What if China Not Just Hacked — But Sabotaged — the F-35?
Over the last week, two perennial stories have again dominated the news. China continues to be able to hack us — including top DC power players — at will. And the F-35 has suffered another setback, this time a crack in an engine turbine blade (something which reportedly happened once before, in 2007).
The coincidence of these two events has got me thinking (and mind you, I’m just wondering out loud here): what if China did more than just steal data on the F-35 when it hacked various contractors, and instead sabotaged the program, inserting engineering flaws into the plane in the same way we inserted flaws in Iran’s centrifuge development via StuxNet?
We know China has hacked the F-35 program persistently. In 2008, an IG report revealed that BAE and some of the other then 1,200 (now 1,300) contractors involved weren’t meeting security requirements; last year an anonymous BAE guy admitted that the Chinese had been camped on their networks stealing data for 18 months. In April 2009, WSJ provided a more detailed report on breaches going back to 2007.
The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter.
Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into.
[snip]
Foreign allies are helping develop the aircraft, which opens up other avenues of attack for spies online. At least one breach appears to have occurred in Turkey and another country that is a U.S. ally, according to people familiar with the matter.
[snip]
Computer systems involved with the program appear to have been infiltrated at least as far back as 2007, according to people familiar with the matter. Evidence of penetrations continued to be discovered at least into 2008. The intruders appear to have been interested in data about the design of the plane, its performance statistics and its electronic systems, former officials said.
The intruders compromised the system responsible for diagnosing a plane’s maintenance problems during flight, according to officials familiar with the matter.
[snip]
The spies inserted technology that encrypts the data as it’s being stolen; as a result, investigators can’t tell exactly what data has been taken.
And we know the data theft has been ongoing. The RSA secure ID hack two years ago, for example, was used to access Lockheed’s computers (though at least in that case Lockheed discovered the breach within two weeks).
Incidentally, Pratt & Whitney — which makes the engines that are experiencing this latest problem — got a $75 million wrist slap last year for violating export controls and dealing engine control module software to China that it then used to build a military attack helicopter, though that conduct dates back to the 2002 to 2006 period.
In any case, we know the Chinese have had a great deal of access to networks involved in the development of the program. The assumption has always been — publicly at least — that China was just stealing data, both to understand how to counter the plane’s defenses but also to reverse engineer its own planes.
Yet we also know that China has dealt us hardware — “counterfeit” chips and the like — with backdoors to allow it access. That is, we know China has engaged in sabotage at a more granular level.
So why wouldn’t China try to sabotage the F-35 more systematically, especially as the example of StuxNet unfolded?
Admittedly, it may be foolish to attribute to Chinese guile what can easily be explained by American incompetence. Indeed, it’s clear mismanagement deserves a great deal of the blame for the plane’s budgetary and performance woes.
But this Bloomberg article describes part of the reason why the F-35 would make such a juicy target for China. First, the F-35 is a central part of our industrial policy, providing jobs here and (if it ever gets off the ground) exports overseas.
It counts 1,300 suppliers in 45 states supporting 133,000 jobs — and more in nine other countries, according to Lockheed.
[snip]
The F-35 will probably become the dominant export fighter for the U.S. aerospace industry, Gordon Adams, who served as the senior White House official for national security and foreign policy budgets under President Bill Clinton, said in a phone interview.
“This is the last U.S. export fighter standing, and that has saved this program,” said Adams, now a foreign-policy professor at American University in Washington. “There is a huge economic element to the F-35.”
Members of Congress are hesitant to make deep cuts to the project in part because it generates work in their states, Wheeler said. The F-35 supports 41,000 jobs in Texas alone, the most of any state, according to Lockheed’s website. The company assembles the fighter in Fort Worth.
And the multinational development of the plane was supposed to cement a new kind of alliance. As members of that partnership begin to get cold feet, it may affect our larger relationship with those countries.
Overseas, the Pentagon’s partners are balancing concerns about the F-35’s cost with the amount of work sent to their companies.
Allies have agreed to purchase 721 fighters, yet the soaring price is painful for nations with shrinking defense budgets. The estimated cost of each plane has about doubled to $137 million since 2001, according to a GAO report last year.
[snip]
Canada had dropped to 65 planes from 80. In December, it said it was reconsidering its commitment to purchase any of the jets after a consultant said the price to buy and maintain them might reach about $45 billion.
The F-35 program isn’t so easy to exit, though. A Lockheed spokesman raised the possibility that Canada would lose its F-35-related business — and jobs — if it didn’t buy planes.
[snip]
The partners’ commitments should make the U.S. wary of making deep cuts to the F-35 program, said Dov Zakheim, a former defense comptroller who served under President George W. Bush.
“This program was advertised as a major collaborative program with a lot of allies,” Zakheim said in a phone interview. “It was sold to our allies as such. What do we do now — pull the rug out from under them at the same time we’re complaining they aren’t spending enough on defense?”
This latest problem comes just as the those managing the F-35 program prepare to go to Australia to try to convince them to buy these planes rather than more existing Boeings.
Then there’s just the sheer magnitude of this program. The program is expected to account for 38% of the Pentagon’s procurement needs for 2011 programs. Its cost — $395.7 billion — already rivals a significant war, and actually running the program may cost a trillion and a half. This is where an unbelievable amount of our time and financial resources are being directed, and anything China could do to raise those costs, or perhaps even convince us to give up on the sunk costs, I’m sure, would bring it huge strategic benefits. It’s like half an Iraq War without the potentially dangerous disruptions in the Middle East, all wrapped up in a bow.
At this point, it’s not clear that the plane itself will ever represent a critical threat to China (though Japan has been one of the partners that has sustained its enthusiasm for the plane). The program is more interesting at this point for the way it causes us to blindly continue to pursue the catastrophic imperative that is our Military Industrial Complex. Which would make it the perfect opportunity for China, by sabotaging the program, to magnify and exacerbate our own stupidity.
I’d like to think such sabotage would be impossible to get past the quality control folks at Lockheed, but everything about this program suggests it might not be. The multinational development and the concurrent development schedule (a kind of testing as you go) would make it more likely such sabotage might be missed as well.
I don’t know that we would ever know if this clusterfuck was caused with the assistance of China. It’s not like Lockheed would publicize such information, just as it asked for another $100 billion. And I don’t want to underestimate the defense industry’s ability to screw up all by themselves.
All that said, Chinese sabotage would help to explain part of why this program has been such a colossal clusterfuck.
Sounds like any threat is from economic competition in selling to other countries’ militaries.
An “export” fighter. What a concept. US financing Lockheed’s foreign marketing program.
Explain to me again how marketing weapons overseas makes sense as a national security strategy.
The more complex something is, the harder it is to test properly. And the more important it is to test as much of it as possible.
Since the plane itself is a dog, the best strategy for China is for the F-35 program to continue. (The best strategy for the US is to scrap the F-35 and upgrade existing aircraft, while starting new designs with attainable operating characteristics. But the US will never do this.) The sweet spot for the Chinese would be for the program to continue–in the most dysfunctional and expensive way possible.
Is sabotage worth the risk? Well, sabotage rarely evades a careful, after-the-fact investigation. But establishing blame is more uncertain. In that sense, you might get away with it.
Suppose, though, you wanted, through reverse psychology, to encourage the Americans in this endeavor? Then making the F-35 seem important would be a virtue, in addition to the virtue of raising the trouble and expense.
Cyberwar is a fairly safe way to conduct attacks in that there is not only plausible deniability, but real uncertainty–it is too easy to make the evidence point at 3rd parties. The US is well aware of this, having initiated this mode of war. So nobody is going to launch a shooting war over something as small as cracked turbine blades.
Okay: So the Chinese should want to do it, and the US should not want to fall for it, but is it even happening? You mention the problem arose before, in 2007. This suggests an actual technical problem that is still incompletely understood, and which the engineers, under pressure of time and money, are trying to patch over–unsuccessfully.
–Gaianne
this is a very imaginative speculation.
and why should the chinese not play the game this way – as gaianne notes.
if you stand outside american society, you realize that american military/decisions are extremely hidebound and predictable.
this is largely due to what our politicians believe is -and is not – socially acceptable public political speech about military/security matter.
it is also due to a poorly educated, heavily propagandized citizenry.
from the 1950’s the american right-wing has been able to control political decision-making about military/security matters. the end result has been the hyper-agressive, ever-willing-to-war conduct of american military policy.
this has made such policy predictable to non-americans; puzzling perhaps, but predictable.
to move from these abstract statements to a concrete example: does anyone really expect the f-35 program to be cancelled?
did anyone really expect a quick departure from iraq or afghanistan beginning in early 2009? who lost iraq? who lost afghanistan? we almost had it knocked and then that kenyan muslim let it all go.
this american mindset is easy to exploit – just keep the dumb yanks spending all their money on military matters while others pile their coins on education and infrastructure.
In a country where financial larceny and local corruption as in Jefferson County Alabama is allowed to proceed with top perpetrators unpunished, one can only imagine that anything goes in any process. If they were slaughtering horses in the US, we would probably find it in the lasagna.
What is in that mystery meat parts of which are maybe from Mexico, Brazil, Argentina, Australia etc?
I read a report that 1/6th of the population was genetically predisposed to gamble. I suspect the behavioral scientists have already tested what percentage is willing to cheat. What does system science say about that in regards to large projects or large societies?
Slightly OT, but when do Homeland Security and the “contractors” reveal the extent of their hacking? A free genealogical dna data base at ysearch.org has just been taken down because of abusive data mining.
How could Homeland Security pass up a free dna data base for past and future comparisons? What other actors would want this data? Insurance companies can already require blood and dna testing.
MIT researchers hacked and data mined data bases for their paper and others have followed.
http://www.sciencemag.org/content/339/6117/321.abstract
And a month old discussion with a pay wall free pointer.
http://dna-explained.com/category/data-bases/
@Gaianne: &orionaddled Come on folks, there’s enough real here. No need to get off into paranoid lala land.
We’re fat, dumb and happy ‘Muricans, taking our shoes off to get on an airplane, hounding Aaron Swartz to his death, droning everyone we can see. Ain’t no slant eyed chink gonna get into our systems. Waddya mean every IP address in the world is just like it’s next door?
We’ve been had fair and proper by people exploiting our predictable laziness, arrogance, and ignorance. Spear phishing isn’t particularly high tech.
Look at the scope. There’s no need for paranoid reverse psych warfare bull****. The objective is what they got, blueprints, source code, manufacturing specs and techniques; vision, mission, goals, objectives, policies, procedures, from sea to shining sea for a decade.
We’ve been had because we’re arrogant and can’t be troubled to be secure. Plus, we can and do hurt lots of innocent people who can’t defend themselves. Folks who can want to protect themselves from us. Pretty simple really. Get it?
Or, maybe it’s a reverse double whammy. The motivation for China’s cracking outside networks is usually to steal technology for use in its own products. Perhaps the U.S. created the F-35 as a buggy design knowing that China would imitate it and the resulting products would be just as buggy. ;-) In any case, in a few years time, the U.S. will be cracking China’s networks to steal their more advanced technology.
This is a silly article, not up to this site’s usual standards.
@Lefty:
it’s speculation, lefty. and labeled as such. but thanks for your customarily contrarian, perverse and obtuse input.
@John Iacovelli:
glad to know somebody around here has chinese motives sized up so well.
speculation is not silly, hotshot, but it is fun – and sometimes productive.
yes, things can be just as they seem – or not.
@lefty665: How is speculating that the Chinese might 1) do exactly what we did, sabotage an enemy’s most cherished national security program 2) be sabotaging on a much larger scale than we know it to be doing “paranoid lala land”?
Suggesting they wouldn’t seems either naive or oddly culturalist (though I’m not sure whether you’re suggesting the Chinese are more honorable than we are or not as crafty). All’s fair in love and war. It would be a no-brainer for China to do this, they are already doing two interim steps to get there (the data collection and the granular sabotage).
Moreover, some of what they’ve taken–like maintenance reporting–seems to be more geared toward sabotage than reverse engineering.
Sounds like you need to pay your IT people more…maybe then they would lock thee system down tighter. Sounds like they have a team that dosent know its head from a sandbox. Guess those degrees on the wall dont help if you cant keep them out.
@TarheelDem: Marketing weapons overseas makes perfect sense if you are in the ‘National Security Business’. background: http://en.wikipedia.org/wiki/Julius_and_Ethel_Rosenberg
The only spies to be executed for espionage, because lots of companies subsequently got very wealthy selling bullets, bombs and guns to counter the Soviet threat. Executing newly discovered spies might put a damper on arms sales. If, on the other hand you are meaning our actual security, weelllll that is an entirely different question.
@emptywheel: Wasn’t picking on you. It was the double reverse triple psy ops paranoid blather those two were sliding off into.
I think you had it right that the Chinese, among others, have burrowed pretty deep into our supply chain. My question to you would be why risk what they’ve got in place by stuxing the F-35 from the top down? If current drivers/firmware hardware has back doors and kill switches that are better than older hacks, they might prefer to get that technology into the field baked into planes. It’s just crazy that we’ve significantly abandoned our domestic technology capability and are putting potential foes electronics in our equipment.
In general I prefer simple explanations that fit what we know or can reasonably infer. It is clear we’ve been exploited 7 ways from Sunday in this millennium (not to mention the last one!). You have reported much of it, from rootkits, to thumb drives our “geniuses” used to move data from open to secure networks. Think we’re still sandpapering drone control disk drives then reinfecting them? Who was watching the gate when Bradley Manning copied data? You cite an 18 month intrusion. Those guys were camped out on that system.
The exploits like spear phishing we’re hearing about have not been terribly sophisticated. They’re more just playing us for stupid, undisciplined rubes, again, again, and again. In that context it makes more sense that they have been after data, more data, yet more data, from Google to defense contractors, to military systems, to policy lobbies. If they throw a stux like monkey wrench into the works, that runs the risk of waking us up to the point we actually tighten up some. That would make everything they’re doing harder, for a little while until we went back to sleep.
@Oriental: You don’t know what “obtuse” means either, but that’s not a surprise.
@lefty665:
oh, you’re a slick and slithery one, mr. grinch.
and how you have educated yourself since this morning!
@lefty665:
“either”? you mean you didn’t know? well, now your better educated than you were this morning in several ways.
as for your troll-like comments, lefty: )*(
@Lefty665–
You should have read my last paragraph. I will repeat: It is not Chinese sabotage. It is a technical problem. The engineers do not know why the turbine blades are cracking, and the pressures of time and money are getting in the way of their finding out why.
What do I mean, time and money?
Finding out the underlying problem will take time. They don’t have time. The project is already so overdue that they are trying to sell production models (not prototypes) in advance of testing. This is an incredible (and incredibly stupid) risk. Any flaw they later find will have to be retroactively corrected–which is usually very expensive even when it is possible.
Correcting the problem of the turbine blades will cost money. They don’t have money–they are already way over budget. They would probably have to redesign much of the engine–very expensive. The best case is an upgrade of the turbine supplier, but again, big money. They can not afford the cut in profit margins. The plane is a dog anyway, so in the larger scheme of things, it does not matter if the engines don’t work. It is just not worth the time and expense to fix.
Just for context, America’s “best” fighter plane, the F-22 Raptor, still occasionally asphyxiates its pilots. The problem has persisted for years, and if any progress has been made, that is one of America’s few well kept secrets.
–Gaianne
@Gaianne:
i can guarantee you that your expertise is appreciated here.
if you were puzzled by being singled out for unmerited criticism despite a highly informative comment, i will explain that you were collateral damage in a feud lefty had been conducting with me for a long time.
please do continue to contribute.
@Gaianne: I hear you on the technical issue, and turbine blades have been a problem as long as there have been turbines. It’s tough mechanical engineering, and gets tougher as they get higher performance. I also take your point that the F-35 procurement is a horror show. It seems to resemble the B-1 “flying (well more or less, not often, far, or in combat) gravy boat” whose most notable achievements were fattening the contractors, killing its crews when low altitude terrain following avionics failed, and leaking a trail of fuel instead of bread crumbs so it could find its way home.
That all argues that the best thing the Chinese, and others, can do is stand back and let another of our procurement boondoggles lumber along. From their perspective, it doesn’t get any better than that, incredibly expensive, dysfunctional, and Marx’s wet dreams of capitalism’s greedy self destructive proclivities all rolled into one. Their best tactic might be to finance our debt at low rates to facilitate it. Psy ops would not “improve” things from their perspective.
Seems likely there are several discrete attacks going on.
One is corruption of electronics, back doors, kill switches, etc, going into our defense electronics at a low level through our worldwide procurement practices.
Another is compromising our “secure” networks, and that has used simple things like infected thumb drives that use our sloppy, ignorant and lazy behavior to exploit us. I presume there are more sophisticated attacks on those systems that we don’t hear about.
A third is the exploitation of individuals and institutions with access gained through things like spear pfishing and other malware. This has been massive and exercised over years. It is an impressive, and sobering, effort if we stand back and look at it.
Goals seem to be traditional espionage:
Assessing national capability and intent
Acquiring specific national technical means
Commercial advantage
Planning for disruption of infrastructure, things like electric power, telecom
Using the channels that were developed to acquire that information for either stux like or psy ops risks the ongoing flow of information from them. Think the WWII Yamamoto example that has been floated recently. There was great concern, and internal debate, that his shoot down would let the Japanese know we were reading PURPLE, RED and other military systems. Think about the Battle of the Bulge where the Germans took their comm off ENIGMA for the consequences of losing access, or Kim Philby for Russian systems. One of the basic rules of intelligence is that you do not want to rub your adversary’s nose in how much access you have.
That doesn’t mean stuxlike, psy, and more exercises are not happening, just that they’re likely using different methods and channels.
@lefty665:
well, lefty,
you’ve bowed and scraped your way, walking backwards as fast as you could, from any crticism you intended of ew.
now you’ve effectively apologized to giaanne for your mindless attack on her,
that leaves me.
show me, lefty, and other readers here as well,
specific cites that indicate that my comment at #4 above had anything to do with ” double reverse triple psy ops paranoid blather” or with being in “paranoid lala land”.
@orionATL: orionaddled, your paranoid blather and vindictiveness speak for themselves.
@lefty665:
couldn’t come up with any specific comments of mine from #4, lefty?
now it’s clearerer for all to see what a blowhard you can be, lefty, and what blather you dish out sometimes.
some of your comments have all the characteristics of a troll, including evasiveness – ducking and dodging to avoid the truth.
@orionATL: see #22, add vitriol. Please chill.