. We have a range 
of civil enforcement tools available to address a violation of Federal 
regulations--from warning letters to civil penalties, and, in the case 
of an FAA certificate holder, suspension or revocation of that 
certificate. Civil penalties range from a maximum per violation penalty 
of $1,466 for individual operators to $32,666 for large companies. 
Congress also gave the FAA authority to assess civil penalties of up to 
$20,408 for interfering with law enforcement, first responders, or 
wildfire fighting operations. The FAA may take enforcement action 
against anyone who conducts an unauthorized UAS operation or who 
operates a UAS in a way that endangers the safety of the NAS. Since the 
promulgation of 14 CFR part 107 (August 2016), the FAA has initiated 
more than 35 legal enforcement actions for unauthorized UAS operations
    The FAA also supports criminal investigation and enforcement 
actions by federal, state, local, tribal and territorial law 
enforcement agencies through its Law Enforcement Assistance Program 
(LEAP) and as part of its airspace security planning for sensitive 
events such as this year's Super Bowl. LEAP special agents and the 
FAA's operations security personnel engage in extensive outreach and 
education efforts that include providing guidance on the FAA's website 
to assist the law enforcement community in responding to UAS incidents 
and hosting monthly UAS information webinars. Law enforcement officials 
are often in the best position to detect and deter unsafe and 
unauthorized UAS operations, and we rely heavily on their reports to 
provide us with actionable information concerning these incidents. 
Accordingly, the FAA works closely with these agencies to develop and 
implement airspace security plans to protect sensitive events, provide 
them with investigative support and information, as well as to provide 
a communications link where these law enforcement agencies can pass 
along reports and receive assistance in a timely manner.
Cyber and Data Security Risks
    While security risks posed by the malicious use of UAS are usually 
the focus of our discussions with critical infrastructure owners and 
security partners, increasingly there are concerns about threats to the 
safe and secure use of UAS due to cyber and data security risks. The 
FAA considers cyber and data security risks and mitigations in every 
aspect of our mission, including as they apply to aircraft 
certification and systems as well as to protection of our own air 
navigation services infrastructure. As FAA does with manned aviation, 
the Agency takes a risk based approach regarding system and data 
protection for UAS. While UAS are aircraft, they are also like so many 
highly computerized devices we use in our professional and personal 
lives. They can collect data and connect to the Internet where 
information systems and data can be vulnerable to misuse if they are 
not adequately protected. UAS operators, like computer users, need to 
be aware of what data is on their systems and consider what level of 
protection is required. The FAA strongly recommends that UAS operators 
read the user licensing agreements for their UAS and consider whether 
the data access, sharing, and protection policies the manufacturer has 
in place are adequate or whether their data sensitivity necessitates 
additional protection from disclosure and misuse. The FAA is also 
looking at agreements the Agency has with non-federal UAS service 
suppliers to ensure data transparency, sovereignty, and protection 
requirements are included. Lastly, the FAA continues to work with its 
Federal national security partners to identify and address cyber and 
data security threats to aviation generally, including those 
specifically related to UAS.
Conclusion
    A robust security framework is critical to advancing the 
Administration's goal to fully integrate UAS into the NAS. By enabling 
Federal security and Federal law enforcement agencies to detect and 
mitigate UAS threats and risks posed by errant or malicious UAS 
operations, and by working with operators to develop the technology to 
help minimize the risks posed by UAS, the United States will continue 
to lead the way in UAS innovation, and offer the safest and most 
efficient aviation system in the world. Working together, we are 
confident we can balance safety and security with innovation. We thank 
the Committee for its leadership on this issue, and we look forward to 
working with you as we continue to safely, securely, and efficiently 
integrate UAS into the NAS and solidify America's role as the global 
leader in aviation.
    This concludes my statement. I will be happy to answer your 
questions at this time.

    Senator Sullivan. Great. Thank you, Ms. Stubblefield.
    We're all appreciative that the FAA is focused on this 
important issue.
    Dr. Cahill, the floor is yours, and again welcome from 
Alaska.

        STATEMENT OF DR. CATHERINE F. CAHILL, DIRECTOR,

         ALASKA CENTER FOR UAS INTEGRATION, GEOPHYSICAL

           INSTITUTE, UNIVERSITY OF ALASKA FAIRBANKS

    Dr. Cahill. Thank you.
    Chairman Sullivan and Ranking Member Markey and Members of 
the Subcommittee, my name's Cathy Cahill, and I'm the Director 
of the Alaska Center for Unmanned Aircraft Systems Integration, 
also known as ACUASI, at the University of Alaska Fairbanks.
    I'm an expert in atmospheric aerosols with 33 years' 
experience conducting air pollution research, but, more 
importantly, for today, I have been working with unmanned 
aircraft systems at the University of Alaska Fairbanks, for 13 
years.
    My testimony is provided to you in my personal capacity as 
a private citizen and based on my professional experience. It 
does not necessarily represent the views of the University of 
Alaska.
    So what is the Alaska Center for Unmanned Aircraft Systems 
Integration? ACUASI is the University of Alaska's Center of 
Excellence for UAS and is one of the top research programs in 
the country.
    We are unique in that we lead one of the seven FAA UAS test 
sites. We are one of the nine UAS integration pilot program 
sites, and we happen to be one of the core members of the FAA 
Center of Excellence for UAS Research, also known as ASSURE.
    We are engaged with the best and the brightest commercial 
and government entities on cutting edge UAS technologies, such 
as detect and avoid. We are helping the FAA collect and analyze 
the data needed to support the safe and secure integration of 
UAS into the national airspace system.
    We are also educating engineers, scientists, pilots, and 
other future UAS users and providers. We're innovators in 
research and we are also a target for industrial espionage.
    Some universities and commercial entities focus on the 
positive aspects of unmanned aircraft technology, including 
detect and avoid systems, and payloads, like cameras and gas 
sensors. They do not consider the inherent danger or sensitive 
aspects of the technology.
    The International Traffic and Arms Regulations, ITAR, are 
designed to keep military technology from getting into the 
wrong hands and they cover many portions of the unmanned 
aircraft system technology we use every day.
    ACUASI takes these regulations very seriously. However, 
because ITAR does not apply to the information related to 
general scientific, mathematical, or engineering principles 
that are commonly taught in college or in the public domain, 
engineering departments teach classes in aerospace engineering 
to foreign students that include building UAS and payloads 
without consideration of ITAR.
    This fact, when combined with the open nature of the 
academic setting, leading edge academic research and student 
workers, makes universities susceptible for potential 
industrial espionage and training in sensitive technologies.
    We in our role as a test site, ASSURE core program, IPP 
site, are testing detect and avoid technologies. Systems that 
provide a UAS or its operator with the ability to locate other 
aircraft in the air and either autonomously avoid them or 
provide the remote pilot the information needed to avoid them.
    This is one of the hottest areas of UAS technology 
development because it appears to be one of the solutions that 
will directly enable safe UAS operations beyond the visual line 
of sight of the pilot-in-command. Therefore, detect and avoid 
technologies are being driven by commercial interests and 
they're useful for a number of beyond visual line of sight 
operations, such as cargo delivery, package delivery, 
infrastructure monitoring, host of other missions.
    The security challenge with the UAS technology is that it 
is the first step of the technology, known as counter-UAS, as 
Ms. Stubblefield said. In this case, the use of counter-UAS 
technology is limited to DoD, DOE, DOJ, DHS, and FAA to 
maintain the highest levels of security and safety, to protect 
critical infrastructure in special events, and to fulfill other 
security requirements.
    It is often classified, but the universities and companies 
doing open DAA research often do not consider the implications 
of the civilian research which can give bad actors insight into 
how to defeat counter-UAS technologies.
    Even though we are a leader in testing detect and avoid 
technologies, we're not currently testing counter-UAS. It is 
illegal for us to do so under Title 18, Title 49, and others of 
the U.S. Code of Federal Regulations.
    Also, because we are a leader in UAS, we advise many public 
entities about what UAS they can use to achieve their goals and 
one of our challenges is that almost all the systems available 
in the small UAS market are foreign-made.
    DoD and DOI have had prohibitions against using these 
systems. This makes it very difficult for us to recommend 
systems of use for our customers.
    We're combating some of these risks by working with small 
unmanned aircraft companies through the IPP and other programs 
to get them certified as airworthy in the United States. We are 
working to address foreign systems by using open source 
autopilots instead of the foreign-made systems coming with 
them.
    Unmanned aircraft have a potential to do amazing things for 
safety and to improve quality of life. We also do know that 
they can be used for nefarious purposes. So we need to be very 
careful that we don't give up the security, intellectual 
property, and unmanned aircraft manufacturing capability we 
have here in the U.S. during our rush to advance the positive 
impacts of UAS technologies at the lowest cost possible.
    Thank you. This ends my formal testimony. I'd be happy to 
answer any questions you might have.
    [The prepared statement of Dr. Cahill follows:]

Prepared Statement of Dr. Catherine F. Cahill, Director, Alaska Center 
   for Unmanned Aircraft Systems Integration (ACUASI), University of 
                         Alaska Fairbanks (UAF)
    Chairman Sullivan, Ranking Member Markey, and Members of the 
Subcommittee, my name is Cathy Cahill and I am the Director of the 
Alaska Center for Unmanned Aircraft Systems Integration (ACUASI) at the 
University of Alaska Fairbanks (UAF). ACUASI is the University of 
Alaska's Center of Excellence for UAS and one of the top UAS research 
programs in the country. ACUASI is unique in that it has multifaceted 
roles as lead of one of the seven FAA designated UAS Test Sites, is one 
of the nine UAS Integration Pilot Program (IPP) sites, and is a core 
university in the FAA's UAS Center of Excellence (a.k.a. the Alliance 
for System Safety of UAS through Research Excellence--ASSURE). As a 
result, our team is engaged with the best and brightest commercial and 
governmental entities on cutting-edge UAS technologies, helping FAA 
collect and analyze the data needed to support the safe integration of 
UAS into the National Airspace System (NAS), and educating the 
engineers, scientists, pilots and other future UAS users and providers. 
Our diverse portfolio and academic standing allow us to demonstrate, 
observe, and evaluate the risks associated with UAS use in military and 
civil environments. This written testimony is provided to you through 
my personal capacity as a private citizen and based on my professional 
experience; however, it does not necessarily represent the views of the 
University of Alaska.
    Counter-UAS (C-UAS) and Detect and Avoid (DAA) technologies are two 
of the hottest areas for UAS technology development. C-UAS technology 
identifies potentially hazardous, unauthorized UAS and removes them 
from the airspace. It is required by DOD, DOE, DHS, DOJ, and the FAA to 
maintain the highest levels of safety while protecting critical 
infrastructure and special events and fulfilling other security 
requirements. DAA technology provides a UAS or its operator with the 
ability to spot another aircraft in the air and either autonomously 
avoid it or provide the remote pilot the information needed to avoid 
it. This technology appears to be one of the technologies that will 
enable safe UAS operations beyond visual line of sight of the Pilot in 
Command. Both technologies require the ability to detect UAS so that 
they can be either mitigated (C-UAS) or moved to avoid other aircraft 
(DAA). Remote Identification (Remote ID), the ability of a UAS to 
provide identification information to other parties during flight, 
could increase both technologies' effectiveness by providing 
information about the locations of all authorized UAS in an area, 
thereby allowing UAS users to avoid other UAS and allowing security 
officials to separate authorized UAS from unauthorized UAS. C-UAS and 
DAA systems can be based on similar technologies and requirements; 
however, the ability to test these systems is dramatically different 
due to their nature. Testing C-UAS technologies is limited due to their 
potential violation of sections in Title 18 United States Code 
including the Pen/Trap Statute, the Wiretap Act, the Aircraft Sabotage 
Act, the Computer Fraud and Abuse Act, and others, and in 49 U.S.C., 
under Aircraft Piracy. Additionally, countermeasure technologies are 
frequently classified due to their value to national security. 
Therefore, the number of companies able to test C-UAS technologies is 
limited and requires the participation of one of the entities listed 
above to access restricted airspace and deploy the countermeasures. In 
contrast, DAA technologies are being driven by a large number of 
commercial entities who want to fly beyond visual line of sight for 
operations including package delivery, infrastructure monitoring, and a 
host of other missions. These technologies are unclassified; however, 
many include proprietary information. Even unclassified systems present 
risks and may violate Title 18 and other laws. Recent FAA studies and 
guidance \1\ show that UAS detection technology deployed at airports 
has the potential to interfere with aircraft navigation and the control 
of air traffic. The nature of these systems means that many of the 
challenges of C-UAS are being solved by commercial entities which could 
make them easy for foreign entities to acquire. ACUASI, as a UAS Test 
Site, IPP site, ASSURE member, etc., has yet to test countermeasures 
because it is not yet legal for us to do so; however, we have direct 
experience in testing numerous DAA systems.
---------------------------------------------------------------------------
    \1\ https://www.faa.gov/airports/airport_safety/media/Updated-
Information-UAS-Detection-Countermeasures-Technology-Airports-
20190507.pdf
---------------------------------------------------------------------------
    Unmanned aircraft systems, including their payloads such as 
infrared cameras, gas detectors, or other instruments carried by the 
aircraft, are targets for industrial espionage. Some universities and 
commercial entities focus on the positive impacts of the technology and 
do not consider the inherent danger or sensitive aspects of the 
technology. This, when combined with the nature of academic settings, 
leading-edge academic research, and student workers, makes universities 
susceptible to industrial espionage and the training of foreign assets 
in otherwise protected technologies if precautions are not taken. The 
ACUASI team takes International Traffic in Arms Regulations (ITAR) 
seriously; we have specially keyed offices, ITAR signage, U.S. 
citizenship/Permanent Resident requirements, and other security 
measures in place to protect ITAR controlled aircraft, payloads, and 
software. Going beyond what's required by law, we've had the FBI train 
our team in recognizing and preventing industrial espionage. These 
precautions, on occasion, conflict with academia's tradition of 
encouraging openness on campus. Because ITAR does not apply to 
information related to general scientific, mathematical or engineering 
principles that are commonly taught in college or information in the 
public domain, engineering departments teach classes in aerospace 
engineering to foreign students that include building UAS and payloads 
without consideration of ITAR. Many faculty I have spoken with do not 
realize that some of the Forward-Looking Infrared (FLIR) cameras used 
in academic research laboratories or in remote sensing classes are 
actually ITAR controlled and that allowing foreign students to take 
them apart, program them, etc. could violate ITAR. This makes 
universities susceptible for industrial espionage and training in 
sensitive technologies.
    ACUASI works with and advises many public entities about UAS uses 
and capabilities. One of our challenges is that several of these 
entities, such as DOD and DOI, have had a prohibition against using 
foreign-made UAS due to security concerns related to data being sent to 
other countries. For example, DJI, the Chinese company that dominates 
the small, commercial UAS market, is the most cost-effective system 
available for many uses, including law enforcement, but data from DJI 
UAS was automatically being sent back to the manufacturer in China. DJI 
claims they now have new settings that the user can use to prevent that 
from happening. Given the recent reports about Chinese companies being 
required to provide intelligence to their government upon request, we 
at ACUASI are hesitant to use any DJI system for any important research 
or approved flights over critical infrastructure. I confess we fly a 
small DJI system for public relations footage because it is quiet and 
produces good quality video, but we take actions to ensure the system 
is unable to communicate when not in use. The dominance of foreign 
products in the small UAS realm limits the number of potential U.S.-
built platforms we can recommend to our partners and many are cost-
prohibitive. ACUASI has partnered with U.S.-based small UAS companies, 
such as Skyfront, and we are working with them to get their aircraft 
FAA type certified, meaning designated by the FAA as airworthy, so they 
will have a competitive advantage over foreign, non-type certified UAS. 
This effort is being conducted under the IPP. Another way we are 
working to address the potential security risk of foreign made systems 
is to modify foreign built systems to operate using an open-source 
autopilot. For example, we have a DJI S-1000 frame, but it is not 
running DJI software. Some good news on the viability of the U.S. UAS 
market is that in the large UAS arena, U.S. manufacturers are producing 
highly competitive products. ACUASI is moving towards larger, U.S.-
built UAS, like our Griffon Aerospace Outlaw SeaHunter, built in 
Madison, Alabama, to meet industry needs for cargo delivery, long-
distance infrastructure monitoring, and other larger-scale UAS uses of 
special importance to Alaska and other remote areas of the U.S.
    Unmanned aircraft systems have a tremendous potential to increase 
aviation safety by doing the dirty, dull, and dangerous flights that 
currently put pilots at risk, improve cargo delivery to remote areas, 
deliver packages quickly, effectively and economically; provide broad-
band communications to remote areas, improve maritime domain awareness, 
facilitate search and rescue, assist law enforcement, monitor 
infrastructure, and a host of other positive use cases. However, it has 
been demonstrated that UAS can also be used to disrupt airports, 
commerce and transportation, support terrorism, and conduct other 
nefarious acts. The U.S. needs to ensure that it does not give up 
security, intellectual property, and UAS manufacturing capacity during 
this rush to advance the positive aspects of UAS technologies at the 
lowest cost possible. Our ability to innovate sets the U.S. UAS 
industry apart from other countries' UAS industries and the U.S. must 
protect the resulting technology if it wants to continue as a world 
leader in UAS while maintaining aviation safety and security.
    This ends my prepared statement and I would be happy to answer any 
questions you might have.
    About Dr. Cahill:

    Dr. Catherine F. Cahill is the Director of the Alaska Center for 
Unmanned Aircraft Systems Integration (ACUASI) and a Full Professor of 
Atmospheric Chemistry at the University of Alaska Fairbanks (UAF). Her 
educational background includes earning degrees in Applied Physics 
(B.S.) and Atmospheric Sciences (M.S. and Ph.D.) and researching trans-
Atlantic aerosol transport during a Fulbright Fellowship to Ireland for 
her Postdoc. For many years, her research focused on the sources, 
transport, transformation, and impacts of atmospheric aerosols, 
including the effects of atmospheric aerosols on the Warfighter in Iraq 
and Afghanistan and the long-range transport of pollution from China 
into the Arctic. To understand the altitudes at which pollution crosses 
the Pacific Ocean, Cathy needed to make vertical measurements of 
aerosols in the atmosphere. In 2006, this need led her to start 
designing aerosol samplers for unmanned aircraft. After a 2014-2015 
sabbatical to Washington D.C. in which she served as a Congressional 
Fellow to the U.S. Senate Committee on Energy and Natural Resources, 
Cathy returned to UAF and became the Director of ACUASI.

    Senator Sullivan. Great. Thank you, Dr. Cahill.
    And next, we'll have Mr. Wynne.

         STATEMENT OF BRIAN WYNNE, PRESIDENT AND CHIEF

          EXECUTIVE OFFICER, ASSOCIATION FOR UNMANNED

                 VEHICLE SYSTEMS INTERNATIONAL

    Mr. Wynne. Chairman Sullivan, thank you very much for the 
opportunity to participate in today's hearing.
    I'm speaking on behalf of the Association for Unmanned 
Vehicle Systems International, the leading voice of unmanned 
systems and robotics for more than 40 years, including unmanned 
aircraft systems also known as UAS or drones.
    The United States UAS market has become stronger and more 
robust since the FAA implemented the small UAS rule. It is the 
largest national market in the world for UAS and likely to 
remain so for the foreseeable future.
    According to the ABSI unmanned systems and robotics data 
base, the United States has developed more unique UAS platforms 
than any other country, nearly twice as many as the second 
largest UAS-producing country.
    It also has more than triple the number of manufacturers in 
comparison, with 44 states having at least one UAS 
manufacturer.
    Thousands of businesses, small and large, are using UAS. 
Over 1.4 million drones have been registered with the FAA, 
greater than 400,000 of which are registered for commercial 
operations.
    While the vast majority follow the appropriate FAA rules, 
occasionally bad actors threaten to undermine our great 
progress. Careless and clueless operators can pose safety risks 
and paint responsible legal drone operations in a negative 
light while criminal behavior can jeopardize the security of 
our airspace.
    It's vital our regulatory framework evolve to address these 
potential security challenges and ensure policy solutions are 
put in place to detect, identify, track, and mitigate errant 
drones.
    Congress took a positive step when it granted some 
countermeasure authorities to the Departments of Homeland 
Security, Justice, Defense, and Energy. Congress has also 
mandated the FAA create a process through which state and local 
government entities can petition the agency to prohibit or 
restrict drone operations in close proximity to critical 
infrastructure or other fixed site facilities.
    More needs to be done, but it's critical we approach the 
security challenges from an overall airspace management 
perspective rather than focusing solely on how to interdict an 
errant drone.
    First, we need to develop a holistic framework for 
detecting, tracking, identifying, and mitigating drones. 
Second, we need to secure UAS command and control connections 
and the data UAS collect. Finally, we need to put in place 
well-defined procedures for how to respond to potential 
security threats, including clarity about who has the authority 
to engage.
    A critical component to all of this is remote 
identification. It will provide law enforcement with the means 
to identify and subsequently mitigate the careless, clueless, 
or potentially criminal operators.
    Remote ID is also vital to the realization of a UAS traffic 
management system which would work alongside the existing air 
traffic control system to reduce barriers to innovation and 
improve security, thus security of the national airspace.
    Remote ID is also critical for the ultimate realization of 
flights over people and beyond line of sight operations. The 
UAS industry has been hard at work developing remote ID and 
mitigation solutions.
    While the FAA is developing the rule that will 1 day codify 
remote ID standards, the industry is looking for ways to 
voluntarily provide remote ID on a tactical basis for certain 
situations.
    The industry is also working with government partners, such 
as the Department of Interior, to develop data management and 
risk mitigation strategies. It is my hope these efforts will 
help to accelerate the rulemaking process.
    Recent drone incursions at airports highlight the need to 
move faster. Once again, industry is developing solutions, such 
as electronic countermeasures, that take command and control of 
an errant platform. However, a framework to implement these 
types of solutions in the U.S. remains in development.
    In the interim, we cannot stand idly by. That is why AUVSI 
and the Airports Council International, North America, recently 
commissioned a blue ribbon task force on UAS mitigation at 
airports.
    The task force includes a cross-section of stakeholders 
representing the airport, UAS and manned aviation communities. 
It will provide recommendations to airports and the Federal 
Government to refine procedures and provide a policy framework 
to address drone incursions.
    We are optimistic its findings and recommendations could 
serve as a blueprint to inform future conversations about 
airspace security at other facilities.
    The American UAS market is stronger and more robust than 
any other country. To ensure domestic UAS companies continue to 
flourish, we need to accelerate Federal rulemaking and develop 
holistic policy solutions that give us the framework we need to 
keep the skies secure.
    Thank you very much. I look forward to questions from the 
Committee.
    [The prepared statement of Mr. Wynne follows:]

   Prepared Statement Of Brian Wynne, President and Chief Executive 
    Officer, Association for Unmanned Vehicle Systems International
    Chairman Sullivan, Ranking Member Markey, and members of the 
subcommittee, thank you very much for the opportunity to participate in 
today's hearing. I'm speaking on behalf of the Association for Unmanned 
Vehicle Systems International, the world's largest non-profit 
organization devoted exclusively to advancing the unmanned systems and 
robotics community. AUVSI has been the voice of unmanned systems in all 
domains for more than 40 years, including unmanned aircraft systems 
(UAS).
    On August 29, 2016, the FAA implemented the small UAS rule, also 
known as Part 107. The rule was the result of years of collaboration 
between government and industry that established a flexible, risk-based 
approach to regulating UAS. This new regulatory framework helped reduce 
many barriers to low-risk civil and commercial UAS operations, allowing 
businesses and innovators to harness the tremendous potential of UAS 
and unlock the many economic and societal benefits the technology 
offers.
    Since Part 107 was implemented, the demand for UAS has grown 
exponentially and the United States UAS market has become stronger and 
more robust. It is the largest national market in the world for UAS and 
likely to remain so for the foreseeable future. According to the AUVSI 
Unmanned Systems and Robotics Database, which documents the 
introduction of UAS as well as unmanned systems in other domains, the 
United States has developed more unique UAS platforms than any other 
country; and nearly twice as many as the second-largest UAS producing 
country. It also has more than triple the number of manufacturers in 
comparison, with 44 states having at least one UAS manufacturer.
    From examining pipelines and newsgathering to helping first 
responders conduct search and rescue operations, UAS help save time, 
save money and, most importantly, save lives. It is no wonder why 
thousands of businesses--small and large--have embraced this 
technology, and many more are considering integrating UAS into their 
future operations. As of last month, more than 1.4 million drones had 
been registered with the FAA, more than 400,000 of which are registered 
for commercial operations. While the vast majority of UAS operators 
follow the appropriate rules, occasionally bad actors threaten to 
undermine the great progress we have made. Careless and clueless 
operators can pose safety risks and paint responsible, legal UAS 
operations in a negative light, while criminal behavior can jeopardize 
the security of our airspace. As the number of UAS in our Nation's 
airspace continues to grow, it is vital our regulatory framework around 
UAS evolve to address these potential security challenges and ensure 
technologies are put in place to detect, identify and mitigate UAS 
which may pose a threat.
    Congress took a positive step when it granted additional 
authorities to the Department of Homeland Security and the Department 
of Justice as part of the FAA Reauthorization Act of 2018, including 
the authority to deploy appropriate countermeasures against UAS that 
threaten security. Congress also gave limited authorities to the 
Departments of Defense and Energy in the 2017 National Defense 
Authorization Acts. In addition, Section 2209 of the FAA Extension, 
Safety and Security Act, which was also adopted in the FAA 
Reauthorization Act, created a process through which state and local 
government entities can petition the FAA to prohibit or restrict the 
operation of a UAS in close proximity to a fixed-site facility, such as 
critical infrastructure.
    As we consider what more needs to be done, it is critical that we 
approach UAS security from an overall airspace management perspective. 
That is, we need to address the issue in the context of the complete 
solution, rather than focusing solely on how to interdict an errant 
drone. We must meet three conditions in order for this approach to be 
successful. First, we need to develop a holistic framework for 
detecting, tracking, identifying, and mitigating UAS. Second, we need 
to secure UAS command and control connections and the data UAS collect. 
Finally, we need to put in place well-defined procedures for how to 
respond to potential security threats, which includes clarity about who 
has the authority to engage.
    Let me first discuss detection, tracking and identification (DTI) 
technologies as well as mitigation technologies. A critical component 
for the future of DTI technologies is remote identification. It will 
enhance the security of the national airspace and allow law enforcement 
officials to quickly identify, track and apprehend operators acting 
carelessly, recklessly, maliciously or illegally. A comprehensive 
remote ID system would serve as a firewall of sorts. It would allow 
recreational and commercial operators flying in compliance with the 
appropriate rules to continue to do so unabated while providing law 
enforcement with the means to identify, and subsequently mitigate, the 
careless, clueless or potentially criminal operators.
    The implementation of a remote identification system would not just 
alleviate security concerns; it would also serve as the linchpin needed 
to advance the UAS industry beyond what is currently possible. It is 
vital for the realization of a UAS Traffic Management (UTM) system, 
which would work alongside the existing air traffic control system to 
reduce barriers to innovation and improve security of the national 
airspace. It is also critical for the ultimate realization of expanded 
operations, including flights over people or beyond line of sight. That 
will help make operations like package delivery--and even autonomous 
air taxi service--a reality in the coming years.
    As for mitigation technologies, also known as counter-UAS 
technologies, these will provide a way to interdict UAS that may pose a 
threat. According to MITRE, there are two primary types of mitigation 
technology: electronic, such as jamming the radio frequency or GPS 
signal from the UAS; and kinetic, such as capturing the UAS with a net 
or use of powerful lasers.
    The UAS industry has been hard at work developing remote ID systems 
as well as other DTI and mitigation technologies. The FAA, in 
collaboration with industry, is developing the rulemaking process that 
will one day codify remote ID standards. Meanwhile, industry is 
refining those standards and looking for ways to voluntarily provide 
remote ID on a tactical basis for certain situations. It is my hope 
that these efforts by the industry will help to accelerate the 
rulemaking process. What is more, there may be the need to clarify or 
expand authorities to deploy appropriate countermeasures against UAS 
that are deemed a threat. Currently, UAS mitigation authority is 
limited to the Department of Defense, Department of Energy, Department 
of Homeland Security and the Department of Justice.
    Recent incursions around airports including Gatwick Airport in the 
United Kingdom and Newark Liberty International Airport in the United 
States demonstrate that more needs to be done and at a faster pace than 
the regulatory process allows. If remote identification standards were 
in place, the operators responsible for those incidents could have been 
identified and tracked within a matter of minutes, mitigating the 
safety threat and potentially avoiding disruptive airport closures. 
Additionally, authorities could have used electronic countermeasures 
that take command and control of an errant platform to help mitigate 
the threat. These solutions exist, but here in the United States, the 
framework to deploy them remains in development.
    In the interim, we cannot stand idly by. That is why AUVSI and the 
Airports Council International-North America recently commissioned a 
Blue Ribbon Task Force on UAS Mitigation at Airports. The Task Force, 
co-chaired by former FAA Administrator Michael Huerta and Los Angeles 
World Airports CEO Deborah Flint, is studying the issue of UAS 
detection, tracking, identification, and mitigation in and around 
airports. The panel includes a cross-section of stakeholders 
representing the airport, UAS and manned aviation communities, and will 
provide recommendations to airports and the Federal government to 
refine procedural practices in response to incursions and provide a 
policy framework to address this timely and critical issue. The Task 
Force also will consider comments from the public and meet with experts 
in government, national security, law enforcement, pilots, air traffic 
controllers and airline and airport leadership, to develop and release 
initial findings this summer.
    While the purview of the Task Force is mitigation around airports, 
we are optimistic that its findings and recommendations could serve as 
a blueprint to inform future conversations about UAS security at other 
facilities, such as national landmarks, stadiums, prisons, military 
bases, and other critical infrastructure. As such, we plan to share any 
data the Task Force collects with the FAA to ensure that any solutions 
we identify will help inform future rulemakings and conversations about 
UAS mitigation across the national airspace. We will also make sure the 
Task Force's reports are shared with Chairman Sullivan, Ranking Member 
Markey, and members of the subcommittee.
    The work of the Task Force is separate from, but complementary to, 
industry-government partnerships currently underway to develop 
effective UAS detection and mitigation solutions. Last year, AUVSI 
collected more than 40 white papers on remote identification solutions 
from industry stakeholders to help the FAA meet its congressional 
directive under the 2016 FAA reauthorization extension to develop 
consensus for such standards.
    In addition, the Drone Advisory Committee (DAC), a Federal advisory 
committee of which I am a member that provides the FAA with advice on 
key UAS integration issues, considers remote identification and UAS 
mitigation two of its top priorities. We discussed these topics at 
length in our meeting earlier this month, and we formed task groups to 
delve further into both remote identification and counter-UAS. 
Eventually, the DAC will provide consensus-based recommendations to the 
FAA to help inform its future rulemakings on these matters.
    The FAA's UAS Integration Pilot Program is another important 
industry-government partnership. It brings together state, tribal and 
municipal governments with UAS industry leaders and academic 
institutions to collect data and conduct critical research. Nine 
projects across the country, from Alaska to Virginia, are currently 
conducting research that will not only help inform the Federal UAS 
policy framework for detection and mitigation, but also advance 
expanded operations such as flights beyond line of sight and even 
package delivery.
    Importantly, the UAS Integration Pilot Program allows state and 
local entities to provide input without infringing upon the FAA's 
sovereignty over the U.S. airspace. Federal authority over the airspace 
has been a bedrock principle of aviation law for more than 70 years, 
and it is one of the reasons that the U.S. maintains an aviation safety 
record that is the envy of the rest of the world. AUVSI has been in 
discussions with our government partners responsible for national 
security, and we will continue to work with policymakers to ensure that 
government agencies have the authority to keep America's skies safe and 
secure while maintaining Federal sovereignty over the U.S. airspace.
    Security of the Nation's airspace is paramount, but we must also 
ensure that the data collected, retained, transmitted or shared after 
UAS flights is also secure. In 2015, the National Telecommunications 
and Information Administration (NTIA) convened representatives from 
government, industry, and civil liberty groups to develop a set of best 
practices for UAS privacy, accountability, and transparency to ensure 
that UAS operators are flying responsibly. AUVSI participated in this 
process, and the resulting best practices include clear guidance for 
operators for how best to collect, store and secure data.
    The industry is also working with government partners to develop 
data management and risk mitigation strategies. For example, since 
2015, industry partners have been working collaboratively with the 
Department of the Interior (DOI) to define, understand, and address 
data management concerns. AUVSI appreciates that the solutions to 
challenges should come from those who understand, know, and use 
unmanned technologies. DOI has been a leader among the Federal agencies 
in the use of UAS, and its work on this subject matches AUVSI's 
longstanding principle on cybersecurity calling for industry-driven 
consensus security standards, and cautioning against ``[p]rescriptive 
regulation or government-imposed requirements.''
    Finally, we also cannot ignore the importance of education in 
deterring careless, clueless or criminal behavior. The legions of new 
UAS operators may not all be aware of the FAA regulations that 
determine where they can and cannot fly. AUVSI, the Academy of Model 
Aeronautics and the FAA partnered to launch the Know Before You Fly 
campaign in December 2014 to provide these new flyers with information 
about how to fly safely and in compliance with applicable rules and 
guidelines. In fact, the FAA recently issued new guidance for 
recreational operators, and new rules for recreational flyers are also 
under development. As the regulatory environment evolves, educating 
flyers and raising awareness of new requirements can help increase 
compliance. Recognizing the continued importance of education, our 
organizations also recently signed a new memorandum of agreement that 
solidifies our commitment to expanding and improving Know Before You 
Fly over the next three years.
    Much has been accomplished so far because government and industry 
have banded together to advance UAS. We share the same goals--
supporting innovation while at the same time ensuring the security of 
the national airspace--which has made for a working relationship that 
is defined by both productivity and mutual respect. Thanks in part to 
our strong partnerships, the United States UAS market is stronger and 
more robust than any other country. To ensure domestic UAS companies 
continue to flourish, we need to accelerate the Federal rulemakings.
    The security of our airspace is a serious issue that should be 
addressed from an overall airspace management perspective. Only by 
working together can industry and government develop holistic policy 
solutions that give us the framework we need to keep the skies secure 
while still allowing the nascent UAS industry to truly take off. Thank 
you, again, for the opportunity to speak today. I look forward to 
answering any questions the committee might have.

    Senator Markey. Next, we're going to hear from Harry Wingo 
from the National Defense University. Welcome, sir.

               STATEMENT OF HARRY WINGO, FACULTY,

             COLLEGE OF INFORMATION AND CYBERSPACE,

                  NATIONAL DEFENSE UNIVERSITY

    Mr. Wingo. Thank you.
    Chairman Sullivan, Ranking Member Markey, members of the 
Subcommittee, thank you for the opportunity to assist as you 
work to build a more secure and prosperous nation.
    I teach at the Nation's Cyber War College, the College of 
Information and Cyberspace at the National Defense University. 
I do not speak today, however, for the Department of Defense. 
These views are my own.
    I am excited about integrating commercial drones into the 
national airspace for many of the reasons you know. This 
represents the opportunity to move into the future with what is 
essentially an Internet of drones.
    The promise for commerce and for prosperity is vast. 
Unfortunately, this promise may be marred by an overwhelming 
new monopoly by a foreign company, DJI out of China.
    The promise of the future will not happen if we do not 
address what I call the three Ds of drone supply chain 
security: data flows, dual use, and dependency.
    By data flows, I mean that American geospatial information 
is flown to Chinese data centers at an unprecedented level. 
This literally gives a Chinese company a view from above of our 
Nation.
    DJI says that American data is safe but its use of 
proprietary software networks means how would we know? Also, as 
a great power competitor, China has access to this rich flow of 
information.
    Dual use means that the same Internet of drones that will 
create jobs and save lives is also well suited to war. The 
power and reach of U.S. military drones, big ones, has stopped 
terrorists and saved American lives. Now consider how future 
drone swarms may be flown to deadly military effect from 
thousands of miles away.
    America's current de facto by Chinese drone situation may 
be helping China to build just that military capability. We 
continue to save money by putting everything at risk.
    Dependency on China for our aviation future is 
unacceptable. We must stop pushing the China easy button over 
and over again without vigorously exploring all options to 
truly invest in America's drone system.
    President Trump this month underscored that point with the 
Presidential Memorandum pursuant to Section 303 of the Defense 
Production Act. I can't say it better than the President here.
    ``The domestic production capability for small unmanned 
aerial systems is essential to the national defense.''
    Let's work together to create American independence in 
drones. Here's what Congress should explore. Buy USA or at 
least USA assembly. Open source. Drone highways, really skyways 
being treated as infrastructure and synchronizing the American 
artificial intelligence initiative with these efforts.
    USA assembly can help but Buy American is better. Consider 
3-D robotics and I've spoken with the CEO, Chris Anderson, 
who's pushing efforts for open source. They used to produce 
their drones in Mexico, then they had to change that.
    Open source can make a difference. It made a difference for 
the internet. It can lead to transparency. It can provide an 
American more trusted alternative to the closed system that is 
brought by the Chinese drone leader DJI and other companies.
    Finally, envision drones are second or third. Envision 
drones as infrastructure. Let's grow the Internet of drones the 
same way we grew the internet. Let's build drone highways or 
skyways the same way that President Eisenhower and Congress 
built the Interstate Highway System.
    These industry 4.0 industries require care and feeding at 
this pivotal crossroads where we find ourselves. China is not 
only ready and willing to wrestle this away from us, they're 
doing so today.
    Let's synchronize the Internet of drones with America's AI 
initiative and that can be a force of multiplier for startups 
and the innovation ecosystem out there for American drones.
    Earlier this year, President Trump sounded the alarm on AI, 
calling the Nation to compete at a level necessary to match 
China's whole of nation commitment to AI dominance.
    In summary, overreliance on Chinese drones creates 
significant cybersecurity risks. These foreign drones are 
exploiting us and putting the very known threats inside our 
American businesses and government organizations at risk.
    I've brought this to your attention today for the simple 
fact. These threats should not and cannot be ignored. America 
needs us now, right now.
    Thank you.
    [The prepared statement of Mr. Wingo follows:]

  Prepared Statement of Harry Wingo, Faculty, College of Information 
              and Cyberspace, National Defense University
    Chairman Sullivan, Ranking Member Markey and members of the 
Subcommittee, thank you for the opportunity to address the security of 
unmanned aircraft systems (UAS, or drones). I am humbled to have the 
chance to assist your efforts to build a prosperous and secure Nation. 
Fully integrating UAS into the National Airspace System (NAS) can 
create new jobs and enhance the quality of life for all Americans. This 
promise depends, however, on the security of UAS, including 
understanding and managing risks to drone supply chains.
    As faculty at the Nation's cyber war college, the National Defense 
University's College of Information and Cyberspace, I educate national 
security leaders about strategic risk. The views I express today are my 
own; I am not speaking for the U.S. Department of Defense. My personal 
and academic perspective reflects over 25 years focused on law and 
policy issues concerning networked technologies, including roles at 
Google, where I helped the CEO, CISO and other leaders to engage 
Congress and the White House in the wake of the ``Operation Aurora'' 
cyber attacks; at the Federal Communications Commission, where I 
focused on broadband, spectrum and network security issues; and, for 
this Committee, as counsel to the great Senator Ted Stevens, when he 
served as Chair. My views also reflect my over six years of active duty 
service as a Navy SEAL officer, and my ownership of three small drones.
    Accelerating the integration of UAS into commerce must be done with 
a focus on supply chain security. Also key, however, is a special kind 
of supply chain risk: The U.S. is over-reliant on the Chinese drone 
monopoly embodied in SZ DJI Technology Co., Ltd., doing business as 
DJI.
    While advances in commercial drone technology are many, and 
encouraging, I respectfully invite the Subcommittee to examine the 
widening gap between China and the United States with respect to the 
market share of small drone (less than 55 lbs.) platform manufacturers 
like DJI.
    Small drones are no small matter.
    In 2016, the White House estimated that UAS could spur up to $82 
billion in economic growth by 2025 and generate 100,000 jobs.\1\ The 
potential for drones to benefit commerce has captured the interest of 
many companies and countries around the world. In the race to UAS 
dominance, however, China has taken a commanding lead in recent years.
---------------------------------------------------------------------------
    \1\ McKevitt, J. (2017, March 23). FAA: Drones will fill the skies 
in 2021. Supply Chain Dive. Retrieved from https://
www.supplychaindive.com/news/FAA-commercial-drone-use-delivery-
logistics/438710/.
---------------------------------------------------------------------------
    DJI's market share may exceed 70 percent globally, and 80 percent 
in the U.S. While hobby drone market share is different than commercial 
market share, by any standard, China's leading drone company is 
dominating the UAS space. DJI employs 14,000 people, and is based out 
of Shenzhen.\2\ Meanwhile, Western drone companies like Parrot SA, a 
French company, lag far behind. Others struggle to gain market share, 
remain relegated to specific niches, have shut their doors, or have 
shifted away from the drone platform market. One UAS innovator, Chris 
Anderson, CEO of U.S.-based 3D Robotics, has pivoted from a platform 
strategy to one of providing the software and analytics for UAS.\3\
---------------------------------------------------------------------------
    \2\ Berlinger, J. (2019, January 21). Chinese drone maker DJI 
uncovers fraud that could cost it $150 million. CNN Business. https://
www.cnn.com/2019/01/21/tech/dji-fraud-investigation-china-intl/
index.html.
    \3\ See, e.g., Perlman, A. (2016, December 12). 3D Robotics' 
Cautionary Tale: Losing The Hardware Game To China and Pivoting To 
Software for Survival. UAV Coach. https://uavcoach.com/3d-robotics-
pivots-to-software-for-survival/.
---------------------------------------------------------------------------
    While it is important to consider the security of all drones in 
commerce, the global dominance of China's small drone platform 
manufacturer, DJI, warrants a closer look with respect to its outsized 
impact on drone security, but also on the long term viability of U.S. 
companies as alternatives here and around the globe. This second aspect 
of supply chain risk management is of a special, critical nature: It 
presents a National risk, similar to that highlighted by President 
Trump in calling out the risk of using 5G equipment from Huawei 
(another Chinese company) in U.S. telecommunications networks. Unique 
risks arise from DJI's being based in, and operated from, China--a peer 
competitor to the United States.\4\
---------------------------------------------------------------------------
    \4\ U.S. Department of Defense. (2018). Summary of the 2018 
National Defense Strategy of the United States of America: Sharpening 
the American Military's Competitive Edge. https://dod.defense.gov/
Portals/1/Documents/pubs/2018-National-Defense-Strategy-Summary.pdf.
---------------------------------------------------------------------------
The Rising Stakes of Drone Supply Chain Risk Management
    The FAA has noted that drones are the fastest growing component in 
aviation, with more than 350,000 UAS doing things that would be 
difficult or dangerous for human beings to do.\5\ Drones are digital 
infrastructure, and will play a key role in allowing the safe and 
secure integration of unmanned aviation operations, including flights 
over people, night operations and beyond visual line of sight 
operations. A safe and efficient UAS Traffic Management (UTM) system 
means that drone security extends beyond just the individual drones 
themselves, but to the connected systems that will include detect-and-
avoid capabilities and permit reliable and secure data links between 
Part 107 pilots and unmanned aircraft. Autonomous drone operations, 
like land-bound driverless cars and trucks, demand ``baking in'' 
privacy and security from the design phase.
---------------------------------------------------------------------------
    \5\ Federal Aviation Administration. (2019, April 30). Fact Sheet--
The UAS Integration Pilot Program and UAS Traffic Management Pilot 
Program. https://www.faa.gov/news/fact_sheets/
news_story.cfm?newsId=23574.
---------------------------------------------------------------------------
    A future-oriented, interconnected aviation network that relies on 
emerging technology like artificial intelligence (AI) and 5G networks, 
will revolutionize commerce. The range of use cases are highlighted by 
the FAA's ten drone innovation projects in Fairbanks, Alaska; Reno, 
Nevada; San Diego, California; North Dakota; Kansas; Durant, Oklahoma, 
with the Choctaw Nation of Oklahoma; Memphis, Tennessee; Lee County, 
Florida; North Carolina; and Herndon, Virginia. The projects include 
emergency management, agricultural support and infrastructure 
inspections.
    Supply chain threats vary for UAS, and range from counterfeit parts 
to ``back doors'' installed to enable remote control of drones or 
otherwise disrupt UAS operations. Physical supply chain threats are 
perhaps overshadowed by software supply chain threats, which have 
increased as drones routinely connect to off-shore clouds of foreign 
companies. Companies routinely reassure customers about security, but 
the provision of firmware updates and the data flows from platforms 
back to offshore cloud-computing storage facilities can increase risk 
to UAS operations. Even if UAS were delivered to customers in 
``pristine'' condition, the subsequent back and forth of image 
processing and analytics data flows, along with software and firmware 
updates, opens a ``front door'' to risk. Images collected in the U.S. 
for storage in China, and subject to AI and machine learning, can be 
demanded by Chinese authorities without the knowledge of U.S. 
customers. How would a U.S. customer know such a request was made?
    ``Great Power'' Competition and Supply Chain Risk. Beyond the 
supply chain security risks that exist for the entire industry, there 
is a special class of risk concerning China's dominance of the U.S. 
drone market. Unlike other potential threat actors, China poses the 
most serious potential threat to U.S. drone security--that of a peer 
competitor that clearly intends to dominate the general space in which 
drones reside: Global Supremacy in Artificial Intelligence.\6\
---------------------------------------------------------------------------
    \6\ See, e.g., Allen, G.C. (2019, February 6). Understanding 
China's AI Strategy: Clues to Chinese Strategic Thinking on Artificial 
Intelligence and National Security. The Center for a New American 
Security. https://www.cnas.org/publications/reports/understanding-
chinas-ai-strategy.
---------------------------------------------------------------------------
    In the context of National risk posed by over-reliance on Chinese 
drones, I respectfully call the Subcommittee's attention to what I call 
the ``Three Ds'' of strategic drone supply chain risk:

  1.  Data Flows. Reliance on broadband connections to offshore clouds 
        gives China unprecedented information about U.S. commerce (and 
        more).

  2.  Dual Use. China is an important and valued trading partner, but 
        U.S. leaders are mindful of the (hopefully avoidable) potential 
        for U.S.-China conflict, beyond competition, where UAS and 
        other ``Industry 4.0'' technology would provide military 
        advantage.

  3.  Dependency. Next-generation drone commerce in the U.S. is 
        increasingly reliant on a Chinese drone platform monopoly, a 
        factor that could hinder innovation and economic security.

    Data Flows. The information risk from data flowing to China's 
autocratic government should concern more than U.S. government 
customers. The Pentagon in recent years has shifted from risk 
mitigation to risk avoidance when it comes to Chinese drones. The 
Pentagon ordered the U.S. military to stop using DJI drones a few years 
ago, and the Department of Homeland Security has issued warnings to 
their use in areas that impact National Critical Functions.\7\ More 
recently, the President issued a memorandum finding that ``the domestic 
production capability for small unmanned aerial systems is essential to 
national defense.'' \8\
---------------------------------------------------------------------------
    \7\ Sobczak, B. (2019, May 21). Feds to energy companies: Beware 
drone made in China. E&E News. https://www.eenews.net/stories/
1060369689.
    \8\ President Donald J. Trump. (2019, June 10). Memorandum on 
Presidential Determination Pursuant to Section 303 of the Defense 
Production Act of 1950, as amended. https://www.whitehouse.gov/
presidential-actions/memorandum-presidential-determination-pursuant-
section-303-defense-production-act-1950-amended/.
---------------------------------------------------------------------------
    Despite these precautions, the less risk-averse commercial sectors 
are embracing Chinese drones, as are State and Local governments who 
are choosing to purchase DJI platforms, and to take advantage of the 
company's very capable analytics tools and services.\9\ While sharing 
information from individual users, or even the data from specific 
companies or government units may seem inconsequential, DJI is 
compelled by Chinese law to provide information to the Chinese 
government. DJI's prowess in applying cutting edge data science to the 
growing deluge of data flowing into its cloud compute and storage 
assets is always available to the Chinese government. Making this U.S. 
information available to China must be considered in the context of 
that country's official position on achieving dominance in areas of 
disruptive technology like AI and Machine Learning.
---------------------------------------------------------------------------
    \9\ See, e.g., Reagan, J. (2018, October 31). Propeller Partners 
with DJI to Bolster Drone Analytics and Mapping. Drone Life. https://
dronelife.com/2018/10/31/propeller-partners-with-dji-to-bolster-drone-
analytics-and-mapping/; DJI. (2015, November 11). Commercial Drone Data 
Opening Up New Opportunities for Industrial Applications. https://
www.dji.com/newsroom/news/blog-commercial-drone-data-opening-up-new-
opportunities-for-industrial-applications.
---------------------------------------------------------------------------
    Dual Use. While it is important to acknowledge that DJI has created 
technically compelling technology and services, they continue to do so 
with the support of the Chinese government and in the context of great 
power competition between the U.S. and China in areas that relate to 
national security as much as they do to commerce.
    History teaches that economic and national security are closely 
linked. The recently celebrated Allied victory on the beaches of 
Normandy, and ultimately victory in the World War II, turned on 
technological power cultivated first in the field of commercial 
innovation. The modest beginnings of Henry Ford's Model T bloomed into 
U.S. dominance of the automotive market, which allowed our Nation pivot 
to building machines of war. U.S. innovation in electronics and 
communications technologies like telephones, radio and television, 
eventually supported military radar and the Allied breakthrough at 
Bletchley Park, where the private sector, academics and the national 
security community united to defeat the Nazis' Enigma machine. 
Commercial success led to military success.
    As a policy counsel for Google years ago, I had the honor to work 
with Vint Cerf, who while at DARPA co-created TCP/IP, a technology that 
enabled the Internet. That open protocol built on packet switching, a 
networking technology designed to make resilient our Nation's nuclear 
strike command and control capabilities. Today, China is aggressively 
dedicating national resources to building 5G networks able to increase 
Internet of Things (IoT) connections by 10 to 100 times that of current 
4G networks, all with an eye towards winning the race to overmatch with 
respect to AI-enabled capabilities in UAS and other robotics 
technology. While that advantage can be applied to commerce, it also 
enhances China's military power.
    Dependency. The U.S. has struggled to stem the tide when it comes 
to growing or even maintaining its manufacturing capability with 
respect to UAS platforms. There are many reasons for this, and the 
details might possibly take up an entire hearing. What matters now is 
taking a hard look at why and to what extent our Nation is relying on 
Chinese drone infrastructure.
    The technical capabilities and rapidly evolving features of DJI 
drones have led even first-tier U.S. public safety teams like the New 
York Police Department to turn to China for UAS platforms. These 
choices are being made despite the Pentagon's ban on military use of 
DJI, perhaps as a result of the law enforcement community facing 
limited funding, a shortage of cybersecurity professionals able to 
assess the risk, or simply a willingness to accept a different level of 
risk than the U.S. military. Nonetheless, the different positions with 
respect to DJI that is being taken by the Nation's first responders 
highlights the shortage of alternatives to Chinese drones.
    The United States is poised to leverage advances like the FAA's UTM 
system and Remote ID for UAS, but the Congress should explore deeply 
whether the benefits that will accrue from this might be diminished by 
the trailing market share of U.S. companies in the platform market for 
UAS. This harsh market reality may loom in related areas like 5G 
infrastructure, or even in the AI systems for self-driving cars or 
indoor robotics to be used in smart factories, hospitals, hotels and 
homes. While China over the past 20 years has played an important role 
in global commerce by augmenting the supply chain of U.S. companies, 
the glaring gap between U.S. and Chinese companies like DJI in the UAS 
platform market should be a wake up call.
Recommendation: Balance Risk Through Enhanced USA-Drone Incentives
    I respectfully suggest the following potential areas for further 
inquiry, oversight or legislation:

    Incentives for Drones as ``Digital infrastructure''. Drones and UAS 
are digital infrastructure. Just as President Eisenhower's Interstate 
Highway Initiative had long-reaching benefits, an investment in the 
next-generation aviation infrastructure that UTM represents warrants 
investment tailored to create incentives for the private sector. While 
funding concrete and steel for infrastructure projects matter, it is 
important to envision the ``drone highways'' of the future and make 
sure that we craft the right policies to remove legal and policy 
barriers to innovation by U.S. companies, from startups to existing 
industry leaders like Amazon, FedEx, UPS, Boeing or Lockheed. Another 
company to consider engaging is Uber, who is working with the Army 
Research Lab and the University of Texas at Austin to provide ``UAS on 
demand'' services.\10\
---------------------------------------------------------------------------
    \10\ Miller, S. (2018, August 14). Army Research Lab teams up with 
Uber. https://defense
systems.com/articles/2018/08/15/uber-arl-ut-nasa.aspx. (These would be 
above the 55 lb. limit for ``small UAS'' in the FAA's 14 C.F.R. Part 
107 regulations, of course.).
---------------------------------------------------------------------------
    USA Assembly. The recent attention to Huawei in the context of 5G 
infrastructure and a U.S.-China ``trade war'' has led many to ask 
whether we could sever all ties to China when it comes to high-tech 
manufacturing for things like 5G equipment, or in this case, UAS 
platforms. The reality is that short of armed conflict with China, it 
is unlikely that a radical, across the board decoupling of our micro-
electronics supply chains with China would be possible (or beneficial). 
The Chinese are far ahead of the U.S. on chip assembly, even if we 
retain an advantage on chip foundries like Intel.\11\ It is worth 
exploring whether and how it might be possible to cultivate realistic 
alternatives to Chinese assembly of the smart components within UAS. It 
is possible that advances in automation and AI-enabled smart factories 
might help in this effort. The President's recent memorandum declaring 
small UAS essential to national defense highlights a potential area for 
leveraging related efforts within the U.S. government to grow our 
domestic UAS production capacity.
---------------------------------------------------------------------------
    \11\ Wang, B. (2019, February 23). China's Semiconductor Catchup is 
Critical to Future Technology Competition. Next Big Future. https://
www.nextbigfuture.com/2019/02/semiconductor-race-and-parity-is-key-to-
global-technological-competition.html.
---------------------------------------------------------------------------
    Abruptly disentangling our micro-electronics supply chain 
completely from China would be difficult, and (short of outright armed 
conflict with China) likely counter-productive. That said, we should 
identify and cultivate alternative manufacturing partners, including 
particularly those in the Western Hemisphere, Europe and Africa, and in 
coordination with our ``Five Eye'' (FVEY) partners (The United Kingdom, 
Canada, Australia, and New Zealand) and NATO countries. With respect to 
NATO countries, France is of particular interest on UAS since the 
Paris-based company Parrot SA is a distant but capable competitor to 
DJI in the UAS platform market. Also noteworthy in the NATO context is 
the Swiss company Flyability, whose indoor-drones are being used to 
inspect U.S. nuclear power facilities. On the homefront, an innovative 
leader in AI-enabled drone operations is Shield AI, which has a lidar-
enabled drone capable of flying autonomously through buildings. Based 
out of San Diego, Shield AI has 100 employees and is an example of 
platform innovation in the small drone space industry.
    Open source. The Subcommittee might also explore the role that open 
source initiatives like the DroneCode Project might play in providing 
more transparency, particularly if U.S. companies continue to purchase 
Chinese platforms. Currently, DJI adheres to a proprietary model that 
acts to help lock-in its market dominance.\12\
---------------------------------------------------------------------------
    \12\ See, e.g., DJI. (2018, October 31). DJI Expands Drone 
Ecosystem With New Hardware, Software and Partnerships To Help 
Enterprises Gain Aerial Productivity: AirWorks 2018 Bolsters The DJI 
Platform For Businesses, Governments, And Others Ready To Do Their Work 
Better With Professional Drones. https://www.dji.com/newsroom/news/dji-
expands-drone-ecosystem.
---------------------------------------------------------------------------
    While the best result would be a growing and competitive U.S. 
market in UAS platforms, incentives to encourage the growth of an open 
ecosystem to counter DJI's proprietary system may help. The limitations 
of this approach likely include the fact that open protocols work 
better when championed by a large player in the market. Consider the 
role that Google played in driving the success of Android phones. 
Whether open-source models like DroneCode can help to boost the market 
share of U.S. drone manufacturers is something worth examining.
    Link ``USA Drone'' Incentives to AI Initiatives. President Trump's 
Executive Order on Maintaining Leadership in Artificial Intelligence, 
issued earlier this year, is a reminder of the high stakes in the AI 
race between the U.S. and China.\13\ It is worth reviewing ways that 
the Subcommittee might find common ground with other National efforts 
related to AI. Integrating UAS into the NAS safely and securely is an 
effort that implicates AI and Machine Learning, and finding ways to 
leverage related efforts--like accelerating the use of autonomous 
vehicles on our Nation's streets and highways--may help to speed the 
National use of drones in commerce.
---------------------------------------------------------------------------
    \13\ White House. (2019, February 11). Executive Order on 
Maintaining Leadership in Artificial Intelligence. https://
www.whitehouse.gov/presidential-actions/executive-order-maintaining-ame
rican-leadership-artificial-intelligence/.
---------------------------------------------------------------------------
    Understanding smart cities is one challenge facing the integration 
of UAS into the NAS. I have personally researched a different area, but 
one that concerns the use of AI and UAS: Using indoor drones to help 
save lives during an active shooting.\14\ This scholarship is an 
example of the work that I and my colleagues do on behalf of the 
Nation, at NDU's the College of Information and Cyberspace.
---------------------------------------------------------------------------
    \14\ Wingo, H. (2018). Set Your Drones to Stun: Using Cyber-Secure 
Quadcopters to Disrupt Active Shooters. Journal of Information Warfare, 
Vol. 17, Iss. 2, p.54-64. https://search.proquest
.com/openview/1ac335453924ced1aca49794f419d958/1?pq-
orgsite=gscholar&cbl=2046421.
---------------------------------------------------------------------------
    Conclusion. The alarming lead taken by China in this increasingly 
important area of interstate commerce demands purposeful, strategic 
action to level set U.S. drone manufacturing with our peer competitor. 
The United States is poised to reap the benefits of a next-generation 
aviation system that relies more on autonomous systems connected by 5G 
networks. This transition may be threatened, however, by continued 
dependence on Chinese UAS platforms. The future of American commerce is 
at stake.
    I look forward to answering any questions you may have, and to 
further discussing this or related matters with the Subcommittee. 
Again, thank you for the opportunity to testify. 

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


    Senator Markey. Thank you, Mr. Wingo, very much.
    Mr. Shaw, thank you.

     STATEMENT OF HAROLD H. SHAW, CHIEF SECURITY OFFICER, 
                  MASSACHUSETTS PORT AUTHORITY

    Mr. Shaw. Good afternoon, Chairman Sullivan, Ranking Member 
Markey, and Distinguished Members of the Committee.
    On behalf of the Massachusetts Port Authority, I would like 
to thank you for the opportunity to testify before the 
Subcommittee regarding drone security, specifically our 
concerns about the proliferation of unmanned aircraft systems, 
and the risks posed to aviation safety.
    The Massachusetts Port Authority or Massport, as we are 
commonly called, is an independent quasi-state entity that 
oversees Boston Logan International Airport, Wooster Regional 
Airport, Hanscom Field, maritime facilities, and various real 
estate holdings.
    Our first priority is the safety and security of the 
traveling public, our employees, and our neighboring 
communities. As the chief security officer, I am responsible 
for ensuring our organization is prepared for the threats we 
face today and to anticipate the threats of the future.
    I am here to testify that the rising incidents of 
unauthorized UASs encroaching on airspace reserved for manned 
aircraft is a clear and present risk that must be addressed 
thoughtfully but urgently.
    As Massachusetts Governor Charlie Baker recently 
highlighted in a letter to the Acting FAA Administrator, ``The 
Commonwealth is privileged to be a hub for high-tech 
innovation, including the increased interest in UAS usage, but 
it comes with challenges, especially with risks posed by 
negligent, reckless, or malicious use.''
    At Massport, we strive to utilize all available tools to 
create a redundant multi-layered security structure that seeks 
to drive down risk and respond to evolving threats.
    In recent months, as this committee knows, there have been 
incidents at international airports, including London Gatwick 
and Newark Liberty, where UAS sightings disrupted operations.
    Massachusetts has seen its fair share of incidents, as 
well, including one where a recreational UAS violated temporary 
flight restriction in a pier over Fenway Park during a Boston 
Red Sox game with more than 35,000 spectators.
    From January 2018 to March of this year, there were 32 UAS 
sightings alone near the three airports that Massport operates. 
If we were faced with a prolonged event similar to Gatwick, 
then roughly 1,300 aircraft would be impacted. More 
importantly, Logan could not serve as a refuge for any aircraft 
forced to land because of an in-flight emergency or diverted 
for weather.
    Each of our 42 airlines would have to cancel or redirect 
aircraft across 78 cities within the United States and 57 
international destinations, impacting approximately 140,000 
passengers all over the world.
    Applying U.S. DOT criteria, the overall cost to air 
passengers alone could easily reach tens of millions of 
dollars. Airline costs of fuel and other operating costs would 
increase this loss even more dramatically.
    While the FAA has instituted mandatory UAS registrations 
and seller specifications for flying near airports and are 
educating the public on UAS safety, more needs to be done.
    Senator Markey. Mr. Shaw, I apologize to you, but the next 
roll call has gone off. So I'm going to have to gavel us to a 
brief recess.
    Senator Sullivan will arrive in three or four more minutes 
and recommence the hearing. I'll make that roll call and then 
come back. I apologize to you, but these five roll calls just 
absolutely require our mandatory attendance.
    So thank you. With that, we're in a brief recess.
    [Recess.]
    Senator Sullivan. We'll call the hearing back to order.
    Mr. Shaw, if you can complete your statement, sir, and then 
we'll get to questions.
    Mr. Shaw. Yes, Mr. Chairman.
    The airport operators, law enforcement, and key 
stakeholders need appropriate legal and regulatory guidelines 
to provide clear rules of the road, so that in an event we are 
required to take proactive actions to identify, track, or even 
possibly mitigate the threat, there will be well-defined 
expectations and the lines of responsibility.
    The efforts needed to address the risks posed, whether 
intentional or not, can be grouped in the following three 
categories: enforcement, technology, and collaboration and 
research.
    Enforcement. We support several initiatives in the 2018 FAA 
Reauthorization Act, such as making certain UAS flights near 
airports are criminal offense and requiring the FAA to develop 
strategies to assist local governments responds to UAS threads.
    Nevertheless, we strongly appeal to this committee to take 
additional steps that will empower state and local partners to 
take charge of their own safety.
    The Preventing Emergent Threats Act of 2018 authorized some 
Federal agencies to take action to intercept and neutralize 
UASs that pose a threat to safety. However, they lack the 
capability to provide robust and persistent coverage across the 
Nation.
    Enforcement would also include outreach to the public to 
educate and provide clear guidance on what is permissible and 
what is prohibited.
    Technology. Currently, there is no single commercial system 
available to airports that can safely and effectively identify, 
track, or neutralize a threatening UAS in domestic airspace.
    We commend the FAA's efforts to support research and 
development projects and we encourage the FAA to expand 
existing pilot programs to identify a solution as soon as 
possible. At Massport, we are aggressively reviewing available 
technologies that promote better UAS situational awareness.
    With that said, the FAA has expressed concern to airports 
about deploying new technologies based on safety 
considerations. It is current Federal law which has chilled our 
efforts to actively test.
    Collaboration and research. We support multistate and 
Federal agency collaboration, information-sharing, testing, 
training, and setting common standards and operating 
procedures.
    We are achieving this through participation in multiple 
working groups as well as our relationship with one of just 
seven FAA-designated UAS test sites within the United States.
    Finally, the FAA has announced a pilot program for testing 
UAS detection systems at five yet-to-be-chosen airports. As the 
FAA continues to work on UAS integration, Governor Baker and 
Massport has asked Logan Airport be considered for this 
important pilot program.
    Thank you again for the opportunity to speak on this 
important issue. I look forward to addressing any of your 
questions.
    [The prepared statement of Mr. Shaw follows:]

     Prepared Statement of Harold H. Shaw, Chief Security Officer, 
                      Massachusetts Port Authority
Introduction
    Good afternoon, Chairman Sullivan, Ranking Member Markey, and 
members of the Committee. On behalf of the Massachusetts Port 
Authority, I would like to thank you for the opportunity to testify 
before the Subcommittee on Security about Unmanned Aircraft Systems 
(UAS) and the risks they can pose to aviation safety.
    The Massachusetts Port Authority, or Massport as we are commonly 
called, is an independent quasi-state entity that oversees Boston Logan 
International Airport, Worcester Regional Airport, L.G. Hanscom Field, 
maritime facilities, and various real estate holdings. Our first 
priority is always the safety and security of the traveling public, our 
employees, and our neighboring communities. As the Chief Security 
Officer at Massport, I am responsible for ensuring our organization is 
prepared for the threats we face today, and to anticipate threats of 
the future. I am here to testify that the rising incidence of 
unauthorized UAS encroaching on airspace reserved for manned aircraft 
is a clear and present risk that must be addressed thoughtfully and 
deliberately, but urgently.
    As we speak, the Federal Aviation Administration, state and local 
governments, and operators of critical infrastructure are seeking 
appropriate ways to manage, and safely and securely integrate UAS usage 
in our shared airspace. As Massachusetts Governor Charlie Baker 
recently highlighted in a letter to acting FAA Administrator Daniel 
Elwell, the Commonwealth is privileged to be a hub for high tech and 
innovation companies, and we fully appreciate their potential to 
enhance safety, security, and commerce. We also recognize that with 
innovation, including advancements in UAS technology, come challenges--
especially risks posed by negligent, reckless, or malicious use. The 
rapid pace of growth of the UAS industry and the ever-evolving UAS 
technological landscape have out-paced the current laws and policies 
designed to prevent harmful interaction between manned and remotely 
piloted aircraft.
Our Approach to Safety and Security
    Enhancing safety and security is, by definition, a fluid process 
and always a work-in-progress. Every day we strive to identify and 
utilize every available tool to create a redundant, multi-layered 
system that seeks to drive down risk and respond to evolving threats. 
This approach includes updating and standardizing operating procedures, 
constant preparation through training and drills, collaboration among 
many stakeholders, infrastructure investments, technology research and 
application, and proactive testing and implementation of new 
approaches.
    Some of the activities we undertake at Logan Airport demonstrate 
our commitment to safety and security. Since 9/11, the aviation 
community at Logan has met every day to discuss security and 
operations. We conduct multiple exercises every year, and work with our 
law enforcement partners, which include a permanent Massachusetts State 
Police troop presence, an FBI Joint Terrorism Taskforce Annex on the 
airport premises, as well as the many Federal agencies charged with 
securing our airports.
UAS Risks
    Rapid advances in UAS technology promise to revolutionize air 
transportation, and Massport looks forward to continuing to evolve with 
the future of air travel. Nevertheless, the disruption of manned 
aviation due to the proliferation of UAS is happening as we speak, and 
increasing with each passing day. According to the FAA, airplane pilots 
reported over 2,000 UAS sightings in the U.S. in first 10 months of 
2018. UAS operators, many with little or no training, are encroaching 
on airport flight paths causing risks of collision or ingestion by 
aircraft engines. Nefarious actors could use UAS's to inflict 
significant harm, potentially attacking an aircraft in the air or on 
the ground with payloads of explosives, chemical, biological or 
radiological material.
    In recent months, as the Committee knows, there have been incidents 
at international airports, including London Gatwick and Newark Liberty, 
where reported UAS sightings disrupted operations. Massachusetts has 
seen its fair share of incidents as well, including an incident where a 
recreational UAS violated a temporary flight restriction and appeared 
over Fenway Park during a Boston Red Sox game with more than 35,000 in 
attendance. There were 32 reported UAS sightings alone at the three 
airports Massport operates from January 2018 to March of this year.
    The impact of an extended UAS incident would be significant to 
Logan Airport. Flights from coast to coast would feel the ripple effect 
of a handful of UAS's. If Logan Airport faced an extended halt of 
flight operations due to reported UAS sightings like Gatwick did in 
late 2018, then roughly 1,300 aircraft would be impacted. Passengers 
and cargo would be grounded on the tarmac at Logan Airport. Aircraft 
destined for Boston would be diverted in the air or held on the ground 
at originating airports. Most importantly, Logan could not serve as a 
refuge for aircraft forced to land because of an in-flight emergency or 
diverted for weather. Disruptions at Logan Airport would also affect 
the international airspace. Each of our 42 airlines would have to 
cancel or redirect aircraft across 78 cities in the U.S. and 57 
international destinations, impacting approximately 140,000 passengers 
all over the world. If you were to apply USDOT criteria to this type of 
event, then the overall costs to air passengers alone could easily 
reach tens of millions of dollars. Airline costs for crew, fuel, and 
other operating costs would increase this loss even more dramatically.
Our Response to UAS Risks
    Massport applauds the FAA's efforts to ensure UAS can coexist 
safely with manned flight. The FAA has instituted mandatory UAS 
registration, established guidelines for flying UAS near airports, and 
is educating the public on UAS safety. However, more needs to be done 
to strengthen current laws and policies to counter UAS threats.
    We recently conducted a UAS tabletop exercise, which included 
Massport, the FAA control tower at Logan, Massachusetts State Police, 
the FBI, TSA, and the Massachusetts Department of Transportation. The 
drill confirmed, with some slight modifications, that we have effective 
communications protocols in place for coordinating a response to a UAS 
incident, but it also validated our concern that we lack the tools to 
help us identify potential unauthorized UAS's or confirm sightings from 
pilots. We need technical solutions to increase our situational 
awareness with real-time intelligence so that we can detect and 
neutralize potential threats as quickly as possible. We continue to 
advance our efforts to better understand and address these needs. We 
established an internal working group, participate in a Commonwealth-
sponsored Counter-UAS (CUAS) working group, and routinely engage with 
our Federal partners to both learn more on the intricacies of this 
subject matter, as well as advance a collaborative discussion on 
potential solutions.
    However, we need appropriate legal and regulatory guidelines that 
provide clear rules of the road, so that in the event we are required 
to take proactive actions to identify, track, and possibly even 
mitigate the threat, there would be a clear understanding of 
authorization and responsibility.
Recommendations
    The efforts needed to address the risks posed by the misuse of 
UAS's, whether intentional or not, can be grouped into three 
categories: enforcement, technology, and collaboration/research.
    Enforcement. Clearly, the FAA has the primary role in ensuring 
UAS's are integrated into public airspace in a positive and safe manner 
that allows for commercial and recreational use while addressing the 
risks. We greatly appreciate the work this Committee and Congress have 
done to address the issue. We support several initiatives in the 2018 
FAA Reauthorization Act, such as making it a criminal offense to fly 
certain UAS near airports, requiring the FAA to develop a strategy to 
assist state and local government response to a UAS threat, and 
directing the Comptroller General to study state and local roles in UAS 
regulations. Nevertheless, we also strongly appeal to this Committee 
and to Congress to take additional steps that will empower state and 
local partners to take charge of their own safety. The Preventing 
Emerging Threats Act of 2018 authorized some Federal agencies to take 
action to intercept and neutralize UAS that pose a threat to safety; 
however, they lack the capability to provide robust and persistent 
coverage across the Nation. State and local agencies are ready to fill 
this void, but we need greater legal authority to do so. We 
respectfully request Congress pass additional legislation that extends 
similar authority to state and local law enforcement agencies.
    Enforcement should also include public outreach that provides clear 
guidance of what is permissible and what is prohibited. We encourage 
the FAA to enhance its outreach to recreational UAS operators, who 
usually have less experience piloting aircraft, so they know when and 
where to fly safely, and the consequences for breaking those rules. The 
FAA does have an active website and mobile app that begin to help 
address the problem. However, we advocate that more be done. We urge 
the FAA to expeditiously implement several key provisions of the FAA 
Reauthorization Act pertaining to recreational operations, including 
rolling out the mandatory operator knowledge test and working with 
community-based organizations to develop safety guidelines.
    Technology. Currently, there is no single commercial system 
available to airports that can safely and effectively identify, track, 
and neutralize rogue UAS's in domestic airspace. We commend the FAA's 
efforts to support research and development projects to counter the UAS 
threat, and we encourage the FAA to expand existing pilot programs to 
identify solutions to this ever-increasing challenge as soon as 
possible.
    At Massport, we actively and aggressively are reviewing available 
technologies that promote better UAS situational awareness for 
application at our airports and facilities. The FAA has expressed 
concerns to airports about deploying new technologies, and potential 
legal implications based on current Federal law. This has chilled our 
efforts to engage proactively on testing new technologies that might be 
able to assist us. We encourage FAA and our other key Federal partners 
to reconsider its approach to CUAS capabilities, and work 
collaboratively with airports to develop and deploy real solutions to 
counter these threats. We are coordinating with our state partners and 
will engage with the FAA as we move forward in this area.
    Collaboration/Research. Like any serious security risk affecting 
aviation, this needs to be a collective effort. We support multi-state 
and Federal agency collaboration, information sharing, testing, 
training, and setting common standards and operating procedures. In 
Massachusetts, we are achieving this through the Massachusetts DOT 
Aeronautics Division's CUAS Working Group. Massachusetts is also a 
participant in the Northeast UAS Airspace Integration Research Alliance 
(NUAIR), providing aeronautical research, UAS operations, and safety 
management--one of just seven FAA-designated UAS test sites in the 
United States.
    Finally, the FAA has announced a pilot program for testing UAS 
detection systems at five yet-to-be chosen airports. As the FAA 
continues to work on UAS integration, Governor Baker and Massport have 
offered our assistance and collaboration in achieving the important 
balance of public safety and innovation. Today, we are renewing our 
request for the FAA to consider Logan Airport for the UAS detection 
systems pilot program. Massport and Logan Airport are playing a crucial 
role in countering security threats to aviation every day, and, in 
partnership with the FAA and other federal, state, and local partners, 
we hope to bring that expertise to better integrate UAS into the 
airspace while fostering safe and secure airport operations.
Conclusion
    Thank you again for the opportunity to provide Massport's 
perspective on this important issue. I look forward to your questions.

    Senator Sullivan. Thank you, Mr. Shaw.
    I want to thank all the witnesses and let's just begin the 
questioning.
    Dr. Cahill, you talked about that some of the work in 
Alaska and other places has been a target of industrial 
espionage. Have you seen this? Do you know which groups are 
conducting the industrial espionage? Is it state actors? If 
anyone else on the security side can comment on that that would 
be helpful.
    Dr. Cahill. Mr. Chairman, we do see a lot of approaches 
from foreign entities. We have had----
    Senator Sullivan. Can you be more specific?
    Dr. Cahill. So I get a lot of requests from places like 
Iran, Russia, Pakistan, and other places, wanting to come learn 
about our test site and some ITAR technology, talk to us about 
various types of research we're doing, and so it is an area of 
concern that we are getting these approaches.
    We do report to the appropriate authorities when they 
occur. It is a case where, because we are a university, they 
assume that we're going to be a somewhat easier target, I 
believe, than the Defense community, but it is a case where we 
have regular contacts from foreign agents looking to talk to 
us.
    We have a large number of foreign students who do come to 
UAF and do want to study aerospace engineering. We have an 
aerospace engineering minor and we have had Bangladeshi 
students and other students go through that program.
    Senator Sullivan. Let me ask. You mentioned that you said 
it was illegal to test counter-UAS programs. Can you explain 
that? Maybe, Ms. Stubblefield, you can talk about that, as 
well. Why is that? Is the University of Alaska doing that 
anywhere outside of the United States?
    Dr. Cahill. We are not testing any counter-drone 
technologies. We are doing the detect and avoid. The reason we 
can't, the Code of Federal Regulations, especially Title 18, is 
the computer fraud and abuse. It is wire tap. It is pen trap. 
It is aircraft sabotage.
    Title 49 is piracy. So if we take down an unmanned 
aircraft, we have just violated all of those laws. If we take 
down one accidentally, then we've really violated those laws.
    Senator Sullivan. So, Ms. Stubblefield, obviously we want 
everybody here and all the witnesses to abide by the law, but 
if it's a Title 18 problem or the Title 49 aircraft piracy 
statutes, can the FAA provide exceptions? Do we have to change 
that law?
    Just let me give you an obvious example from my own 
parochial standpoint. Alaska possesses very large expanses of 
unpopulated land that's perfect for testing counter-UAS and 
detect and avoid technologies, as you heard from Dr. Cahill. 
The University of Alaska Fairbanks, is on the cutting edge of 
this.
    What do we need to do to be able to undertake these kind of 
counter-UAS testing, which I think all the witnesses here 
believe is important and yet we can't do it in America, as far 
as I understand? Are there things that Congress needs to enact 
laws? Do you have waiver authority? What's the status of this? 
Do you think we should be able to do that?
    Ms. Stubblefield. Well, certainly testing is important. 
Legally, as Dr. Cahill indicated, there are multiples of 
portions, provisions within Title 18 that prohibit the testing 
of counter-UAS mitigation technology and some detection 
technology, as well, depending on how it functions, based on 
pen trap, wire tap, and computer fraud and abuse.
    Any time you target a UAS, you implicate Section 32 of 
Title 18. So DHS and Justice came to the Hill last year. We 
actually supported them in getting that authority. So it is 
necessary to have congressionally granted relief from those 
Title 18 provisions.
    Senator Sullivan. We need to pass a law?
    Ms. Stubblefield. Yes, sir.
    Senator Sullivan. You don't have any waiver authority?
    Ms. Stubblefield. No, sir. Title 18 is----
    Senator Sullivan. Do you think we should pass a law?
    Ms. Stubblefield. I think it is important----
    Senator Sullivan. With your, of course, guidance from the 
FAA where we would work--this committee would work with you. I 
mean, do you think it undermines our ability to take advantage 
of these opportunities and also to promote national security if 
we can't do our own counter-UAS work in our own country?
    Ms. Stubblefield. So we can. The agencies that have that 
authority can do the testing and are doing the testing right 
now.
    Senator Sullivan. What about University of Alaska 
Fairbanks?
    Ms. Stubblefield. So right now, it would have to be done 
under the authority of one of the Federal departments that has 
that authority. Congress did give FAA in the 2018 
Reauthorization Act the authority to do testing and evaluation 
that we would be able to utilize potentially test sites and 
others to assist us with that.
    It depends on how the law is expressly written in terms of 
whether that's delegable for a particular department to be able 
to utilize an educational facility or a non-Federal entity to 
do that.
    Senator Sullivan. Well, we will look forward to working 
with you on this. I think it's an opportunity and I think it's 
something that again I'll ask additional questions of some of 
the other witnesses on their views on this.
    Senator Scott.

                 STATEMENT OF HON. RICK SCOTT, 
                   U.S. SENATOR FROM FLORIDA

    Senator Scott. Mr. Wingo, it's my understanding that a 
large percentage of the drones that are being used in the 
United States and Canada are Chinese-made.
    Mr. Wingo. That is correct, Senator.
    Senator Scott. And it's something like 80 percent plus?
    Mr. Wingo. I've heard that it's over 70 percent globally 
and then over 80 percent in the United States. That's correct.
    Senator Scott. And I guess Homeland Security put out an 
advisory that sensitive data is being sent back to the company 
which can be used by the Chinese Government.
    Mr. Wingo. Yes, sir.
    Senator Scott. So, I mean, China's not our friend. I mean, 
they're stealing our trade secrets. They don't open up their 
markets. They're militarizing the South China Sea. They're 
involved in Venezuela where there's genocide going on.
    So what are we doing and what should we be doing to stop 
this?
    Mr. Wingo. Thank you for asking that. What we need to do is 
have a whole of nation effort to address this serious risk 
today, as soon as possible. Part of that has to do with looking 
at open source, looking at invigorating our own market here in 
the United States. Competition is the best way. Take the field, 
compete vigorously, use USA technology as much as possible.
    I understand that doing a flash cut disentanglement of 
everything in the supply chain may be unrealistic short of 
actual conflict and we hope to avoid that, but what we do need 
to do is stop saying this is just platform technology or we can 
build the smarts in China and that it will cost less and then 
we can actually go into other service markets.
    This is too important. It's dual use technology. So the 
main thing we have to do is look at drones as infrastructure 
and consider really a Manhattan Project style investment 
because this relates to smart driving cars and trucks, the 
Internet of things, Internet of everything really, applies to 
this area of commerce, and we need to look at all of the laws, 
all the regulations that may be holding us back, sir.
    Senator Scott. So is there a reason not to just outlaw it, 
outlaw their sale?
    Mr. Wingo. Well, there is one consideration. For some 
places, for example, you mentioned DHS. The concern for the use 
for inspecting critical infrastructure should be looked at very 
carefully.
    I'm not speaking for the Department of Defense today, but 
DoD did put out a ban. DoD dealt with this risk by avoiding it 
completely and saying stop using these drones if you're in the 
U.S. military. So I think it depends on the risk.
    I am concerned, for example, that the storied and amazing 
New York Police Department turned to DJI for drones. When you 
consider protecting a U.S. citizen at that level, to hand that 
information over is concerning. So I think it really does 
matter who is doing it.
    On the other hand, if you consider what a flash cut might 
have on innovators or on research, as Dr. Cahill mentioned, 
that's something to be considered, but I really think we need 
to roll up our sleeves as a nation and attack this right now.
    Senator Scott. Wouldn't the easiest thing be to just outlaw 
the sale? I mean, the American companies will show up. I mean, 
there's plenty of technology in this country and innovation if 
they have the same opportunity. I mean, China doesn't open up 
their market. The reason why they can do this is they steal our 
stuff and they don't open up their market. Why don't we just 
say you can't sell anything here?
    Mr. Wingo. Well, this is very similar to what's going on 
with Huawei and considering 5G technologies and if you look at 
the market shares, we're in a different position because of all 
the water that's under the bridge so far.
    We have been putting everything at risk by paying lower 
costs. So a flash cut, I'm not sure that this is exactly the 
time now to make that measure, but there are cases to be made 
for that in definite and specific instances.
    If you're touching public safety issues, if you're looking 
at critical infrastructure, I think a case could be made to 
having a ban like that.
    Here's a consideration of a company in commerce, 
Switzerland. So at least it's a NATO partner country. They are 
using--Flyability is a company that is apparently inspecting 
half of the nuclear power plants with indoor drone flights and 
you can't get past the Nuclear Regulatory Commission and there 
are concerns with commercial U.S. nuclear plants, as you know, 
without really making sure you're cyber secure and safe.
    So I think that's a good thing to look at and so I would 
say, sir, at this point, it depends on what the risk is and I'm 
at the College of Information and Cyberspace. It's the Nation's 
Cyber War College. I and my colleagues, we stand ready, 
willing, and able to help on any details that you want to go 
into.
    Senator Scott. And you all could put out a proposal?
    Mr. Wingo. We could, sir.
    Senator Scott. Thank you. It would be helpful to say 
exactly what we should do. I don't know why we're doing 
business with them. I think in so many areas, I think we're 
crazy to do business with the Chinese. We ought to be buying 
American products in every way we can. I mean, they've stolen 
our jobs, our technology. So they're not our friend.
    Mr. Wingo. If I may say something, as an American, I love 
history and I consider the power of General Motors and Detroit 
and the commerce that was there with U.S. automobiles and the 
infrastructure that was in place and we could not have beat the 
Nazis. We celebrated Normandy, the landing 75 years ago. That 
would not have been possible if we couldn't have turned around 
on a dime and produced engines of war, aircraft and tanks, but 
that was because of our industrial base and so, Senator, I like 
what you're saying because we have to address this issue.
    As far as the details, we look forward to working with you 
on that.
    Senator Scott. Thanks.
    Mr. Wingo. Thank you.
    Senator Sullivan. Let me continue on this line of thinking. 
You know, there's manufacturing of what Senator Markey had 
displayed as drones.
    Mr. Wynne, you actually mentioned that the manufacturing is 
taking place throughout the United States, is that correct?
    Mr. Wynne. That's correct.
    Senator Sullivan. And so what's the issue? I'm trying to 
get my arms around this. I think we all are. You heard Senator 
Scott's questions.
    If we're manufacturing drones all throughout the United 
States and yet DJI, you mentioned, Mr. Wingo, DJI, which is a 
Chinese company that dominates this field in America, globally, 
what's the challenge to create more of our own home-based drone 
manufacturing? Is it on the creating a drone, like Senator 
Markey mentioned, or is it on kind of on the back end software 
cloud aspects, which to me are the much more challenging 
national security issues here as it relates to cloud storage in 
China?
    Mr. Wynne. I'm going to answer the question from----
    Senator Sullivan. I know it's a multipart question.
    Mr. Wynne. It is.
    Senator Sullivan. Take a swing at it in whichever way you 
want to answer it.
    Mr. Wynne. It's a couple of pitches. I think I'd like to 
answer the question from a market development standpoint 
because my----
    Senator Sullivan. What more can we do to enhance our 
manufacturing capacity and base in America in this area?
    Mr. Wynne. I think the simple answer to the question is 
that American-made drones tend to be a little bit more up-
market and they tend to be more use-specific and what we have 
been working with the FAA on is the creation of rules which 
would go beyond Part 107 to more extended operations.
    Senator Sullivan. And, excuse me, I'm going to have to go 
vote, but my team is listening to your answer. So we will----
    Mr. Wynne. Very well.
    Senator Sullivan. And my good friend, Senator Markey, is 
back here. So we will continue to roll. Thank you.
    Senator Markey. Thank you.
    Senator Sullivan. Sorry to interrupt.
    Mr. Wynne. So the short answer to the question, I think, is 
the more we have the ability to do extended operations, fly 
over people, fly at night, fly beyond visual line of sight, the 
more we will see the market development for more sophisticated 
drones.
    The vast majority of----
    Senator Sullivan. Would benefit American manufacturers?
    Mr. Wynne. Exactly. Because we?ve been making large-size 
drones for military use for many, many years and a lot of the 
robust nature of that manufacturing can come down into more 
small platforms but more capable platforms.
    So right now, there tends to be a bias toward greater 
volumes and lower cost.
    Senator Markey. The Chair recognizes himself. I call myself 
the Chair for 5 minutes.
    Although the FAA has been charged with the primary 
responsibility to integrate drones into the national airspace, 
it is often state and local organizations, like Massport, that 
must be ready to take proactive measures to identify, track, 
and possibly mitigate threats in real time.
    As you note in your testimony, Mr. Shaw, the Federal 
Government simply lacks the capability to provide robust 
persistent coverage against drone threats across the entire 
nation. That's why we'll continue to rely on organizations like 
Massport to fill the void.
    Mr. Shaw, given this responsibility, what tools and legal 
authority should we provide to state and local agencies, like 
Massport, so that they can defend airports from the risk 
associated with drones flying in flight paths which could have 
catastrophic effects?
    Mr. Shaw. Thank you, Senator Markey.
    First and foremost, at the local level, there are no 
authorities that have been actually pushed down for whether it 
be the Mass State Police or Massport Police in Massport's 
perspective to be able to act or respond to a drone incident.
    Unfortunately, we don't have, you know, the technology in 
place to respond nor do we actually have the legal framework, 
you know, and as Dr. Cahill even mentioned, to be able to 
counter and respond to any type of incident specific at 
Massport. You know, no pun intended, but we're flying blind at 
this point.
    What we need to be able to do to advance, you know, not 
only the discussion but our ability to be able to effect a 
uniform, a balanced, and a smart response is to be able to push 
authorities down to the state and local level. They are the 
first response requirements where we can in turn lean on them 
to be able to hopefully react and respond to any type of drone 
incident specifically within our environment.
    On a day-to-day basis, we look at, you know, Massport but 
really any other large international airport as its own special 
event. You're really looking at, you know, for Massport in 
particular, 140,000 passengers traverse through the airport on 
any given day.
    So the Federal Government has done a very good job in terms 
of preparing for the special events, whether it be the Boston 
Marathon, whether it be a Super Bowl event, or any other, you 
know, major event across the country.
    What we're confronted with on a day-to-day basis is our own 
special event and how do we in turn equip law enforcement and 
first response entities with those appropriate tools to be able 
to adequately and effectively respond if we were confronted 
with a similar event to that of Gatwick?
    Senator Markey. So do you want the FAA to give you 
authority to do your own individual counter----
    Mr. Shaw. Not specifically to Massport but to----
    Senator Markey. I don't mean you----
    Mr. Shaw [continuing]. Law enforcement that in turn 
supports Massport or similar to, you know, what happened with 
the incursion over Fenway Park, you know. The ability for the 
Boston Police Department to effectively respond, you know, to 
that threat.
    At this point in time, albeit, you know, whether it be DHS 
or the FBI, they've done a very, very good job in terms of 
dealing with bigger events, but day in and day out, they just 
don't necessarily have the band width nor the resources to be 
able to cover each and every one of the major airports across 
the country.
    Senator Markey. So you believe that individual law 
enforcement agencies across the country should be given this 
authority to be able to act proactively?
    Mr. Shaw. Appropriately scoped, sir.
    Senator Markey. Appropriately.
    Mr. Shaw. Yes, sir.
    Senator Markey. Do you agree with that, Ms. Stubblefield?
    Ms. Stubblefield. Sir, to be clear, FAA doesn't give the 
authority. Actually, the prohibitions that constrain the 
ability of law enforcement to act against UAS are actually from 
Title 18 and Title 49 and those are the authorities that have 
been granted to DHS and Justice.
    Senator Markey. I think it's time then for us, that is the 
Congress, to think about modifying that authority so that we 
deal with this tsunami of threats which are going to be out 
there and allow for there to be additional protections which 
are provided to the public.
    Ms. Stubblefield?
    Ms. Stubblefield. Yes, sir. But if I may on a couple of 
different counts, one, there is the ability to use legal 
detection capability, which Massachusetts Police actually does 
have that capability in some circumstances, so that you can 
identify where UAS are and in some cases, depending on the 
technology that you're using, identify where the operator is 
and be able to get law enforcement to that operator to engage 
and be able to get that drone down safely.
    Senator Markey. What authority would you want, Mr. Shaw?
    Mr. Shaw. You know, just to kind of that one point. Then 
it's not respective to the airport, you know, environment in 
particular. We have incidental coverage through the State 
Police at this point in time.
    One of the things that we're looking at is, you know, is 
there an ability to be able to push some of the authorities 
that in turn have been, you know, passed to whether it be DHS 
or DOJ and be able to allow, you know, specifically our state 
and local authorities to be able to respond, react, and be able 
to utilize the law respective to their own personal benefit.
    Senator Markey. OK. So if I may ask, so it's important that 
you can identify a problem?
    Mr. Shaw. Yes, sir.
    Senator Markey. But what can you do to mitigate it, to make 
sure it doesn't happen in the first place? What authority do 
you have?
    Mr. Shaw. At this point in time, there is no authorities to 
be able to actually mitigate the threat.
    Senator Markey. Do they have nay authority, Ms. 
Stubblefield, to mitigate, to prevent?
    Ms. Stubblefield. So, sir, I think there's--I'd like to 
make a distinction because I think your point about prevention 
is important, and outreach and education are a significant part 
of----
    Senator Markey. Outreach and education to whom?
    Ms. Stubblefield. To UAS operators.
    Senator Markey. No, but I'm talking about----
    Ms. Stubblefield. To the public.
    Senator Markey. We're talking here about authority for 
Massport and other entities like that.
    Ms. Stubblefield. So----
    Senator Markey. Should they have an ability to mitigate----
    Mr. Stubblefield.--the challenge----
    Senator Markey.--to be able to act preventively?
    Ms. Stubblefield. Sir, the challenge that we face today 
with mitigation authority, aside from the legal constraints, 
which certainly you and your colleagues----
    Senator Markey. We might have to----
    Ms. Stubblefield.--could remedy,----
    Senator Markey. Yes.
    Ms. Stubblefield.--but I think it's important to understand 
that the current counter-UAS technology that exists out there 
for use, which is largely based on military-built technology 
used in places where we don't have considerable concern about 
the collateral impacts, when used in civil environments, has 
significant impacts that can create tremendous safety hazards.
    Senator Markey. I appreciate that, but I would trust the 
Boston Police or Massport to be able to make that decision in 
the context of Boston, its population, what the threat is as 
they've identified it.
    So I appreciate what you're saying. Obviously we're a 
densely populated population, but when there's a drone flying 
over Fenway Park, the consequences could be catastrophic, 
especially if it might have been able to be identified in an 
earlier stage. What would be wrong with that if Massport, 
working with Boston Police, State Police, had identified it 
earlier?
    Ms. Stubblefield. The identification----
    Senator Markey. I don't mean--identify, then take action.
    Ms. Stubblefield. The action piece, sir, is that the tools 
that are available can cause significant safety impacts. They 
can impact onboard avionics of manned aircraft. They can impact 
the operation of air navigation services infrastructure that we 
use for manned aircraft.
    When you target a----
    Senator Markey. I appreciate what you're saying but the 
problem is this. The problem can't be so dangerous that these 
agencies should be aware of it but yet not dangerous enough 
that they have authority to act in a preemptive way.
    So we're guarding no man's land in terms of the protection 
of the public and so what if they purchase--what if Massport, 
for example, was the lead in building in all the protections 
after 9/11? We went first in almost everything, brought in 
Israeli experts because obviously Mohammed Atta and the other 
nine had hijacked the two planes from Logan. So we went first 
and understandably so and we're quite proud of that. I'm not 
sure what goes on in the rest of the country in consultation 
with what Massport did.
    So these people are expert and they were acting in ways 
that obviously the Federal Government had not acted in terms of 
building in safeguards.
    So part of my, you know, concern here is that we're caught 
in a situation where highly qualified law enforcement officials 
want the authority and the tools to be able to deal with 
something and yet you're saying that the statute does not allow 
them to do so and that you're thinking that that's justifiable 
because of the risks that would be created if Massport had that 
authority.
    Ms. Stubblefield. Yes, sir. The technology is problematic. 
It's a challenge and that's why testing it, we talked about 
earlier, is so important to try to drive the industry toward 
capabilities that don't have that impact on the safety systems 
that are dependent upon for the airspace system.
    Senator Markey. I appreciate that. Again, at Massport they 
would be expert on this.
    So let me ask this. What additional things would you like, 
Mr. Shaw, for the FAA to be doing to prevent a scenario like 
that which unfolded at Gatwick? What additional----
    Mr. Shaw. I fully understand, you know, the challenges. 
This is a tough situation, and I think we could boil it down 
into really three salient points.
    We're looking for, similar to what the FAA, you know, wants 
to be able to roll out, is a system that is going to 
effectively identify. We want a system that is integrated not 
only from the tower but all the way down to local law 
enforcement, so that response is, you know, quick and it's 
efficient, and then we want an ability to be able to mitigate 
or interdict a threat, you know, and I know it may be, you 
know, a little wild to be able to get to that point, but the 
reality behind it is that if we can build something within that 
framework, you know, and move that process along, that we as 
airport operators are going to, you know, feel a lot more 
comfortable about, you know, the safety, you know, the security 
and safety of the traveling public, you know, our communities 
and our employees.
    Fully understand that, you know, in terms of some of these 
technologies that are out there, they may have adverse impact 
in terms of avionics and so forth. So it needs to be a balanced 
approach in terms of how the stuff would ultimately, you know, 
work.
    Senator Markey. Mr. Shaw, if I may,----
    Mr. Shaw. Yes, sir.
    Senator Markey.--I think we need a conversation between you 
but all of those agencies out there and Ms. Stubblefield and 
DHS. We need some kind of conversation that takes place. We 
need a balance that is struck here and right now, I don't think 
we have a full balance which has been created and I think it's 
going to be something that's very important and I think this 
hearing has helped to ensure that that kind of lack of 
resolution of these issues has yet been reached.
    So I have to go vote again. I apologize. I'm going to have 
to briefly recess and Chairman Sullivan will be returning soon.
    [Recess.]
    Senator Sullivan. I call the hearing back to order.
    Let me just continue with some of the line of questioning 
that I had asked before we left and then I'm sure we can take 
it to other areas, but I do want to talk, Mr. Wingo, but anyone 
else, on this issue--there's the issue, as I mentioned, 
manufacturing but there's also the issue of the broader impact 
of cloud storage in China by U.S. companies in the aviation 
infrastructure industry more broadly.
    We've talked about it on the UAS systems, but is there a 
broader challenge, and I'll open this up to any of our 
witnesses, as it relates to those kind of concerns that are 
really more the back end concerns with regard to software and 
data storage? In particular, if the cloud storage is actually 
located in China and could possibly, as Senator Scott had 
mentioned, be under the control of the Chinese Government?
    When you're talking about a country whose priorities always 
align with having the Communist Party in charge and in control, 
that risk, although it might seem remote, is something that we 
need to be concerned about, quite frankly, because they do have 
that control and that's the interest of their leadership, the 
Communist Party in control as their Number 1 priority.
    So if any of you can just address the cloud storage issue 
in the U.S. aviation infrastructure space, whether it's the 
drone technology and data or beyond?
    Mr. Wingo. Thank you, Mr. Chairman.
    I'll jump right in on that. It's a huge threat and we live 
in a world where you have blended threats. So it's not only a 
kinetic threat anymore. You can have incredible information 
that's assembled as a result of the Chinese Government having 
access to this rich amount of geospatial information and if you 
take the photos that happen to be collected across the nation, 
there may be a matter of interest.
    Over time you've got a mosaic but you also have a chronicle 
and as you touched on, China is a great power competitor and 
they've been very clear about their belt and rope strategy. 
They've been clear that they want AI dominance over the next 
couple years.
    The issue is when you can stitch together with nation state 
capabilities all of those pieces, you come up with a very 
damaging information set that puts the Nation at risk. So that 
is absolutely a concern with cloud data storage and the 
problem, and some of these are touched on as we are on the 
threshold of another related Internet of things technology, if 
you consider 5G networks and the issue with Huawei and the 
concern is appropriate because if you're going into 10 to even 
a hundred times of the processing power or broadband 
throughput, what that means for cloud means you can apply 
artificial intelligence to machine learning to draw out 
insight, strategic level insight that didn't exist before.
    The other thing I'm worried about is there's another aspect 
to the regulatory and policy challenges that we've heard 
already but when you're talking about President Xi Jinping, who 
has more power than anyone has ever had within China's 
government structure, that is also of concern.
    If you look at the fact that they have very few 
restrictions on their ability to gather information within 
their own country, in the Northwest Section, in the province 
where they have Uighur issues.
    So all of this adds up to huge risk, oh, and if that wasn't 
complicated enough, they're pairing up with Russia, as well.
    Senator Sullivan. Any other thoughts on that?
    [No response.]
    Senator Sullivan. OK. Senator Lee.

                  STATEMENT OF HON. MIKE LEE, 
                     U.S. SENATOR FROM UTAH

    Senator Lee. Thank you, Mr. Chairman. Thanks to all of you 
for being here.
    I'm pleased that so far today we've had some discussion 
already about the importance of federalism, about the concept 
that we don't have a single system of government in our 
country. We've got a multi-layer system in which some power is 
reserved for the Federal Government and other powers are 
reserved for the states and their political subdivisions or to 
the people as it's stated in the 10th Amendment.
    We've seen a number of concerning reports about drones 
flying in airspace where they probably shouldn't be, above 
crowded stadiums, sometimes smuggling contraband into prisons, 
and near airports, including take-off and landing space, and so 
drone threats extend beyond the interests that are necessarily 
purely and obviously Federal. They end up affecting the same 
set of interests that our state and local law enforcement 
should be concerned about, as well.
    So, Ms. Stubblefield, I've got some questions for you on 
this. Is the FAA or any other Federal law enforcement agency or 
any other Federal agency of any kind for that matter in a 
position to directly mitigate any and every reckless or 
criminal misuse of a drone?
    Ms. Stubblefield. So I'll try to answer that in a couple 
different ways. There are authorities that have been given to 
four Federal departments to be able to mitigate, that is 
disrupt, destroy, damage, take down, a UAS and that's the 
Departments of Defense, Energy, Homeland Security, and Justice.
    Senator Lee. Right.
    Ms. Stubblefield. They've been given those authorities for 
very specific mission sets, largely for the protection of 
national security assets, although DHS and Justice do have the 
authority, if requested by a state executive, to provide that 
support to a mass gathering, if requested.
    Senator Lee. Right, right. It's important that they have 
that, but it's neither realistic nor the stated objective of 
the Federal Government to say there can never be any 
circumstance in which a state and local government law 
enforcement agency would need to respond, right? I mean, surely 
Federal agencies won't be able to handle every one of these 
issues and surely there are interests that are non-Federal that 
also need to be taken into account. Would you agree with that?
    Ms. Stubblefield. Yes, sir, absolutely.
    Senator Lee. And so in that respect, drone integration 
probably isn't possible without state and local police being 
able to act in real time in order to address threats that arise 
from time to time, like drone usage. Would you agree with that?
    Ms. Stubblefield. We certainly need a robust security 
framework to support and enable full UAS integration. 
Absolutely. Remote identification, we think, which we're 
working very hard on to get that rule out later this year, is 
focused on giving that information so that when a law 
enforcement officer sees a UAS that they believe is not in a 
place that it should be, they will have the ability to identify 
something about that UAS and where its operator control station 
is to be able to then go and engage that operator, determine 
what their intent is, is their operation legal, and to get that 
aircraft, that UAS down and out of potential harm's way, if 
that's what it's creating a safety risk.
    Senator Lee. How does the FAA believe that local or any 
other non-Federal police should be able to respond to drone 
incidents that take place in the sort of low altitude space? 
Won't there need to be some non-Federal agencies that have 
counter-UAS capabilities?
    Ms. Stubblefield. The challenge with counter-UAS 
capabilities currently is the technology that enables that type 
of activity has significant impacts on the national airspace 
system and on other types of communications capabilities, 
particularly in urban environments.
    So right now, because that technology is civilly 
challenging to implement without a high degree of coordination, 
which is what's been required for Federal agencies to be able 
to use it, it's challenging to consider the ability of state 
and local law enforcement to be able to do that without 
potentially creating even greater safety impacts while they're 
trying to address the security risk.
    Senator Lee. OK. Mr. Chairman, I've got one additional 
question. Can I carry that?
    Senator Sullivan. Sure.
    Senator Lee. One of the stated purposes of the UAS 
Integration Pilot Program was to test and to evaluate various 
models of state, local, and tribal enforcement in the 
development and enforcement of Federal regulations for UAS 
operations. This includes the testing of reasonable time, 
place, and manner limitations on low altitude UAS operations.
    Can you tell me specifically how the FAA has started 
testing these reasonable time, place, and manner limitations in 
the context of state and local law enforcement response?
    Ms. Stubblefield. Well, fundamentally, the FAA manages the 
airspace. We try to work very hard with all of the stakeholders 
to include our state and local law enforcement whom we have an 
entire program, our Law Enforcement Assistance Program, 
dedicated to providing support, education, and assistance to 
law enforcement.
    However, we have not within the context of the IPP had any 
requests for time, place, or manner restrictions. So we've not 
been able to really test that activity.
    Right now, as we look at what a future UTM might look like 
with something like remote identification, which is going to 
give a tremendous amount of information to state and local law 
enforcement, as we look at something that might enable the 
ability in the future with some type of dynamic airspace where 
a local law enforcement officer who currently calls up the FAA 
if there's an accident or wants to have some sort of airspace 
restriction to enable a security response of some sort where 
that might be something that could be done in an automated 
fashion, such as how we do with airspace authorizations today, 
those are the types of things that we envision potentially in a 
UTM framework going forward.
    Right now, we work that sort of on a case-by-case basis 
with law enforcement engaging the FAA to provide that 
restriction as necessary to support those response activities.
    Senator Lee. OK. Thank you. I'm out of time. Let me just 
say I think we've established in our conversation here today 
that it is important to integrate state and local law 
enforcement personnel. We can't do it without them. We can't 
mitigate these threats without them.
    That being the case, I think it's not just a possibility or 
a potentiality, a hypothetical, a question off in the future. I 
think it's absolutely essential that we test the local police, 
that we test this in your evaluation, that we start testing 
reasonable time, place, and manner limitations in the context 
of state and local law enforcement.
    Thank you, Mr. Chairman.
    Senator Sullivan. Good point, Senator Lee.
    Senator Sinema.

               STATEMENT OF HON. KYRSTEN SINEMA, 
                   U.S. SENATOR FROM ARIZONA

    Senator Sinema. Thank you, Mr. Chairman, and thank you to 
all of our witnesses today.
    Drones have revolutionized aviation, making the skies 
accessible for construction companies to perform inspections, 
for photographers to take amazing photos, for search and rescue 
operations to locate lost individuals, and to better monitor 
our national borders.
    I look forward to working with the FAA to authorize more 
drone operations and harness the incredible economic potential 
of drones, but as we integrate drones into the national 
airspace, we need to make sure that we're monitoring the 
potential security risks caused by drones, particularly in 
sensitive areas, such as borders, near airports, and around 
wildfires.
    So my first question today is for Ms. Stubblefield. Drones 
are being used on the front line of the border crisis by the 
U.S. Government, but they're also being used by cartels. 
Reports state that the cartels are using drones to monitor the 
movements of U.S. law enforcement and to smuggle drugs across 
the border.
    When I visited the border earlier this year in April, I 
actually saw striking videos of these drones infiltrating our 
southern border. So last year, Congress provided DHS the 
authority to mitigate these unauthorized drone operations and 
asked DHS to coordinate with the FAA to ensure that DHS 
intervention does not adversely impact legal aircraft 
operations, but I understand that DHS has not yet used its 
counter-drone authority on the Mexican border.
    So my question is what's causing this delay? Is your team 
and office coordinating with the DHS, and when can we expect 
these counter-drone operations to begin at the border?
    Ms. Stubblefield. Thank you, Senator Sinema, and clearly 
the border risk is something of which the FAA is very well 
aware and we are working very closely with DHS and Customs and 
Border Protection on this issue.
    The Section 1602, which gave DHS the authority in the 
Preventing Emerging Threats Act in the FAA Reauthorization Bill 
in October provided very specific direction about that the 
risk-based assessment that needs to be conducted, the guidance 
and coordination that needs to occur, starting with defining 
threat and moving on from there, and we are working closely 
with DHS on a weekly basis.
    Actually, we meet with them to move forward their efforts 
and they all do focus on this issue right now. We have a 
roadmap for how they're implementing their counter-UAS 
authority that looks at the types of technologies that they'll 
want to use, the tests and evaluations necessary to be able to 
mitigate any of those spectrum impacts, and they are working on 
a risk-based approach to prioritize the sites where they will 
deploy this technology, including the Southwest border.
    Senator Sinema. Thanks. My next question is both for Ms. 
Stubblefield and for Mr. Wynne.
    Private drone activity near wildfires has been a 
significant issue in Arizona. As you know, when unauthorized 
drones are spotted near wildfires, the aerial firefighting 
resources, like helicopters and air tankers, are grounded.
    So this delays the response of our teams and endangers the 
homes and the safety of Arizonan lives. It's not a new issue, 
and I believe that both the FAA and AUVSI have worked to 
educate the public on this topic, but the problem still exists.
    Just last week, there was an unauthorized drone near the 
Coldwater fire in the Coconino National Forest in Arizona and 
that grounded our firefighting helicopters. So we've got to do 
better.
    So, Ms. Stubblefield, Congress increased fines for these 
sort of dangerous drone operations near wildfires, but has the 
FAA used their authority in finding the individuals who are 
flying illegally and if no, why not?
    To Mr. Wynne, none of the Federal agencies involved in 
wildfire fighting have the authority to use mitigation 
technology. Do you think that should change and if not, what 
can we do to stop these drones from flying near our wildfires?
    Ms. Stubblefield. So, first, Senator, yes, we have used 
that authority. We have five enforcement cases that are as a 
result of that authority that was provided to the FAA. So we 
are utilizing that.
    I think we have been working very closely with DOI and the 
National Interagency Fire Center on this issue. We've long 
provided TFRs and flight restrictions to support fire-fighting 
activities.
    The outreach and education campaigns have been working. 
Actually, there has been a decrease in these sightings in both 
2017 and 2018, which is extremely important, but there are two 
other pieces that I'd like to highlight that are focused on 
trying to continue to reduce and hopefully at some point 
eliminate any of these unauthorized activities.
    The first is remote identification. We believe that the 
vast majority, if not all, of these incidents that we are 
seeing of unauthorized drone activity are the clueless and the 
careless and with remote identification rule in place, with 
requirements for drones to have remote identification, the 
local incident commander will be able to know where that 
operator is, get to that operator, get that UAS out of the sky, 
and enable those aerial fire-fighting capabilities.
    The second is under Section 349 from our Reauthorization, 
the FAA was given the authority over recreational operators 
that includes the knowledge test and again that education piece 
is so critical to be able to get to operators to make them 
understand that when they do these things, there is a price 
that's being paid potentially with people's lives and property 
and AUVSI has been a key part of that education outreach, as 
well.
    Senator Sinema. Thanks.
    Mr. Wynne. Senator, thank you for the question, and, yes, I 
agree with everything Ms. Stubblefield has said, and I believe, 
yes, in many instances where there's a wild land fire that 
there's a temporary flight restriction in place. That's no 
different in many instances than an airport and we would 
support being able to use counter-authority in that 
circumstance.
    I think, you know, how that's done, you know, we see the 
earlier conversation about how tricky that is and how that 
needs to be done with overall airspace management in mind, but 
as the industry, we bring you the full solution, not only the 
drones that are actually providing the situational awareness, 
the folks on the ground, my son is a firefighter, but also the 
technologies that will inhibit those that potentially could 
interfere with those operations.
    Senator Sinema. Thank you, and thank your son for his 
service.
    Mr. Chairman, I yield back. Thank you.
    Senator Sullivan. Senator Blumenthal.

             STATEMENT OF HON. RICHARD BLUMENTHAL, 
                 U.S. SENATOR FROM CONNECTICUT

    Senator Blumenthal. Thanks, Mr. Chairman, and thanks for 
focusing on this very important topic and to all of you for 
being here today, thank you.
    There's currently no requirement, so far as I know, that 
drones have any kind of black box or flight recorder that would 
give any evidence of its operation, its control, its flight 
path, any of the details that we expect now in many commercial 
planes, correct? Maybe that's a question for you, Ms. 
Stubblefield.
    Ms. Stubblefield. Yes, sir, Senator. There's not currently 
a requirement, but the FAA is working on a Notice of Proposed 
Rulemaking to implement those requirements as quickly as we 
can.
    Senator Blumenthal. And will they apply to all drones or 
unmanned systems?
    Ms. Stubblefield. As we are currently under the rulemaking 
process, when we did the Aviation Rulemaking Committee, the 
recommendations were that all UAS that were registered would 
have that remote identification requirement.
    Senator Blumenthal. Because right now, there's little more 
than personal observation or the word of the operator as to 
what any of these unmanned systems are doing, correct?
    Ms. Stubblefield. Yes, sir.
    Senator Blumenthal. And how quickly will you have the 
rulemaking done?
    Ms. Stubblefield. The Notice of Proposed Rulemaking is 
slated to be out later this year, sir, and we are moving with 
all due haste.
    In addition to the rulemaking, it's important to understand 
that there are also the standards that have to be in place for 
what that remote identification, the format would be, as well 
as how those things will be transmitted and, in addition, the 
infrastructure that will enable state and local law enforcement 
and other national security partners to be able to get that 
information so that they can identify where the operator is and 
respond immediately. So we're working on both of those 
activities while we're pursuing the regulatory rule that will 
actually make the requirement.
    Senator Blumenthal. How long have you been working on it?
    Ms. Stubblefield. Well, we've been working on the 
rulemaking for over a year. What's important--well, actually, 
we go back to the Aviation Rulemaking Committee that we had, 
which was in the summer of 2017. So we've been working on this 
issue for quite some time.
    Senator Blumenthal. What's taking so long?
    Ms. Stubblefield. The challenge has been that prior to 
October, we did not have the authority over recreational users 
to be able to craft a rule that would establish this 
requirement across the board for all registered----
    Senator Blumenthal. But doesn't the rule apply to the 
unmanned system, not necessarily to the use? In other words, it 
applies to recreational, commercial, any of these systems 
presumably, regardless of the intended use, so to speak, 
correct?
    Ms. Stubblefield. It will now. Prior to the Reauthorization 
Act and Section 349, the FAA, under the previous 
reauthorization, was unable to levy those requirements against 
recreational or hobbyist use.
    Senator Blumenthal. Just so I'm clear, just so maybe I 
haven't been, I'm referring to a flight recorder, a black box 
that would give some indication of the flight path, the speed, 
the characteristics of flight.
    Ms. Stubblefield. Yes, sir.
    Senator Blumenthal. Do you understand my----
    Ms. Stubblefield. Yes, sir, remote identification.
    Senator Blumenthal. Well, I guess I'm a little bit at a 
loss. I understand the distinction you're making between 
recreational and commercial use, but it seems to me pretty 
important to have these black boxes in these UAS systems as 
quickly as possible and we've seen some of the consequences, as 
you say, the clueless or the careless may be in part the cause, 
but exactly to prevent these kinds of potentially catastrophic 
collisions in midflight and so forth. Black boxes are 
important, don't you think?
    Ms. Stubblefield. Absolutely, sir. Remote identification is 
the top UAS rulemaking priority in the FAA right now. We are 
putting all due resource to move that as expeditiously as 
possible and again the FAA was bound by the lack of authority 
until October.
    Once we regained that authority, we were able to now--as we 
craft the rule, to apply it, as you stated, across the board, 
regardless of class of use.
    Senator Blumenthal. Can you tell me when you expect this 
rule to be published, the remote ID rule?
    Ms. Stubblefield. In the Unified Agenda from the 
Administration, September 2019, sir.
    Senator Blumenthal. September 2019?
    Ms. Stubblefield. Yes, sir.
    Senator Blumenthal. A few months from now?
    Ms. Stubblefield. Yes, sir.
    Senator Blumenthal. Thank you very much, Mr. Chairman.
    Senator Markey. I'll recognize myself for a second round of 
questions and let me just ask you again, Ms. Stubblefield.
    The FAA Reauthorization Act of 2016 directed the FAA to 
develop standards for remotely identifying drone operators and 
owners within 2 years of enactment of this law. By July 2018, 
the FAA was supposed to issue final regulations for remote 
identification based on those standards.
    Today, nearly a year and a half after that deadline, the 
FAA has published no such guidelines or guidance. In fact, the 
FAA recently announced that it intends to only publish a notice 
of proposed rulemaking in September of this year. A final rule 
is nowhere in sight, notwithstanding the congressional mandate.
    In April, I sent a letter, along with Senator Thune, urging 
the FAA to swiftly publish a proposed rule for the remote 
identification of drones. At the time, the FAA expected this 
proposed rule to be issued by July 21st. So the current 
timeline for a September notice of proposed rulemaking 
represents an even further delay.
    Ms. Stubblefield, please explain what is causing the FAA 
delay on this critical rulemaking. Do you still plan to release 
the proposal in September, and when will there be a final rule?
    Ms. Stubblefield. Yes, sir. So as to the delay, it 
primarily has been focused on the fact that until we had the 
authority over recreational users, which are about a million of 
the 1.4 million drone registrations that we have, it was very 
hard to construct a rule that would meet congressional intent 
and we are very appreciative that we regained that authority in 
October.
    It's a very complex rule and there are a number of 
stakeholders to be taken into consideration as we work through 
that rule.
    It is critical that we get this right because it is 
foundational not only from the security perspective but the 
safety perspective, as well.
    Senator Markey. Time is of the essence. Mr. Shaw, how 
important is the remote ID rulemaking for the country?
    Mr. Shaw. Critically important, Senator, and it only takes 
one incident to occur. You know, if it was a catastrophic 
incident that occurs specifically at an airport, it would set 
us all back, you know, significantly, you know. Time is of the 
essence and we need none of the rules but the technology is in 
place to be able to appropriately protect the critical 
infrastructures.
    Senator Markey. Yes. So I agree with you. Time is of the 
essence here. We've just got to get this done because you're 
long past the deadline to do the proposed rulemaking.
    So this is the box in which the drone that I held up 
earlier in the hearing came in, and it just says quite clearly 
on the box ``Made in China.''
    So this is what every American is facing when they try to 
buy a drone. So one of my questions to you then again, Mr. 
Wingo, we need to provide Americans ways to deal with the 
privacy compromise that can occur not only for our critical 
infrastructure but for individual citizens. There are real 
privacy concerns here, real security concerns.
    So what can we do? What's your recommendation to all these 
Americans that already own a drone made in China?
    Mr. Wingo. Thank you. One of the first things is to 
understand the risk so that you can mitigate the risk and you 
just went a long ways toward calling that out on the national 
stage.
    I have here a French-made drone and obviously components 
come from China but this is Parrot. They're Number 2 but far 
behind DJI. So there you have privacy, things like GDPR, and if 
you're looking at where data storage happens, that's a whole 
different issue.
    I would go back to saying Buy American and, you know, there 
we have more jurisdiction. If you look at how control happens 
with our cloud, I worked for Google for a couple years----
    Senator Markey. Is this a Huawei issue to you?
    Mr. Wingo. Yes, it is.
    Senator Markey. You'd put it in the same category?
    Mr. Wingo. I'd put it in the same category.
    Senator Markey. Wow. That's very serious. So we have to 
really think about what you're saying and again you just 
mentioned the European privacy laws which would cover the 
French making their device. Is that what you're saying?
    Mr. Wingo. It is, although I'm saying I think there's an 
American way that if we roll our sleeves up and bring the 
engine of innovation that we have in this country and we 
unleash through the right-minded regulations or no regulations 
where they're not required and allow U.S. companies to take the 
field, that's really a better way to protect privacy.
    Senator Markey. It is, as long as we in the United States 
animate these inanimate objects with our values. We've got to 
do that.
    Mr. Wingo. Exactly.
    Senator Markey. The Chinese animate them with their values 
which are inconsistent with ours. The French have their values, 
but from my perspective, that's why I intend to reintroduce my 
Drone Aircraft Privacy and Transparency Act so that we create 
our own American set of guidelines for who we are and how we 
should be interacting with these new technologies.
    Mr. Wingo. Yes, sir. I was looking for a chance to hold up 
my copy of the Constitution, but if we have U.S.-made drones, 
we can infuse all those values, as you said, into that.
    Right now, as we continue to buy China, it comes with all 
those approaches to privacy and security.
    Senator Markey. Thank you, sir.
    Senator Sullivan. Let me ask a follow up for Mr. Wynne 
here. Last week, the President transmitted a letter to key 
congressional committees announcing that he has ordered the 
Department of Defense to ``take action to develop and purchase 
equipment and materials needed for creating, maintaining, 
protecting and expanding production capabilities for small 
unmanned aerial systems.'' So it's not just a concern obviously 
of the Congress but the Executive Branch with the President 
focused on this, as well.
    What do you see as the concrete steps that the Department 
of Defense and Congress can take to ensure that what he is 
laying out is met and how do you see this enhancing the 
opportunities for commercial UAS in the United States?
    Mr. Wynne. Well, thank you, Senator, for the question.
    You are in the midst of leaving for a vote now.
    Senator Sullivan. I know.
    Mr. Wynne. I was trying to make this argument and I think 
I'll just return to it and hopefully it connects with your 
question.
    Effectively the real flying is yet to be done. The kind of 
flying that we're doing today is almost episodic. It's very low 
risk. It is not the integration that ultimately we all have 
been talking about and trying to get to.
    Integration means that we need to be flying as safely in 
the national airspace as manned aircraft and that's, as you 
know, a very, very high level of safety and sophistication and 
professionalism.
    We think that the sooner we can move to extended operations 
that get us closer to integration the faster we are going to 
have a more robust domestic, I would say, more volume.
    As I indicated in my testimony, we have a very robust 
domestic industry that has been doing this for a long time and 
my community is not just operating in the airspace, it's 
operating on the ground and in the maritime domain, as well, 
and I think we need to think about unmanned systems in a more 
holistic way.
    So that to my mind is the solution. The faster we can move 
toward extended operations, integrate aircraft, the unmanned 
systems into the airspace safely and securely the more robust 
and independence we will have.
    Senator Sullivan. And is there anything that we in 
particular should be doing here in the Congress with regard to 
helping spur that development?
    Mr. Wynne. I'm rarely at a loss for words on what I want 
Congress to do, but I will say that we are still trying to 
catch up with all of the things that were in the 
Reauthorization Act for the FAA. We've talked about some of 
those things----
    Senator Sullivan. Do you think that was a good start?
    Mr. Wynne. Beg pardon?
    Senator Sullivan. Do you think that was a good start, what 
was in there on the----
    Mr. Wynne. I do. I do, and I participate on the Drone 
Advisory Committee. We are trying to help the FAA with those 
priorities. We've talked about remote identification as one of 
them.
    I'm also on the Management Advisory Council for the 
Administrator and I can see how that fits into the broader 
challenges that the FAA has in terms of other new entrants, 
like commercial space, hypersonic, etcetera. So it's a 
challenging and very exciting time.
    Senator Sullivan. Good. Let me finish. Dr. Cahill, I didn't 
want you to travel all this way without another question on an 
important topic for you and Ms. Stubblefield, but it's the 
issue of the beyond visual line of sight operations and long-
range testing, which again a state like ours, Alaska, given the 
vast open spaces, has a lot of opportunities, but I also think 
it's realistic training and experimentation because, as you 
know, as we all know, the line of sight restrictions for drone 
operations are not realistic as with regard to how drones are 
used, whether in the military or, you know, industrial 
inspections.
    So let me ask both you and Ms. Stubblefield this last 
question. The UAS Integration Pilot Program sites, like in 
Alaska, are having a difficulty being allowed to fly beyond 
visual line of sight for their tests.
    My understanding, Dr. Cahill, is that the University of 
Alaska Fairbanks, has actually had to conduct long-range beyond 
visual line of sight operations in Canada, not Alaska, our good 
friends, who also have a lot of space, but we'd rather be doing 
it in our country.
    Can you talk to this, and then perhaps, Ms. Stubblefield, 
if you can discuss what the FAA's trying to do to address these 
limitations which I think I understand the reasoning for them 
but they don't seem to make a lot of sense, particularly in 
places like Alaska where, you know, you have a lot of 
opportunity for beyond line of sight testing?
    So maybe, Dr. Cahill, if you can take a crack at this and, 
Ms. Stubblefield, if you can address what you're trying to do 
at the FAA to help her cause and our cause nationally?
    Dr. Cahill. Certainly. Mr. Chairman, in terms of working at 
the University of Alaska Fairbanks, we are an IPP site. We have 
been working hand-in-hand with the FAA to work on the beyond 
the visual line of sight safety cases and including detecting 
the avoid technologies and other technologies to ensure the 
safety of aviation in Alaska.
    We have a large general aviation population. We want to 
make sure that we do not ever create an incident. So we're 
working hand-in-hand but we all know that FAA regulations are 
written in blood.
    So it is a case of being very careful to make sure that any 
technology we are using is tested strongly enough that we can 
say, yep, we can do this without visual observers and others.
    This is important for Alaska because we can't put visual 
observers where we want to fly. We can't stay in line of sight. 
We don't have a last mile delivery problem. We have a last 
several hundred miles delivery problem.
    With the FAA, the concern is about being able to make sure 
that you are not going to impact manned aviation and right now, 
the FAA prefers that unmanned aircraft do not run transponders. 
Canada will let us run transponders and let us run as a real 
aircraft.
    Senator Sullivan. So is that why UAF, University of Alaska 
Fairbanks, is conducting beyond line of sight operations in 
Canada?
    Dr. Cahill. So Transport Canada had subcontracted to an 
Inuit-owned company to do operations and developed the concept 
of operations for operating in northern airports. Transport 
Canada has a surveillance mission for all of Northern Canada 
and they know that they're going to be getting some larger 
aircraft. They have bought a European equivalent of the Global 
Hawk and they need to work on how we actually integrate it at 
airports.
    They chose the University of Alaska Fairbanks, because we 
have a lot of experience and some larger platforms to go ahead 
and do this work. So we are doing operations in Canada out of 
Canadian airports where we are transpondered. We are in the 
flight patterns of the airports. I can tell whether or not our 
team is at work because I come in in the morning, I can raise 
any flight tracking software. I put in our tail number. It 
tells me when we took off. It shows me exactly where our 
aircraft is, what the pattern is, and we are communicating with 
air traffic control and with all of the other aircraft in the 
airspace.
    So we are for all purposes, except for the fact our pilot 
is not on the plane, acting as an aircraft there. We are trying 
to feed all this data back into the FAA to say here's what 
we're doing, here are the policies and procedures we're helping 
develop to further this safely into the Alaskan airspace, but 
there are issues in terms of transponders. There are issues in 
terms of beyond visual line of sight detect and avoid, and I 
think a bunch of things are going to need to come together to 
really enable that.
    We're very, very close and we are all trying to do this 
safely. Safety is the key thing here. But I think with the 
experience we're gaining in Canada with going--we flew 3,000 
nautical miles beyond visual line of sight last summer in 
Canada.
    In the United States, I have permission to go 11 and a half 
miles. That's the extent. So for me, it is a major difference 
in terms of which country I'm operating in.
    Senator Sullivan. Let me just ask a final question. Ms. 
Stubblefield, can you address that, and are there ways in which 
the FAA is looking to address this huge disparity obviously in 
terms of non-line of sight? It's a pretty large disparity that 
I think undermines the ability of universities like UAF to do 
the kind of testing which we all recognize is important.
    Ms. Stubblefield. Yes, sir. First, I'll say that again 
going back to the remote identification, that's why it's so 
critical beyond visual line of sight. It is vital to get that 
off the ground and obviously the point of the IPP is to work 
very closely with our IPP partners, including the University of 
Alaska, to be able to work through these challenges and we're 
breaking ground, quite frankly, on some of these issues.
    I will apologize. This is not my area of expertise. So I 
can't speak specifically to the challenge that Dr. Cahill 
talked about, but we will certainly get back to you, sir, with 
more in-depth knowledge. I apologize. I don't have that.
    Senator Sullivan. OK. If you can get something for the 
record for us to address that question in detail from the FAA 
that would be very helpful.
    Well, listen, I want to thank everybody. Thanks for your 
patience. This was a little unorthodox where we've had to 
recess a few times because of the vote schedule here, but I 
want to thank all the witnesses, very, very informative.
    We have a lot of work to do I think at all levels in the 
legislative branch, executive branch, but as is the case with a 
lot of these issues that are before this subcommittee, there's 
a growing awareness of the challenges which in many ways is the 
first step toward wisdom on how to address them.
    We're starting to see that. You're starting to see a 
bipartisan concern on a whole host of these economic and 
security issues.
    So I want to thank the witnesses and the record of the 
hearing will remain open for two weeks. During this time, 
Senators are asked to submit questions, additional questions 
for any of the witnesses. Upon receipt, we respectfully request 
the witnesses to submit their written answers to the Committee 
as soon as possible but no later than Tuesday, July 2, 2019.
    Again, I want to thank the witnesses.
    This hearing is now adjourned.
    [Whereupon, at 4:15 p.m., the hearing was adjourned.]

                            A P P E N D I X

                      Electronic Privavy Information Center
                                      Washington, DC, June 18, 2019

Hon. Dan Sullivan, Chairman,
Hon. Edward Markey, Ranking Member,
U.S. Senate Committee on Commerce, Science, and Transportation,
Subcommittee on Security,
Washington, DC.

Dear Chairman Sullivan and Ranking Member Markey:

    We write to you regarding the hearing on ``Drone Security: 
Enhancing Innovation and Mitigating Supply Chain Risks.'' \1\ We write 
to call your attention to the comprehensive regulations for drone 
safety and privacy recently adopted by European Commission. The 
regulation incorporates several safeguards supported by members of this 
Committee. We urge the full committee to adopt standards for drone 
operation in the United States that provide at least as much protection 
as do the recently adopted standards for Europe.
---------------------------------------------------------------------------
    \1\ Drone Security: Enhancing Innovation and Mitigating Supply 
Chain Risks, 116th Cong. (2019), S. Comm. on Commerce, Sci., and 
Trans., Subcomm. on Security (Jun. 18, 2019), https://
www.commerce.senate.gov/public/index.cfm/2019/6/drone-security-
enhancing-innovation-and-mitigating-supply-chain-risks.
---------------------------------------------------------------------------
    The EU drone rules require the real-time broadcasting of certain 
data, including the drone operator registration number, the 
geographical position of the drone, the drone route course, and the 
position of the drone operator.\2\
---------------------------------------------------------------------------
    \2\ Commission Regulation 2019/945, 2019 O.J. (L 152) 1.
---------------------------------------------------------------------------
    The Federal Aviation Administration recently published an interim 
final rule that will require a visible registration number on the 
exterior of drones.\3\ Previously, registration numbers could be hidden 
inside drones. While EPIC agrees external marking are preferable to 
hidden identifiers, EPIC said the rule did not go far enough. In 
comments to the FAA, EPIC wrote, ``Because drones present substantial 
privacy and safety risks, EPIC recommends that the FAA require any 
drone operating in the national airspace system to broadcast location 
when aloft (latitude, longitude, and altitude), course, speed over 
ground, as well as owner identifying information and contact 
information[.]'' \4\ EPIC also suggested the agency require operators 
register and broadcast surveillance capabilities.
---------------------------------------------------------------------------
    \3\ External Marking Requirement for Small Unmanned Aircraft, 84 
Fed. Reg. 3669-3673 (Feb. 13, 2019), https://www.federalregister.gov/
documents/2019/02/13/2019-00765/external-marking-requirement-for-small-
unmanned-aircraft.
    \4\ Comments of EPIC et al., to the Federal Aviation Admin., 
External Marking Requirement for Small Unmanned Aircraft (Mar. 15, 
2019), https://epic.org/apa/comments/EPIC-Coalition-Comments-FAA-Drone-
ID-Mar2019.pdf.
---------------------------------------------------------------------------
    As Senators Thune and Markey recently wrote to the FAA ``remote 
identification will enhance safety, security, and privacy.'' \5\ The 
Senators noted that the FAA was to issue regulations or guidance on 
remote identification by July 2018, but, nearly a year after that 
deadline, no such regulations or guidance has been issued by the FAA.
---------------------------------------------------------------------------
    \5\ Letter from Sen. Edward J. Markey and Sen. John Thune to the 
Honorable Elaine Chao, Secretary, U.S. Dept. of Trans. (Apr. 29, 2019), 
https://www.markey.senate.gov/imo/media/doc/Remote 
percent20Indentification.pdf.
---------------------------------------------------------------------------
    Currently, individuals cannot hold drone operators accountable 
because it is essentially impossible to identify the drone or the 
operator of a drone. The modified registration scheme proposed by the 
FAA still does little to solve this problem. Solutions exist.\6\ To 
increase accountability of drone operators, the FAA Reauthorization Act 
of 2018 requires the FAA to consider and develop remote identification 
for drones.\7\ As the FAA Aviation Rulemaking Committee Working Group 1 
pointed out, ``placing a sticker or FAA registration number on the UAS 
will not provide remote ID and tracking, as it would be nearly 
impossible to read a registration number on a UAS that is more than a 
few feet away.'' \8\ Passive identification does not go far enough--the 
FAA must require active remote identification. The FAA should mandate 
remote identification and ensure also that drones routinely broadcast 
course, location, and other relevant operational information. Drones 
should simply not continue to fly above the laws that protect public 
safety.
---------------------------------------------------------------------------
    \6\ See, e.g., Isabella Lee, FAA Issues Request for Information 
(RFI) from Industry Partners Interested in Developing Remote ID and 
Unmanned Traffic Management (UTM) Systems (Jan. 24, 2019) https://
uavcoach.com/remote-id-faa-rfi/ (``Remote ID development and testing 
has already begun in the private and commercial sector.'').
    \7\ See Federal Aviation Administration Reauthorization Act of 
2018, Pub. L. No. 115-254, Sec. 376(b)(2), (c)(3)(A) 132 Stat. 3186, 
3305-06 (2018) (directing the FAA to develop a plan for the 
implementation of unmanned aircraft systems traffic management (UTM) 
services that, inter alia, permit the testing of remote identification 
and that assess the risks raised and mitigation means required to 
remotely identify drones).
    \8\ Aviation Rulemaking Comm., Fed. Aviation Admin., ARC 
Recommendations Final Report: Appendix B Working Group 1 Report 42 
(2017), https://www.faa.gov/regulations_policies/rulemaking/committees/
documents/media/UAS%20ID%20ARC%20Final%20Report%20with%20Appendices.pdf
---------------------------------------------------------------------------
    We ask that this letter be submitted into the hearing record. EPIC 
looks forward to working with the Subcommittee on this issue.
            Sincerely,

/s/Marc Rotenberg
Marc Rotenberg
EPIC President

/s/Jeramie Scott
Jeramie Scott
EPIC Senior Counsel

/s/Caitriona Fitzgerald
Caitriona Fitzgerald
EPIC Policy Director
  
  
  
      
                                 ______
                                 
     Statement from the American Fuel & Petrochemical Manufacturers
    The American Fuel & Petrochemical Manufacturers (AFPM) is a trade 
association representing high-tech American manufacturers of virtually 
the entire U.S. supply of fuels and home heating oil, as well as the 
petrochemicals used as building blocks for thousands of vital products 
in daily life. AFPM members make modern life possible and keep America 
moving and growing as they meet the needs of our Nation and local 
communities, strengthen economic and national security, and support 
over three million American jobs.
    In today's fast changing world, the Nation's critical energy 
infrastructure continues to face new threats and challenges, as new 
vulnerabilities and pathways develop over time. AFPM members are 
committed to protecting the health and safety of their workers, 
contractors, customers, and the communities where they operate.
    AFPM member companies recognize the National Airspace System 
(``NAS'') is a highly integrated and complex network designed to 
provide safe and reliable air transportation throughout the United 
States. Unmanned aircraft systems (``UAS'') must be integrated into the 
NAS while maintaining safety and without introducing excessive risk to 
airspace users or persons and property on the ground. While significant 
UAS integration progress has been made, there is still work to do. We 
are committed to striking the appropriate regulatory and legislative 
balance to ensure that American innovation can thrive without 
compromising the security of the Nation's critical infrastructure.
    Small UAS have become one of the most pressing security issues for 
critical infrastructure owners and operators, including refineries and 
petrochemical manufacturing facilities. Finding reliable and 
scientifically valid methods to identify and interrupt intruding drones 
is vitally important. In that regard, establishing remote 
identification standards for all UAS operators and requiring they 
register with the Federal Aviation Administration (``FAA'') will help 
enhance the safety and security of the NAS and critical infrastructure 
facilities.
    Additionally, we remain concerned that FAA has not yet acted on its 
statutory mandate in the FAA Extension, Safety, and Security Act of 
2016 to allow critical infrastructure operators to apply for 
designation to prohibit or restrict the operation of UAS in close 
proximity to a fixed site facility.
    Understanding that remote identification is an integral step in 
detection and deterrence, we are concerned to see that the FAA has 
further delayed the remote identification rule publication. We strongly 
urge FAA to work expeditiously in finalizing the remote identification 
rule and look forward to working with Congress and FAA on remote 
identification and section 2209 implementation.
    Thank you for your attention and work on security threats and 
challenges posed by UAS, including the status of UAS detection and 
mitigation technology and capabilities. We appreciate your leadership 
on this important issue and look forward to working with lawmakers as 
the process moves forward.
                                 ______
                                 
    Response to Written Questions Submitted by Hon. Dan Sullivan to 
                         Angela H. Stubblefield
    Question 1. Sec. 383 of the most recent FAA Reauthorization directs 
the FAA to work with DOD and DHS to help ensure counter drones, or 
CUAS, that detect and mitigate hostile UAS do not adversely impact 
airport operations or the NAS. This is a good step for the FAA but how 
does it plan to address similar threats presented to other sectors, 
such as energy, telecommunications, or even chemical? Does Sec. 383 
give you the necessary authority to charter an ARC to examine how this 
threat impacts other settings besides airports?
    Answer. Section 383(a) requires the Administrator to work with the 
Secretary of Defense, the Secretary of Homeland Security, and the heads 
of other relevant Federal departments and agencies for the purpose of 
ensuring that technologies or systems that are developed, tested, or 
deployed by Federal departments and agencies to detect and mitigate 
potential risks posed by errant or hostile unmanned aircraft system 
operations do not adversely impact or interfere with safe airport 
operations, navigation, air traffic services, or the safe and efficient 
operation of the national airspace system. Section 383(b) also requires 
the FAA to develop a plan for the certification, permitting, 
authorizing, or allowing of the deployment of technologies or systems 
for the detection and mitigation of unmanned aircraft systems. In 
addition, section 383(b) requires the Administrator to charter an 
aviation rulemaking committee (ARC) to make recommendations for such a 
plan and any standards that the Administrator determines may need to be 
developed with respect to such technologies or systems.
    Given this authority, in addition to the FAA's broad mandate to 
maintain the safety and efficiency of the National Airspace System 
(NAS), we believe the FAA has sufficient statutory authority to 
consider impacts generally to the NAS that are introduced by UAS 
detection and mitigation systems, including other settings outside the 
airport environment, in developing standards for C-UAS use.
    Regarding addressing similar threats presented to other sectors, 
the FAA is working closely with interagency partners, including the 
study being conducted by the Department of Homeland Security pursuant 
to section 1602 on critical infrastructure, to assess risks and 
determine what, if any, additional authorities and resources are 
needed. The FAA is coordinating with DHS and DOJ on that study.

    Question 2. Have foreign entities, including Chinese -owned 
companies, or organizations who receive funding by foreign entities 
been involved in the development of Unmanned Aircraft System Traffic 
Management (UTM)? Will foreign entities be allowed to operate UTMs, 
and, if so, under what conditions?
    Answer. UTM is a ``traffic management'' ecosystem for non-
controlled operations that is separate from, but complementary to, the 
controller-provided services in the FAA's Air Traffic Management 
system. UTM utilizes industry's ability to supply services under the 
FAA's regulatory authority where these services do not exist. It is an 
operator-centric concept with layered procedures, systems, and 
responsibilities that will support the separation of UAS from one 
another and from manned aircraft. Starting in April 2019, the FAA began 
onboarding new service suppliers in six-month waves with UAS Service 
Suppliers (USS) providing the UTM services directly.
    Foreign entities will be allowed to operate services that are part 
of the suite of tools and capabilities necessary for UTM. There are 
several foreign USS that are currently approved for LAANC. The FAA is 
working to implement data sovereignty, transparency, and protection 
requirements for all USS. We will continue to work with our interagency 
partners and evaluate potential data security risks and any necessary 
mitigations.
    LAANC is the Low Altitude Authorization and Notification 
Capability, a collaboration between FAA and Industry. It directly 
supports UAS integration into the airspace. It provides access to 
controlled airspace near airports through near real-time processing of 
airspace authorizations below approved altitudes in controlled 
airspace.

    Question 3. Have foreign entities, including Chinese owned 
companies, or organizations who receive funding by foreign entities, 
been chosen as providers of the Low Altitude Authorization and 
Notification Capability (LAANC)? If so, what security and privacy 
requirements has the FAA placed on foreign operators?
    Answer. Both foreign companies and U.S. companies receiving 
international funding are participating in LAANC.
    All LAANC Providers sign a Memorandum of Agreement (MOA) and agree 
to abide by specific operating rules. Both documents are available at 
https://www.faa.gov/uas/programs_partnerships/data_exchange/
laanc_for_industry/, and all participants agree to the same terms. The 
FAA is working to implement requirements that ensure data transparency, 
sovereignty, and protection requirements are included for all USS.

    Question 4. As the recent FAA reauthorization bill requires, the 
FAA is developing a knowledge test for recreational UAS users--at 
present, this has been suggested to be over 1 million Americans, 
approximately. Will foreign entities, including Chinese-owned 
companies, or organizations who receive funding by foreign entities be 
allowed to conduct testing for recreational drone operators, allowing 
them to obtain personal information of American citizens?
    Answer. The FAA's top priority is safety. Our goal is to have the 
test administered to the greatest number of recreational flyers. We 
look forward to engaging with our Federal security partners as we 
finalize the administration of this test. We're also putting out a 
request for information (RFI) seeking input from the industry on how 
the test should be administered.
                                 ______
                                 
    Response to Written Questions Submitted by Hon. Deb Fischer to 
                         Angela H. Stubblefield
    Section 2209 of the FAA Extension, Safety, and Security Act of 2016 
directs the FAA to set up a process by which operators of non-
governmental fixed site facilities could petition the agency to 
prohibit UAS operations over critical infrastructure. During a Commerce 
Committee hearing last month, Jay Merkle of the FAA's UAS Integration 
office said the FAA is still working on a rulemaking. However, the 2016 
legislation required the FAA to establish this process within 180 days.
    Question 1. Please explain why the FAA is delayed in implementing 
the 2209 process, and what the FAA's timeline is for implementation.?
    Answer. In order to implement section 2209 of the FAA Extension, 
Safety, and Security Act of 2016 (FESSA), the Department of 
Transportation/FAA determined rulemaking is required and has initiated 
this regulatory action.
    In order to begin meeting the intent of 2209, the FAA used existing 
authority (14 CFR 99.7) to establish special security instructions in 
the form of flight restrictions over national security-sensitive sites 
identified and sponsored by Federal security agencies (such as military 
installations, sensitive energy facilities, high risk Federal prisons, 
and iconic landmarks like the Statue of Liberty, Hoover Dam, and Mount 
Rushmore). This activity has provided valuable lessons learned that are 
informing the process being established in the rulemaking. As we 
proceed with this work, FAA continues to meet with government partners, 
critical infrastructure owners and associations to learn about the 
volume of facilities various critical infrastructure sectors would like 
to cover, incident response planning, law enforcement engagement, 
public education and community outreach.
    We strongly believe Remote ID requirements as part of a robust UTM 
suite of services are going to resolve a lot of the challenges Congress 
anticipated with 2209 to address the concerns of critical 
infrastructure owners. Therefore, we have focused Agency resources on 
maximally expediting the Remote ID rulemaking. Remote ID will be 
crucial to enable enforcement of UAS flight restrictions as it will 
permit location and identification of the operator whose UAS is 
violating the flight restriction.

    Question 2. Additionally, how do you expect FAA will define 
``critical infrastructure'' facilities for the purpose of establishing 
the 2209 process?
    Answer. Section 2209 of the FAA Extension, Safety and Security Act 
of 2016 required the Secretary of Transportation to establish a process 
to prohibit or restrict the operation of an unmanned aircraft in close 
proximity to a fixed site facility. The only fixed site facilities this 
applies to include: ``Critical infrastructure, such as energy 
production, transmission, and distribution facilities and equipment. 
Oil refineries and chemical facilities. Amusement parks; and, other 
locations that warrant such restrictions.'' The FAA Reauthorization Act 
of 2018 amended the definition of a fixed site facility to explicitly 
include railroad facilities.
    Presidential Policy Directive 21, concerning critical 
infrastructure security and resilience, states that the term ``critical 
infrastructure'' has the meaning provided in section 1016(e) of the USA 
Patriot Act of 2001 (42 U.S.C. 5195c(e)), namely systems and assets, 
whether physical or virtual, so vital to the United States that the 
incapacity or destruction of such systems and assets would have a 
debilitating impact on security, national economic security, national 
public health or safety, or any combination of those matters.
    As the section 2209 rulemaking drafting process continues, FAA is 
coordinating with DHS/CISA and making a determination about the scope 
of critical infrastructure as it relates to implementation of section 
2209.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Todd Young to 
                         Angela H. Stubblefield
    In your testimony you note that you are using existing airspace 
authority to address concerns about unauthorized UAS operations over 
national-security sensitive facilities. Furthermore, this work is 
informing your efforts on a yet-to-be-established process for critical 
infrastructure owners to petition the FAA for UAS-specific flight 
restrictions. Section 2209 of the FAA Extension, Safety, and Security 
Act of 2016 directed the Secretary of Transportation to establish a 
process to accept petitions to prohibit or restrict UAS operations over 
critical infrastructure and other facilities--i.e. institute a no fly 
zone over certain critical infrastructure.
    Question 1. As I understand it, rulemaking and implementation of 
Section 2209 has experienced continual delays. Why has implementation 
of Section 2209 experienced delays?
    Answer. Section 2209 rulemaking remains a priority for the FAA. We 
also strongly believe Remote ID requirements as part of a robust UTM 
suite of services are going to resolve a lot of the challenges Congress 
anticipated with section 2209 to address the concerns of critical 
infrastructure owners. Therefore, we have focused Agency resources on 
maximally expediting the Remote ID rulemaking. Remote ID will be 
crucial to enable enforcement of UAS flight restrictions as it will 
permit location and identification of the operator whose UAS is 
violating the flight restriction. The need to understand the scope and 
volume of potential requests is also vital to developing a viable 
implementation process for the rule and has necessitated meetings with 
a variety of critical infrastructure operators and associations.
    However, in order to begin meeting the intent of section 2209, the 
FAA used existing authority (14 CFR 99.7) to establish special security 
instructions in the form of flight restrictions over national security 
sensitive sites identified and sponsored by Federal security agencies 
(such as military installations, sensitive energy facilities, high risk 
Federal prisons, and iconic landmarks like the Statue of Liberty, 
Hoover Dam, and Mount Rushmore). This activity has provided valuable 
lessons learned that are informing the process being established in the 
rulemaking. As we proceed with this work, the FAA continues to meet 
with critical infrastructure owners and associations to support learn 
about the volume of facilities various critical infrastructure sectors 
would like to cover, incident response planning, law enforcement 
engagement, public education and community outreach.

    Question 2. Do you need additional support from Congress to 
implement Section 2209?
    Answer. The FAA is working diligently to establish the regulatory 
framework necessary for the safe and secure integration of UAS into the 
National Airspace System. As noted above, the rulemaking to implement 
section 2209 is one of several priorities for DOT and the FAA in this 
regard.
    From a national security perspective, there will always be varying 
concerns about the risks associated with the advancement of information 
technology products and services in the global supply chain. These 
risks are generally associated with the Federal government's limited 
visibility into, understanding of, and control over how foreign 
technology is developed, integrated, and processed to assure the 
integrity and security of the products. Nonetheless, with respect to 
the United States economy, it is still important to maintain an open 
investment climate in information technology, but there must be balance 
between consumer and industry needs, and national security.

    Question 3. With Chinese UAS companies clearly focusing on 
controlling the drone hardware market, can you elaborate on a national 
strategy to focus on supply chain concerns?
    Answer. We believe the President's recent ``Executive Order on 
Securing the Information and Communications Technology and Services 
Supply Chain'' is prescient on this topic. We will work with the 
agencies identified in his EO to protect the security, integrity, and 
reliability of information and communications technology and services 
provided and used in the United States. The EO directs the Secretary of 
Commerce, in consultation with many other cabinet officials (the 
Secretary of the Treasury, the Secretary of State, the Secretary of 
Defense, the Attorney General, the Secretary of Homeland Security, the 
United States Trade Representative, the Director of National 
Intelligence, the Administrator of General Services, the Chairman of 
the Federal Communications Commission, and, as appropriate, the heads 
of other executive departments and agencies), to identify if foreign 
information and communications technology or services pose undue risks 
to the United States. It also allows them to negotiate measures to 
mitigate risks. The EO was only recently published, but we are 
analyzing its potential applicability and look forwarded to working 
with the National Security Council and interagency partners to 
implement the order, as appropriate.

    Question 4. Additionally, what policies would you suggest to 
effectively protect data of consumers or related to national security 
that could be stored by foreign vendors or third parties?
    Answer. The FAA considers cyber and data security risks and 
mitigations in our mission to maintain the safety and efficiency of the 
National Airspace System, including certification of aircraft and 
avionics systems, as well as protection of the air navigation services 
infrastructure. Cyber security and data protection in the context of 
UAS is also paramount. While UAS are aircraft, they are also like so 
many highly computerized devices we use in our professional and 
personal lives that can collect data and connect to the Internet where 
information systems and data can be vulnerable to misuse if they are 
not adequately protected. UAS operators, just like computer users, need 
to be aware of what data they are collecting with their UAS and 
consider what level of protection it should be afforded.
    The FAA strongly recommends that UAS operators read the user 
licensing agreements on their drones and assess whether the data 
access, sharing, and protection policies the manufacturer has in place 
are adequate or whether their data sensitivity necessitates additional 
protection from disclosure and misuse or even selection of a different 
UAS. The FAA is also looking at agreements the Agency has with non-
federal UAS service suppliers (USS) to ensure data transparency, 
sovereignty, and protection requirements are included. It is also 
important to consider not just the state of the drone manufacturer but 
also, depending on the sensitivity of the UAS work, the state of the 
manufacture of components of the drone--such as chip sets and cameras. 
Users should conduct risk-based analysis of their drones and the 
purposes for which they use their drones to determine the level of 
protection needed. That risk may vary widely between, for example, a 
real estate agent and an electrical power plant manager.
    We recognize that consumers do not have unlimited budgets and, 
thus, they must balance cost with data sensitivity and security risks. 
Alternatives do exist, but there may be a cost and capabilities trade-
off to consider.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Amy Klobuchar to 
                         Angela H. Stubblefield
    One of the provisions in the 2018 FAA Reauthorization Act required 
a study to assess privacy concerns that have been raised regarding the 
integration of unmanned aerial systems (UAS) into the national 
airspace. You also noted the need to secure data collected by UAS in 
your testimony.
    Question 1. In your view, what actions should be taken to address 
both security and privacy concerns in response to the increased use of 
UAS?
    Answer.
Security:
    The FAA considers cyber and data security risks and mitigations in 
our mission to maintain the safety and efficiency of the National 
Airspace System, including certification of aircraft and avionics 
systems, as well as protection of the air navigation services 
infrastructure. Cyber security and data protection in the context of 
UAS is also paramount. While UAS are aircraft, they are also like so 
many highly computerized devices we use in our professional and 
personal lives that can collect data and connect to the Internet where 
information systems and data can be vulnerable to misuse if they are 
not adequately protected. UAS operators, just like computer users, need 
to be aware of what data they are collecting with their UAS and 
consider what level of protection it should be afforded.
    The FAA strongly recommends that UAS operators read the user 
licensing agreements on their drones and assess whether the data 
access, sharing, and protection policies the manufacturer has in place 
are adequate or whether their data sensitivity necessitates additional 
protection from disclosure and misuse or even selection of a different 
UAS. The FAA is also looking at agreements the Agency has with non-
federal UAS service suppliers (USS) to ensure data transparency, 
sovereignty, and protection requirements are included. It is also 
important to consider not just the state of the drone manufacturer but 
also, depending on the sensitivity of the UAS work, the state of the 
manufacture of components of the drone--such as chip sets and cameras. 
Users should conduct risk-based analysis of their drones and the 
purposes for which they use their drones to determine the level of 
protection needed. That risk may vary widely between, for example, a 
real estate agent and an electrical power plant manager.
    We recognize that consumers do not have unlimited budgets and, 
thus, they must balance cost with data sensitivity and security risks. 
Alternatives do exist, but there may be a cost and capabilities trade-
off to consider.
Privacy:
    It's not the FAA's mission, direction, or expertise to determine 
what data privacy issues need to be regulated. As a general matter, 
privacy intrusions tend to implicate state and local laws, rather than 
Federal law. Accordingly, state law may already provide recourse for a 
person whose privacy may be impacted by a remote pilot's use of a UAS.
    Although the FAA recognizes that unique characteristics and 
capabilities of UAS may pose risks to individual privacy, such concerns 
are generally related to technology and equipment that may be installed 
on an unmanned (or manned) aircraft and are not related to the safe 
flight of the aircraft, which is the FAA's primary focus.
    With that said, there are best practice documents available to 
support both government and private sector use of UAS in a manner that 
respects privacy, civil rights, and civil liberties.

   NTIA published a voluntary best practices document, 
        ``Voluntary Best Practices for UAS Privacy, Transparency, and 
        Accountability'', focused on data collected via a UAS 
        (commercial and non-commercial) and based on direction from the 
        President on February 15, 2015 to establish ``[A] multi-
        stakeholder engagement process to develop and communicate best 
        practices for privacy, accountability, and transparency issues 
        regarding commercial and private UAS use in the NAS. . .'' The 
        FAA participated fully in this engagement process, which led to 
        the publication of best practices in May 2016.

   In December 2015, DHS also published a set of best 
        practices, titled ``Best Practices for Protecting Privacy, 
        Civil Rights & Civil Liberties In Unmanned Aircraft Systems 
        Programs'' to inform DHS and local, state, tribal and Federal 
        government partners and grantees interested in establishing UAS 
        programs to ensure such programs are grounded in policies and 
        procedures that are respectful of privacy, civil rights, and 
        civil liberties. These best practices are not prescriptive, but 
        represent an optimal approach to sustaining privacy, civil 
        rights, and civil liberties throughout the lifecycle of a UAS 
        program. Although the intended audience is government agencies, 
        the private sector may also find these practices instructive in 
        operating UAS.

    Question 2. What steps has the FAA taken to make sure that 
companies are held accountable when data from a drone is misused?
    Answer. Depending on the specific type of ``misuse,'' state or 
Federal law may provide recourse for an individual whose data may have 
been misused. Additionally, for USS, the FAA is instituting contractual 
obligations for the handling of UAS and operator information.
                                 ______
                                 
  Response to Written Questions Submitted by Hon. Tammy Duckworth to 
                         Angela H. Stubblefield
    Question 1. What specific recommendations or best practices does 
the FAA provide to stakeholders, including law enforcement entities, 
interested in addressing or preventing unauthorized drone access at 
their facilities? What technology would the FAA recommend airports and 
other critical infrastructure operators use to detect and deter drones?
    Answer. The FAA revised its publicly available website on March 6, 
2019 to include a comprehensive toolbox of information for the public 
safety community. The toolbox includes information on how public safety 
agencies can establish a drone program to enhance their capabilities as 
well as how to pursue enforcement for suspected unauthorized drone use. 
Current printable reference materials available to public safety 
officials on the FAA website include: Law Enforcement Guidance for 
Suspected Unauthorized UAS Operations, Law Enforcement Pocket Drone 
Card. New additions include an expanded Law Enforcement and Public 
Safety reference card and a reference card titled Drones in Public 
Safety: A Guide to Starting Operations. We also have a ``No Drone 
Zone'' kit with signage that property owners/managers can use to alert 
the public that that drones may not take off or land on their property. 
The site will continue to be updated with additional resources and 
links to important information.
    The FAA has finalized a comprehensive plan for communicating 
information with public safety partners on responding to threats posed 
by UAS. The plan includes numerous tactics to educate the public safety 
community including offering live webinars, on-demand videos, a 
repository of on-line information (guidance documents, videos, handouts 
etc.), increased social media engagement and partnership with law 
enforcement and public safety by both FAA headquarters and field law 
enforcement assistance program special agents. Several of the proposals 
have already come to fruition, and our engagement will continue to 
increase and evolve with the development of future regulations.
    The FAA's Law Enforcement Assistance Program (LEAP) is another key 
resource for our law enforcement and security partners concerned about 
errant or malicious UAS operations. This cadre of special agents, who 
provide educational and investigative support to law enforcement, 
conducts dozens of outreach sessions with law enforcement and public 
safety partners each quarter. In addition, LEAP agents follow up with 
law enforcement after notification of each alleged unauthorized UAS 
operation reported to the FAA to see if we can provide information to 
support their investigation or receive information to support an FAA 
civil enforcement investigation.
    The FAA distinguishes between UAS detection and UAS mitigation (C-
UAS) technology. UAS detection systems may detect, identify, monitor, 
or track UAS. C-UAS means a system or device capable of lawfully and 
safely disabling, disrupting, or seizing control of a UAS. While there 
are a wide variety of commercially available UAS detection and 
mitigation solutions in the marketplace, most are based on systems 
designed for military applications, and sufficient testing has not been 
conducted to determine their performance and impacts in domestic civil 
environments. The potential impacts many of these mitigation systems 
can have on avionics, air navigation services infrastructure, and 
compliant UAS argue for a careful, coordinated, and phased approach to 
allowing their use in the NAS. The FAA and other Federal agencies are 
currently undertaking efforts to test these technologies in a variety 
of civil environments in the coming months.
    The use of UAS detection or C-UAS technology may implicate 
provisions of law in title 18 and title 49 of the United States Code. 
Only four Federal entities have express statutory authority to use C-
UAS technology: Department of Defense, Department of Energy, Department 
of Justice, and Department of Homeland Security. The FAA does not 
support the use of C-UAS technology by any public or private entity 
beyond these four Federal agencies.
    Regarding the use of UAS detection technology, in early May, the 
FAA published an information package for airport sponsors containing 
useful information about UAS detection systems and how to coordinate 
with the FAA. Much of that information is useful to entities 
considering how to identify and respond to unauthorized UAS operations 
outside the airport environment as well.
    Part of the UAS Detection Package sent by FAA to airports on May 7, 
2019, was a document titled ``Technical Considerations''. This document 
consists of selected technical questions and supporting materials that 
may assist organizations that are reviewing the capabilities and 
limitations of UAS detection systems. See https://www.faa.gov/airports/
airport_safety/media/Attachment-3-UAS-Detection-Technical-
Considerations.pdf

    Question 2. The FAA's Drone Advisory Committee includes executives 
from a cross-section of UAS stakeholders, including industry, academia 
and retail. However, it does not appear that the perspectives of the 
counter-drone (C-UAS) technology community is represented. Is this 
simply an oversight, a lack of expressed interest by counter-drone 
interests, or some other reason? Do you think the FAA should appoint a 
member of the C-UAS technology community to the Drone Advisory 
Committee? Please describe how FAA has communicated with C-UAS 
interdiction technology developers any technical requirements or 
feedback about the agency's view of how C-UAS should work in the 
National Airspace System.
    The FAA's Drone Advisory Committee (DAC) does include a member of 
the C-UAS technology community: Jaz Banga, Co-Founder and CEO of 
Airspace Systems, Inc. He represents the perspectives of the C-UAS 
technology community. He is also currently leading a DAC task group 
focused on recommendations for how industry can assist in reducing the 
instances of unauthorized use of UAS by clueless or careless operators.
    The FAA has met with dozens of UAS detection and mitigation 
solution providers since 2016 and continues to meet with them on an 
often weekly and/or monthly basis. We discuss with them the FAA's 
concern about adverse safety impacts on NAS systems and compliant UAS, 
as well as the mechanics of their systems and their performance in 
different environments. We also review information and testing results 
from other U.S. government agencies' tests of many C-UAS technologies.
    The FAA was directed in section 383 of the FAA Reauthorization Act 
of 2018 to develop a plan for the certification, permitting, 
authorizing, or allowing of the deployment of technologies or systems 
for the detection and mitigation of unmanned aircraft systems. In 
addition, section 383 requires the Administrator to charter an ARC to 
make recommendations for such a plan and any standards that the 
Administrator determines may need to be developed with respect to such 
technologies or systems. The FAA is working to implement these 
requirements.

    Question 3. Please describe all efforts FAA is making to stay 
abreast of the most current capabilities for C-UAS detection and 
identification and C-UAS interdiction and mitigation technology.
    Answer. First, FAA has met and continues to meet on a weekly or 
monthly basis with dozens of UAS detection and mitigation manufacturers 
and vendors to be briefed on their products. Secondly, the FAA attends 
or reviews the results of many of the testing demonstrations conducted 
by our interagency, and sometimes state and local law government, 
partners. Finally, as stated above, the FAA is working to implement the 
requirements of section 383 of the FAA Reauthorization Act of 2018.

    Question 4. Please describe all of the tests and demonstrations FAA 
has conducted for C-UAS technology, including tests and demonstrations 
for detection and identification technology and tests and 
demonstrations of C-UAS interdiction and mitigation technologies.
    Answer. Consistent with section 2206 of the FAA Extension, Safety 
and Security Act of 2016, the FAA conducted a pilot program to evaluate 
the feasibility of integrating detection equipment in the airport 
environment. Additional discussion of this effort is included below. 
Section 383 of the FAA Reauthorization Act of 2018, Airport Safety and 
Airspace Hazard Mitigation and Enforcement, directs and grants 
authority to the FAA to conduct, notwithstanding various provisions of 
title 18 and title 49, United States Code, additional testing of 
detection and mitigation technologies at airports as well as develop 
standards and a plan for allowing detection and mitigation systems to 
be used in the NAS. The FAA is currently developing the actions, 
resources requirements, and timeline for the section 383 pilot project 
work and will be coordinating with other Federal agencies on these 
efforts.
    Section 2206 of the FAA Extension, Safety and Security Act of 2016 
directed the FAA to establish a pilot program to evaluate the use of 
UAS detection systems near airports and other critical infrastructure. 
This congressional mandate did not provide the FAA with any relief from 
various provisions of title 18 and title 49 implicated by certain 
detection and all mitigation technologies. Under this program, the FAA 
conducted limited technology evaluations at three airports (Atlantic 
City International; Denver International Airport; Dallas Fort-Worth 
International Airport) and worked with FBI on an evaluation at JFK 
International in New York. We gained valuable data, but due to legal 
constraints, no active Radio-Frequency (RF) technologies were 
evaluated--only passive RF and other detection capabilities were 
evaluated. That pilot program concluded, but the FAA has continued to 
work with its interagency partners on detection and mitigation 
evaluation efforts all of which are informing the section 383 pilot 
program we are developing now.
    The results of the section 2206 pilot suggested currently available 
detection technologies, which do not implicate title 18 and other 
Federal laws, encounter a number of challenges in the airport 
environment that impact their performance accuracy and capabilities. In 
addition, given the cost of some systems, the need for multiple 
sensors/systems to address deficiencies, and the fact that 50 percent 
or more of reported UAS sightings occur more than 5 miles from an 
airport, the FAA believes registration, remote ID requirements for all 
UAS operators, and the addition of a knowledge test for recreational 
operators, which we are now able to pursue, will enable an effective 
multi-faceted strategy to addressing risks posed by unauthorized UAS 
operating on and around airports. Those who are conducting unauthorized 
operations in the vicinity of airports could be identified and engaged 
by law enforcement in real time, and the FAA would be able to pursue 
education or, if necessary, enforcement action against the operator. 
More testing and evaluation of detection technologies in the airport 
environment is necessary to better characterize their performance 
capabilities.
    We do understand there is a gap between now and this future state, 
which is why we published a package of useful information for airport 
sponsors considering or deploying UAS detection technology. We want to 
coordinate and work with airports to ensure such systems are safely 
integrated into the airport environment if airports choose to deploy 
them.
    Testing of mitigation technology at airports is also vital to 
identify and assess the FAA's ability to mitigate any safety impacts 
their use may have at the airport. Section 383 testing and evaluation 
will provide additional valuable information to better inform the 
development of standards for UAS detection and mitigation systems.

    Question 5. Why is there no FAA safety standard for UAS ``lost 
link'' protocol? Has FAA assessed the risk of a UAV losing its control/
navigation signal? If so, what did it find? If not, why not?
    Answer. Due to the rapid evolution of UAS technologies, there are 
multiple (and more each day) methods by which an unmanned aircraft (UA) 
operator may address lost link issues. Primary ``protocols'' include:

  1.  Pre-programmed commands directing the UA to either return to 
        base, land immediately, or hover in place.

  2.  In some instances, the UA is programmed to continue on its 
        predetermined course.

    The definition for ``lost link'' is subjective depending on the 
type of link that is used. Digital signals do not go ``lost link'' but 
rather have increased delays in transmitting packet data to the UA. 
Lost link occurs when the UA reaches a pre-programmed threshold delay 
between data packets received. This programmed response is dependent on 
the type of mission, environment, and most importantly, the air and 
ground risk.
    The FAA is currently in the process of determining testing 
requirements for Control, Non-Payload Communications (CNPC) that will 
enable the production of performance-based standards for RF-linked 
operations. The criticality of the CNPC link varies with the nature of 
the operation and levels of automation. A low-risk operation with a 
high level of automation relies very little on the CNPC link. A more 
complex operation that requires a pilot in the loop requires a more 
continuous and reliable CNPC link. The standards that are being 
developed, and their related testing requirements, take this variation 
into consideration.

    Question 6. Please explain why you believe, ``the problem with 
counter-UAS capabilities right now is that it has a significant impact 
on the National Airspace System and other communication systems, 
especially in urban areas.'' Is this FAA's view of a specific kind of 
C-UAS interdiction technology or all C-UAS interdiction technologies?
    Answer. Some current C-UAS technologies pose a direct risk to 
safety-of-life Air Navigation Services critical infrastructure and 
avionics due to their spectrum-related impacts on these systems. In 
particular, certain technologies can impact air-ground communications, 
Global Positioning System (GPS) dependent navigation, and other 
surveillance and airport safety systems. The operational use of C-UAS 
in the National Airspace System also poses an indirect risk to persons 
and property on the ground or other aircraft in flight--including 
manned aircraft--depending on how the drone responds. Lastly, some C-
UAS systems can interfere with authorized or compliant drone activity 
that may be occurring in proximity to the unauthorized drone. Not all 
RF systems produce the same impacts on Air Navigation Service (ANS) 
infrastructure, onboard manned aviation systems, nor on UAS.
    The precise risks C-UAS technologies pose to safety-of-life 
aircraft systems and ANS critical infrastructure depend on the specific 
technology being employed, its location, and parameters of its use 
(e.g., configurations regarding directional versus omnidirectional, 
power levels, etc.). The FAA's greatest concern with the currently 
available C-UAS technology is focused on those systems that interfere 
with RF and GPS, a service on which both manned and unmanned aircraft, 
as well as the agency's ANS and some airport and air carrier ground 
systems, heavily rely.
    In addition, given the limited amount of testing that has occurred 
in the civil environment, we are also concerned about the reaction/
response of some UAS when they are subject to RF interference, which 
can include uncontrolled flight that may present a safety risk for 
people and property on the ground or other aircraft in-flight. Other 
concerns involve impact to non-targeted aircraft, non-targeted spectrum 
impacts, and ensuring non-interference with other data and 
communications services, including for emergency personnel.
    It is important to remember many C-UAS technologies were designed 
for military use in conflict areas with very different geographies and 
where collateral impacts are not a significant concern. It is vital 
that C-UAS systems be tested in civil environments to determine both 
impacts and efficacy.

    Question 7. Does FAA believe that UAS control/navigation 
communications are ``aeronautical communications'' subject to 18 USC 
2511(2)(g)? Please describe the rationale for your response.
    Answer. FAA recommends that any entity interested in UAS detection 
or mitigation technology consult with legal counsel to assess their 
risks and responsibilities under title 18, United States Code, as well 
as other relevant provisions of Federal law.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Todd Young to 
                        Dr. Catherine F. Cahill
    From a national security perspective, there will always be varying 
concerns about the risks associated with the advancement of information 
technology products and services in the global supply chain. These 
risks are generally associated with the Federal government's limited 
visibility into, understanding of, and control over how foreign 
technology is developed, integrated, and processed to assure the 
integrity and security of the products. Nonetheless, with respect to 
the United States economy, it is still important to maintain an open 
investment climate in information technology, but there must be balance 
between consumer and industry needs, and national security.
    Question 1. With Chinese UAS companies clearly focusing on 
controlling the drone hardware market, can you elaborate on a national 
strategy to focus on supply chain concerns?
    Answer. In my opinion, if we do not maintain drone hardware and 
software engineering, manufacturing, and testing capability in the 
U.S., we are putting our country's security at risk. Unfortunately, the 
economics of drone design and manufacturing, especially for small 
commercial systems, are being driven by large foreign corporations that 
are not subject to the same workforce costs, environmental standards, 
and testing challenges as U.S. companies building and testing their 
systems in the U.S. The costs associated with the highly technical 
personnel required to design and build drone systems makes systems 
designed in the U.S. more expensive than their foreign counterparts. 
Additionally, manufacturing these systems is more difficult in the U.S. 
where manufacturers are subject to stricter environmental standards and 
labor is more expensive than in other countries. Testing also is more 
difficult in the U.S. For years, U.S. companies have had to go overseas 
to test their systems because the U.S. regulations have been so tight 
that it was impossible to test the limits of their systems in a cost-
effective way in the U.S. Drone companies needed to have military 
sponsorship to be able to test their systems in restricted airspace 
because the testing of commercial systems could not be done in the 
National Airspace System (NAS) outside of restricted areas, including 
temporary flight restriction areas. The development of the FAA's Test 
Sites was designed to help with this testing, but the Test Sites were 
also limited in what could be done due to the requirements imposed on 
them by their Public Aircraft status. For example, beyond visual line 
of sight operations could not be conducted without chase aircraft or 
daisy-chained visual observers keeping the aircraft in sight at all 
time. Even now, only two beyond visual line of sight `commercial' 
(i.e., under the small UAS rule [Part 107] that allows the commercial 
operation of UAS in the NAS) missions have been flown in the NAS 
without visual observers keeping their eyes on the airspace or aircraft 
at all times. These operations were flown last week (July 30-31, 2019) 
by the University of Alaska Fairbanks and their UAS Integration Pilot 
Program partners. The solution to the supply chain threat must address 
all of these challenges.
    I recommend the following actions to protect the drone supply chain 
from foreign influence:
  1)  Buy American

    a.  Require all Federal agencies conducting sensitive operations, 
            surveillance, critical infrastructure monitoring, mapping, 
            and other non-public relations missions to use U.S.-made 
            drones

  2)  Establish requirements for a system to be called a U.S.-made 
        drone

    a.  Require economic authority (pure U.S. ownership) for the drone 
            company and all parent companies

    b.  Require specific essential and software parts (autopilot, 
            communications devices, etc.) be U.S. made and a specific 
            percentage of the aircraft components be manufactured in 
            the U.S.

    c.  Require the assembly of the drone to occur in the U.S.

  3)  Subsidize U.S. drone manufacturers

  4)  Set aside remote airspace areas, preferably under the auspices of 
        FAA Test Sites to encourage collaboration and safe operations, 
        for conducting advanced commercial operations testing, such as 
        beyond visual line of sight tests, nighttime operations, detect 
        and avoid technology testing, etc.

  5)  Stop training foreign students in our advanced technologies

    a.  Do not allow foreign students to take classes or participate in 
            school activities that build drones or drone components, 
            such as autopilots, payloads, etc.

    b.  Do not allow foreign students to take classes that use 
            International Traffic in Arms Regulations (ITAR) listed 
            cameras or other sensor technologies

    c.  Do not allow foreign students to take classes directly 
            applicable to interfering with drone command and control, 
            such as jamming, hacking, spoofing

    d.  Educate university faculty about ITAR and enforce compliance

  6)  Prohibit drones from using foreign communications systems in the 
        U.S.

  7)  Prohibit Federal agencies from storing data in foreign vendor, 
        third party, or easily-accessible computer/cloud storage 
        systems

    Question 2. Additionally, what policies would you suggest to 
effectively protect data of consumers or related to national security 
that could be stored by foreign vendors or third parties?
    Answer. I recommend prohibiting Federal agencies from storing any 
data, especially data related to national security or sensitive in 
nature, including proprietary or confidential information provided to 
the agencies by third parties, in foreign vendor, third party, or 
easily-accessible computer/cloud storage systems.
    To protect consumers' data, I recommend that at the very least the 
Federal government should follow Europe's lead and institute a U.S. 
form of their General Data Protection Regulation. Alternatively, the 
Federal government could implement a nationwide version of the 
California Consumer Privacy Act of 2018. Either way, consumers should 
know how their data is being stored and if it is being shared. Foreign 
vendors or third parties storing consumer data must be required to 
comply with the data protection regulations to operate in the U.S. The 
U.S. government must enforce the regulations to be effective in 
protecting the consumers' data.
                                 ______
                                 
  Response to Written Questions Submitted by Hon. Tammy Duckworth to 
                        Dr. Catherine F. Cahill
    Question. What is the FAA safety standard or procedure for ``lost 
link'' drones that are unable to receive a navigation signal from its 
operator? Are you aware of efforts at the FAA to develop a standard? If 
not, should the FAA should develop such a standard or should this issue 
be left to individual manufacturers?
    Answer. Currently, the FAA does not have a fixed safety standard or 
procedure for ``lost link''. However, the safety case for every flight 
operation that requires FAA to grant a waiver or authorization requires 
the operator to expressly state their ``lost link'' procedures. If the 
FAA personnel reviewing the safety case do not feel that the proposed 
``lost link'' procedures guarantee the safety of the National Airspace 
System, they will deny the application for the waiver or authorization.
    The FAA evaluates standards for inclusion in rulemaking; it does 
not make them. However, ASTM International and other standards setting 
bodies are working on developing standards for ``lost link'' procedures 
as a part of their drone command and control standards set. The ASTM 
set is shown below this paragraph. Please focus on sections 10 and 11. 
The FAA will consider these standards as it develops more detailed 
rules and regulations for drone operations.  

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                                 ______
                                 
     Response to Written Questions Submitted by Hon. Todd Young to 
                              Brian Wynne
    From a national security perspective, there will always be varying 
concerns about the risks associated with the advancement of information 
technology products and services in the global supply chain. These 
risks are generally associated with the Federal government's limited 
visibility into, understanding of, and control over how foreign 
technology is developed, integrated, and processed to assure the 
integrity and security of the products. Nonetheless, with respect to 
the United States economy, it is still important to maintain an open 
investment climate in information technology, but there must be balance 
between consumer and industry needs, and national security.
    Question 1. With Chinese UAS companies clearly focusing on 
controlling the drone hardware market, can you elaborate on a national 
strategy to focus on supply chain concerns?
    Answer. The United States UAS market has become stronger and more 
robust since the FAA implemented the small UAS rule. It is the largest 
national market in the world for UAS and likely to remain so for the 
foreseeable future. According to the AUVSI Unmanned Systems and 
Robotics Database, the United States has developed more unique UAS 
platforms than any other country; and nearly twice as many as the 
second largest UAS producing country. It also has more than triple the 
number of manufacturers in comparison, with 44 states having at least 
one UAS manufacturer.
    Thousands of businesses--small and large--are using UAS. Over 1.4 
million drones have been registered with the FAA, greater than 400,000 
of which are registered for commercial operations. While the vast 
majority follow the appropriate FAA.
    The American UAS market is stronger and more robust than any other 
country. To ensure domestic UAS companies continue to flourish, we need 
to accelerate Federal rulemakings and develop holistic policy solutions 
that give us the framework we need to keep the skies secure.

    Question 2. Additionally, what policies would you suggest to 
effectively protect data of consumers or related to national security 
that could be stored by foreign vendors or third parties?
    Answer. Safe, secure integration into the National Air Space (NAS) 
is critical to realizing the potential UAS technologies have on our 
society, economy, and lives. The integrity of the potentially enormous 
future transfer of data, underpinning the UAS ecosystem of the future, 
will require adequate standards, policies, and laws to maintain safety 
of the NAS. AUVSI stands ready to support those efforts as the 
landscape and requirements are defined.
                                 ______
                                 
   Response to Written Question Submitted by Hon. Tammy Duckworth to 
                              Brian Wynne
    Question. What is the FAA safety standard or procedure for ``lost 
link'' drones that are unable to receive a navigation signal from its 
operator? Are you aware of efforts at the FAA to develop a standard? If 
not, should the FAA should develop such a standard or should this issue 
be left to individual manufacturers?
    Answer. Yes, the FAA has developed UAS related standard procedures 
for `lost link' situations. The standards are specific to the type of 
operation and operator (for example; larger UAS above 55lbs, operating 
in controlled airspace that have an airworthiness certificate and 
smaller UAS operating under C.F.R., Part 107 and or waivers under these 
regulations). We have included standards specific to UAS ``lost link'' 
below with excerpts from the text. Should UAS technology evolve beyond 
the scope of the below standards or present an unsafe scenario 
previously not present, AUVSI believes new appropriate standards should 
be developed to maintain safety of the National Air Space.
    Please find the sources and excerpts of known ``lost link'' related 
standards below. Specific language is underlined for your benefit:

    Advisory Circular 107-2
    Subject: Small Unmanned Aircraft Systems (sUAS) Date: 6/21/16 AC 
No: 107-2 Initiated by: AFS-800 Change:
    FAA state in AC 107-2 5.2.3:
    https://www.faa.gov/uas/resources/policy_library/media/AC_107-
2_AFS-1_Signed.pdf

    5.2.3 Autonomous Operations. An autonomous operation is generally 
considered an operation in which the remote pilot inputs a flight plan 
into the CS, which sends it to the autopilot onboard the small UA. 
During automated flight, flight control inputs are made by components 
onboard the aircraft, not from a CS. Thus, the remote PIC could lose 
the control link to the small UA and the aircraft would still continue 
to fly the programmed mission/return home to land. During automated 
flight, the remote PIC also must have the ability to change routing/
altitude or command the aircraft to land immediately. The ability to 
direct the small UA may be through manual manipulation of the flight 
controls or through commands using automation

    JO 7110.65W [current]
    m. 5-2-9. UNMANNED AIRCRAFT SYSTEMS (UAS) LOST LINK
    This change adds a new paragraph. The change authorizes the 
exclusive use of non-discrete beacon code 7400 for lost link conditions 
of UASs. It also provides guidance for the air traffic controller on 
how to handle the lost link situation. This change cancels and 
incorporates FAA Notice JO 7110.724, dated November 11, 2016.

    ORDER JO 7110.65X [current]
    Effective Date: October 12, 2017
    5-2-9. UNMANNED AIRCRAFT SYSTEMS (UAS) LOST LINK

    Code 7400 may be displayed by unmanned aircraft systems (UAS) when 
the control link between the aircraft and the pilot is lost. Lost link 
procedures are programmed into the flight management system and 
associated with the flight plan being flown. 9/13/18 JO 7110.65X CHG 2 
JO 7110.65X 10/12/17 5-2-4 Beacon Systems When you observe a Code 7400 
display, do the following: a. Determine the lost link procedure, as 
outlined in the Special Airworthiness Certificate or Certificate of 
Waiver or Authorization (COA). b. Coordinate, as required, to allow UAS 
to execute the lost link procedure. c. Advise Operations Supervisor 
(OS), when feasible, so the event can be documented. d. If you observe 
or are informed by the PIC that the UAS is deviating from the 
programmed Lost Link procedure, or is encountering another anomaly, 
treat the situation in accordance with FAA Order J0 7110.65 Chapter 10, 
Section 1, Paragraph 10-1-1c. NOTE- 1. The available lost link 
procedure should, at a minimum, include lost link route of flight, lost 
link orbit points, lost link altitudes, communications procedures and 
preplanned flight termination points if the event recovery of the UAS 
is deemed unfeasible. 2. Each lost link procedure may differ and is 
dependent upon airframe and operation. These items are contained in the 
flight's Certificate of Authorization or Waiver (COA) and must be made 
available to ATC personnel in their simplest form at positions 
responsible for Unmanned Aircraft (UAs). 3. Some UA airframes (Global 
Hawk) will not be programmed upon the NAS Automation roll out to squawk 
7400. These airframes will continue to squawk 7600 should a lost link 
occur. The ATC Specialist must apply the same procedures described 
above.

    Add FAA Order JO 7110.65, [Canceled] N JO 7110.724 Air Traffic 
Organization Policy Effective Date: November 10, 2016 Cancellation 
Date: April 27, 2017 paragraph 5-2-9 to read as follows: 5-2-9 UNMANNED 
AIRCRAFT SYSTEMS (UAS) LOST LINK Code 7400 may be displayed by unmanned 
aircraft systems (UAS) when the control link between the aircraft and 
the pilot is lost. Lost link procedures are programmed into the flight 
management system and associated with the flight plan being flown. When 
you observe a Code 7400 display, do the following: a. Determine the 
lost link procedure, as outlined in the Special Airworthiness 
Certificate or Certificate of Waiver or Authorization (COA). b. 
Coordinate, as required, to allow UAS to execute the lost link 
procedure. c. Advise Front Line Manager (FLM), when feasible, so the 
event can be documented. d. If you observe or are informed by the PIC 
that the UAS is deviating from the programmed Lost Link procedure, or 
is encountering another anomaly, treat the situation in accordance with 
FAA J0 7110.65 Chapter 10, Section 1, Para 10-1-1(c). NOTE 1--The 
available lost link procedure should, at a minimum, include lost link 
route of flight, lost link orbit points, lost link altitudes, 
communications procedures and preplanned flight termination points if 
the event recovery of the UAS is deemed unfeasible. NOTE 2--Each lost 
link procedure may differ and is dependent upon airframe and operation. 
These items are contained in the flight's Certificate of Authorization 
or Waiver (COA) and must be made available to ATC personnel in their 
simplest form at positions responsible for Unmanned Aircraft (UAs). 
NOTE 3-Some UA airframes (Global Hawk, RQ-4) will not be programmed 
upon the NAS Automation roll out to squawk 7400. These airframes will 
continue to squawk 7600 should a lost link occur. The ATC Specialist 
must apply the same procedures described above. Renumber 5-2-9 thru 5-
2-24 to 5-2-10 thru 5-2-25.

    ORDER JO 7200.23 Effective Date: October 3, 2016B.

    UAS Operations Information and ATO Guidance for UAs Operating Under 
Part 91. to: (1) Lost Link, to include flight termination points (2) 
Flyaway (3) Lost Sight of UA by the visual observer (4) Other items to 
consider for inclusion in an LOA (if not contained in the COA): (a) Any 
specific altitude limitations, geographic boundary limitations, 
preferred route assignments, and periods of operations. This 
information must be provided to the ATC facility involved in the LOA 
via graphical depiction. (b) Weather requirements for operations. (c) 
ATC facilities responsibilities. (d) UAS proponent responsibilities.
ASTM Standards F318-16
    TABLE X2.1 Examples of Hazard or Failure Identification and 
Mitigation Practices

    6.4.25 Describe lost-link procedures for loss or interruption of 
positive control. 6.4.26 Describe emergency procedures (in the event of 
lost link, the UA shall squawk appropriate code if transponder 
equipped).

    8.1.2 System knowledge may also be enhanced through pilot and crew 
training. Knowledge of critical performance parameters of a sUAS, such 
as maximum command and control link range and lost-link protocols, is a 
precondition for flight. For example, if a directional antenna is used, 
one may choose to improve the antenna performance by physically 
pointing the antenna towards the aircraft in a more optimal manner 
consistent with its design. These practices offer a means to avoid 
potential lost-link hazards. System knowledge is also important in 
recovering from unusual attitudes and avoiding high-risk maneuvers.

    Failure Condition Description Mitigation Examples Fly-away This 
failure condition occurs when an unmanned aircraft fails to respond to 
any ground control system commands, proceeds on a route unknown to the 
pilot, and continues on a pathway until fuel exhaustion. These failure 
conditions create significant risk to other aircraft and persons. 
Therefore, it is incumbent upon the applicant to understand if their 
sUAS is vulnerable to this failure condition. The applicant should 
understand all scenarios where the aircraft could enter a ``flight not 
under control of the pilot'' mode.

    For those systems with pre-programmed flight paths (typically 
invoked upon lost comm or lost C2 link events), the pilot should assure 
that the aircraft follows a specific, known flight path upon a C2 link 
failure condition.

    The pilot and sUAS designer should know the deterministic behaviors 
of the aircraft. Loss of electrical power to aircraft systems, such as 
command and control or motors driving sUAS propulsion, or GPS, and so 
forth Electrical power typically is used by the aircraft to power 
flight computers (autopilot), control surfaces (actuators or servos), 
GPS, radio, and so forth. The electrical system for a sUAS typically is 
one distribution system with voltages affected by components within 
that electrical power distribution system or the system being powered. 
Therefore, a failure in the electrical power distribution system, its 
components, its power source, and so forth may cause sUAS critical 
systems failures. The pilot should check all connections before flight. 
The battery capacity should be sufficient as determined by briefing and 
flight plan before launch. All flight control surface movements should 
be confirmed. A pre-flight checklist should be prepared and followed by 
the pilot to assure that the electrical system is intact and 
functional.

    . . .

    Loss of communications with sUAS (commonly referred to as a lost 
link) Radio failure, antenna failure, interference from other systems, 
weak signal, range exceedance, and so forth may cause loss of 
communications (lost C2 link). Before flight, the pilot shall assess 
radio communications via a consistent procedure, including exercising 
the flight controls to assure the communications link is intact and 
functional. Lost GPS (either a signal from the satellite or a failure 
of the GPS systems on the sUAS) Most sUAS systems depend on GPS links 
for navigation and control of the aircraft. Loss of GPS may occur 
because of interference from other radio signals, loss of the GPS 
itself (because of GPS failure, loss of electrical power to the GPS, 
and so forth), shadowing caused by proximity to other structures or 
land formations, and so forth. Before flight, the pilot shall assess 
the GPS by confirming its performance: signal strength, sufficient 
satellites in view, and accurate position of the stationary aircraft.

    The pilot will assess the intended flight path to assess if GPS 
loss may occur. The pilot may choose alternate flight paths to decrease 
the chance of GPS loss. Loss of sUAS control as a result of ``hijack'' 
(another entity takes control of the sUAS) sUAS radio links may be 
vulnerable to other signals, intentional and unintentional, which could 
cause the aircraft to deviate from its intended flight path. Although 
no aircraft failure may be present, the aircraft may no longer be 
controlled by its pilot. The pilot should assess the radio link before 
flight and immediately after flight. The pilot may choose to use 
encrypted communications links. Loss of flight control (this scenario 
comprises failure of flight control surfaces or the auto-pilot, and so 
forth) Flight control failures may comprise system failures (such as 
control surface actuators and servos), flight computer failures 
(provides incorrect flight control signal to the control surface 
actuator), and so forth. Before flight, the pilot will assess all 
control surface function by actuating and observing proper movements of 
surfaces. Control station failure Control station failures may occur as 
a result of loss of electrical power, system failure (of components or 
systems within the ground control system such as the ground control 
computer or iPad or other), software failure (such as software), and so 
forth. The control station may possess a backup power supply or ensure 
that the remote control elements are charged to a satisfactory level 
before every flight. The pilot will exercise the ground control system 
to assure its appropriate operation before flight. Impacts of rain, 
snow, dust, or other environmental factors Environmental conditions may 
affect the sUAS including: carburetor icing for gasoline/diesel fueled 
engines; radio signal deformation as a result of rain or snow; icing 
that affects control surface movement; water exposure of the avionics; 
humidity affecting connectors; and so forth.
                                  ***
    This concludes AUVSI's response to the question for the record.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Todd Young to 
                              Harry Wingo
    From a national security perspective, there will always be varying 
concerns about the risks associated with the advancement of information 
technology products and services in the global supply chain. These 
risks are generally associated with the Federal government's limited 
visibility into, understanding of, and control over how foreign 
technology is developed, integrated, and processed to assure the 
integrity and security of the products. Nonetheless, with respect to 
the United States economy, it is still important to maintain an open 
investment climate in information technology, but there must be balance 
between consumer and industry needs, and national security.
    Question 1. With Chinese UAS companies clearly focusing on 
controlling the drone hardware market, can you elaborate on a national 
strategy to focus on supply chain concerns?
    Answer. A national strategy to focus on supply chain concerns 
should,

  1.  Measure the current extent of market dominance and influence by 
        Chinese UAS companies, including the details on past and 
        anticipated purchase of Chinese UAS by U.S. Federal agencies 
        (e.g., the Department of the Interior), and provide expedited 
        recommendations for Congress concerning the potential to 
        promote ``Buy USA'' commercial drones in the near-term, and to 
        encourage the growth and sustainability of America's domestic 
        UAS market in the long term (Note: This assessment should be 
        done with focus and appropriate speed, and in a manner that 
        eases the burden of participation by small USA-based companies, 
        but that requests more from market-leading Chinese UAS 
        companies that have more extensive resources to respond);

  2.  Provide incentives for ``Buy USA'' alternatives, such as those 
        companies bidding for a recent U.S. Army opportunity worth 
        $11M. The U.S. companies are Skydio, Altavian, Teal Drones, 
        Vantage Robotics, and Lumenier.

  3.  Promote synergies between Federal government development, 
        procurement and use of UAS and US-based and operated UAS 
        companies, as well as with related big tech (or defense 
        industry) companies like Amazon, Microsoft, Lockheed, Uber, 
        FedEx and others.

  4.  Draw lessons from the experience of National Security related UAS 
        efforts conducted, in a manner that appropriately protects 
        security and information, but that eliminates ``stovepipes'' 
        between Federal technology stakeholders defending the Nation 
        and those seeking to use drones in State or Local Government, 
        in Academia, or in private industry.

  5.  Fast-track the use of Buy-USA drones in ``Smart City'' pilot or 
        demonstration projects, particularly those that require special 
        authorization to test new concepts or approaches (e.g., Real 
        ID, night-flight drones, indoor-flight for public safety, 
        package delivery, passenger drones, etc.).

  6.  Consider providing tax breaks for UAS companies, or those who 
        would partner with them (e.g., Walmart, FedEx, UPS, Amazon).

    Question 2. Additionally, what policies would you suggest to 
effectively protect data of consumers or related to national security 
that could be stored by foreign vendors or third parties?
    Answer. Policies to protect consumers' data, or that related to 
national security might include,

  1.  Requesting that regulators assess ``light touch'' regulatory 
        approaches to assess the risk to U.S. consumers' privacy by 
        Chinese UAS companies, even those that claim to base their 
        manufacturing within the U.S.

  2.  Directing Federal agencies like the Dept. of Commerce's National 
        Institute of Standards and Technology (NIST) to hold workshops 
        on the risk from offshore data flows, or otherwise explore the 
        issues surrounding Chinese UAS supply chains, and in the case 
        of national security, to encourage (or direct) DHS, FAA, DoD 
        and other stakeholders to explore these issues on a more 
        focused and accelerated basis--and provide the funding and 
        personnel authorizations to do so.
                                 ______
                                 
Response to Written Question Submitted by Hon. Tammy Duckworth to Harry 
                                 Wingo
    Question. What is the FAA safety standard or procedure for ``lost 
link'' drones that are unable to receive a navigation signal from its 
operator? Are you aware of efforts at the FAA to develop a standard? If 
not, should the FAA should develop such a standard or should this issue 
be left to individual manufacturers?
    Answer.
    Yes, FAA ``lost link'' procedures exist for large drones.
    FAA Safety standards or procedures for ``lost link'' drones, at 
least those over 55 lbs (e.g., Global Hawk, RQ-4) in FAA JO 7110.65X 
CHG 1. FAA, Air Traffic Organization Policy. Effective Date: March 29, 
2018. https://www.faa.gov/document
Library/media/Order/JO_7110.65X_Air_Traffic_Control_CHG_1.pdf. See also 
FAA Notice JO 7110.724, UNMANNED AIRCRAFT SYSTEMS (UAS) LOST LINK 
(effective, Nov. 11, 2016; cancellation, Apr. 27, 2017). https://
www.faa.gov/document
Library/media/Notice/N_JO_7110.724_5-2-9_UAS_Lost_Link_2.pdf; https://
www
.faa.gov/regulations_policies/orders_notices/index.cfm/go/
document.information/documentID/1030088).

    Small commercial drones of less than 55 lbs., which were the focus 
of the June 18, 2019 hearing before this Subcommittee, would be 
addressed by Part 107 rule waivers and authorizations.

    Also under development: Control, Non-Payload Communications (CNPC) 
links (FAA, NASA, industry).
    Also, I am aware of the development of drone industry consensus 
standards for Control, Non-Payload Communications (CNPC) links. (See, 
e.g., Kerczewski, Robert J. & Griner, James H. (2012). Control and Non-
Payload Communications Links for Integrated Unmanned Aircraft 
Operations. NASA Glenn Research Center. Accessed 8/9/2019. https://
ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20120016398.pdf). How 
critical CNPC links are depends on the nature of UA operations, and the 
level of automation--for example, highly automated, low-risk operations 
would rely less on the CNPC link, but more complex operations dependent 
on ``human in the loop'' pilots would demand a more continuous and 
reliable CNPC link. Such factors are being considered as CNPC standards 
are being developed.

    The industry is rapidly evolving and market demands are shaping 
lost link protocols such as requiring pre-programmed commands that 
will, short of malfunction (unintentional or otherwise), direct the UA 
to return to base or one of several pre-set locations; land immediately 
(likely using obstacle avoidance in doing so); or to hover in place 
until returning to waypoints or landing becomes necessary.

    The industry is also exploring whether the UA might be programmed 
to continue on its predetermined course despite a ``lost link'' 
situation--again, this possibility will weigh the operational risk and 
level and trust-worthiness of automation on the airframe. The 
artificial intelligence (AI) that enables such automation raises 
another kind of drone security supply chain risk issue--the provenance 
of the AI guiding such ``lost link'' continue-on-course operations (as 
well as the options of return to base/waypoints, or landing safely). 
Specifically, if the on-airframe AI used to control small commercial 
drones in a lost link situation is easily spoofed, or is trained on 
corrupted or otherwise faulty data, safety of operations might be 
compromised. The cutting edge of fully-autonomous operation of small 
drones is currently in operation by the San Diego-based, Veteran-
founded and operated company, Shield AI (https://www.shield.ai/). This 
company has approximately 100 employees based in San Diego, California, 
and is led by a Founder and CEO who formerly served as a Navy SEAL.

    The development of CNPC, the kind of signal and available spectrum 
used will impact the definition of ``lost link''--for example, digital 
signals may be considered in the context of packet loss and delay. It 
is my understanding that the FAA is currently determining suitable 
testing requirements for CNPC to enable development of performance-
based standards for RF-linked UA operations. (See, e.g., Shalkhauser, 
Kurt A., Ishac, Joseph A., Iannicca, Dennis C., Bretmersky, Steven C. & 
Smith, Albert E. (July 2017). Control and Non-Payload Communications 
(CNPC) Prototype Radio Validation Flight Test Report. NASA/TM-2017-
219379. NASA, Glenn Research Center. Accessed 8/9/2019. https://
ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/20180001192.pdf.).
    Thank you for the opportunity to respond to your questions for the 
record.
    I look forward to any additional follow up that may be helpful.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Todd Young to 
                             Harold H. Shaw
    From a national security perspective, there will always be varying 
concerns about the risks associated with the advancement of information 
technology products and services in the global supply chain. These 
risks are generally associated with the Federal government's limited 
visibility into, understanding of, and control over how foreign 
technology is developed, integrated, and processed to assure the 
integrity and security of the products. Nonetheless, with respect to 
the United States economy, it is still important to maintain an open 
investment climate in information technology, but there must be balance 
between consumer and industry needs, and national security.
    Question 1. With Chinese UAS companies clearly focusing on 
controlling the drone hardware market, can you elaborate on a national 
strategy to focus on supply chain concerns?
    Answer. As an airport operator, we do not have the insights or 
intelligence to make an informed recommendation on a national strategy. 
Further discussion on a national strategy relating to the drone 
hardware market, are best directed to other participants on the witness 
panel or other Federal intelligence agencies.

    Question 2. Additionally, what policies would you suggest to 
effectively protect data of consumers or related to national security 
that could be stored by foreign vendors or third parties?
    Answer. As the operator of Logan International Airport, Worcester 
Regional Airport and Hanscom Field, we work with our Federal partners 
such as the FAA in protecting these important transportation venues. I 
would suggest that this question be referred to our Federal partners, 
who might be better positioned to recommend policies relating to the 
protection of data.
                                 ______
                                 
  Response to Written Questions Submitted by Hon. Tammy Duckworth to 
                             Harold H. Shaw
    Question 1. Do you have the necessary tools and support to protect 
your airport's perimeter from interference by an unauthorized drone? If 
not, what additional resources or guidance do you need?
    Answer. Thank you for the opportunity to respond to these important 
questions. The Massachusetts Port Authority and other airport operators 
across the Nation lack the authority, legal framework, and technologies 
to adequately protect airport perimeters from unauthorized drone 
activities. As mentioned in my testimony, the additional resources and 
guidance needed can be grouped into improvements in enforcement, 
technology, and collaboration/research.
    We support several initiatives in the 2018 FAA Reauthorization Act, 
such as making it a criminal offense to fly certain UAS near airports, 
requiring the FAA to develop a strategy to assist state and local 
government response to a UAS threat, and directing the Comptroller 
General to study state and local roles in UAS regulations.
    Nevertheless, we also strongly appeal to this Committee and to 
Congress to take additional steps that will provide state and local 
partners additional flexibility to address this issue from a safety 
perspective. Under current law, some Federal agencies are authorized to 
intercept and neutralize a UAS that poses a threat to safety; however, 
those agencies lack the capability to provide robust and persistent 
coverage across the Nation. State and local agencies are ready to fill 
this void, but we need greater legal authority to do so. We strongly 
appeal to this Committee and to our members of Congress to take 
additional steps that will empower state and local partners to take 
charge of their own safety. Until Federal agencies are better prepared 
to provide real-time support.
    Additionally, there is no single commercial system available to 
airports that can safely and effectively identify, track, and 
neutralize rogue UAS's in domestic airspace. At Massport, we are now 
reviewing available technology related to situational awareness for 
application at our airports and facilities. The FAA has expressed 
concerns to airports about deploying technology and potential legal 
implications based on current Federal law. This has chilled our efforts 
to engage proactively on testing technology.
    We commend the FAA's efforts to support research and development 
projects to counter the UAS threat, and we encourage the FAA to expand 
existing pilot programs to identify solutions to this ever-increasing 
challenge as soon as possible. We have offered Logan and our local 
resources as a test site for this research.
    Finally, we support multi-state and Federal agency collaboration, 
information sharing, testing, training, and setting common standards 
and operating procedures.

    Question 2. What is the FAA safety standard or procedure for ``lost 
link'' drones that are unable to receive a navigation signal from its 
operator? Are you aware of efforts at the FAA to develop a standard? If 
not, should the FAA should develop such a standard or should this issue 
be left to individual manufacturers?
    Answer. Since FAA has the primary role in ensuring UAS's are 
integrated into public airspace in a positive and safe manner that 
allows for commercial and recreational use while addressing the risks, 
it makes sense that the FAA should develop and set standards for ``lost 
link'' procedures.

                                  [all]