F-35

America’s $1 Trillion Target Barge

The NYT has a story about a mock US aircraft carrier Iran is building, its sources say, so Iran can blow it up for the propaganda value.

Iran is building a nonworking mock-up of an American nuclear-powered aircraft carrier that United States officials say may be intended to be blown up for propaganda value.

This has set off chatter about how weird and dumb Iran is for building this giant toy boat, which US sources call the Target Barge.

But pretty soon after I started reading the article I found myself applying the phrases in it to America’s F-35 program which, in many ways, is an even bigger propaganda prop. See how it looks when you swap out Iran’s barge for the F-35?

Intelligence officials do not believe that the US is capable of building an actual F-35.

“Based on our observations, this is not a functioning plane; it’s a large spending program built to look like an plane,” said Cmdr. Jason Salata, a spokesman for the Navy’s Fifth Fleet in Bahrain, across the Persian Gulf from Lockheed. “We’re not sure what the US hopes to gain by building this. If it is a big propaganda piece, to what end?”

[snip]

“It is not surprising that American military forces might use a variety of tactics — including military deception tactics — to strategically communicate and possibly demonstrate their resolve in air power,” said a Chinese official who has closely followed the construction of the F-35.

[snip]

[T]he Pentagon has taken no steps to cloak from prying Chinese hackers what it is building in pork-laden building sites across several countries. “The system is often too opaque to understand who hatched this idea, and whether it was endorsed at the highest levels,” said Karim Sadjadpour, an American expert at the Carnegie Endowment for International Peace.

See what I mean?

Opacity of purpose.

Failure to provide adequate security.

Probable impossibility to bring to completion.

Abundant propaganda.

I’m not all that sure what distinguishes the F-35 except the cost: Surely Iran hasn’t spent the equivalent of a trillion dollars — which is what we’ll spend on the F-35 when it’s all said and done — to build its fake boat.

So which country is crazier: Iran, for building a fake boat, or the US for funding a never-ending jet program?

Time to Out the Cyber-Insecure Defense Contractors

In its latest update on Chinese hacking of our defense programs, WaPo provides a list of defense programs that have been compromised, which includes many of our most important and error-prone programs.

The designs included those for the advanced Patriot missile system, known as PAC-3; an Army system for shooting down ballistic missiles, known as the Terminal High Altitude Area Defense, or THAAD; and the Navy’s Aegis ballistic-missile defense system.

Also identified in the report are vital combat aircraft and ships, including the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship, which is designed to patrol waters close to shore.

Also on the list is the most expensive weapons system ever built — the F-35 Joint Strike Fighter, which is on track to cost about $1.4 trillion. The 2007 hack of that project was reported previously.

WaPo also, having seen classified sections of a report that had previously been released in unclassified form, also places more emphasis on the potential impact not just of cybertheft, but cyber-sabotage, than it has in the past, basically pointing to this section of the report itself.

 

The threats described in the previous section [which focus on sabotage at the microchip level] may impose severe consequences for U.S. forces engaged in combat:

  • Degradation or severing of communication links critical to the operation of U.S. forces, thereby denying the receipt of command directions and sensor data
  • Data manipulation or corruption may cause misdirected U.S. operations and lead to lack of trust of all information Weapons and weapon systems may fail to operate as intended, to include operating in ways harmful to U.S. forces
  • Potential destruction of U.S. systems (e.g. crashing a plane, satellite, unmanned aerial vehicles, etc.).

At the national level, one could posit a large-scale attack on the U.S. critical infrastructure (e.g., power, water, or financial systems). An attack of sufficient size could impose gradual wide-scale loss of life and control of the country and produce existential consequences.

WaPo also provides a hint at our solutions and Chinese counter-responses. That is, as our prime contractors have become more adept at cyber-security, China has moved onto attack subcontractors.

In an attempt to combat the problem, the Pentagon launched a pilot program two years ago to help the defense industry shore up its computer defenses, allowing the companies to use classified threat data from the National Security Agency to screen their networks for malware. The Chinese began to focus on subcontractors, and now the government is in the process of expanding the sharing of threat data to more defense contractors and other industries.

Yet the government won’t take the obvious step of tying ongoing contracts to cyber-security, instead requiring only that contractors provide the government notice of cyber-attacks.

An effort to change defense contracting rules to require companies to secure their networks or risk losing Pentagon business stalled last year. But the 2013 Defense Authorization Act has a provision that requires defense contractors holding classified clearances to report intrusions into their networks and allow access to government investigators to analyze the breach.

What’s most interesting about all this, though, is that the report (at least the classified list the WaPo saw) didn’t identify via which contractors in the supply chain China hacked these programs. But the US is not, apparently, keeping all of that information secret from China.

U.S. officials said several examples were raised privately with senior Chinese government representatives in a four-hour meeting a year ago. The officials, who spoke on the condition of anonymity to describe a closed meeting, said senior U.S. defense and diplomatic officials presented the Chinese with case studies detailing the evidence of major intrusions into U.S. companies, including defense contractors.

[snip]

The list did not describe the extent or timing of the penetrations. Nor did it say whether the theft occurred through the computer networks of the U.S. government, defense contractors or subcontractors.

So if the government is sharing at least some details of what it knows about China’s hacks with China, then why is it keeping details about which contractors taxpayers are paying lots of money for cyber-attack induced rework to? Why can’t it provide at least skeletal information about which contractors have let China compromise our security so much?

Hackers Penetrate Freedom; The Ship Has Already Sailed

Reuters has a report I found sort of punny, about how white hat hackers had managed to break into the computer systems of the lead ship of the Navy’s Littoral Combat Ship program, the USS Freedom.

A Navy team of computer hacking experts found some deficiencies when assigned to try to penetrate the network of the USS Freedom, the lead vessel in the $37 billion Littoral Combat Ship program, said the official, who spoke on condition of anonymity.

The Freedom arrived in Singapore last week for an eight-month stay, which its builder, Lockheed Martin Corp., hopes will stimulate Asian demand for the fast, agile and stealthy ships.

It may be ironic that Lockheed had a ship get hacked just before it sent the ship out on a sales trip to Asia. (Asia! Where our most fear hacking-rival is!)

But … um, Lockheed?

Lockheed, of course, couldn’t keep the F-35 program safe from hackers either, and that time it wasn’t white hats doing the hacking.

Before the government imposes fines for companies unwilling to sacrifice the security of their systems to program in a backdoor, as the WaPo reports is being debated …

A government task force is preparing legislation that would pressure companies such as Face­book and Google to enable law enforcement officials to intercept online communications as they occur, according to current and former U.S. officials familiar with the effort.

[snip]

Susan Landau, a former Sun Microsystems distinguished engineer, has argued that wiring in an intercept capability will increase the likelihood that a company’s servers will be hacked. “What you’ve done is created a way for someone to silently go in and activate a wiretap,” she said. Traditional phone communications were susceptible to illicit surveillance as a result of the 1994 law, she said, but the problem “becomes much worse when you move to an Internet or computer-based network.”

Marcus Thomas, former assistant director of the FBI’s Operational Technology Division, said good software coders can create an intercept capability that is secure. “But to do so costs money,” he said, noting the extra time and expertise needed to develop, test and operate such a service.

… Maybe we ought to instead focus on Lockheed’s apparent inability to keep the hundreds of billion dollar weapons systems it produces safe from hackers?

What if China Not Just Hacked — But Sabotaged — the F-35?

Screen shot 2013-02-24 at 10.24.35 AM

Over the last week, two perennial stories have again dominated the news. China continues to be able to hack us — including top DC power players — at will. And the F-35 has suffered another setback, this time a crack in an engine turbine blade (something which reportedly happened once before, in 2007).

The coincidence of these two events has got me thinking (and mind you, I’m just wondering out loud here): what if China did more than just steal data on the F-35 when it hacked various contractors, and instead sabotaged the program, inserting engineering flaws into the plane in the same way we inserted flaws in Iran’s centrifuge development via StuxNet?

We know China has hacked the F-35 program persistently. In 2008, an IG report revealed that BAE and some of the other then 1,200 (now 1,300) contractors involved weren’t meeting security requirements; last year an anonymous BAE guy admitted that the Chinese had been camped on their networks stealing data for 18 months. In April 2009, WSJ provided a more detailed report on breaches going back to 2007.

The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter.

Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into.

Continue reading

Emptywheel Twitterverse
JimWhiteGNV RT @RaysBaseball: Twelfth inning. Time for ice cream, obviously. http://t.co/VsFMJqOWvz
5hreplyretweetfavorite
bmaz @RPullen @stephenlemons @Steve_Irvin That is pretty much an incoherent response. But whatever.
6hreplyretweetfavorite
emptywheel @pastordan REALLY not a fireworks fan, especially living in place where everyone sets them off. Was interesting learning abt buying process
10hreplyretweetfavorite
emptywheel I also managed to buy most of the beer left in the little convenience store still open, so I traded beer for lessons in fireworks.
10hreplyretweetfavorite
emptywheel Fourth of July trivia: I got stuck sleeping on the floor of Nagoya airport w/one of the main fireworks buyers from the NE once.
10hreplyretweetfavorite
emptywheel RT @WarOnTheRocks: How China can use the #OPMhack data to identify undercover intelligence officers http://t.co/7t2kKtRX9e
10hreplyretweetfavorite
bmaz @RPullen @stephenlemons @Steve_Irvin When an arbitrary, by all appearances racist, "umpire" calls anything, it is total laughable bullshit.
11hreplyretweetfavorite
emptywheel @billmon1 Also, American hubris says we'll never get in a dogfight with another industrial policy, all the contrary evidence notwithstanding
12hreplyretweetfavorite
emptywheel @billmon1 It helps if you think of it as an industrial policy instead. Pilots aren't encouraged to turn their head in industrial policies.
12hreplyretweetfavorite
emptywheel @billmon1 Fred: It doesn't much matter because USG will keep paying Lockheed no matter what we do.
13hreplyretweetfavorite
emptywheel @ZaidJilani Means you have to play the license plate game all summer.
13hreplyretweetfavorite
July 2015
S M T W T F S
« Jun    
 1234
567891011
12131415161718
19202122232425
262728293031