Did Chinese Espionage Lead to F-35 Delays?

Did Chinese cyber spying cause the F-35 Joint Strike Fighter’s cost spikes and production delays? That’s the question Pentagon budget officials are asking according to Aviation Week.

Chinese spies apparently hacked into secure conference calls and listened to meetings discussing the classified technologies aboard the jets. In particular, China may have stolen info about the F-35’s secure communications and antenna systems; leading to costly software rewrites and other redesigns to compromised parts of the plane.

The worst part, this problem isn’t just limited to the F-35, though the program’s size and the fact that it’s information systems were apparently designed without any concern for cyber espionage made it an easy target.

Anyone who has been following U.S.-China military relations and cyber warfare knows that China has been hacking into the networks of U.S. defense contractors and the Pentagon and rolling out brand new weapons like the J-20 stealth fighter.

Here’s the latest from Av Week:

Before the intrusions were discovered nearly three years ago, Chinese hackers actually sat in on what were supposed to have been secure, online program-progress conferences, the officials say.

The full extent of the connection is still being assessed, but there is consensus that escalating costs, reduced annual purchases and production stretch-outs are a reflection to some degree of the need for redesign of critical equipment. Examples include specialized communications and antenna arrays for stealth aircraft, as well as significant rewriting of software to protect systems vulnerable to hacking.

It is only recently that U.S. officials have started talking openly about how data losses are driving up the cost of military programs and creating operational vulnerabilities, although claims of a large impact on the Lockheed Martin JSF are drawing mixed responses from senior leaders. All the same, no one is saying there has been no impact.

While claiming ignorance of details about effects on the stealth strike aircraft program, James Clapper, director of national intelligence, says that Internet technology has “led to egregious pilfering of intellectual capital and property. The F-35 was clearly a target,” he confirms. “Clearly the attacks . . . whether from individuals or nation-states are a serious challenge and we need to do something about it.”

The F-35 issue was ducked as well by David Shedd, deputy director of the Defense Intelligence Agency, but not the impact of cybertheft on defense spending and operational security.

“I am not going to talk about the F-35, Shedd says. “I’d be sitting with the secretary having a counseling session. The answer is absolutely yes. The leaks have hurt our efforts in that it gives the adversary an advantage in having insights into what we’re doing. It should be clear that whether there are leaks on the technology side or that affect preemptive decision-making, they are very damaging to the intelligence community.”

Those closer to the program are less equivocal about the damage that cyberintrusions are causing the JSF program.

“You are on to something,” says a veteran combat pilot with insight into both the F-35 and the intelligence communities “There are both operational and schedule problems with the program related to the cyber data thefts. In addition, there are the costs of redressing weaknesses in the original system design and lots of software fixes.”

Here’s the kicker, the JSF’s info systems weren’t built with cyber espionage in mind, this led to a bunch of subcontractors networks being ‘totally compromised.” Shocking considering the plane was meant for the 21st Century. C’mon guys.

Defense analysts note that the JSF’s information system was not designed with cyberespionage, now called advanced persistent threat, in mind. Lockheed Martin officials now admit that subcontractors (6-8 in 2009 alone, according to company officials) were hacked and “totally compromised.” In fact, the stealth fighter program probably has the biggest “attack surface” or points that can be attacked owing to the vast number of international subcontractors.

There also is the issue of unintended consequences. The 2009 hacking was apparently not aimed at the F-35 but rather at a classified program. However, those accidental results were spectacular. Not only could intruders extract data, but they became invisible witnesses to online meetings and technical discussions, say veteran U.S. aerospace industry analysts. After the break-in was discovered, the classified program was halted and not restarted until a completely new, costly and cumbersome security system was in place.

  • blight

    If the Soviets had lasted into the modern age, the KGB would be rolling on the floor laughing their asses off.

    We’ve leaked like sieves before. But has it delayed our procurement by this much before?

  • William C.

    The government and DoD does a lot of talking about cyber security but I don’t see much being done in the way of actual effort. This is absolutely unacceptable.

  • Strider

    I’m beginning to think this truly is the age of transparency.

    You’ll get it no matter what one way or another.

  • LtKitty

    Really?…. I’d like to think our defense industry isn’t so outrageously silly from time to time…

  • Nick T.

    It would better for security if you just build a separate “internet” not connected to the main web, but a separate series of computers and servers only on their own network, and only linked to major bases, contractors, etc. Problem is building that in this economic environment.

  • Skyepapa

    Is it possible that part of our counter-espionage tactics include overstating the damage of an intrusion like this? Let them listen to conversation A so they don’t drill down farther to something we really don’t want them hearing? Then rant about how the Chinese hacked an important meeting? Wish I could believe we were that buttoned up.

  • Bill

    Sometimes the “Stone Age” is not that bad.

    As far as cyber security is concerned, there is no barrier that people can’t find their way around. You need to think about the physical means in which your data is being transferred in order to stop data theft.

    Serial connections are the only feasible means of doing this – Connect PC “A” with PC “B” and not anywhere else – No internet, No outside connection, no Wi-Fi… you would actually need to physically commit theft.

    • BigRick

      your right Bill, being a network guy myself, it really makes you wonder why EVERYTHING needs to be connected to the Internet, Firewalls are only speed bumps.

      All sensitive info should be kept in a completely isolated network from the corporate network i.e. you have to be there physically to access the data

      • blight

        Go intranet.

        Then again, once people decide they want to be able to stream important data between points in real time, they’re just leaving the door open.

    • pedestrian

      Yes, while I promote stand alone environment, some idiot is trying to promote a network dependent cloud computing. DoD should flush military variation down the toilet and forget about it.

  • Dfens

    Yeah, it’s the Chinese that are causing F-35 development to crawl along at a snail’s pace. It certainly is not the fact that we pay the defense contractor a profit incentive to drag out development. No, it is clearly China’s fault. Right. We have found the enemy, and it is us.

  • crazy

    Never would have happened in the Kelly Johnson days.

    • blight

      Kelly kept everything in-house and the only outsiders plugged in were guys like Dick Bissell. However, this mode of business is long dead, and everything is teleconferences, audits and interconnectedness of data and ease of download (versus sending crates of paperwork). Any espionage group can simply scoop up everything they can get their hands on and sort it out later: in the old days, espionage depended on being able to quickly decide what was worth stealing and grabbing it. Kelly’s practice was to avoid excessive classification so that interesting things would hide in background clutter and someone going for the highest classified items would probably not find anything of interest design-wise.

  • John Moore

    I run four servers and I constantly see Hong Kong IP’s trying to get in.

    • blight

      In an age of zombienets, it’s hard to say where attacks are coming from anymore. Maybe Hong Kongers are just as bad as Americans when it comes to computer security?

    • pedestrian

      I was harassed by some IP addresses leadeing to China weeks ago, and I port scanned them back as a warning, and they came back port scanning with mini-DoS from several more IP addresses. If the government ever gave permission, I would be trigger happy to wipe their computers off the network.

      • ernoz

        It’s easier to get pardon then permission

        • Ross

          unfortunately, having seen normal chinese people on games attack other player’s systems merely to ‘win’, i would say a single person responding to such things of this nature would be futile. for every one u break down, there are dozens more that will come back at you.

          complete disregard for the rules of cyber space is simply something that goes from the basic level upwards in countries like China.

          • Hawkeye

            Agree, I don’t disagree with any of the comments in general, but the overall ‘lets be friends with China’ atmosphere is destroying our competitiveness. The underlying lack of morals/ethics within the Chinese culture is so pervasive that only a massive cyber attack would get their collective notice, like the Soviets before them, they only respect strength, and right now America’s Prez. is acting like a coward towards them.

    • passingby

      The US is still the largest cyber security threat in the world. Many of reported cyber attacks may very well have been done by CIA/MI6/Mossad operatives via poorly guarded networks in China/Hong Kong/Korea etc.

      The US has been a leader in false flag operations after Britain’s decline.

  • wmcritter

    How many acts of war must China commit against us before we do something about it?

    • DanS

      Well considering they haven’t yet, your question is a touch premature. Its espionage dude, lighten up or perhaps we should carpet bomb Tel Aviv because of their spying on us? Or maybe the UK should order an arty strike on Lakenheath because we spy on the UK? Should we sink a Japanese destroyer or two because they spy on us? Grow up.

    • Buzzy

      @ DanS

      So once we grow up we can’t protect ourselves and our possesions?

    • Storm

      Yeah and I always hear about US Specia lForces and spies are molesting countries like China at will all the time. You don’t think that’s an act of war?

    • TMB

      The problem with calling this an act of war is proof. Any decent cyber attacker can claim plausible deniability due to zombies (using someone else’s computer as a proxy to attack someone). The victim of the attack also has to disclose how they discovered the attack which could compromise intelligence sources.

      DanS has a point that espionage has always been one of those “we all do it, so don’t get upset” situations. While I would love to see every military server in China fall victim to a power surge tomorrow, if everyone decided to launch an airstrike every time there was a hack or a spy talked to someone it would be WWIII. Hell, between us and China if we started an all out cyber war we could probably shut down the world if we put enough resources into it. What good would that do?

    • jack

      I was waiting for someone to ask this question, but now that obama is in charge, probably nothing will be done sabout it. Stupid on our part to start with not protecting ourself fromsomething like this.

    • passingby

      The real question is how many acts of war must the US commit against China before the Chinese do something about it.

      • Mark

        dumb = you

    • Dubya

      Where have you been? The U.S. navy and drones has been along China’s coastline routinely scanning and trying to crack into China for decades.

  • RCDC

    Possible. Now we need to reboot the price to $ 1.

  • I think they’re releasing this info to make us feel more “protected” when they cram SOPA type law down our throats.

  • RCDC

    Just don’t hook the server to the internet. Use firewall, secured router and secured satellite cable from IBM.

  • BB5

    Time to pull the plug on these contractors and subcontractors. None of them should have internet access anywhere. No such thing as secure internet. Also time to fine the hell out that taxpayer leech LM for being cheap, incompetent and lazy.

  • Would it be so hard to keep everything offline?
    Whats wrong with Snail mail?
    Is flying so expensive they cannot get together?
    Granted, this would slow things down, but it would also make the aircraft not an open book…..

  • John Moore

    Whats wrong with Snail mail?

    Kinda saiz it all right there imagine the delays with snail mail.

  • Tad

    If the DoD is so serious about cyber security, why do they run almost solely Windows, Outlook, etc…?

  • Lance

    While yes the Chinese could be trying to hack into US aircraft makers databases I doubt all could but related to the many delays in this troubled planes development. A big problem is that this is a international program so some allied nations have access to materials and lacks security to keep them confidential.

    Overall the J-20 was based on Russian technology NOT American a F-35 is still ahead of a J-20 by light years.

    • So?

      What Russian plane did the J-20 canopy and intakes come from?

    • Willard

      No it’s not. Russian tech is crap now . Exploding rockets. No one wants that.

  • blight

    That said, it is possible that attempted theft by the PRC and causing these types of delays could be their mission in the first place. Hard to say that they aren’t winning the longer JSF is delayed.

    If they wanted immediate deliverables, hack P&W and GE and grab engine designs, then prioritize reproducing next-gen American engines. Why sleep at night?

  • Ben

    We SERIOUSLY need to retaliate for Chinese espionage and cyberattacks. This kind of behavior cannot go on tolerated like this. The United States NEEDS to respond with economic penalties, cyber-retaliation of its own, and other punitive measures.

  • Greg Latiak

    Nothing connected to the Internet can ever be secure. We need to stop deluding ourselves that we are so clever that we can keep other, equally clever, people from hacking into our stuff. Nothing is more secure than NO CONNECTION (except maybe powered off…). When will these dweebs figure this out? We are not that smart, despite what we tell ourselves…

  • Black Owl

    Wow… and thought the F-35 design itself was a problem. This takes things to a whole new level. Our security is seriously fucked up right now. However, I still believe it’s true that we are getting more information on the Chinese than they are on us. The question is who is really benefiting from the espionage? We certainly have a lot more to steal in the area of advanced technology. I doubt we can acquire anything new from the Chinese as they exist now.

  • TH1

    How about this:

    You steal our stuff, we stop all business with you…

    and and by the way, you can forget about getting your loan to taxpayers paid back.. consider the money you borrowed the US a DOWNPAYMENT on the secret stuff you stole!

  • Kooch

    Its time to take the kiddie gloves off when dealing with China

  • JRL

    If they’re smart, the powers that be are only pretending to keep the almighty JSF tech secret. Because with any luck, the ChiComs will get sucked into swallowing it whole, and then destroy THEIR OWN air force and military budget by trying to copy the three-way cluster**** called the F-35.

    Once that’s dopne, the DoD can finally reveal that its real name is not ‘Lightning II, but ‘Trojan Horse II”…

  • Kski

    Thank god this ani’t the Cold War with our pal Ivan. But this is a new kind of Cold War with the PRC. They coutinually pull crap like this year in and year out. Honestly I hope we are getting more from the PRC than they are from us. But ending buissness with the PRC is not a great idea. They’ll be able to weather the economic backlash better than we the USA will. For the time being lets wait till they do something really stupid. Like being coaught selling Iran missiles. Or becoming more aggressive in the South China Sea, as in firing on someone allied with us. So in the end our options aren’t at all open. So for now, FEAR THE REDS!

  • lazrtx

    China doesn’t need to hack into anything. With dems running the show all they have to do is name their price and it will be handed to them.

  • Jeff

    Oh come on, this smacks of desperation, grasping at the last flimsy straw of spurious excuses to justify a monumental fuckup. FAIL.

  • FtD

    so your wife’s taking a bath and not closed the windows and your neighbor’s enjoying the show so you gonna grab your double barrel and shoot him? act of war lol…..

  • mpower6428

    is anybody getting the distinct impression that the metric of future world dominence won’t be how many missiles or tanks, or how large a GDP or industrial base is but… how many “girls with dragon tatooes” a country can educate and support…?

  • HWJ

    The rule of thumb:
    If you don’t know who to blame, blame China.

  • Jon

    This is the dumbest story ever. Lets build a shitty plane and blame it on the Chinese. Brilliant.

  • Rob

    Chinese have already won the war. Entire areas of mostly Chinese in every major town globally. They say even, Canada, will someday soon have a Chinese majority.

    They will never war us simply for that fact. They just prepare for if Korea kicks off & to keep competitive in the arms market.

    As I see it they are smart, they prepare for the worst case scenarios. We haven’t & hope we start soon.

  • OMEGATALON

    The F-35 is an extremely complex jet with all sorts of sensors and an extremely complex avionics suite as one might think it might be simply too much as they should essentially build a F-35 with the basics before adding in the avionics and more sophisticated avionics in later versions as this would allow the cost of the F-35 to be built for a lower cost like the F-16 which has a starting price of about $75-80M while the top tier variant with things like the AESA radar is almost $150M.

  • Marcellus Hambrick

    This is okay with a lot if liberals. They dont like the fact that the US is the only superpower and want someone like the Chinese to match us economically and militarily.

  • RCDC

    This happens because we all have computer parts, software, networking , radar boosters and etc all made in China. Think about it. Where did it go wrong?

  • Trooper2

    I agree – espionage is just part of the game. But its too easy to just blame it on the ignorance or an unwillingness of the contractors to prevent cyber attacks. Even with all of the technical resources, trained and dedicated people, and command authority available, the DoD gets hacked, too.

  • passingby

    It’s a blame game gimmick that serves two purposes at once – (a) deflect responsibility for various failures on the part of the contractors such as severe budget overruns and delays in development, and (b) justify demands for additional funding to the tune of tens of billions to fatten the pockets of the contractors.

    The US military industrial complex will further benefits by hyping up the so-called China threat as part of their propaganda campaign to justify further theft of US taxpayers money through extraordinarily wasteful spending of various military programs.

    Whenever a news story comes out that has the consequence of justifying additional military spending while blaming foreign countries for espionage, it’s time for heightened vigilance, suspicion, and scrutiny.

    I wouldn’t take the report at face value. The US military and defense contractors have been persistent liars over the past 4-5 decades to say the least.

    I think they want more money and divert media’s attention of their own failures.

  • Alex Mason

    The US deliberately leaked details of the F-35 to the Chinese … how do you think the Chinese developed a stealth fighter that looks similar to the F-22 ? Once the Chinese come up with a reverse engineered variant of the F-35, Lockheed will use its lobby in the White House to push sales of additional squadrons of the F-35

  • passingby

    It’s all about money. They want to squeeze US taxpayers dry by creating imaginary / false enemies and trick the US voters and the government into spending more on new weaponry.

    The modus operanti never gets old. The military industrial complex has more than enough money to wage propaganda campaigns via the mainstream media, and buy off corrupt politicians in Congress to give them trillions after trillions in outrageously priced products and services.

    That’s why they have been funding Mitt Romney and his ilk, while sabotaging Ron Paul, even if it means flagrant fraud.

  • passingby

    edit: middle paragraph – and buy off corrupt politicians in Congress to give them trillions after trillions in exchange for outrageously priced products and services.

  • PolicyWonk

    The Editors of Proceedings, Defense Weekly., and Av Week published an editorial years ago foreseeing problems like this. They were imploring the Reagan Administration to restore educational funding, student loans, and Pell Grant programs. Without our own (American) educated students, we would be reliant on outsiders to procure, manage, and design these complex systems. They all considered it to be a matter of national security, and now we get to reap the rewards (if you can call it that) of an uneducated society. If you think education is expensive: try ignorance.

  • SlumLord

    I was in a unclassified JSF briefing in April 2008 where I later found out that the info presented was classified. I sent a “challenge” notice through my security bubbas.
    The response back was effectively, “We are JSF, we can do what we want. F. U..”

  • duuude

    Lockheed Martin is either making a scapegoat out of China because it cannot manage this project’s costs anymore, or it is actually in cahoots with our soon to be Oriental overlords in bankrupting Uncle Sam. Either way, make LM pay!!!

  • Robert

    China is evil and our enemy. War will come. God help us. We will need every nuke we have to scrub this garage from the earth.

  • Olrik

    You have no money for new airplanes anyways, so don’t worry, at least somebody is using the technology…

  • B Fawbush

    Why dont they justeet face to face/ Robert DeNiro prefered it in GoodFellas so people didnt WIRE INTO THEIR CONVERATIONS. we should be having face to face meetings about this top secret stuff until we get our cyber security up to requirements

  • itfunk

    Blaming the Chinese now for fundamental design flaws – it’s beyond laughable its just pathetic.

  • kim

    Somehow I do miss military personnel commenting more in this forum. When occasionally they identify themselves as such, it’s hard not to notice how the the quality of the comment is above average (including – notably – the spelling). Reading the comments from all the armchair warriors below is often a challenge, though.

  • Infidel4LIFE

    We should slap a huge tariff on all their export goods they are killing us in every area and not many seem to care. The JSF will be a helluva warplane..one day. Disgrace.

    • Dfens

      I agree with you on the tariffs, but not on the F-35. The only version worth keeping is the VTOL version, which will probably be the first one cancelled. Even it has some fundamental problems like you don’t want to be sitting in the pilot’s seat when that lift fan explodes and cuts you into top and bottom halves.

  • Thomas L. Nielsen

    “You’re trying to branch out further by taking on manned lunar landing.”
    I’m trying to branch out? It surely has not escaped your vastly superior intellect that in your post above (1 day ago by this time) you initially brought up your belief in a moon landing hoax. What we have done since then is simply refer back to this original statement.

    Regards & all,

    Thomas L. Nielsen
    Luxembourg

  • CristoCano

    Its not so hard to incorporate a tight security framework into these projects from the very beginning. This is an expensive lesson painfully learned. Hopefully from now on, any new technology and systems developed in the future will have cyber espionage countermeasures in place at every level.

    • blight_

      Considering even Verisign, one of the first names in internet security was cracked; it suggests that simply slapping on more “espionage countermeasures” is not a magic panacea. It’s more about policing our external security, more than putting in security on every level. It’s cost and time prohibitive.

  • Hi there, You’ve done an excellent job. I will certainly digg it and individually recommend to my friends. I am confident they will be benefited from this site.

  • javanaut

    That’s why I am going to be a math teacher. If it kills me. I will not let them drain the joy from this beautiful subject, and our kids deserve to be treated as human beings, each with their own unique talents, and yes, creative genius.

  • katy used cars

    Do not look at Katy used cars until you see this review. We help you find the best dealerships for Katy used cars and ensure that you get the top car for your needs

  • Hello friends, its wonderful post concerning tutoringand completely defined, keep it up all the time.

  • My spouse and I stumbled over here from a different web address and thought I should check things
    out. I like what I see so now i’m following you. Look forward to looking at your web page repeatedly.

  • If some one wishes to be updated with hottest technologies after that
    he must be go to see this web page and be up to date
    everyday.

  • Nice and cool post. Thanks for sharing.