Back to news

August 19, 2019 | International, Aerospace

The Cybersecurity 202: Hackers just found serious vulnerabilities in a U.S. military fighter jet

By Joseph Marks

LAS VEGAS — In a Cosmopolitan hotel suite 16 stories above the Def Con cybersecurity conference this weekend, a team of highly vetted hackers tried to sabotage a vital flight system for a U.S. military fighter jet. And they succeeded.

It was the first time outside researchers were allowed physical access to the critical F-15 system to search for weaknesses. And after two long days, the seven hackers found a mother lode of vulnerabilities that — if exploited in real life — could have completely shut down the Trusted Aircraft Information Download Station, which collects reams of data from video cameras and sensors while the jet is in flight.

They even found bugs that the Air Force had tried but failed to fix after the same group of hackers performed similar tests in November without actually touching the device.

“They were able to get back in through the back doors they already knew were open,” Will Roper, the Air Force's top acquisition official, told me in an exclusive briefing of the results.

The hackers lobbed a variety of attacks — including injecting the system with malware and even going at it with pliers and screwdrivers. When I saw it, the metal box that's usually secure on the aircraft had wires hanging out the front.

The hackers briefed Roper on the findings on Saturday afternoon. He was surrounded by discarded pizza boxes, iced coffee drinks — and the hotel's drinking glasses filled with screws, nuts and bolts removed from five fully dismantled TADS devices, which run about $20,000 a pop.

He'd expected the results to be about this bad, Roper told me on a private tour of the hacking event. He pinned the weaknesses on decades of neglect of cybersecurity as a key issue in developing its products, as the Air Force prioritized time, cost and efficiency.

He's trying to turn that around, and is hopeful about the results of the U.S. government's newfound openness to ethical hackers. He'd come straight from Def Con's first-ever Aviation Village, which the Air Force helped establish, and was wearing a gray T-shirt with the words “No, Mr. Bond, I expect you to hack,” emblazoned on the front — a riff on a classic line from the 1964 James Bond film “Goldfinger.”

This is a drastic change from previous years, when the military would not allow hackers to try to search for vulnerabilities in extremely sensitive equipment, let alone take a literal whack at it. But the Air Force is convinced that unless it allows America's best hackers to search out all the digital vulnerabilities in its planes and weapons systems, then the best hackers from adversaries such as Russia, Iran and North Korea will find and exploit those vulnerabilities first, Roper told me.

“There are millions of lines of code that are in all of our aircraft and if there's one of them that's flawed, then a country that can't build a fighter to shoot down that aircraft might take it out with just a few keystrokes,” he said.

Roper wants to put his military hardware where his mouth is.

During next year's Def Con conference, he wants to bring vetted hackers to Nellis or Creech Air Force bases near Las Vegas where they can probe for bugs on every digital system in a military plane, including for ways that bugs in one system can allow hackers to exploit other systems until they've gained effective control of the entire plane.

He also wants to open up the ground control system for an operational military satellite for hacker testing, he said.

“We want to bring this community to bear on real weapons systems and real airplanes,” Roper told me. “And if they have vulnerabilities, it would be best to find them before we go into conflict.”

Those hacking challenges will also be useful for the private sector because military planes and satellites share many of their computer systems with the commercial versions of those products, Roper said, and the Air Force can share its findings.

The seven hackers probing the TADS devices were all brought to Vegas by the cybersecurity company Synack, which sells the Pentagon third-party vulnerability testing services, under a contract with the Defense Digital Service, a team of mostly private-sector technology stars who try to solve some of the Pentagon's thorniest technology problems during short-term tours.

The Defense Digital Service started by organizing large-scale hacking competitions in 2016, with names such as “Hack the Pentagon” and, eventually, “Hack the Air Force.” These were open to almost anybody — but included only public-facing hacking targets such as military service websites and apps.

Shortly after, they also began opening more sensitive systems to a smaller number of vetted hackers who sign nondisclosure agreements.

DDS has run about a dozen of those more sensitive hacking competitions so far, but this is the first time it has offered up the same system for hacking twice, said Brett Goldstein, DDS's director, who earned a reputation in technology as Open Table's IT director and chief data officer for the city of Chicago.

“That's important because security is a continuous process,” he told me. “You can't do an exercise and say, ‘Oh, we found everything' and check the box. You need to constantly go back and reevaluate.”

They also allowed the hackers to be more aggressive this time and to physically disassemble the TADS systems to get a better idea of what kinds of digital attacks might be effective, Goldstein said. That meant the hackers could simulate a cyberattack from adversaries that had infiltrated the vast network of suppliers that make TADS components and had sophisticated knowledge about how to compromise those elements.

They could also advise the Air Force about flaws in how the TADS hardware was built that make it more susceptible to digital attacks.

Moving forward, Roper told me, he wants to start using that knowledge to mandate that Air Force vendors build better software and hardware security controls into their planes and weapons systems upfront so the Air Force doesn't have to do so much cybersecurity work on the back end.

He's up against an arcane and byzantine military contracting process, however, that's going to make those sorts of fundamental reforms extremely difficult, he acknowledged.

In some cases, the company that built an Air Force system owns the software embedded in that system and won't let the Air Force open it up for outside testing, he says. In other cases, the Air Force is stuck with legacy IT systems that are so out of date that it's difficult for even the best technologists to make them more secure.

“It's difficult to do this going backward, but we're doing our best,” Roper told me. “I can't underscore enough, we just got into the batter's box for what's going to be a long baseball game.”

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/08/14/the-cybersecurity-202-hackers-just-found-serious-vulnerabilities-in-a-u-s-military-fighter-jet/5d53111988e0fa79e5481f68/

On the same subject

  • Scorpion : Griffon Command Post is qualified

    December 2, 2020 | International, Land

    Scorpion : Griffon Command Post is qualified

    Satory, France, November 26, 2020 - On 13 November 2020, the French Delegation for Armaments (DGA) qualified the command post vehicle (EPC) variant of the GRIFFON vehicle. At the same time, the first examples are being submitted for acceptance by the DGA's quality department at the Roanne site. Therefore, the three first GRIFFON EPC have been delivered to the Army technical section (STAT) which will continue the operational evaluation of this equipment with its rapid deployment within the regiments in sight. The GME (temporary grouping of companies) EBMR (Engins Blindés Multi-Rôles) comprised of Nexter, Arquus and Thales is fully mobilized on the production of the first 35 series GRIFFON EPCs to be presented to verification operations by the end of 2020. Ultimately, the SCORPION program calls for the acquisition of 333 units of this variant, half of which will be delivered by 2025. As a reminder, the SCORPION program aims to modernize the Army's combat capabilities and in particular to improve command through new information resources. The GRIFFON EPC can accommodate a pilot and a gunner in the front, and five soldiers in the rear of the vehicle. From an external point of view, the silhouette of the EPC does not differ from the VTT Félin variant (troop transport vehicle). Only the armament changes, with the integration on the roof of a new-generation T2 remotely operated turret armed with a 7.62mm caliber. Inside, on the other hand, the GRIFFON EPC is fully equipped to accommodate a command post: communication means, large screens, a board and a printer. This variant is designed to accommodate latest-generation electronic equipment for collaborative combat: the vetronics common to the SCORPION platforms, the CONTACT joint radio, the SCORPION Combat Information System (SICS), the ANTARES optronic system offering the crew a 360° vision of the environment, as well as a gunfire location detector (or SLA, for Acoustic Localization System). In addition, the air-conditioning system adapts to all environments to guarantee crew's comfort and the proper functioning of onboard electronics. Thanks to its level of protection and mobility, the EPC variant of the GRIFFON enables a command post to be deployed quickly at the heart of operations. The force commander can thus conduct an engagement or monitor the progress of a regimental or brigade-level action. The arrival of the GRIFFON EPC is complementary to the GRIFFON VTT Félin, with the goal of projecting a joint battle group (GTIA) into a foreign theatre of operations by 2021. Stéphane Mayer is delighted, on behalf of the GME formed by the three companies Arquus, Thales and Nexter (of which he is Chairman and CEO), that this new milestone has been reached on time: "this qualification marks a new stage in the modernization of the French Army's equipment". View source version on Nexter : https://www.nexter-group.fr/en/actualites/nos-dernieres-actualites/scorpion-griffon-command-post-qualified.html

  • Textron Systems readies all-electric Ripsaw M5 UGV

    November 30, 2020 | International, Land

    Textron Systems readies all-electric Ripsaw M5 UGV

    by Melanie Rovery Textron Systems has developed an all-electric version of the Ripsaw M5 unmanned ground vehicle (UGV). Delivery of the platform for experimentation and trials will take place in 2021. The Textron Systems-led team, selected by the US Army in January 2020, are to provide four Robotic Combat Vehicles – Medium (RCV-M) with the Ripsaw M5 offering. In addition to the baseline hybrid electric drive (HED) platform, the team will also be delivering an all-electric version called the Ripsaw M5-E. The US Army Combat Capabilities Development Command Armaments Center (CCDC, also known as DEVCOM) will receive an M5-E in a flat-deck configuration to support weapons integration testing. Deliveries will start in the second quarter of 2021. The Ripsaw M5 platform is designed and built by Textron Systems' subsidiary Howe and Howe Inc, drawing from the latter's experience in UGV and specialty vehicle development. Despite Howe and Howe's knowledge, there are common issues associated with HED and electric drive (ED) development. One concern is ensuring there is sufficient battery capacity to power the electric motors. A Textron spokesperson told Janes that the company's experience “has allowed us to continually refine our [ED] systems and incorporate these lessons learned into the M5-E, which is designed to provide an all-electric test bed for our customer”. Future challenges for the HED/ED include electric efficiency and charge rates. Textron believes this will be mitigated by improved technology. “Our current solution leverages increased fuel efficiency and is enabled by agile logistics, ensuring adequate fuel is available,” the spokesperson explained. https://www.janes.com/defence-news/news-detail/textron-systems-readies-all-electric-ripsaw-m5-ugv

  • NATO’s ‘startup’ charts a bold future in maritime unmanned systems

    April 21, 2020 | International, Naval

    NATO’s ‘startup’ charts a bold future in maritime unmanned systems

    By: Michael D. Brasseur , Rob Murray , and Sean Trevethan Last December, at their meeting in London, NATO leaders declared: “To stay secure, we must look to the future together. We are addressing the breadth and scale of new technologies to maintain our technological edge, while preserving our values and norms.” These two sentences were, in part, a nod to a significant piece of work the alliance is undertaking within the broader mandate of alliance innovation — NATO's Maritime Unmanned Systems Initiative. Granted, on its own this sounds both technical and narrow within the context of emerging technology, a context that includes: artificial intelligence, data, space, hypersonic weapons, bio technologies, quantum research, autonomy and more. So why are maritime unmanned systems relevant now? Simply put, developing the numbers of manned submarines, aircraft and ships required to keep pace with potential adversaries is simply not economically viable (almost $3 billion per Virginia-class U.S. submarine). Not since the Cold War has NATO needed the volume of maritime forces to protect our seas and oceans from would-be foes. NATO's areas of interest are expanding. As climate change affects the Arctic, new maritime routes are being created, which Russia in particular is exploiting with its submarines and ships. This matters because it exposes a new flank on NATO's high-north periphery, and if left unchecked is a potential vulnerability whilst also being a potential opportunity; this, coupled with an increasing need to protect our undersea data infrastructure means NATO's geostrategic responsibilities continue to grow. Therefore, if allies are to reinforce NATO's maritime posture, deter Russian aggression, guard against Chinese activity, and protect both critical national infrastructure and our sea lines of communication, NATO must do things differently and at the speed of relevance. NATO's Maritime Unmanned Systems Initiative was agreed by 13 defense ministers in October 2018. Since then, the initiative's success has attracted the participation of three more allies and garnered significant interest from all of NATO's maritime nations. The political agreement struck in 2018 provided the mandate for NATO to bring together disparate strands of common work ongoing within nations. NATO, acting as a network, enabled allies to become greater than the sum of their parts. The focus is threefold: utilize world-leading research to increase allied interoperability between conventional forces and unmanned drones; establish new tactics for our sailors to truly leverage these technologies; and develop secure digital communications for military drones across all domains (air, sea and land). Addressing these priorities together will enable this effort to be scaled across the alliance, at pace. To date, the speed of this effort has been breathtaking. So much so that even the United States and the United Kingdom — two allies who have invested the most in this area — are using the NATO initiative as a catalyst for their own national efforts. The last 12-plus months has seen the creation of a NATO project office, a governance body, as well as the planning and successful execution of the world's largest and most complex maritime unmanned systems exercise off the Portuguese coast in September 2019. This event brought together the very best from our navies, industry, scientific institutes and academia. The results were hugely impressive, with many “world firsts” including maritime unmanned systems augmenting conventional forces through multiple scenarios. We now have vast swaths of insight and information to start achieving those three goals of improving interoperability, enhancing our tactics and developing secure communications. The goal of improving allied interoperability is actually about enhancing standards. A topic often overlooked at the policy level but critical to the DNA of the NATO alliance. Standards drive interoperability, which in turn drives readiness, which ultimately aids deterrence. As NATO leads the development of new technologies, so too must come new standards that our industries and military can implement. Open architectures will be key, but allies and industry need to realize that we need to solve problems — not address requirements. No perfect solution will ever be delivered on the first attempt. The alliance will need to both innovate and iterate on operations in order to maintain advantage. This may be a cultural shift to some acquisition purists who are used to developing complex warships over 20-plus-year time frames. However, the challenge remains our ability to scale. With this project we have an agile global team functioning across multiple national and allied bureaucracies, each with their own culture and ways of working. Through engagement and investment, this team is yielding disproportionate results. Indeed, 2019 demonstrated what can be done with some imagination, effort and focus. But continual growth at speed will require faith by allies to maintain the course. Such is the nature of true change and innovation. There is a lot to do, and the stakes are high. Near-peer competitors are once again very real. Despite the global lockdown caused by the new coronavirus, COVID-19, the initiative continues to progress through synthetic networks and simulation, driven by passion and intent. Our economy, our data and its infrastructure still need protecting, now more than ever. This effort strives to accelerate maritime unmanned systems into NATO's arsenal to patrol the vast swaths of ocean and offset evolving threats. Success will be seen because it is being built on allied nations' shared values and norms, the same values and norms that NATO leaders recognized in London last year. Michael D. Brasseur is the director of naval armaments cooperation for the U.S. mission to NATO. He is also the first director of NATO's “startup,” the Maritime Unmanned Systems Innovation and Coordination Cell. Rob Murray is the head of innovation at NATO Headquarters. Sean Trevethan is the fleet robotics officer of the British Royal Navy, working in the future capability division at Navy Command Headquarters in Portsmouth, England. https://www.defensenews.com/opinion/commentary/2020/04/20/natos-start-up-charts-a-bold-future-in-maritime-unmanned-systems/

All news