Cyber attacks more likely to bring down US’ most-advanced F-35 stealth fighter jet than Russian missiles
The F-35 is the US’ most advanced F-35 stealth fighter jet. It’s a high-tech stealthy fighter jet capable of evading radar while infiltrating enemy airspace to deliver a knockout blow. However, as sophisticated as F-35 is, it has one major vulnerability—being hacked.
Manufactured by defense company Lockheed Martin Corp, the F-35 also comes in configurations or variants: the F-35A conventional take-off and landing (CTOL) variant, the F-35B short take-off/vertical landing (STOVL) variant, and the F-35C carrier variant (CV), which was designed to be the US Navy’s first stealth fighter.
The F-35 Lightning II can evade radar while infiltrating enemy airspace to deliver a knockout blow. It’s a sophisticated, stealthy fighter with one big vulnerability—being hacked.
The United States currently operates about 450 F-35 fighter jets and plans to operate about 2,500 of them by the mid-2040s. According to a GAO report, the F-35 Lightning II Joint Strike Fighter program remains DOD’s most expensive weapon system program. It is projected to cost US taxpayers over $1.7 trillion to buy, operate, and sustain.
Maintenance cost is one of the many factors that could spell trouble for these 34,830-pound behemoths. The other is the flying cost. It costs about $36,000 every hour the F-35 is in the air, which is about 50 percent more than what an F-16 costs to fly. Currently, the F-35 Lightning II is widely considered the world’s most advanced fighter jet.
However, as advanced as the F-35 fighter jets are, they’re also vulnerable to cyberattacks, more so than the enemy missiles. Today, most aircraft contain thousands of thousand electronic chips required to power the flight computers that keep them in the sky, and advanced jet fighters such as the F-35 are no exception.
Currently, Taiwan-based TSMC makes electronic chips used in the Lockheed-Martin F-35 Lighting II fighter jet, causing growing concerns within the U.S government that China could use the myriad of electronic devices as a backdoor to get into them. Just last month, the US Pentagon stopped accepting new F-35 fighter jets following reports that Chinese-made parts were being used in the aircraft.
With thousands, if not millions, of moving parts, the F-35 faces increasingly serious cyber threats to its platforms and weapons systems. The F-35 fighter jet has been called the “flying computer,” thanks in part to its “myriad new contraptions that include AI-like sensor fusion, 360-degree camera views, improved data links, a database of threat information at-the-ready, and highly advanced computerized logistics systems.”
According to a recent report by National Interest, the F-35 Program is plagued with “uncorrected design flaws, cyber-vulnerabilities, and unreliability, that could make it potentially possible for hackers to ‘shoot’ down America’s most sophisticated fighter jet.
As Air Force Times explains, the F-35 has multiple layers of security, including PIN numbers for individual pilots and secure authentication in crafting mission packages for uploading into the aircraft computer. So, it’s impossible for a faraway hacker, for example, to start up the aircraft and force its engine to explode or cause the airplane to roll off the runway and crash.
However, much of the F-35’s strength lies in its ability to connect to the wider military and harness big data about the mission, hence its weakest link. For example, the worldwide fleet of F-35s is connected to at least two secure networks designed to maximize and improve efficiency. The first is the Autonomic Logistics Information System (ALIS), which keeps track of individual aircraft issues and the location of spare parts and equipment worldwide.
Below is a video of how Lockheed Martin video that describes ALIS:
Every F-35 squadron, regardless of the country, has a 13-server ALIS package that is connected to the global ALIS network. “Individual jets send logistical data back to their nation’s Central Point of Entry, which then passes it on to Lockheed’s central server hub in Fort Worth, Texas,” the Air Force Times explains. In fact, ALIS sends back so much data that some countries are worried it could give away too much information about their F-35 operations.
Another networking system used to support F-35 operation is the Joint Reprogramming Enterprise (JRE), a system that maintains a shared library of potential adversary sensors and weapon systems that is distributed to the worldwide F-35 fleet.
In an interview with Defense News, the director of the Air Force F-35 Integration Office, Brig. Gen. Stephen Jost, said there are “a lot of nodes of vulnerability that we’re trying to shore up.” Not only is the worldwide networking system vulnerable, but wireless systems used to support the F-35 could also be points of entry for hackers.
Below is a video of Lt. Gen Bogdan making a bold claim that “the ability of this airplane to withstand software vulnerabilities, from the airplane perspective, is unmatched in the Department of Defense.” During the Congressional hearing, he also added:
“The bigger problem that we see is on our off-board systems that are connected to various networks. And when the system was originally designed, the maintenance system and the mission planning system on this airplane, we didn’t know what we didn’t know about the threats. And the threat, cyber-wise, continues to evolve day in and day out. So it is sometimes a catch-up game for us to be able to recognize what the current threats can do and figure out a way to get that into our systems.”
That’s not all. the Pentagon weapons testing office’s 2019 annual report painted a grim picture of an incompletely designed and vulnerable aircraft that may never be able to perform many of its intended functions. The report further noted that the entire F-35 system remains vulnerable to cyber threats.
As of February 28, 2020, the Project On Government Oversight (POGO) recently reported, a previously confidential document produced by the F-35 program office found that are a still-growing number of design flaws with the F-35.
The document obtained by POGO shows that the F-35 program office has made little progress in fixing the fighter jet’s hundreds of design flaws, and continues to discover more of them. “The Joint Strike Fighter Program Office’s Deficiency Report Metrics document, dated February 28, 2020, shows the program is currently dealing with 883 unresolved design flaws—and has no plan for correcting over 160 of them. More than half, 448 deficiencies, remain “open, in dispute.” This means pilots or engineers believed they found a problem, but the contractors tasked with fixing the problems are claiming no problem exists,” POGO reported.
The GAO also reported in August 2020 that, “while the program has conducted cybersecurity testing on several aspects of the F-35 aircraft and support systems, three air vehicle subsystems tests and two enterprise-level ALIS tests remain. The program expects to complete these by August 2020. The tests completed to date have identified multiple cybersecurity vulnerabilities (the results of the cybersecurity test were classified). The F-35 program office has taken steps to address some identified vulnerabilities and is working to address the remainder.”
To prepare for this eventuality, the US Air Force established the Cyber Resilience Office for Weapons Systems (CROWS) To address these cybersecurity vulnerabilities and bolster the cyber resiliency of weapon systems to maintain mission effectiveness. CROWS is also designed to collaborate with all stakeholders and partners to bring about the best ideas and strategies to anticipate potential enemy cyberattacks.