The F-35 Joint Strike Fighter may have a far worse problem than overpromises, cost overruns, and technology overreach: we may be spending hundreds of billions of dollars on an aircraft for which our adversaries have apparently stolen the plans.
This multi-role fighter will be the centerpiece of modern Western militaries for the next thirty or forty years and on it will rest the success or failure of all our aerial operations. Yet there are hints from leaks and press reports that it may be compromised before it fires its first shot in anger. Before we rely on the F-35 for our freedom, the US and UK governments should come clean on the impact on these intrusions and be clear why the aircraft still has a future.
Recently, in another Atlantic Council blog, Julian Lindley-French summarized his reasons for believing the F-35 “will probably never be completed” He argued air forces were “expecting a system to do too much too soon given the available and untried technologies being built into it on the budgets available,” all while those same budgets are shrinking. While these reasons might seem enough to fear for the future of this program, he did not even mention what may be the worst part.
According to a recent article by The Sunday Times, in a private dinner to cyber security experts, a BAE Systems executive said that “for 18 months, Chinese cyber attacks had taken place against BAE and had managed to get hold of plans of one of its latest fighters.” A former US official quoted in the same story appeared to confirm this allegation, saying, “At least some aspects of it (the F-35 project) were targeted successfully by the Chinese. They didn’t steal everything that was on that airplane, just some aspects.”
Almost three years ago, the Wall Street Journal informed us that “Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into” as far back as 2007. Worse, “the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems … potentially making it easier to defend against the craft.” Aviation Week has taken the story further, reporting that “Chinese hackers actually sat in on what were supposed to have been secure, online program-progress conferences” and that Lockheed Martin officials admit that in 2009 six to eight subcontractors were “totally compromised” by intrusions. These intrusions may be behind the plan’s cost overruns but despite the plans being stolen, “the Pentagon’s ardor for the strike fighter has not dampened.”
Why such confidence from the Pentagon in the face of these intrusions? There are several possible reasons:
- The intrusions were not that bad to begin with and anything stolen was not serious.
- Something serious was stolen, but the military and manufacturers were able to implement sufficient countermeasures and mitigations.
- We don’t know what was taken yet, so in the meantime: don’t worry, be happy.
- Too much has already been invested what might be the “last manned fighter” to allow anything – even the Chinese having its plans – to stop its procurement.
Which is it? Given the impetus behind the program, it is far too likely it is one of the more worrisome options.
The US and UK governments are classifying the truth of the matter, probably for a rational counterintelligence reason such as to keep the success or the failure of the intrusions unknown to the intruders themselves. But this is not a George Smiley moment. The intruders know what they have stolen, indeed they likely know better than anyone, certainly more than us.
As taxpayers we are being asked to foot a bill of hundreds of millions of dollars for an aircraft whose technological edge may already be in Chinese hands. Shareholders of the companies who were compromised may be facing tremendous, unexpected loss because of an unreported material breach (possibly contravening the US government’s own guidelines for publicly traded companies). And most importantly, future pilots may be flying into future dogfights sure they have the upper hand, only to find themselves inexplicably losing again and again. In World War Two, German and Japanese soldiers, sailors and airmen repeatedly lost engagements they should have won, because the Allies had broken their codes. The next time, it may be us on the losing end of that intelligence battle and the warning signs are all around us.
If the stolen F-35 information is not a problem, then detailed reassurances to taxpayers, shareholders and airmen are in order. If it is a problem, then delaying or hiding the news only makes the situation worse. The Joint Strike Fighter is too important, too expensive, and frankly has far too many other problems to justify this silence from the US and UK governments.
Jason Healey, the Director of the Cyber Statecraft Initiative at the Atlantic Council, is a 1991 graduate of the US Air Force Academy and served in the Air Force for a decade. You can follow his comments on cyber cooperation, conflict and competition on Twitter, @Jason_Healey.