{"id":138476,"date":"2019-03-30T12:20:23","date_gmt":"2019-03-30T18:20:23","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/?p=138476"},"modified":"2019-03-30T12:20:23","modified_gmt":"2019-03-30T18:20:23","slug":"continued-concerns-about-the-f-35-and-cyber-security","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2019\/03\/30\/continued-concerns-about-the-f-35-and-cyber-security.html","title":{"rendered":"Continued concerns about the F-35 and cyber-security"},"content":{"rendered":"

The F-35’s promise — to be the single be-all and end-all of every combat mission that any service (of any nation) might want to fly — has always been terribly seductive, as has throwing every high-tech idea under the sun at the plane, from fully integrated data and networking systems, to the plane being able to tell ground-based logistics what sort of repairs and parts it needs.<\/p>\n

\"\"<\/a>
But they look so cool!<\/figcaption><\/figure>\n

But as anyone who has done\u00a0any<\/em> sort of large, innovative project, esp. one prone to scope creep (and where such creep profits the party doing the work), such efforts tend to be extremely expensive, as the F-35 has clearly demonstrated. It also has tended to create a complicated jet where a flaw over here<\/em> can have unexpected consequences over there<\/em>\u00a0— and, as a fully networked combat system, something that may be vulnerable to cyber-attack.<\/p>\n

Fortunately, we’re not building this to go against any enemies that can do cyber-attacks, are we?<\/p>\n

Most worryingly, a\u00a0report in October<\/a>\u00a0from the US government’s General Accountability Office found the Department of Defense had failed to protect the software used to control the F-35’s weapons systems. Testers could take control of weapons with “relatively simple tools and techniques.”<\/p>\n

To give you an idea of how the interconnected nature of the F-35’s computer systems is a massive vulnerability in of itself: separate subsystems, such as the Active Electronically Scanned Array radar, Distributed Aperture System, and the Communications, Navigation, and Identification Avionics System, all share data. Thus, the GAO’s auditors warned, just compromising one of these components could bring down the others.<\/p>\n

\u201cA successful attack on one of the systems the weapon depends on can potentially limit the weapon\u2019s effectiveness, prevent it from achieving its mission, or even cause physical damage and loss of life,\u201d said the GAO team.<\/p><\/blockquote>\n

Of course, certainly the contractor and the government have been diligent about finding and plugging any security issues.<\/p>\n

“As in previous years, cybersecurity testing shows that many previously confirmed F-35 vulnerabilities have not been fixed, meaning that enemy hackers could potentially shut down the ALIS network, steal secret data from the network and onboard computers, and perhaps prevent the F-35 from flying or from accomplishing its missions,” Grazier wrote.<\/p>\n

As for penetration testing of the ALIS system, Uncle Sam dropped the ball, the independent watchdog suggested. Rather than unleash a DoD red team of hackers on the code, the US government paid F-35 manufacturer Lockheed Martin to do it, and just accepted the results<\/strong>. Such hands-off regulation\u00a0didn’t work out so great<\/a>\u00a0for Boeing and America’s aviator regulator, the FAA.<\/p><\/blockquote>\n

Well, at the very least, I’m sure the Pentagon has no officers who feel their careers are caught up inextricably in the F-35’s success and would therefore push the plane forward before it’s ready for combat, and certainly they wouldn’t be already moving forward with retiring existing successful combat aircraft before the F-35 has demonstrated it can do the job, right?<\/p>\n

Right?<\/p>\n

Do you want to know more?<\/em>\u00a0Easy-to-hack combat systems, years-old flaws and a massive bill \u2013 yup, that’s America’s F-35 \u2022 The Register<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

I love the smell of Massive, Innovative IT Projects in the morning.<\/p>\n","protected":false},"author":2,"featured_media":138477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_seopress_analysis_target_kw":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[375,20,349,376],"tags":[1816],"class_list":["post-138476","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer-security","category-hi-tech","category-military","category-taxing-spending","tag-f35"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2019\/03\/f35.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":43840,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/07\/25\/the-money-pit-f-35-edition.html","url_meta":{"origin":138476,"position":0},"title":"The Money Pit (F-35 Edition)","author":"***Dave","date":"Fri 25-Jul-14 9:36am","format":false,"excerpt":"I'd really prefer not to think that the executives of Lockheed-Martin, or our Congresscritters, are willingly leaving this country vulnerable through this botched-up never-ending black hole of spending (and local employment). I'd like to think that they all believe that eventually, if enough additional money (and local employment) is thrown\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":133640,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/06\/10\/is-there-anything-the-f-35-program-isnt-screwing-up.html","url_meta":{"origin":138476,"position":1},"title":"Is there anything the F-35 program isn't screwing up?","author":"***Dave","date":"Sat 10-Jun-17 2:47pm","format":false,"excerpt":"Not so far as I can tell.The current casualty is the A-10 Warthog. The plane was due to be phased out by a close air support version of the theoretically jack-of-all-trades F-35. Then, as the F-35 program extended out due to widespread technical problems, the Air Force okayed continued deployment\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":128777,"url":"https:\/\/hill-kleerup.org\/blog\/2015\/11\/12\/the-air-force-grudgingly-admits-that-well-maybe-this-older-plane-might-work.html","url_meta":{"origin":138476,"position":2},"title":"The Air Force grudgingly admits that, well, maybe this older plane might work","author":"***Dave","date":"Thu 12-Nov-15 3:53pm","format":false,"excerpt":"At least for a little while. Until the bugs are shaken out of their bright shiny new plane. Which they haven't been yet, but will be, soon, I'm sure. And even thought that new plane probably won't serve the role as well as this older plane. But that's okay, because\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":28374,"url":"https:\/\/hill-kleerup.org\/blog\/2012\/06\/19\/yet-another-massive-government-tech-project-goes-horribly-horribly-wrong.html","url_meta":{"origin":138476,"position":3},"title":"Yet another massive government tech project goes horribly, horribly wrong","author":"***Dave","date":"Tue 19-Jun-12 1:38pm","format":false,"excerpt":"Yet another massive government tech project goes horribly, horribly wrongScope creep, insistence on a big bang roll-out, more scope creep, different customers demanding different things which the project insisted on trying to achieve, still more scope creep, a project that encompasses a decade and a half of radically changing technology\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":84,"url":"https:\/\/hill-kleerup.org\/blog\/2003\/06\/18\/something_speci.html","url_meta":{"origin":138476,"position":4},"title":"Something special in the air","author":"***Dave","date":"Wed 18-Jun-03 9:43pm","format":false,"excerpt":"Damn, my butt is sore....","rel":"","context":"In "Travel"","block_context":{"text":"Travel","link":"https:\/\/hill-kleerup.org\/blog\/category\/travel"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":132828,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/02\/11\/tweetizen-trump-2017-02-11-so-dangerous.html","url_meta":{"origin":138476,"position":5},"title":"Tweetizen Trump – 2017-02-11 "SO DANGEROUS!"","author":"***Dave","date":"Sat 11-Feb-17 10:46am","format":false,"excerpt":"You've been so chatty on Twitter, Donald, I feel like I need to check in even on a Saturday. Watching you is a spectacle that never ends!===\u25ba Our legal system is broken! \"77% of refugees allowed into U.S. since travel reprieve hail from seven suspect countries.\" (WT) SO DANGEROUS! [1]Why\u2026","rel":"","context":"In "~PlusPosts"","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/138476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=138476"}],"version-history":[{"count":1,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/138476\/revisions"}],"predecessor-version":[{"id":138478,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/138476\/revisions\/138478"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media\/138477"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=138476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=138476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=138476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}