F-35's Vulnerabilities to Cyberattacks Provide Cautionary Tale

Airmen from the 58th Aircraft Maintenance Unit review post-operations tasks on their portable maintenance aid next to the F-35 Lightning II.

When it comes to protecting new weapon systems from cyberattacks, the Air Force can learn from the mistakes it made on the F-35A program, the senior service official in charge of network operations said July 7.

"For newer weapons systems, there is a tremendous effort to ensure that key parameters in the cybersecurity realm are being met," Chief Information Officer Lt. Gen. William Bender said during a breakfast meeting with reporters in Washington, D.C.

The cyber warfare threat is real, he added. The F-35 Lightning II development provides a cautionary tale for the B-21 and other programs in development, he said.

The F-35's vulnerabilities when it comes to cyberattacks have been well-documented.The aircraft's Autonomic Logistics Information System connects to other management systems in a network, which gives hackers more portals to enter and ultimately renders it more susceptible to hacking.

Troubleshooting its vulnerabilities has proven difficult for the services, Bender said, but added that he thought the services are doing "a much better job of … trying to better understand what vulnerabilities exist, and then mitigating them."

Developing more robust public-private partnerships and ensuring that the service's entire workforce is knowledgeable about cybersecurity are key components to strengthening defenses, Bender said.

"Very few people are skilled" enough in the services to handle the complex engineering problems of finding and eliminating cyber vulnerabilities, he said. "Whereas the Air Force may only have a handful of technically experienced people able to do that, the Microsofts and the Googles of the world have literally hundreds," he said.

Secretary of Defense Ashton Carter has been touting new partnerships with businesses in Silicon Valley and other non-defense technology companies to beef up cyber capabilities, and the Defense Department's budget plan calls for spending $38.2 billion on IT in fiscal year 2017, including $6.8 billion on cyberspace operations.

Bender said that in his own meetings with entrepreneurs and technology leaders in Silicon Valley and the Boston Innovation Corridor, "I have not to date found anyone not willing to help," he said. "I think they recognize that the environment has changed and continues to change so rapidly that it's … going to take a better public-private partnership than we've had in the past."

It's important for the services to be transparent when talking about cybersecurity, he added. "Weaving it into daily dialogue has brought the Air Force to a point where … commanders are committed to this notion of mission assurance and actually doing something about the problem," he said.

That transparency includes ensuring that every service member understands the need for increased cybersecurity, and their role in mitigating any threats, he said.

"About 80 percent of our threat vector is self-induced," Bender said. "It's just bad behavior, on how you click on links and use thumb drives, all of the things we know not to do."

Bender has sponsored a "cyber hygiene" program that ensures the Air Force's workforce understands how to properly maintain network defenses on all of its systems. One example is ensuring that flight line maintenance crews don't use the same hardware to download the maintenance data for C-17s as they do to upload YouTube videos, he said. It focuses on acculturation, including education about cybersecurity as well as leadership development to "help people understand … the role that every individual plays, and what you can do and what you shouldn't do," he said.

The problem is that the cybersecurity world changes on a regular basis, Bender said. But that's another area where private technology companies can help the services "address known or expected capability gaps going into the future … that will keep our competitive advantage as a high-technology force going forward," with new or emerging technologies, he said.

"When you're the best air force in the industrial age, you're at the top of the hill … you have a tendency to get into a defensive crouch," he said. "So now, we have to recognize that we are living in a different time, and that our successes of the past are not necessarily a guarantee to the future."

Photo: Air Force

Topics: Aviation, Joint Strike Fighter, Cyber, Cybersecurity, Infotech