Did Chinese cyber spying cause the F-35 Joint Strike Fighter’s cost spikes and production delays? That’s the question Pentagon budget officials are asking according to Aviation Week.
Chinese spies apparently hacked into secure conference calls and listened to meetings discussing the classified technologies aboard the jets. In particular, China may have stolen info about the F-35’s secure communications and antenna systems; leading to costly software rewrites and other redesigns to compromised parts of the plane.
The worst part, this problem isn’t just limited to the F-35, though the program’s size and the fact that it’s information systems were apparently designed without any concern for cyber espionage made it an easy target.
Anyone who has been following U.S.-China military relations and cyber warfare knows that China has been hacking into the networks of U.S. defense contractors and the Pentagon and rolling out brand new weapons like the J-20 stealth fighter.
Here’s the latest from Av Week:
Before the intrusions were discovered nearly three years ago, Chinese hackers actually sat in on what were supposed to have been secure, online program-progress conferences, the officials say.
The full extent of the connection is still being assessed, but there is consensus that escalating costs, reduced annual purchases and production stretch-outs are a reflection to some degree of the need for redesign of critical equipment. Examples include specialized communications and antenna arrays for stealth aircraft, as well as significant rewriting of software to protect systems vulnerable to hacking.
It is only recently that U.S. officials have started talking openly about how data losses are driving up the cost of military programs and creating operational vulnerabilities, although claims of a large impact on the Lockheed Martin JSF are drawing mixed responses from senior leaders. All the same, no one is saying there has been no impact.
While claiming ignorance of details about effects on the stealth strike aircraft program, James Clapper, director of national intelligence, says that Internet technology has “led to egregious pilfering of intellectual capital and property. The F-35 was clearly a target,” he confirms. “Clearly the attacks … whether from individuals or nation-states are a serious challenge and we need to do something about it.”
The F-35 issue was ducked as well by David Shedd, deputy director of the Defense Intelligence Agency, but not the impact of cybertheft on defense spending and operational security.
“I am not going to talk about the F-35, Shedd says. “I’d be sitting with the secretary having a counseling session. The answer is absolutely yes. The leaks have hurt our efforts in that it gives the adversary an advantage in having insights into what we’re doing. It should be clear that whether there are leaks on the technology side or that affect preemptive decision-making, they are very damaging to the intelligence community.”
Those closer to the program are less equivocal about the damage that cyberintrusions are causing the JSF program.
“You are on to something,” says a veteran combat pilot with insight into both the F-35 and the intelligence communities “There are both operational and schedule problems with the program related to the cyber data thefts. In addition, there are the costs of redressing weaknesses in the original system design and lots of software fixes.”
Here’s the kicker, the JSF’s info systems weren’t built with cyber espionage in mind, this led to a bunch of subcontractors networks being ‘totally compromised.” Shocking considering the plane was meant for the 21st Century. C’mon guys.
Defense analysts note that the JSF’s information system was not designed with cyberespionage, now called advanced persistent threat, in mind. Lockheed Martin officials now admit that subcontractors (6–8 in 2009 alone, according to company officials) were hacked and “totally compromised.” In fact, the stealth fighter program probably has the biggest “attack surface” or points that can be attacked owing to the vast number of international subcontractors.
There also is the issue of unintended consequences. The 2009 hacking was apparently not aimed at the F-35 but rather at a classified program. However, those accidental results were spectacular. Not only could intruders extract data, but they became invisible witnesses to online meetings and technical discussions, say veteran U.S. aerospace industry analysts. After the break-in was discovered, the classified program was halted and not restarted until a completely new, costly and cumbersome security system was in place.