The US Air Force is focusing on resolving some cybersecurity issues detected in the F-35's external support systems, as they are considered the easiest entry points for hackers.
General Stephen Jost, director of the Air Force's Office of F-35 Integration, told Defense News: "This is essentially a software-based aircraft and any software-based platform is susceptible to hacking."
The aircraft's information backbone, managed directly by manufacturer Lockheed Martin, is relatively secure. This is thanks to what the gen. Jost defined “multi-layered security protections” ranging from secure authentication when creating mission data packets for each aircraft before takeoff, to pilots typing passwords to start the aircraft.
Confidence wanes "as you get away from the heart of the plane," said Gen. Jost. When considering systems such as the autonomous logistics information system or the joint reprogramming environment, there are "many nodes of vulnerability that we are trying to solve".
The Autonomic Logistics Information System, or ALIS, is a key application designed to provide unprecedented automation in monitoring the health of aircraft components. The Joint Reprogramming Enterprise refers to government software labs that compile collections of updated threat characteristics - Russian tanks, for example - for loading into the plane so that its sensors can recognize targets. Also, officials worry about F-35 flight simulators, regarding cyber security. They could be tempting targets for hackers looking for information about the plane. The introduction of wireless applications to facilitate maintenance on the flight line could also pose new vulnerabilities that need to be addressed, General Jost said.
The Government Accountability Office, however, published a report last October that warns insiders against cybernetic vulnerabilities in almost all of the Defense Department's weapons systems.
The shortcomings exist because many systems were conceived in an era in which cyber attacks were not considered a threat.
“In operational tests, US defense officials have systematically found cyber vulnerabilities even in systems under development. However, the officials of the GAO program are convinced that the systems will be safe when they go into actual operational activity ”.
"GAO experts who stressed security systems used relatively simple tools and techniques and managed to take control of the systems and largely operate unnoticed. The comforting aspect is that the vulnerabilities found were often caused by superficialities easily overcome: bad password management and unencrypted communications.
A key examination phase for the F-35 program, called initial operational test and assessment, has been scheduled in the coming days. The test plan, required for all major programs, also includes a forced stress regime on the cyber security of the weapon system.
