The F-35’s promise — to be the single be-all and end-all of every combat mission that any service (of any nation) might want to fly — has always been terribly seductive, as has throwing every high-tech idea under the sun at the plane, from fully integrated data and networking systems, to the plane being able to tell ground-based logistics what sort of repairs and parts it needs.
But as anyone who has done any sort of large, innovative project, esp. one prone to scope creep (and where such creep profits the party doing the work), such efforts tend to be extremely expensive, as the F-35 has clearly demonstrated. It also has tended to create a complicated jet where a flaw over here can have unexpected consequences over there — and, as a fully networked combat system, something that may be vulnerable to cyber-attack.
Fortunately, we’re not building this to go against any enemies that can do cyber-attacks, are we?
Most worryingly, a report in October from the US government’s General Accountability Office found the Department of Defense had failed to protect the software used to control the F-35’s weapons systems. Testers could take control of weapons with “relatively simple tools and techniques.”
To give you an idea of how the interconnected nature of the F-35’s computer systems is a massive vulnerability in of itself: separate subsystems, such as the Active Electronically Scanned Array radar, Distributed Aperture System, and the Communications, Navigation, and Identification Avionics System, all share data. Thus, the GAO’s auditors warned, just compromising one of these components could bring down the others.
“A successful attack on one of the systems the weapon depends on can potentially limit the weapon’s effectiveness, prevent it from achieving its mission, or even cause physical damage and loss of life,” said the GAO team.
Of course, certainly the contractor and the government have been diligent about finding and plugging any security issues.
“As in previous years, cybersecurity testing shows that many previously confirmed F-35 vulnerabilities have not been fixed, meaning that enemy hackers could potentially shut down the ALIS network, steal secret data from the network and onboard computers, and perhaps prevent the F-35 from flying or from accomplishing its missions,” Grazier wrote.
As for penetration testing of the ALIS system, Uncle Sam dropped the ball, the independent watchdog suggested. Rather than unleash a DoD red team of hackers on the code, the US government paid F-35 manufacturer Lockheed Martin to do it, and just accepted the results. Such hands-off regulation didn’t work out so great for Boeing and America’s aviator regulator, the FAA.
Well, at the very least, I’m sure the Pentagon has no officers who feel their careers are caught up inextricably in the F-35’s success and would therefore push the plane forward before it’s ready for combat, and certainly they wouldn’t be already moving forward with retiring existing successful combat aircraft before the F-35 has demonstrated it can do the job, right?
Right?
Do you want to know more? Easy-to-hack combat systems, years-old flaws and a massive bill – yup, that’s America’s F-35 • The Register