The "Totally Stuffed" issue of Dronin' On 11.18.17
Mi casa es su casa

Hi all –

A lot of unsettling news swirling around our little corner of the sky.

I am going to do my best to address the most recent Drone Advisory Committee (DAC) kerfuffle because it plays directly against the brand spanking new Drone Integration Pilot Program (DIPP). And we’ll look at threats including another mostly unreported drone strike, cyber, DJI and the uncertain future of the FAA.


But first I would like to welcome one of my mentors,  Mark Dombroff, a partner at LeClairRyan who has written a guest post, Deja Vu All Over Again:  Drone Registration and The Drone Integration Pilot Program. Mark offers a provocative take on what the FAA’s role should be going forward.

One of the problems with the drone industry, at least in my opinion, is that the FAA is too involved in promoting its growth when it should be more focused on getting a regulatory structure in place which allows the industry to grow itself. Some might say the Integration Project is, by and large, a growth program designed to move a stalled initiative forward and address a wide spectrum of issues hampering growth of the industry.  So long as the Integration Project is used as a vehicle which assists in creating a regulatory structure, we could see some real progress


Real quick backstory if you somehow managed to miss it. On May 5, 2016 FAA Administrator Michael Huerta announced the formation of the DAC.

Huerta defined the DAC’s mission as “Help [the FAA] identify and prioritize integration challenges and improvements, and create broad support for an overall integration strategy.”

That part sounded pretty good, the part that turned out to be the gotcha was:

Input from stakeholders is critical to our ability to achieve that perfect balance between integration and safety. We know that our policies and overall regulation of this segment of aviation will be more successful if we have the backing of a strong, diverse coalition.”

What could possibly go wrong?

Four months later, the DAC met for the first time. “The DAC will be comprised of CEO/COO-level executives from key UAS stakeholder organizations.” It wasn’t. The list of 34 members is here.

According to the September 2016 minutes, at the initial meeting DAC Chairman and Intel CEO Brian Krzanich told the group that Consensus is the goal in all recommendations. The DAC is strictly an advisory committee.”

DAC Subcommittees (DACSC) were created “To establish a ranked set of priorities among the remaining drone integration issues the DAC identified at its
inaugural meeting

  • DACSC 1 (aka Task Group 1 or TG1) was to address Roles and Responsibilities.
  • DACSC 2 (TG 2) was to address Access to Airspace.
  • DACSC 3 (TG 3) was created later to address how to pay for all this…

I know you’ve heard it from me before, but repetition hasn’t changed my mind. Remote Identification is the single greatest problem facing the FAA and the industry for two reasons.

  • In the 2016 Extension Act (FESSA), the very first thing Congress mandated was that the FAA develop consensus standards for “…Remotely identifying operators and owners of unmanned aircraft systems.” It is a difficult problem that hasn’t been solved.
  • But the bigger reason is that in 2017, remote identification has become the deal breaker/go-no-go piece that must be overcome to satisfy the concerns of every level of law enforcement.

If there was a place that the FAA needed industry input, this was it. (And still is.)

While according to the minutes, considerable time was spent reviewing FESSA at the kick off meeting; in their infinite wisdom the FAA chose not to assign the Identification problem to the DAC. (Perhaps the six weeks between FESSA and the first meeting was not enough time to realize that 2202, aka Item #1 needed to
be addressed?)

It took six months for the FAA to announce the UAS Identification and Tracking Aviation Rulemaking Committee (ARC) at the FAA’s UAS Symposium. A few months later, this became what I have yclept the Broken ARC when it failed to come to consensus – one participant privately described the process to me as
a “cluster.”

As the news about the Broken ARC and then DACSC/Task Group 1 hit the press, attention turned to the fifth DAC meeting on November 8, the day that the work of the Task Groups was to be publicly revealed.

I have covered the Broken ARC at length over the past weeks. The headline is that in the 93 page summary of the November 8th meeting, there is not a single word about the Identification ARC; or more incredibly, a plan for addressing the issue.

With that dispensed with, let’s turn our attention to the very popular DACSC/TG 1. On October 23rd, WaPo ran A U.S. Drone Advisory Group Has Been Meeting in Secret for Months: It Hasn’t Gone Well. The punch line was:

John Eagerton, chief of Alabama’s aeronautics bureau and a co-chair of Task Group 1; San Francisco Mayor Edwin M. Lee (D); a representative of the University of Oklahoma; the National League of Cities; the National Association of Counties; and the National Conference of State Legislatures emailed a “statement of dissent” to other group members last month.

“Despite good-faith efforts to engage in Task Group 1, many of us have been obstructed from meaningful participation and we all have serious concerns about the recommendations included in the draft reports,” they wrote.

Mayor Lee wrote another strongly worded letter dated November 8th to DAC Chairman Brian Krzanich. I have summarized a few key points, but it is no substitute for reading the letter yourself.

I urge the DAC to send back Task Group 1’s work product… Because the process was flawed, the recommendations produced by that process were also flawed… Despite assurances that only consensus views would be presented, areas of disagreement have been presented and relegated to an alternative position.

WaPo picked up the tale at the DAC meeting, Federal Drone Advisory Panel Knocked for ‘Lack of Transparency and Poor Management’. Mayor Lee did not attend but a top aide read parts of the letter aloud at the meeting.

We remind the subcommittee that no consensus position was reached on four of the [nine] common ground principles… The ability to reasonably regulate to ensure public safety, privacy, and to minimize public nuisance are cornerstones of the role of local government.”

Brendan Schulman, a lobbyist with Chinese drone manufacturer DJI who co-chairs Task Group 1, rejected the mayor’s critique. Schulman describes his leadership role as constructive and inclusive. “The mayor’s letter couldn’t be more wrong about the task group process,” Schulman said in a statement. “We have been welcoming of broad participation from the beginning.”

Since then Schulman has used the Facebook UAV Legal News & Discussion Forum to support TG1’s work saying that:

The main question: in this less-than-ideal world for you, what would you need to provide comfort and assurance that innovation would flourish, the airspace would remain safe, regulations would actually be reasonable, and legitimate local interests would be served?

Again, the instructions to all three DACSCs was to develop consensus positions – in other words to find the elusive, inclusive common ground. TG1 failed, just as the ARC failed.


Which actually would have been OK, (if you don’t succeed at first etc.), except that the Drone Integration Pilot Program (DIPP) came along which is dependent on the participation of the very people marginalized by TG1.

According to WaPo, the new face of the FAA to the UAS community, FAA Deputy Administrator Dan Elwell, had an answer for that:

Elwell said Task Group 1 will be reconstituted and given a new job away from policy and politics. Instead, it will be asked to provide “the technical and operational recommendations we need to implement the pilot program.”

Now that is going to be one happy working group… It seems to me that Mayor Lee and the rest of the public sector group are the ones who are the most likely to be able to offer ideas about how to manage the DIPP process.

Tim Wright at Air & Space Magazine did a very thoughtful interview with Jonathan Rupprecht, Should Localities Decide on Drone Policy? Not Everyone Thinks So. Here is a salient paragraph:

The [DIPP] program puts such a heavy emphasis on local government involvement that drone operators seem secondary. In fact, FAA documents make clear that local governments participating in the pilot program will be the ones responsible for communications with the FAA.

Localities during these tests will be able to “request reasonable time, place and manner limitations” on drone flight operations. A footnote says they may also prohibit “flight during specific morning and evening rush hours” or permit flight only “during specified hours” such as daylight. They also will have the authority to mandate equipment, establish flight speeds, designate takeoff and landing zones, and prohibit flight over certain areas in their jurisdiction. 

Let’s look at how this could play out – Betsy Lillian’s article, Port of Long Beach Requires $100 UAS Permit tells everyone’s nightmare story:

The Port of Long Beach, Calif., is now requiring unmanned aircraft system (UAS) operators to get a separate permit from the port’s security division before they take off or land in the Harbor District.

…The new rules, which went into effect on Oct. 26, mandate that in order for UAS pilots to receive the permit, they must show proof of insurance, provide registration information and takeoff and landing plans, and obtain permission from occupants of any port facilities to be overflown. 

Clearly, this rule was written by someone who knows exactly what safeguards they feel are important. Note that the Port did not participate in DIPP – they simply made up the rules. So do their rules trump an FAA waiver? This is going to be a delicate balancing act.

As to who will participate in the DIPP…According to the WaPo article:

An FAA official said Wednesday [November 8th] that 633 entities — among them cities, counties, academic institutions and emergency responders — have indicated they plan to apply for the pilot program. 

Since that was a short week after the launch event, I think that it is reasonable to assume that the number has increased. Let’s just guess that it is over 1,000
by now.

In their November newsletter, the Small UAV Coalition offered the first insight into the process.

The submissions will be assessed by multiple review boards within the DOT, and Secretary Chao will select at least five jurisdictions to participate in the program.

What is for sure, is that everyone is going to become a lot more sophisticated about how the FAA operates.


It would be one thing – daunting but possible – to negotiate new rules and regulations if the discussions were solely based on economic benefit. Unfortunately, our industry lives one bozo, one bad luck, one heartbeat, one tipping point away from a myriad of threats that change the risk calculus and impact public perception.

Not reported in the US, but here thanks to reader Paul P, is the story of yet another drone strike, bringing the total to three in the past few weeks – this one a 737-800 on final into Buenos Aires.

While the Boeing landed safely, the captain of the aircraft notified the tower that a major incident was averted, after the drone struck below the window on the commander’s side of the aircraft. Had it [drone] hit the engine it would have failed the engine,” the pilot is quoted as saying by La Capital. He also noted that “three weeks ago, in the same place, we crossed a drone within five meters,” reports.

[Like the rest of us, the pilot doesn’t actually know what would have happened, but that is not going to stop him or any of the professional pilot associations from voicing their concerns. Nor will it reduce the pucker factor…]

Here’s How Drones Do (and Don’t) Threaten Passenger Aircraft in Scientific American reprises the current state of drone strike research. One conclusion, which the data bears out, is that the risk is less than many thought. We are now waiting for real-world test results from ASSURE.

Of course, the threat that has garnered the undivided attention of law enforcement is the profound impact of sUAS tactics on the military. In To Counter Weaponized Drones, US Needs Joint Public-Private Solutions, DefenseNews explores the heretofore unmentionable terror of biological and chemical payloads.


Let’s start with a big idea – because apparently it surprised an awful lot of people. Aviation Today ran Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says.

“We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” said Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate. 

Eager to enter the C2 fray, CTIA Calls on the FAA to Recognize That Commercial Wireless Networks Offer Best Platform for Drones is a press release that anticipates FAA rulemaking on spectrum in 2018. Among other things the CTIA points to “Strong authentication and other security measures that protect users and networks.” The land grab is on. There is a solid whitepaper that lays out
their argument.

A couple of good food-for-thoughters. Wrapping Intelligence Around the Open Source Whirlwind is a fascinating look at how increasingly available data (digital breadcrumbs) can be used for intelligence. Do Young Humans + Artificial Intelligence = Cybersecurity? explores the challenges of managing the talent necessary to secure our networks and data.


Just a boatload of bad news coming on the heels of what should have been a big week after the AirWorks enterprise event, starting with an important article in by Malek Murison, Inside DJI’s Flawed Bug Bounty Program.

DroneLife understands that the majority of researchers offered bounties by DJI after submitting successful reports have decided to walk away from the agreement. This is because the terms of the NDA – offered in retrospect by DJI – have been deemed unacceptable.  

Gary Mortimer at sUAS News has more details in Don’t Mess With Bug Bounty Hunters, DJI Full Infrastructure Compromise. Read it for yourself – my takeaway is that DJI does store a lot more user data than they want us to know about, and doesn’t do a swell job protecting it.

On a webinar Thursday morning, Goetz Mayser, Director of C-UAV Detection and Counter Solutions for Rohde & Schwarz, noted that one of the challenges to maintaining a library of RF signatures to aid in drone identification and classification is that DJI is constantly changing the signatures which is making it more difficult for law enforcement.

Early word from hackers is that DJI Aeroscope, which is being touted as a security solution to law enforcement, is itself not secure. The Verge has a story here, Tracking Rogue Drones With DJI’s New Aeroscope System that does not go into the vulnerabilities.

All of this goes to the security of DJI’s new enterprise offering, FlightHub, along with speculation about the impact of the offering and the long-term prospects for companies whose fleet management programs are based on the DJI API and SDK. Kittyhawk, who many think is particularly vulnerable, has wasted no time responding, Kittyhawk Beats FlightHub – See Why Enterprises Choose Us‎. Those folks sure are feisty – they get the No Fear t-shirt.

UPDATE Friday morning I received the following email: “DJI will be upgrading the FlightHub system for the next few weeks. This unfortunately means that we will have to temporarily halt the FlightHub beta testing until this process is complete.”


Elon Musk rolled out the new Tesla semi on a primetime webcast Thursday night. Guaranteed for 1,000,000 miles! Recode has the story.

There must be some kind of rule about not appreciating how good you’ve got it till you don’t… Consider that the yet to be nominated FAA Administrator must be approved by the Senate. Politico reports that our current and soon to be appreciated (non-pilot) Administrator Huerta told the august Aero Club
of Washington

“Jan. 6 is my last day, which happens to correspond to the start of ski season,” Huerta said, in response to a question from the audience. He also gave some tips to his successor, saying he or she should “embrace change, be a good listener, make the tough decisions.”

MIT Technology Review: Quote of the Day

“It used to be said that data is the new oil. Personally, I think it’s like nuclear fuel. It’s becoming toxic.”

— Web inventor Tim Berners-Lee tells Bloomberg that the view on data collection will shift, from how to make money off of it to how to limit the damage it
can cause.

Please note that there will not be an issue of Dronin’ On next weekend. I’ll be back December 2nd.  I wish you a safe trip over the river and through TSA to Grandmother’s house – or wherever it is you are going to be with family and friends.

Hurrah for the fun! Is the pudding done?
Hurrah for the pumpkin pie!

Thanks for reading and for sharing. All of the back issues of Dronin’ On can be found here.


Christopher Korody
follow me @dronewriter


This site uses Akismet to reduce spam. Learn how your comment data is processed.