November 4, 2024 | International, Aerospace
The MOUs explore opportunities to enhance Poland’s national command and control capabilities with the E-2D Advanced Hawkeye through NATO interoperability and further collaboration amongst the organizations.
December 11, 2024 | International, C4ISR, Security
Secret Blizzard hijacks Amadey bots and Russian backdoors to deploy Kazuar malware in Ukraine, obscuring its presence and complicating attribution eff
August 19, 2019 | International, Aerospace
By Joseph Marks LAS VEGAS — In a Cosmopolitan hotel suite 16 stories above the Def Con cybersecurity conference this weekend, a team of highly vetted hackers tried to sabotage a vital flight system for a U.S. military fighter jet. And they succeeded. It was the first time outside researchers were allowed physical access to the critical F-15 system to search for weaknesses. And after two long days, the seven hackers found a mother lode of vulnerabilities that — if exploited in real life — could have completely shut down the Trusted Aircraft Information Download Station, which collects reams of data from video cameras and sensors while the jet is in flight. They even found bugs that the Air Force had tried but failed to fix after the same group of hackers performed similar tests in November without actually touching the device. “They were able to get back in through the back doors they already knew were open,” Will Roper, the Air Force's top acquisition official, told me in an exclusive briefing of the results. The hackers lobbed a variety of attacks — including injecting the system with malware and even going at it with pliers and screwdrivers. When I saw it, the metal box that's usually secure on the aircraft had wires hanging out the front. The hackers briefed Roper on the findings on Saturday afternoon. He was surrounded by discarded pizza boxes, iced coffee drinks — and the hotel's drinking glasses filled with screws, nuts and bolts removed from five fully dismantled TADS devices, which run about $20,000 a pop. He'd expected the results to be about this bad, Roper told me on a private tour of the hacking event. He pinned the weaknesses on decades of neglect of cybersecurity as a key issue in developing its products, as the Air Force prioritized time, cost and efficiency. He's trying to turn that around, and is hopeful about the results of the U.S. government's newfound openness to ethical hackers. He'd come straight from Def Con's first-ever Aviation Village, which the Air Force helped establish, and was wearing a gray T-shirt with the words “No, Mr. Bond, I expect you to hack,” emblazoned on the front — a riff on a classic line from the 1964 James Bond film “Goldfinger.” This is a drastic change from previous years, when the military would not allow hackers to try to search for vulnerabilities in extremely sensitive equipment, let alone take a literal whack at it. But the Air Force is convinced that unless it allows America's best hackers to search out all the digital vulnerabilities in its planes and weapons systems, then the best hackers from adversaries such as Russia, Iran and North Korea will find and exploit those vulnerabilities first, Roper told me. “There are millions of lines of code that are in all of our aircraft and if there's one of them that's flawed, then a country that can't build a fighter to shoot down that aircraft might take it out with just a few keystrokes,” he said. Roper wants to put his military hardware where his mouth is. During next year's Def Con conference, he wants to bring vetted hackers to Nellis or Creech Air Force bases near Las Vegas where they can probe for bugs on every digital system in a military plane, including for ways that bugs in one system can allow hackers to exploit other systems until they've gained effective control of the entire plane. He also wants to open up the ground control system for an operational military satellite for hacker testing, he said. “We want to bring this community to bear on real weapons systems and real airplanes,” Roper told me. “And if they have vulnerabilities, it would be best to find them before we go into conflict.” Those hacking challenges will also be useful for the private sector because military planes and satellites share many of their computer systems with the commercial versions of those products, Roper said, and the Air Force can share its findings. The seven hackers probing the TADS devices were all brought to Vegas by the cybersecurity company Synack, which sells the Pentagon third-party vulnerability testing services, under a contract with the Defense Digital Service, a team of mostly private-sector technology stars who try to solve some of the Pentagon's thorniest technology problems during short-term tours. The Defense Digital Service started by organizing large-scale hacking competitions in 2016, with names such as “Hack the Pentagon” and, eventually, “Hack the Air Force.” These were open to almost anybody — but included only public-facing hacking targets such as military service websites and apps. Shortly after, they also began opening more sensitive systems to a smaller number of vetted hackers who sign nondisclosure agreements. DDS has run about a dozen of those more sensitive hacking competitions so far, but this is the first time it has offered up the same system for hacking twice, said Brett Goldstein, DDS's director, who earned a reputation in technology as Open Table's IT director and chief data officer for the city of Chicago. “That's important because security is a continuous process,” he told me. “You can't do an exercise and say, ‘Oh, we found everything' and check the box. You need to constantly go back and reevaluate.” They also allowed the hackers to be more aggressive this time and to physically disassemble the TADS systems to get a better idea of what kinds of digital attacks might be effective, Goldstein said. That meant the hackers could simulate a cyberattack from adversaries that had infiltrated the vast network of suppliers that make TADS components and had sophisticated knowledge about how to compromise those elements. They could also advise the Air Force about flaws in how the TADS hardware was built that make it more susceptible to digital attacks. Moving forward, Roper told me, he wants to start using that knowledge to mandate that Air Force vendors build better software and hardware security controls into their planes and weapons systems upfront so the Air Force doesn't have to do so much cybersecurity work on the back end. He's up against an arcane and byzantine military contracting process, however, that's going to make those sorts of fundamental reforms extremely difficult, he acknowledged. In some cases, the company that built an Air Force system owns the software embedded in that system and won't let the Air Force open it up for outside testing, he says. In other cases, the Air Force is stuck with legacy IT systems that are so out of date that it's difficult for even the best technologists to make them more secure. “It's difficult to do this going backward, but we're doing our best,” Roper told me. “I can't underscore enough, we just got into the batter's box for what's going to be a long baseball game.” https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/08/14/the-cybersecurity-202-hackers-just-found-serious-vulnerabilities-in-a-u-s-military-fighter-jet/5d53111988e0fa79e5481f68/
January 11, 2021 | International, Aerospace, Naval, Land, C4ISR, Security
By: Charles Woodburn The beginning of 2020 was an exciting time for our company; we had just announced we would acquire two high-performing new businesses out of the Raytheon and United Technologies Corporation merger. None of us could have predicted that just weeks later, the majority of our 88,000 employees around the world would be working from home as, like so many companies, we grappled with the unprecedented impact of a global pandemic. Like all businesses, we've experienced challenges this year, especially in the areas that support civil aviation. We've had to adapt and make difficult decisions, but thanks to the actions we've taken to enhance the resilience of our business and the remarkable fortitude of our people, we've continued to deliver on our customers' priorities while keeping our people safe. While COVID-19 clearly caused disruption in the second quarter, since then most of our defense businesses have been operating with well over 90 percent of employees working. The willingness of our customers to maintain cash flow into our businesses also enabled us to support our suppliers — including small and medium-sized companies — through the pandemic. Collaborative partnership with our customers has been essential to the defense industry's ability to press ahead over the past year. It remains essential as we move forward through 2021 and face an uncertain global environment with complex threats. It's only by industry and government working closely, understanding each other, and maintaining trust that we'll be able to innovate quickly to outpace the threats. As governments commit to increased spending on defense in countries such as Australia, the U.K. and several European nations, the defense industry must rise to the challenge. Our sector not only provides critical capability for a nation's security — we deliver real benefits to the economy by sustaining and creating highly skilled jobs through investment in research and technology and through exports. I strongly believe we can have a key role to play in restoring the economies of the countries in which we operate. For our part in 2021, we'll continue to invest in skills and in new technologies that are vital to maintaining our strong positions on next-generation capabilities across the air, maritime, land and cyber domains. In the U.S. market, we continue to stay well-aligned to the U.S. National Defense Strategy and are investing heavily in modernizing facilities and using new technologies. For example, we're deploying new virtual manufacturing and robotic welding in our combat vehicle production. While the new administration's priorities are not yet clear, we expect to stay well-aligned, given our work focused on combat vehicles, precision-guided munitions, naval ship repair and modernization, electronic warfare, hypersonics, space resilience, and security. In the U.K., the announcement of increased funding for the Ministry of Defence provides welcome stability. The submission of the outline business case for Tempest at the end of 2020 was another significant step in this hugely exciting project to deliver a next-generation future combat air system. Working with our partners and supply chain, we're using cutting-edge technologies to transform how we design, develop and manufacture, helping to reduce time and cost. We'll ramp up the number of people we have working on the program through 2021, including apprentices and graduates, as part of our commitment to recruit 1,250 trainees across the U.K., despite the pandemic. In Australia, we're excited to have begun work on the prototype for the Hunter-class frigate — an Australian version of the U.K.'s Type 26. We recently recruited the 1,000th Hunter employee and expect to recruit up to 1,000 more people, including apprentices and graduates, in 2021 as the program continues to ramp up. Working with our partners and customer, we're supporting Australia to develop its sovereign defense capability to deliver on the country's recently published 10-year defense strategy. It's been a challenging year of trying to stay connected while maintaining physical distance; the inability to travel to our businesses around the world and meet our people and our customers is something I've found frustrating at times. But if we continue working closely with our partners to use the lessons we've learned in 2020, particularly regarding our agility, resilience and efficiency, this industry can play an increasingly important role in restoring our battered economies, while keeping citizens safe and economies prosperous. Charles Woodburn is the CEO of BAE Systems. https://www.defensenews.com/outlook/2021/01/11/ceo-of-bae-systems-overcoming-hardships-for-a-better-year/