Yesterday, at
a subcommittee hearing attended by just half a dozen Senators, the Pentagon’s top weapons buyer made a blunt admission: The military’s most expensive program, the stealthy
F-35 Joint Strike Fighter, has been hacked and
the stolen data used by America’s adversaries. Under Secretary
Frank Kendall didn’t say by whom, but the answer is almost certainly
China, a cyber superpower whose
People’s Liberation Army Air Force has recently rolled out some suspiciously sophisticated stealth fighter prototypes of its own. The
Russians also have
skilled hackers and “5th Generation” stealth jet programs, but they’re not suspected of such direct copying, at least not yet.
“I’m confident the classified material is well protected, but I’m not
at all confident that our unclassified information is as
well-protected,” said Kendall, the Under Secretary for Acquisition,
Technology, and Logistics. “It’s a major problem for us…. What it does
is reduce the costs and lead time of our adversaries to doing their own
designs, so it gives away a substantial advantage.”
The bad news isn’t new news: That someone had
hacked F-35 subcontractor BAE Systems was first reported six years ago, and just this February
Washington Post reporter Ellen Nakashima obtained leaked information
naming the Chinese as having compromised not just the F-35 but two dozen other weapons program.
Administration officials have been publicly pressuring China to rein in
its hacking. But it’s still remarkable that such a senior official
would so bluntly admit that US interests have been so directly harmed.
So what does this mean for a future conflict? The nightmare — raised by
a recent Defense Science Board report – is what you might call the
Battlestar Galactica
scenario: Our fighters close in on the enemy, the bad guys push a
button, and all our systems shut down, crippled by cyber-attacks via
“back doors” previous hacks created in the security software. In this
case, thankfully, that seems unlikely. Kendall made clear that
classified data has remained secure (so far, we think): It’s
unclassified data in contractors’ computers that has been stolen, not
the military’s secret codes.
Nor do we have a Death Star scenario, where the enemy has stolen the
“secret plans” that show them how to blow up our weapons with a single
well-placed shot. (Note that in this scenario Luke Skywalker is Chinese.
Certainly many Chinese see themselves as the plucky farmboys, trained
in mystic martial arts, up against a technologically superior empire).
No one has stolen the complete blueprints to the F-35, which are in fact
servers full of digital design data you could never fit into a single
blue-and-white droid.
That said, the information that China and maybe Russia have stolen
will make it easier to design counter-measures to our weapons, improving
their chances to hack, jam, or just plain shoot down American aircraft.
Even if we don’t expect to
fight the Chinese or the Russians — we certainly hope we won’t, not least because
they have nuclear weapons — they have a nasty habit of selling advanced weapons to people we are likely to fight, like Iran.
And in some ways what they’ve stolen is worse than stealing “secret
plans”: They’ve stolen data on how US and allied arms manufacturers make
advanced weapons systems. So instead of having to just copy our stuff,
they have a leg up on learning how to design equivalent systems on their
own.
This industrial espionage problem goes far beyond armsmakers. Indeed,
the value of what’s been stolen from the defense industry is just a
tiny fraction of the
intellectual property stolen from commercial business in what the man who heads both National Security Agency and US Cyber Command, Gen. Keith Alexander, has called “
the greatest transfer of wealth in history.”
In the commercial sector, however, at least the Chinese have to break
into a lot of different baskets before they steal all our eggs: There
are countless companies, each with its own innovations and jealously (if
not effectively) guarded intellectual property. Not so in the defense
sector. As defense budgets have shrunk since the end of the Cold War
while defense programs became ever more bank-breakingly expensive, the
industry responded by merging many competing companies into a handful,
and the Pentagon responded by cancelling or consolidating competing
programs.
The great example of this all-eggs-in-one-basket approach was the
F-35. Of the three companies that originally competed for the Joint
Strike Fighter program, one, McDonnell Douglas, went out of business
after it lost, while the other losing bidder, Boeing, has basically
stopped working on new fighters. (Boeing, of course, remains a big
player in both commercial airliners and military transports, and it
still builds many fighter of older designs). The very name of the Joint
Srike Fighter refers to how it consolidated separate Air Force, Navy,
and Marine Corps development programs into a single “joint”
mega-project.
Building one plane to meet the needs of three armed services turned
out to be much harder than the Pentagon had hoped. In the past, by
contrast, each service largely developed its own equipment and, while
often inefficient, it was at least possible for a service whose programs
were struggling or inferior to (grudgingly) buy a better weapon
originally built for another, as when the Air Force bought the Navy F-4
Phantom fighter for Vietnam.
But having gotten rid of all the alternatives in the name of efficiency and cost savings,
we have no choice but stick with the F-35, despite its inefficiencies and cost overruns — what Under Secretary Kendall has called “
acquisition malpractice”
— if we want to stay in the stealth fighter business. And with all our
eggs in one basket, an enemy who hacks into a single weapons program
will have dangerous insights into the majority of our future fighter
fleet.