F-35 JSF Aircraft Program Penetrated By Computer Spies?


The US Department of Defense is expected to procure 2,443 stealthy F-35 Lightning II jet fighters (also known as the Joint Strike Fighter or JSF), which is expected to cost nearly $1 trillion to develop, purchase, and operate over its currently projected life-time. Over the next five years, the US now plans to buy 513 JSFs, up from 355 in the program of record.

In today's Wall Street Journal, there is a front page story today claiming that computer hackers/spies have penetrated the F-35 program as well as the US Air Force's air traffic control system.

The WSJ story says, "In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft."

In addition, "the spies inserted technology that encrypts the data as it's being stolen; as a result, investigators can't tell exactly what data has been taken. A former Pentagon official said the military carried out a thorough cleanup."

The story then goes on to say that the WSJ could not determine the financial or security impacts involved, nor was the most sensitive data on flight controls or sensors accessed, since it is on a separate, isolated system not connected to the Internet.

The WSJ story also says that the penetrations go back to 2007 and continued into 2008. The breaches, says the WSJ, appeared to have occurred in Turkey and one other unnamed country that is one of the eight international F-35 development partners. In 2008, the UK's BAE Systems was suspected of being a source of a F-35 security leak, but was later cleared.

It will be interesting to see what the reaction to the WSJ story will be. On one hand, I can see the Defense Department saying that whatever was accessed was "old information" and no longer of any particular value, and that the story is overblown and sensationalist. In other words, project a "no harm, no foul" spin.

On the other, I can see members of Congress asking for an inquiry about the F-35's status and the problems of keeping secrets when you have so many potential sources of data leakage.

BTW, as far as the US Air Force's air traffic control system, the WSJ says that the intrusion "occurred in recent months" and "alarmed" security officials, since the spies could have found a way to confuse US military aircraft. I suspect that Congress will be very interested in hearing more about it.

I'll keep you updated as the story develops or doesn't.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City