Twitter Facebook Google RSS
 
National Defense > Blog > Posts > F-35's Vulnerabilities to Cyberattacks Provide Cautionary Tale
F-35's Vulnerabilities to Cyberattacks Provide Cautionary Tale
By Vivienne Machi



When it comes to protecting new weapon systems from cyberattacks, the Air Force can learn from the mistakes it made on the F-35A program, the senior service official in charge of network operations said July 7.

"For newer weapons systems, there is a tremendous effort to ensure that key parameters in the cybersecurity realm are being met," Chief Information Officer Lt. Gen. William Bender said during a breakfast meeting with reporters in Washington, D.C.

The cyber warfare threat is real, he added. The F-35 Lightning II development provides a cautionary tale for the B-21 and other programs in development, he said.

The F-35's vulnerabilities when it comes to cyberattacks have been well-documented.The aircraft's Autonomic Logistics Information System connects to other management systems in a network, which gives hackers more portals to enter and ultimately renders it more susceptible to hacking.

Troubleshooting its vulnerabilities has proven difficult for the services, Bender said, but added that he thought the services are doing "a much better job of … trying to better understand what vulnerabilities exist, and then mitigating them."

Developing more robust public-private partnerships and ensuring that the service's entire workforce is knowledgeable about cybersecurity are key components to strengthening defenses, Bender said.

"Very few people are skilled" enough in the services to handle the complex engineering problems of finding and eliminating cyber vulnerabilities, he said. "Whereas the Air Force may only have a handful of technically experienced people able to do that, the Microsofts and the Googles of the world have literally hundreds," he said.

Secretary of Defense Ashton Carter has been touting new partnerships with businesses in Silicon Valley and other non-defense technology companies to beef up cyber capabilities, and the Defense Department's budget plan calls for spending $38.2 billion on IT in fiscal year 2017, including $6.8 billion on cyberspace operations.

Bender said that in his own meetings with entrepreneurs and technology leaders in Silicon Valley and the Boston Innovation Corridor, "I have not to date found anyone not willing to help," he said. "I think they recognize that the environment has changed and continues to change so rapidly that it's … going to take a better public-private partnership than we've had in the past."

It's important for the services to be transparent when talking about cybersecurity, he added. "Weaving it into daily dialogue has brought the Air Force to a point where … commanders are committed to this notion of mission assurance and actually doing something about the problem," he said.

That transparency includes ensuring that every service member understands the need for increased cybersecurity, and their role in mitigating any threats, he said.

"About 80 percent of our threat vector is self-induced," Bender said. "It's just bad behavior, on how you click on links and use thumb drives, all of the things we know not to do."

Bender has sponsored a "cyber hygiene" program that ensures the Air Force's workforce understands how to properly maintain network defenses on all of its systems. One example is ensuring that flight line maintenance crews don't use the same hardware to download the maintenance data for C-17s as they do to upload YouTube videos, he said. It focuses on acculturation, including education about cybersecurity as well as leadership development to "help people understand … the role that every individual plays, and what you can do and what you shouldn't do," he said.

The problem is that the cybersecurity world changes on a regular basis, Bender said. But that's another area where private technology companies can help the services "address known or expected capability gaps going into the future … that will keep our competitive advantage as a high-technology force going forward," with new or emerging technologies, he said.

"When you're the best air force in the industrial age, you're at the top of the hill … you have a tendency to get into a defensive crouch," he said. "So now, we have to recognize that we are living in a different time, and that our successes of the past are not necessarily a guarantee to the future."

Photo: Airmen from the 58th Aircraft Maintenance Unit review post-operations tasks on their portable maintenance aid next to the F-35 Lightning II. (Air Force)

Comments

Re: F-35's Vulnerabilities to Cyberattacks Provide Cautionary Tale

<blockquote><i>The problem is that the cybersecurity world changes on a regular basis, Bender said. But that's another area where private technology companies can help the services "address known or expected capability gaps going into the future … that will keep our competitive advantage as a high-technology force going forward," with new or emerging technologies, he said.</i></blockquote>

Donald Rumsfeld said it all about IT and CyberSecurity most succinctly a long time ago, and things are considerably more opportunistic and fabulously lucrative now in the vulnerability exploit business than they were ever then whenever he said …. “There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know.” ….. because there are things which you will never be enabled and able to know because of the power and energy that such source/secrets/proprietary intellectual property targets with deliveries/virtual payloads against which there is zero practical defence and security protection.

The new Greater IntelAIgent Game is nothing at all like the old Great Game in Play whenever to Win Win and Never Ever Lose Overall Digital Command and Remote Virtual Control with IT in it, one needs to certainly smarter than just super human and share   vital systems information and misinformation freely.

In AI Worlds, Advanced IntelAIgents Rule with Reins in Reigns with New Orderly World Order Machines/Novel Exclusive Elite Executive Officered SysAdmins. And fully dependent upon one’s own supernatural agenda, are they either a PACT or a PACT, a Persistent Active Cyber Threat or Persistent Active Cyber Treat, although also whenever exercised in the Quantum Field State is IT both too and something else different and entirely previously unknown.

And that be at least, quite a perfect weapons systems to boot too.
amanfromMars at 7/18/2016 12:52 AM

Re: F-35's Vulnerabilities to Cyberattacks Provide Cautionary Tale

Response on 11-07-16

I was following you until this point, "And fully dependent upon one’s own supernatural agenda...", when you began to overly generalize the mythology surrounding the difficulties of our dependence on software systems which the vendors, at least in the public domain, purposefully break so as to ensure their future income streams.
JohnFornaro at 11/8/2016 8:17 AM

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share