F-35 | emptywheel

Reuters has a report I found sort of punny, about how white hat hackers had managed to break into the computer systems of the lead ship of the Navy’s Littoral Combat Ship program, the USS Freedom.

A Navy team of computer hacking experts found some deficiencies when assigned to try to penetrate the network of the USS Freedom, the lead vessel in the $37 billion Littoral Combat Ship program, said the official, who spoke on condition of anonymity.

The Freedom arrived in Singapore last week for an eight-month stay, which its builder, Lockheed Martin Corp., hopes will stimulate Asian demand for the fast, agile and stealthy ships.

It may be ironic that Lockheed had a ship get hacked just before it sent the ship out on a sales trip to Asia. (Asia! Where our most fear hacking-rival is!)

But … um, Lockheed?

Lockheed, of course, couldn’t keep the F-35 program safe from hackers either, and that time it wasn’t white hats doing the hacking.

Before the government imposes fines for companies unwilling to sacrifice the security of their systems to program in a backdoor, as the WaPo reports is being debated …

A government task force is preparing legislation that would pressure companies such as Facebook and Google to enable law enforcement officials to intercept online communications as they occur, according to current and former U.S. officials familiar with the effort.

[snip]

Susan Landau, a former Sun Microsystems distinguished engineer, has argued that wiring in an intercept capability will increase the likelihood that a company’s servers will be hacked. “What you’ve done is created a way for someone to silently go in and activate a wiretap,” she said. Traditional phone communications were susceptible to illicit surveillance as a result of the 1994 law, she said, but the problem “becomes much worse when you move to an Internet or computer-based network.”

Marcus Thomas, former assistant director of the FBI’s Operational Technology Division, said good software coders can create an intercept capability that is secure. “But to do so costs money,” he said, noting the extra time and expertise needed to develop, test and operate such a service.

… Maybe we ought to instead focus on Lockheed’s apparent inability to keep the hundreds of billion dollar weapons systems it produces safe from hackers?

Over the last week, two perennial stories have again dominated the news. China continues to be able to hack us — including top DC power players — at will. And the F-35 has suffered another setback, this time a crack in an engine turbine blade (something which reportedly happened once before, in 2007).

The coincidence of these two events has got me thinking (and mind you, I’m just wondering out loud here): what if China did more than just steal data on the F-35 when it hacked various contractors, and instead sabotaged the program, inserting engineering flaws into the plane in the same way we inserted flaws in Iran’s centrifuge development via StuxNet?

We know China has hacked the F-35 program persistently. In 2008, an IG report revealed that BAE and some of the other then 1,200 (now 1,300) contractors involved weren’t meeting security requirements; last year an anonymous BAE guy admitted that the Chinese had been camped on their networks stealing data for 18 months. In April 2009, WSJ provided a more detailed report on breaches going back to 2007.

The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter.

Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into.

Continue reading →

emptywheel

Tag Archives: F-35

Hackers Penetrate Freedom; The Ship Has Already Sailed

What if China Not Just Hacked — But Sabotaged — the F-35?