Foreign
F-35 Users Spend Millions To Stop Jet's Computer From Sharing Their Secrets
Operators will now be able to block the F-35's systems from sending data back
to the United States, but other security concerns may remain.
Lockheed Martin has received a multi-million dollar contract for work on a
firewall that will allow F-35 Joint Strike Fighter operators to prevent the
transfer of potentially sensitive information that the jet's sensors and
computer brain scoop up and send back to the United States via a cloud-based
network. The development comes as foreign partners in the project become
increasingly worried about the data that the aircraft is collecting and
storing, but concerns could remain about security breaches or if the links to
the system gets cut altogether, especially in the middle of a crisis.
The Pentagon announced the deal, which came through the U.S. Navy, the service
that is presently in charge of the main F-35 Joint Program Office (JPO), on
Aug. 17, 2018. The Maryland-headquartered defense contractor is set to receive
more than $26 million - all of which is funding from the program's
international partners - to craft what the U.S. military is calling the
Sovereign Data Management (SDM) system for the Joint Strike Fighter's Autonomic
Logistics Information System (ALIS). The contract covers work through June
2020, but it's not clear if a final version of the new data transfer setup will
be ready for operational use by then.
"This effort provides F-35 international partners the capability to review
and block messages to prevent sovereign data loss," the Pentagon's daily
contracting announcement explained. "Additionally, the effort includes
studies and recommendations to improve the security architecture of ALIS."
As it exists now, ALIS harvests an immense amount of data on the aircraft's
systems, which is supposed to help ground crews identify and fix problems. It
also sends that information back to the F-35 JPO and Lockheed Martin's offices
so that specialists can see if parts are wearing out as expected or if there
are previously unknown, but common points of failure that might need some sort
of modification or upgrade down the line. Lockheed Martin sends out critical
software patches via ALIS, as well.
But it also handle mission data packages. When the jets return to base,
personnel on the ground extract that and other additional information that the
aircraft's sensors may have recorded. during the sortie for debriefing and other
analysis. This could include a host of national security secrets, including
records of the plane's flight path and mission profile, communications data,
video imagery, electronic signatures and locations of friendly and opposing
radars and other emitters, and potential details about a country's tactics,
techniques, and procedures.
There has been a separate concern that once any information ended up on
Lockheed Martin's servers, that it could be vulnerable to a cyber attack,
either directly against the company or against one of many subcontractors
scattered across 45 states and Puerto Rico. Testing in 2017 revealed that known
vulnerabilities in F-35 related networks had gone unaddressed, according to the
most recent routine review of the program from the Pentagon's Office of the
Director of Operational Test and Evaluation.
I have laid out the worst case scenario for a breach of ALIS in the past:
"The nightmare scenario would involve an opponent causing a disruption
during an actual crisis by either actively feeding bad information into the
ALIS system or otherwise disabling some portion of it or its overarching
architecture. The interconnected nature of the arrangement might allow a
localized breach to infect larger segments of the F-35 fleet both in the United
States or abroad or vice versa. It's not hard to imagine the time and energy
needed to sort out real inputs and outputs from fake ones hampering or halting
operations entirely under the right circumstances.
Given the jet's low-observable characteristics, advanced defensive systems, and
other sensors, a cyber attack would be an attractive option for any enemy
force. Why would an enemy use a $500,000 air-to-air or surface-to-air missiles
and put their personnel and equipment at risk in an attempt to down an F-35
when a simple worm may be able to do the same to a whole fleet of F-35s? It
could also do so with plausible deniability, something kinetic weapons are far
less adept to."
So, not surprisingly, the foreign members of the F-35 program are wary of
exactly what ALIS might be grabbing and sending back not only to the U.S.
government, but to a private company, and then possibly putting at even greater
risk of compromise. Even allies don't typically share all of their secrets and
they usually exchange any sensitive information in a way where they can
sanitize it to protect their own sources and methods.
"Italy, in [this] specific case, wants to preserve its sovereignty on some
information, avoiding any unnecessary disclosure," an unidentified member of
the Italian Air Force told FlightGlobal at the Dubai Air Show in 2017. "In
order to do so, like other partners do, Italy took some actions to grant an
effective use of the weapon system, without disclosing some data that are
deemed sensible."
At that time, Italy and Norway had already established a shared software
laboratory at the U.S. Air Force's Eglin Air Force Base in Florida to develop
an interim firewall. The SDM, which includes various outside "studies and
recommendations," looks to be the culmination of that effort and others.
The Royal Australian Air Force has been pursuing its own separate plans, as
well.
However, there's still a question of how much autonomy the additional data
transfer system will give F-35 operators. Though Lockheed Martin had reportedly
approved countries putting their own initial systems into place and is now
designing these new tools, the firm has also been highly protective of ALIS'
code and other associated F-35 systems. As of October 2017, the U.S. military
was still locked in deliberations with the company over what information would
and wouldn't be in the jet's official operator's manual.
So far, only Israel has been able to secure the rights to operate its F-35I
Adirs completely independently of ALIS if necessary and to add its own software
on top of the system. Other Joint Strike Fighter users will remain dependent on
the system even with the SDM.
The F-35's interconnectedness already gives the U.S. government or Lockheed
Martin an unprecedented level of export control. ALIS offers a way to cut off
the distribution of software updates and important mission data to foreign
operators, as well as possibly serve as an entryway for an offensive cyber
attack to completely disable certain jets. Since ALIS identifies maintenance
issues and helps order spare parts, it could make maintaining the already
complex jets difficult, if not impossible. These are all things we at The War
Zone discussed at length in the past here.
The most obvious example of how the U.S. government might seek to use this
capability is in its present diplomatic spat with Turkey, which includes a
dispute over the latter country's purchase of Russian S-400 surface to air
missile systems. The U.S. military, as well as other F-35 operators,
particularly other NATO members, are concerned that this could expose secrets
about the Joint Strike Fighter's capabilities to the Russians.
In the U.S. defense spending bill for the 2019 Fiscal Year, which President
Donald Trump made law earlier in August 2018, Congress demanded a halt to any
cooperation with the Turkish government on the F-35, among other weapon
systems, until the Pentagon submits a report that includes "an assessment
of the operational and counterintelligence risks ... and the steps required to
mitigate those risks."
One step could be to use ALIS to limit or block Turkey's access to Joint Strike
Fighter software patches or other data. Of course, Turkey would still need some
baseline software to operate the aircraft at all, which Russian technicians could
seek to acquire access to, and there might just be opportunities to see how
capable the S-400's radars are or aren't at spotting and tracking the stealthy
jets.
Another option might be to use ALIS as a sort of counterintelligence tool to
more tightly monitor Turkish activities with the jets, such as when, where, and
how they're flying them, for potential threats. The Pentagon, which remains
publicly supportive of continued cooperation with its Turkish counterparts,
will likely present legislators with a variety of step to try to safeguard
sensitive details about the F-35s.
These same issues could crop up if the U.S. government decides to allow
additional countries to join the Joint Strike Fighter program. The United Arab
Emirates, Saudi Arabia, and India have all expressed interest in the jets in
the past and the latter two countries are buying S-400s, as well.
There have also been separate concerns that allowing the UAE and Saudi Arabia
to buy F-35s could threaten Israel's qualitative military edge in the region,
despite warming ties between the three countries. ALIS could give the U.S.
government enhanced safeguards to curtail Emirati or Saudi Joint Strike Fighter
operations should the geopolitical situation change.
So, with or without the SDM, this arrangement continues to present a potential
national security concern for any of the foreign F-35 operators. Now that they
have secured the new data transfer rights from Lockheed Martin, operators might
pursue greater leeway being able to use their jets independent of ALIS.
This might just involve developing a mechanism to allow countries to
temporarily work around the cloud-based network locally to continue conducting
operations in the event of a broad cyber attack or another catastrophic fault
in the system or protracted loss of connectivity, all of which could be serious
threats during a major conflict. Lockheed Martin could set a time or flight
hour limit on how long a country would be able to operate free of ALIS before
needing to reconnect or seek some sort of extension from the company.
Lockheed Martin has been steadfastly opposed to any plan that might de-link
ALIS from the Joint Strike Fighter, which could allow F-35 operators to hire
other defense contractors to provide various services during the type's
lifecycle. Still, the new data transfer deal shows that it is willing to make
some compromises and might be inclined to try and find further middle ground,
especially if it decides to try and entice other countries to join the program.
All told, the SDM is an indication that the U.S. government and Lockheed Martin
are aware of the need to address security concerns about ALIS among foreign
partners in the F-35 program. But it's also an indication that there may still
be a lot of work left to do to meet the demands of all the parties involved in
the project.
Ingen kommentarer:
Legg inn en kommentar
Merk: Bare medlemmer av denne bloggen kan legge inn en kommentar.