November 16, 2012
Credit: Credit: Lockheed Martin
When computer “hackers” working for the U.S. Navy succeeded in breaking into the computer logistics system that controls the Lockheed Martin F-35 Joint Strike Fighter earlier this year, they did the company a favor: allowing it to fix a critical vulnerability in the $396 billion program.
Now, as the Marine Corps prepares to set up its first operational squadron of F-35s next week, some experts say other security risks may lurk within such a large and highly networked weapons support system.
One concern: Lockheed shored up political backing for the F-35 by choosing suppliers in nearly every U.S. state. But having such a large and widely dispersed group increases exposure to cyber attacks, said Ben Freeman, national security investigator with the non-profit Project on Government Oversight.
“Even if Lockheed has top-notch cyber security, it’s still vulnerable if its subcontractors are vulnerable,” he said.
The military’s move toward greater use of so-called autonomic weapons systems, which rely heavily on computers, promises to revolutionize the way weapons are maintained and operated, but also carries a new level of cyber risk.
And the weapons designers are having difficulty keeping up with the hackers. While it often takes years to field new weapons systems, cyber threats are evolving and changing on a daily basis, said Raphael Mudge, a former Air Force engineer and independent cyber expert.
“You have to be continually assessing the risk,” he said.
The heightened concern comes as computer attacks are on the rise. Lockheed cyber experts said Monday that the company had seen a large increase in the number and sophistication of attacks on its networks. It accused governments that it did not name of targeting and breaking into the networks of its suppliers.
Lockheed officials said millions of suspicious emails were directed at the company each day, including a handful that were considered advanced persistent threats from foreign nations.