F-35 cyber security testing delay prompts vulnerability concerns

Posted on 16 Dec 2015 by Aiden Burgess

The F-35 fighter jet could allegedly be vulnerable to cyber attacks, according to concerns raised in recent reports focusing on the potential vulnerability of the F-35 computer.

US political website, Politico first reported in September that “military officials delayed key cyber-security testing of the F-35 fighter jet out of concerns the drills could damage the sophisticated software that serves as the backbone of the next-generation aircraft’s operations.”

The Politico report said the delays had not previously reported and were confirmed by the F-35 Joint Program Office (JPO).

The breaking Politico report from November 9 said: “Those pushing for the drills to be conducted as planned said there was irony in the program office’s concerns that cyber tests could damage the fighter program and disrupt real-world F35 operations”.

The report continued that “…Those concerns which delayed the testing are exactly why the tests are necessary for the Lockheed-Martin built plane, and for the testing to ensure the Navy, Air Force and Marine Corps can maintain air dominance for decades to come.”

The tests are needed to determine the strength of the F-35 cyber security system or whether the computer system is vulnerable to hackers.

Tests could disrupt ‘operational’ F-35 aircraft

Korean website arirang.co.kr also reported on the alleged vulnerability of the F-35 fighter jet and the Joint Program Office’s (JPO) refusal to conduct required cyber security tests of the F-35’s maintenance computer.

The website reported that the JPO said that realistic hacker tests could damage the jet’s software, thereby disrupting flights of the approximately 100 F-35’s already in service.

The December 11 report also highlighted that analysts have said that if an enemy managed to hack into the software successfully, they could disable F-35 systems in combat, cause crashes, or ground the entire fleet.

Dan Grazier’s article ‘F-35 Officials Prove Need for Cyber Testing by Cancelling One’, featured on www.defense-aerospace.com, also highlights the alleged vulnerability of the F-35’s computer system.

The article states that a JPO spokesman said the office “did not initially approve a cyber-vulnerability test due to the lack of a risk assessment related to operational F-35 assets.”

Grazier’s article alludes that JPO may have inadvertently confirmed that concerns about software vulnerabilities exist.