Tuesday, April 21, 2009

Hacking into the Joint Strike Fighter program

Posted by John McHale

The lead story in today's Wall Street Journal caught my attention. It details how spies have hacked into the U.S. Air Force's Joint Strike Fighter program and stolen key data on sensitive technology.

According to the article they hacked into computers at some of the Joint Strike Fighter (JSF) prime contractors that were connected to the Internet. Sources in the Journal article say the real classified technology such as sensor data is protected in computers unconnected to the Internet.

This isn't the first time either. Security of suppliers is a major issue within the Department of Defense (DOD) and not just regarding their Internet firewalls. I've attended conferences and spoke to many folks who are involved with the Department of Defense Trusted Sources of Supply efforts, aimed at ensuring the reliability of military components as technology development continues to be moved off U.S. shores.

Growing challenges include identifying counterfeit parts and keeping them out of the supply chain. Many parts are available on the web though sites such as the Chinese IC Mart and others claiming to have part numbers issued by trusted reliable defense suppliers -- without their reliability testing and at dirt cheap prices. If one of these parts found its way into a weapons systems or aircraft mission computer it could cost lives.

DOD and industry are also working to deliver anti-tamper capability to components earlier in the design cycle to prevent enemy elements from tampering with technology before it makes its way into mission-critical programs.

The threat of information attack is much more complicated than just breaching firewalls and hacking into systems at the DOD or the primes. Companies supplying software or hardware to the military need to ensure their computers and production processes are secure.

The threat will only grow as China and other rogue nations gain expertise in cyber warfare as the Journal article points out.

No comments:

Post a Comment