Foreign F-35 Users Spend Millions To Stop Jet’s Computer From Sharing Their Secrets
Article Source: The WarZone
Lockheed Martin has received a multi-million dollar contract for work on a firewall that will allow F-35 Joint Strike Fighter operators to prevent the transfer of potentially sensitive information that the jet’s sensors and computer brain scoop up and send back to the United States via a cloud-based network.
The development comes as foreign partners in the project become increasingly worried about the data that the aircraft is collecting and storing, but concerns could remain about security breaches or if the links to the system get cut altogether, especially in the middle of a crisis. The Pentagon announced the deal, which came through the U.S. Navy, the service that is presently in charge of the main F-35 Joint Program Office (JPO), on Aug. 17, 2018.
The Maryland-headquartered defense contractor is set to receive more than $26 million all of which is funding from the program’s international partners to craft what the U.S. military is calling the Sovereign Data Management (SDM) system for the Joint Strike Fighter’s Autonomic Logistics Information System (ALIS). The contract covers work through June 2020, but it’s not clear if a final version of the new data transfer setup will be ready for operational use by then.
“This effort provides F-35 international partners the capability to review and block messages to prevent sovereign data loss,” the Pentagon’s daily contracting announcement explained. “Additionally, the effort includes studies and recommendations to improve the security architecture of ALIS.”
As it exists now, ALIS harvests an immense amount of data on the aircraft’s systems, which is supposed to help ground crews identify and fix problems. It also sends that information back to the F-35 JPO and Lockheed Martin’s offices so that specialists can see if parts are wearing out as expected or if there are previously unknown, but common points of failure that might need some sort of modification or upgrade down the line. Lockheed Martin sends out critical software patches via ALIS, as well.
But it also handles mission data packages. When the Jets return to base, personnel on the ground extract that and other additional information that the aircraft’s sensors may have recorded. during the sortie for debriefing and other analysis. This could include a host of national security secrets, including records of the plane’s flight path and mission profile, communications data, video imagery, electronic signatures and locations of friendly and opposing radars and other emitters, and potential details about a country’s tactics, techniques, and procedures.
There has been a separate concern that once any information ended up on Lockheed Martin’s servers, that it could be vulnerable to a cyber attack, either directly against the company or against one of many subcontractors scattered across 45 states and Puerto Rico. Testing in 2017 revealed that known vulnerabilities in F-35 related networks had gone unaddressed, according to the most recent routine review of the program from the Pentagon’s Office of the Director of Operational Test and Evaluation.
So, the foreign members of the F-35 program are wary of exactly what ALIS might be grabbing and sending back not only to the U.S. government, but to a private company, and then possibly putting at even greater risk of compromise. Even allies don’t typically share all of their secrets and they usually exchange any sensitive information in a way where they can sanitize it to protect their own sources and methods.