Insecure uncrewed aircraft systems; prohibition on procurement and use, report.
The impact of HB2038 will be significant, as it not only sets strict guidelines on the acquisition and operation of UAS by public entities but also introduces a grant program to assist these bodies in transitioning to secure UAS. The Uncrewed Aircraft Replacement Grant Program aims to provide financial support to public bodies that struggle with budget constraints to replace insecure systems, ensuring compliance with cybersecurity standards. Each public body must report annually to VITA, detailing their UAS usage and compliance efforts, which will help track adherence to the law.
House Bill 2038 aims to regulate the procurement and use of uncrewed aircraft systems (UAS) by public bodies in Virginia, focusing on enhancing cybersecurity measures. The bill prohibits public bodies from contracting for insecure UAS, defined as those with known cybersecurity vulnerabilities or those manufactured by foreign adversaries. The Virginia Information Technologies Agency (VITA) is tasked with establishing cybersecurity standards and certifying UAS as secure. Starting January 1, 2026, any public body found using an insecure UAS will be required to cease its use, thereby mandating a shift towards more secure alternatives.
General sentiment towards HB2038 has been positive, particularly among cybersecurity advocates and technology experts who view the bill as a proactive approach to mitigating risks associated with UAS usage. Supporters argue that enhancing cybersecurity is critical to protecting sensitive data and public safety. However, there may be concerns among some public bodies regarding the financial implications of replacing existing systems and the challenges posed by adapting to new technological standards.
Controversy surrounding the bill primarily focuses on the feasibility of transitioning away from existing, potentially non-compliant UAS. Public bodies that heavily rely on these systems for operations may find it challenging to secure funding and upgrade to compliant alternatives within the stipulated timeframe. Additionally, the definitions regarding 'insecure' and 'secure' UAS may lead to discussions about operational capabilities and the balance of technological advancement with security measures.