Bill Sweetman Washington

Military capabilities are an attractive target for cyberwarfare. The uncertainty surrounding the extent of the threat is a deterrent in itself: The overwhelming fear is that of unexpected cyberintrusions that cause a cascade of operational problems. Another concern is that technological capabilities may have been compromised—but in ways that are invisible until combat begins.

Many defense contractors, subcontractors and major acquisition programs, including sensitive and classified projects, have been breached and compromised by cyberattacks since the Advanced Persistent Threat—the favored euphemism for China-based cyberespionage—was detected in the mid-2000s. Targeted and highly efficient data collection may now be bearing fruit, given the rapid development of the Chengdu J-20 and Shenyang J-31 stealth fighters, which bear a close resemblance to the Lockheed Martin F-22 and F-35.

U.S. Air Force Maj. Gen. Christopher Bogdan, deputy leader of the F-35 program, noted in the course of his harsh September review of the project's status that the Autonomic Logistics Information System (ALIS)—which combines logistics, mission planning and many other functions, and without which the F-35 cannot be operated—had gone through a development pause and redesign because of “vulnerabilities” discovered in a security review.

The JSF program office will not talk about these vulnerabilities in detail, saying only that “the Department of Defense is fully aware of evolving cyberthreats and is taking specific action to counter them for all fielded systems.” However, ALIS (as Bogdan noted) includes a colossal amount of sensitive information, including details of the performance of stealth systems on each individual aircraft, mission plans and locations. It has important elements that operate over Wi-Fi links and that communicate over the public Internet, and it (ultimately) will have thousands of access points open to tens of thousands of users.

Those users, increasingly, are the focus of cyberdefense efforts. Passwords, remote-access controls, virus-hunting software and even powerful forensic tools like Elbit's Wise Intelligence Technology (WIT) (see page 46) can accomplish a great deal, but systems remain vulnerable to ever changing types of malware disguised as an attachment to an apparently innocent email.

The threat continues to evolve, notes Craig Jensen, a program manager with Dynamics Research Corp. (DRC) who directs security efforts on behalf of the Homeland Security Department and other agencies. The “attack surface,” he notes, is expanding ever faster with the number of mobile devices connected to the Internet, while new threats are emerging. “There is another group working on a diversified Wikileaks,” he says, that is less vulnerable to national actions against servers, and “in the last 60 days” a search engine called Shodan, which can look for unprotected devices, has emerged.

Jensen stresses the need to use the right tools against insider threats and malware. “Good quality logging” is important to detect inappropriate activities: Like many security people, Jensen believes quite simple tools would have stopped alleged Wikileaks source Bradley Manning, simply by observing an anomalous volume of downloaded data.