| Recurring |
one_organization |
(a) The software failure incident related to the ban on DJI drones by the US Army due to cyber vulnerabilities is specific to DJI products. The incident involves concerns about data security and potential vulnerabilities associated with DJI drones, leading to the Army enforcing new orders to ban the use of DJI drones [62211].
(b) The articles do not mention any similar incidents happening at other organizations with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the case of the US Army banning DJI drones due to cyber vulnerabilities associated with DJI products. The Army Aviation Directorate enforced new orders banning DJI drones after classified studies indicated security concerns related to DJI drones [62211].
(b) The software failure incident related to the operation phase can be inferred from the fact that hackers have been able to jailbreak some DJI drones to control and modify safety features on the devices. Additionally, reports have indicated that DJI can gather location, audio, and visual data from user flights, raising concerns about potential interception of data linked to DJI drones during operation [62211]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident related to the US Army banning DJI drones was primarily due to concerns about cyber vulnerabilities associated with DJI products. The Army Aviation Directorate enforced new orders banning DJI drones due to these security concerns, including the potential for hackers to jailbreak the drones and access sensitive data [62211]. The failure originated within the system in terms of the vulnerabilities and risks associated with the DJI drones themselves.
(b) outside_system: The software failure incident also had elements that originated from outside the system. There were concerns about potential data interception or spyware, leading to the Army's directive to cease all use of DJI drones and components. The broader context of international suspicion over state use of consumer products developed abroad, particularly between the US and countries like Russia, also played a role in the Army's decision to ban DJI drones [62211]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident in this case is related to the banning of DJI drones by the US Army due to cyber vulnerabilities associated with DJI products. The Army Aviation Directorate enforced new orders banning DJI drones because of concerns about data interception, spyware, and potential cyber vulnerabilities [62211].
(b) The software failure incident occurring due to human actions:
The incident also involves human actions as hackers have been able to jailbreak some DJI drones to control and modify safety features on the devices. Additionally, drone owners have developed jailbreaks for DJI devices to override safety controls like flight elevation maximums, indicating human actions contributing to the software failure incident [62211]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware can be inferred from the article as the US Army banned the use of DJI drones due to increased awareness of cyber vulnerabilities associated with DJI products. The concern was about potential data interception or spyware, indicating fears about hardware-related vulnerabilities that could compromise data security [62211].
(b) The software failure incident related to software can be seen in the article where hackers were able to jailbreak some DJI drones to control and modify safety features on the devices. Additionally, reports indicated that DJI could gather location, audio, and visual data from user flights, raising concerns about software vulnerabilities that allowed unauthorized access to sensitive data [62211]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident related to the ban on DJI drones by the US Army is more aligned with a malicious objective. The Army banned DJI drones due to "increased awareness of cyber vulnerabilities associated with DJI products" [62211]. The concern was about potential data interception, spyware, and unauthorized access to sensitive data from the drones, which could reveal extensive information about US military operations. There were reports of hackers jailbreaking DJI drones to control and modify safety features, indicating malicious intent to exploit vulnerabilities in the system. Additionally, the comprehensive nature of the directive to cease all use of DJI drones, uninstall applications, and secure equipment suggests fears about data interception or exploitation [62211].
(b) On the non-malicious side, DJI, the Chinese company that manufactures the drones, stated that they do not market their products for military customers and do not track devices or access unit audio or video feeds [62211]. The company mentioned that the amount of information it can access about a user depends on the data sharing granted by the customer through DJI mobile apps. This indicates that the failure may not have been due to intentional harm but rather due to vulnerabilities in the system that could potentially be exploited by malicious actors. |
| Intent (Poor/Accidental Decisions) |
unknown |
The articles do not provide information about a software failure incident related to poor decisions or accidental decisions. |
| Capability (Incompetence/Accidental) |
development_incompetence, unknown |
(a) The software failure incident related to development incompetence is evident in the case of the US Army banning DJI drones due to cyber vulnerabilities associated with DJI products. The Army Aviation Directorate enforced new orders banning DJI drones after classified studies revealed security concerns, including hackers being able to jailbreak DJI drones and access location, audio, and visual data without customer consent [62211].
(b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article. |
| Duration |
temporary |
The software failure incident related to the banning of DJI drones by the US Army due to cyber vulnerabilities can be considered as a temporary failure. This is because the Army Aviation Directorate enforced new orders banning DJI drones specifically due to increased awareness of cyber vulnerabilities associated with DJI products [62211]. The ban was a specific action taken in response to identified vulnerabilities, indicating that the failure was temporary and could potentially be resolved by addressing the specific issues with DJI drones. |
| Behaviour |
other |
(a) crash: The software failure incident described in the articles is not related to a crash where the system loses state and does not perform any of its intended functions. Instead, the failure is more focused on security concerns and vulnerabilities associated with DJI drones used by the US Army [62211].
(b) omission: There is no indication in the articles that the software failure incident was due to the system omitting to perform its intended functions at an instance(s).
(c) timing: The failure is not related to the system performing its intended functions correctly but too late or too early.
(d) value: The software failure incident is not directly related to the system performing its intended functions incorrectly.
(e) byzantine: The behavior of the software failure incident does not align with the definition of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The software failure incident is primarily related to concerns about cyber vulnerabilities associated with DJI drones used by the US Army, potential data interception, and security risks rather than a specific failure in the software's behavior as traditionally defined [62211]. |