How Hacking turn F-35 biggest strength into its biggest weakness. F-35’s Greatest Vulnerability Isn’t Enemy Weapons
The U.S. Air Force is devoting fresh energy to plugging cybersecurity holes in the F-35’s external support systems, as they have deemed the easiest entry points for hackers into the fifth-generation combat jet, according to a key service official.
“It’s a software-based aircraft, and any software-based platform is going to be susceptible to hacking,” Brig. Gen. Stephen Jost, director of the Air Force F-35 Integration Office, told Defense News in an interview at the International Fighter industry conference here.
The service considers the information backbone of the actual airplane – managed by manufacturer Lockheed Martin – relatively safe. That is thanks to what Jost called “multilayer security protections” ranging from secure authentication when crafting mission data packages for each aircraft before takeoff, to pilots punching in personal identification numbers to start up the plane.
The confidence wanes “as you get further from the air vehicle,” Jost said. When taking into account systems like the Autonomic Logistics Information System or the Joint Reprogramming Environment, there are “a lot of nodes of vulnerability that we’re trying to shore up,” he added.
Related Link: Norwegian F-35 Spy on its Owner: Send Sensitive Data Back to U.S.A.
The aircraft itself is pretty secure. As Air Force Times explains, there are multiple layers of security surrounding the jet, including PIN numbers for individual pilots and secure authentication in crafting mission packages for uploading into the aircraft computer. A faraway hacker could not, for example, start up the aircraft and force its engine to explode or cause the airplane to roll off the runway and crash.
But whether we’re talking about a home computer, phone, tablet, or a hugely expensive fighter jet, vulnerabilities add up the more you’re connected with the outside world. Much of the F-35’s strength lies in its ability to connect to the wider military and harness big data about the mission.
ALIS: Keeping the F-35 Mission Ready
The worldwide F-35 fleet is connected to at least two secure networks designed to maximize efficiency. The first is the Autonomic Logistics Information System, or ALIS, which keeps track of individual aircraft issues and the location of spare parts and equipment worldwide. Here’s a Lockheed Martin video that describes ALIS:
Every F-35 squadron, no matter the country, has a 13-server ALIS package that is connected to the worldwide ALIS network. Individual jets send logistical data back to their nation’s Central Point of Entry, which then passes it on to Lockheed’s central server hub in Fort Worth, Texas. In fact, ALIS sends back so much data that some countries are worried it could give away too much information about their F-35 operations.
Another networking system is the Joint Reprogramming Enterprise or JRE. The JRE maintains a shared library of potential adversary sensors and weapon systems that is distributed to the worldwide F-35 fleet. For example, the JRE will seek out and share information on enemy radar and electronic warfare signals so that individual air forces will not have to track down the information themselves. This allows countries with the F-35 to tailor the mission around anticipated threats—and fly one step ahead of them.
Although the networks have serious cybersecurity protections, they will undoubtedly be targets for hackers in times of peace, and war. Hackers might try to bring down the networks entirely, snarling the worldwide logistics system and even endangering the ability of individual aircraft to get much-needed spare parts. Alternately, it might be possible to compromise the integrity of the ALIS data—by, say, reporting a worldwide shortage of F-35 engines. Hackers could conceivably introduce bad data in the JRE that could compromise the safety of a mission, shortening the range of a weapon system so that a pilot thinks she is safely outside the engagement zone when she is most certainly not.
Even the F-35 simulators that train pilots could conceivably leak data to an adversary. Flight simulators are programmed to mirror flying a real aircraft as much as possible, but so data retrieved from a simulator will closely follow the data from a real F-35.
F-35 pilots are fond of saying that the plane is as much computer as a fighter jet.
Read more at popularmechanics.com