Several lawmakers called for DHS to step up and create policies and guidelines for the use of drones. They also voiced concern about terrorist groups compromising a drone's computer system and using it as a weapon to attack the United States.
Todd Humphreys, a professor at the University of Texas at Austin, testified that he and his team had successfully tapped into a civilian drone's computer system through a method known as "spoofing." Using that method, a hacker transmits counterfeit global positioning system (GPS) signals to fool the drone's navigation system and take control of it.
He warned that drones and several types of critical infrastructure in the United States rely on civil GPS technology, which can be easily tapped into by spoofing and other hacking methods.
Humphreys recommended that drones weighing more than 18 pounds or deemed critical infrastructure by DHS should bake encrypted signal feeds and spoof-resistant technology into their navigation systems. But he added that DHS should commit to funding the development and implementation of encrypted signatures into civil GPS signals.
"I believe it would fall to DHS to fund something like this," Humphreys said, adding that the Federal Aviation Administration's expertise is focused on the safety of airspace rather than the defense of it.
But in the short term, he noted that there are anti-spoofing techniques that can be baked into navigation systems of drones. While these techniques "don't prevent very sophisticate attacks, they would sure make them much harder," Humphreys said.
Gerald Dillingham, a director at the Government Accountability Office, said DHS had not implemented the security recommendations that GAO had outlined in an earlier report. The department told GAO it was taking actions that were sufficient to address the issues, he added.
Dillingham said that DHS, the FAA and Justice Department should decide which agency should take the lead in regulating drone use.
Rep. Yvette Clarke (D-N.Y.) said it was "not acceptable" for DHS to decline the subcommittee's invitation to testify and share its thoughts on the potential risks associated with these devices.
Lawmakers also questioned how drones impact the privacy and civil liberties of American citizens.
Amie Stepanovich, litigation counsel at the Electronic Privacy Information Center, called for Congress to pass legislation that would prohibit drones from carrying out targeted surveillance, as well as make the drone program subject to independent audits and oversight. Stepanovich noted that nefarious actors could their hands on sensitive information by hacking into drones' computer systems.
Stepanovich criticized DHS for not taking steps to assess how drone use affects Americans' civil liberties and for not developing policies to safeguard privacy.
"We think it's important to do this now. Violations have not occurred yet," she said. "If you wait for the drones to go up in the air before we act, you're going to regret it."